similar to: Linux Servers in an AD Domain with Multiple Windows Domain Controllers

Is it possible to specify a list of DCs for Samba to use, rather than have it look them up dynamically via DNS? I have an issue with Kerberos, Samba, and SSSD where my machines stop authenticating after a period of time – preAuthentication errors, etc. I suspect it's because of a "DC mismatch" between the three. Because we have numerous DCs all over the world, I specifically

We have about 40 samba servers in our domain. The two newest ones are throwing an error we've never seen before. [root at vmhost06a samba]# net join Enter root's password: dos charset 'CP850' unavailable - using ASCII convert_string_talloc: Conversion not supported. Failed to join domain: failed to lookup DC info for domain 'MYCHARTS.MD' over rpc: Memory allocation error

Hi all, I am currently struggling to remove one of our Samba4 DC from the domain. Some time ago, adding a new Samba DC to our AD did not succeed and I had to demote the new server again. After removal, replication on one of the old/existing DCs got weird. /usr/local/samba/bin/samba-tool drs showrepl gives the following: Standardname-des-ersten-Standorts\dc02 DSA Options: 0x00000001 DSA object

You believe that SSSD is bypassing Samba entirely and going direct to Kerberos? That’s possible. At the moment, to the best of my understanding, Samba is only being used to join the domain. There are no file/printer/etc. shares happening; this is just basic domain join/membership and keytab generation and after that it’s done. The question was still specific to Samba itself: can I specify the DCs

We are using Samba-4.1.11. I can run gpupdate /force without error on my machine. H:\>type \\dc01.mediture.dom\SysVol\mediture.dom\Policies\{77F82F0F-AE2B-42F3-B173-D42F4BEEC0BA}\gpt.ini [General] Version=65551 displayName=New Group Policy Object H:\>type \\dc02.mediture.dom\SysVol\mediture.dom\Policies\{77F82F0F-AE2B-42F3-B173-D42F4BEEC0BA}\gpt.ini [General] Version=65551 displayName=New

I found adcli a little too late; I plan to use it in the future but for the time being I just deployed 16 VMs using Samba so we’re going to keep that for now! Also, the rest of what I wrote can be disregarded – I figured out exactly why my hosts were failing to authenticate after a period of time. It’s too stupid to admit publicly. On 8/23/16, 3:50 PM, "samba on behalf of Kris Lou via

Hi All, In my environment, I have a total of 4 DCs (Samba 4.7.6) running in VMs. Their uptime schedule goes like this: dc00 : usually 100% unless there's a failure. dc01 : same as above dc02 : a few days per week. dc03 : a few days per month. This has the consequence that a DNS A lookup on the AD domain shows 4 IPs, 2 of which are usually not up. Because I don't have shared storage in

Our samba boxes are integrated with our Windows 2003 AD domain, with Windows servers acting as AD domain controllers. Everything is working fine, but in my krb.conf and krb5.conf files on my Linux boxes, I currently only have one Windows server specified as the AD logon server. If that server is down, I suspect that Linux users could not login. How to I specify more than one AD domain controller

I think I'm missing some SRV records... Calling nsupdate for SRV _ldap._tcp.Default-First-Site-Name._ sites.ForestDnsZones.mydomain.com dc03.mydomain.com 389 (add) Outgoing update query: ;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id: 0 ;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0 ;; UPDATE SECTION:

Thanks Rowland, You saved me from a world of pain, I've now got named back up and running and also accessible via windows DNS GUI. the SOA record still says ns=dc03.. which is strange and the only place dc03 exists in the ouput of samba-tool dns query localhost mydomain.com @ ALL Is this something I can fix in the windows DNS GUI or do I need to do something with like FSMO ? Which btw

There are three DCs in my Windows 2003 AD domain, but I have noticed that only one of them is referenced in my krb.conf and krb5.conf. Should there be a reference to one or two of the other domain controllers? If the DC goes down, how will my Samba/Winbind servers authenticate? -- Eric Robinson Disclaimer - February 27, 2011 This email and any files

We have a lot of users on our AD domain, and the more we add the longer it takes to get a directory listing on my Linux servers. When I do 'ls -l' it might take 20 seconds before the listing starts. However, if I immediately do 'ls -l' again, it comes up quickly. I assume this is because samba/winbind is polling the AD domain controller on the first attempt. Is there any way to

Thanks for the suggestion Rowland, I had already tried that though and both secondary DC's resolve.... host -t CNAME fbce444a-8707-4c69-8066-d75aacfb07f0._msdcs.mydomain.com. fbce444a-8707-4c69-8066-d75aacfb07f0._msdcs.mydomain.com is an alias for dc02.mydomain.com. host -t CNAME 04225dbe-d69c-4ea5-8930-eb8746790180._msdcs.mydomain.com.

Hello, I'm running Samba 4.5.0 and bind-9.8.2-0.47.rc1.el6_8.1. One DC of four, the PDC, is magnitudes slower running /usr/local/samba/sbin/samba_dnsupdate --verbose --all-names. When that is running on that DC it seems to block any queries. The load average is usually under 0.5. The DC was unsafely halted, which could have corrupted something. I ran a dbcheck with samba-tool and it

Hi Rowland thanks for your response. I'm running samba 4.5.0rc1 on CentOS 7.2 I've dumped the DNS records, and it doesn't appear to have any SRV or NS records. Also the SOA record is pointing at the wrong server dc03 instead of dc01. I'm pretty sure it can be fixed, but I don't know how or what to do On 27 September 2016 at 07:59, Rowland Penny via samba < samba at

I'm hoping the issue is just load balancing, but I'm not sure. I can't see to get the traffic balanced across two DCs. I ran this script on all Linux nodes to balance the traffic. #!/usr/bin/perl use strict; use warnings; my $primary_name_server; my $random = int(rand(10)); open(my $resolv_conf_fh, '< /etc/resolv.conf') or die("Unable to open /etc/resolv.conf for

so the DC with FSMO is not done first?     Van: Kristján Valur Jónsson [mailto:kristjan at rvx.is] Verzonden: vrijdag 28 december 2018 17:08 Aan: L.P.H. van Belle Onderwerp: Re: [Samba] replication failing for 4.9.4 dc01 is still running 4.7.7.  No need to restart it.  There is also still a DC03 running 4.7.7.  the only one I've upgraded is DC02.  resolv.conf on DC02 is configured with

On Tue, 23 Aug 2016 13:01:09 -0700 Sean via samba <samba at lists.samba.org> wrote: > Is it possible to specify a list of DCs for Samba to use, rather than > have it look them up dynamically via DNS? > > > > I have an issue with Kerberos, Samba, and SSSD where my machines stop > authenticating after a period of time – preAuthentication errors, > etc. I suspect

This doesn't really answer your question, but it already looks like you're using SSSD for authentication, and specifying local DC's (instead of DNS lookups). Why not bind to AD directly with that? Using realmd/adcli makes it easy, and with a minimal samba installation (libs only) -Kris Kris Lou klou at themusiclink.net On Tue, Aug 23, 2016 at 2:47 PM, Sean via samba <samba at

I have two CentOS servers running samba3-3.0.34-37. When I connect to a samba share from my Windows 2003 R2 servers, and then try to copy a file to it, I often get the message "target filesystem does not support long filenames." Sometimes it works and sometimes it doesn't. I've been fighting this problem for 2 years. I've replaced my Windows servers, changed my Windows