similar to: Problem with kerberos and GPO

Hi, I have problem with GPO and dns/kerberos resolution I do a samba -i -d3 to a log file and started on client: gpupdate /force: lpcfg_load: refreshing parameters from /srv/samba/etc/smb.conf params.c:pm_process() - Processing configuration file "/srv/samba/etc/smb.conf" samba version 4.1.0rc2 started. Copyright Andrew Tridgell and the Samba Team 1992-2013 ... ldb_wrap open of

I found other problem in error log (samba -i -d 3) GSS server Update(krb5)(1) Update failed: Miscellaneous failure (see text): Failed to find ADMIN01$@CORMANDOM.INT-CORMAN.BE(kvno 3) in keytab FILE:/srv/samba/private/secrets.keytab (arcfour-hmac-md5) I sent a bug for my problems. best regards St?phane ----------------------------------- St?phane PURNELLE Admin.

Hi, I have problem with GPO and dns/kerberos resolution I do a samba -i -d3 to a log file and started on client: gpupdate /force: lpcfg_load: refreshing parameters from /srv/samba/etc/smb.conf params.c:pm_process() - Processing configuration file "/srv/samba/etc/smb.conf" samba version 4.1.0rc2 started. Copyright Andrew Tridgell and the Samba Team 1992-2013 GENSEC backend

Hi, I try to use nslcd with samba 4 for get suers and group for AD. if I do a ldapsearch, I have a message : Server not in kerberos database if I do a getent passwd, nslcd display same error message. log of samba4: [2013/08/28 10:15:47, 3] ../source4/auth/kerberos/krb5_init_context.c:80(smb_krb5_debug_wrapper) Kerberos: TGS-REQ Administrator at CORMANDOM.INT-CORMAN.BE from

Hi I got some strange issues on my samba4.0.1 install yesterday. It happened a while after updating my xubuntu server 13.04 not 13.10. Everything seems to be working fine except shares. Kerberos authentication seem to function properly, also DNS works fine but shares seem semi-broken. I can't mount any shares on my Windows box, including netlogon, profiles. I have one share that is

Hi I'm trying to get an Ubuntu 14.04 client to update its rr to a working bind dns DC with Samba 4.1.7. The setup is the same as with our openSUSE clients with sssd 1.11.15 sssd.conf id_provider = ad auth_provider = ad access_provider = ad ldap_id_mapping = False /etc/hosts 127.0.0.1 lubuntu-laptop.hh3.site lubuntu-laptop 127.0.1.1 localhost But it is sending a request for the wrong

Hi I'm trying to get an Ubuntu 14.04 client to update its rr to a working bind dns DC with Samba 4.1.7. The setup is the same as with our openSUSE clients with sssd 1.11.15 sssd.conf id_provider = ad auth_provider = ad access_provider = ad ldap_id_mapping = False /etc/hosts 127.0.0.1 lubuntu-laptop.hh3.site lubuntu-laptop 127.0.1.1 localhost But it is sending a request for the wrong

We have 3 ADCs based on Samba-4.7.4 (compiled from source,internal DNS)/ CentOS7: dcdo1,dcnh1 and dcge1. dcge1 holds all FSMO roles. The 3 ADCs are on different locations connected via IPSec based VPN. No traffic is filtered out. All 3 ADCs replicate fine except dcdo1 -->dcnh1. Symptom: [root at dcdo1 ~]# samba-tool drs replicate dcnh1.ad.kdu.com dcdo1.ad.kdu.com dc=ad,dc=kdu,dc=com

On Wed, 27 Dec 2017 13:00:05 +0100 "Dr. Johannes-Ulrich Menzebach via samba" <samba at lists.samba.org> wrote: > There is additional info in the logs of the source DC (dcdo1, log > level 2, manually triggered another replication): > ==================== > [2017/12/27 12:31:29.695121,  2] >

Hi all, James, After following James' suggestions fixing the several dbcheck errors, and having observed things for a few days, I'd like to update this issue, and hope for some new input again. :-) Summary: three DCs, all three running Version 4.5.10-SerNet-Debian-16.wheezy, samba-tool dbcheck --cross-ncs reports no errors, except for two (supposedly innocent) dangling forward links

Em 10-09-2018 10:43, Rowland Penny via samba escreveu: > On Mon, 10 Sep 2018 09:56:46 -0400 > spiderslack via samba <samba at lists.samba.org> wrote: > >> Hi, all >> >> >> I trying setting domain samba with bind9-DLZ. I followed the tutorial >> https://wiki.samba.org/index.php/Setting_up_Samba_as_an_Active_Directory_Domain_Controller, >> but not

Dear All, Need some help as I was trying to follow the guide below. https://wiki.samba.org/index.php/Samba4/HOWTO/Join_a_domain_as_a_DC Until the steps of ldbsearch -H /usr/local/samba/private/sam.ldb '(invocationid=*)' --cross-ncs objectguid and my ldbsearch reply with such a result. ldb: unable to dlopen /usr/lib64/samba/ldb/acl.so : /usr/lib64/ldb/libreplace.so: version

Hi, i have the same problem on samba 4.7.3 and 4.7.4. I start with 2 DCs and the sync works fine. After the join of a third DC mostly i get the WERR_DS_DRA_ACCESS_DENIED. I tested it for 10 times. in my case i have: DC1 (with any FSMO Roles) DC2 new join as DC: DC3 After the join, the sync from DC2 to DC3 fails. samba-tool drs replicate dc2 dc1 dc=gvcc,dc=net : OK samba-tool drs replicate

Hi, there is no firewall, all DCs are in the same subnet. here ist the output of a test, you can see, the CNAME guid entries in the _msdcs can be resolved on any DC: (DC1 and DC2 are the first and second DCs, SAMBA3 was added at last. ldbsearch -H /srv/samba/private/sam.ldb '(invocationId=*)' --cross-ncs objectguid # record 1 dn: CN=NTDS Settings,CN=DC2,CN=Servers,CN=Default-First-Site-

Hi all, Sernet Samba 4.2.2 as Active Directory on Debian 7.8. No other DC. I can't log in with on Windows systems (Windows 7) when samAccountName are longer than 20 characters. This seems to be a LAN MAN or NT4 limitation which should not happen on AD domain. Any idea what could leads my to that limitation? I can log in using administrator account or any other having a short (enough)

Hi everyone, A quick question: Is check password script option working for ad dc setup? I believe, ad on it's own cannot provide password protection against dictionaries.

Thank you Rowland!! Sorry about my ignorance. I guess I tried many different things and polluted the smb.conf file. I've removed every single line you mentioned off my smb.conf. Still the problem persists: MYDOMAIN\Administrator (S-1-5-21-1965676298-842383976-2353361141-500) is changing password of user2 at MYDOMAIN.org.ar [2017/04/21 12:05:42.233899, 3]

Heinz, I had exactly the same problem, and used ldbedit to apply the fix. Thanks for digging into this! Now I'm interested in the root cause as well ... Uli Am 16.01.2018 um 16:48 schrieb Heinz Hölzl via samba: > no, it seems to work!!! > > > i did a ldapmodify on DC2: > > ldapmodify -x -h dc2 -D cn=administrator,cn=users,dc=test,dc=net -W -f > serverReference.ldif

Hi, I had Samba 4.2.14 working as AD DC with shares. After upgrade to version 4.3.11 AD DC authentication, ADUC, etc, stopped working. Shares still work fine. OS. Oracle Linux 6.x with UEK, uptodate. Samba compiled from source. Upgrade procedure (nothing special): ./configure --enable-selftest make make install Testparm output: # Global parameters [global] workgroup = EXAMPLE realm =

Hello. Samba 4.1.0pre1-GIT-aad669b, joined as a DC to an existing domain. Windows 7 machines may fail to get a ticket: [2012/10/03 09:31:54, 3] ../source4/auth/kerberos/krb5_init_context.c:80(smb_krb5_debug_wrapper) Kerberos: AS-REQ con-11$@KLIN.KIFATO-MK.COM from ipv4:192.168.1.138:49682 for krbtgt/KLIN.KIFATO-MK.COM at KLIN.KIFATO-MK.COM [2012/10/03 09:31:54, 3]