similar to: Samba 4.1 acting as RODC, how to fix TSIG and configure DNS?

We've joined an RODC to the domain (Windows 2008R2 running a W2003 FFL/DFL AD) but are getting these errors on first startup. It was joined with: samba-tool domain join main.adlab.netdirect.ca RODC --realm=main.adlab.netdirect.ca --username=administrator at main.adlab.netdirect.ca --dns-backend=BIND9_DLZ but we get these errors right after startup: Nov 28 12:35:27 sles-bree samba[3939]:

Is this a problem? Does this mean no replication links exist? michael at sles-bree:~> samba-tool drs showrepl -k yes Bree\SLES-BREE DSA Options: 0x00000025 DSA object GUID: 7ea641b0-d418-4c74-a4fa-c15b852467b8 DSA invocationId: 1017ff29-756c-4777-b395-b481f4b5387c ==== INBOUND NEIGHBORS ==== ==== OUTBOUND NEIGHBORS ==== ==== KCC CONNECTION OBJECTS ==== Connection -- Connection name:

I just checked the SOA records on my samba DCs and noticed a few oddities: michael at sles-bree:~> for i in ad{1..4} sles-bree sles-shire; do host -t soa main.adlab.netdirect.ca $i | grep SOA; done main.adlab.netdirect.ca has SOA record ad1.main.adlab.netdirect.ca. hostmaster.main.adlab.netdirect.ca. 177 900 600 86400 3600 main.adlab.netdirect.ca has SOA record ad2.main.adlab.netdirect.ca.

OK, further to my previous message I've configured BIND, but when I try to run samba_dnsupdate I get the following: Nov 18 16:19:23 sles-shire named[6112]: samba b9_putrr: unhandled record type 0 Nov 18 16:19:24 sles-shire named[6112]: samba_dlz: starting transaction on zone _msdcs.main.adlab.netdirect.ca Nov 18 16:19:24 sles-shire named[6112]: samba_dlz: disallowing update of

OK! I'm getting farther and farther! :) I've managed to preload user and computer passwords onto a samba RODC: *sles-shire:/var/lib/samba/sysvol # samba-tool rodc preload 'win7-shire$' --server main.adlab.netdirect.ca** *Replicating DN CN=WIN7-SHIRE,CN=Computers,DC=main,DC=adlab,DC=netdirect,DC=ca Exop on[CN=WIN7-SHIRE,CN=Computers,DC=main,DC=adlab,DC=netdirect,DC=ca]

I would like to get samba4 working with AD and rfc2307 attributes, while allowing the nice remote management available via samba4. Using sernet-samba packages on 4.1.3-7.el6.x86_64 CentOS 6. I have samba4 configured as follows: krb5.conf: [libdefaults] default_realm = MAIN.ADLAB.NETDIRECT.CA dns_lookup_realm = true dns_lookup_kdc = true ticket_lifetime = 24h renew_lifetime = 7d forwardable =

I was hoping this would be simpler. I'd like to prepopulate an RODC with all users accounts that are permitted. But I can only pre-populate one at a time: samba-tool rodc preload (<SID>|<DN>|<accountname>) sles-shire:~ # samba-tool group listmembers 'Allowed RODC Password Replication Group - Shire' Allowed RODC Password Replication Group - Global WIN7-SHIRE$ bilbo

Hello, I'm trying to get samba4 up and running as a DC in a lab environment. I have a freshly installed AD environment (W2012R2 servers, W2008R2 functional level) and I'm trying to join samba4 to it as a domain controller. When I try, I get this: # samba-tool domain join ad.netdirect.ca DC -Uadministrator --realm=AD.NETDIRECT.CA -W AD Finding a writeable DC for domain

I'm testing out our samba 4 migration process and when the initial forest/domain was created, it was created without using --use-rfc2307: sudo samba-tool domain provision --domain netdirect --function-level=2008_R2 --realm=ad.netdirect.ca Now that it's in place and we have machines joined, what do I need to do to add the unix attribute and NIS maps to an existing samba4 domain so

We have a couple Samba4 AD domains we've implemented and I've noticed a difference between how users look when created via ADUC versus samba-tool. Created via ADUC, the following extra attributes are added: msSFU30Name: bilbo msSFU30NisDomain: netdirect unixHomeDirectory: /home/bilbo unixUserPassword: ABCD!efgh12345$67890 Created via samba-tool, the following extra attributes are added:

I've configured a new RHEL DC with sernet samba 4.1.4 and a domain just upgraded from classic with an LDAP backend. I need to configure the DC with user accounts and since: * I can't use winbind on a DC * I can't use SSSD with the sernet packages it looks like the best thing to use is LDAP. I've configured it with: authconfig --enableldap --enableldapauth

Hi I am testing FC5 before upgrading my main server and I am getting errors with dovecot 1.0 beta3 - both the distributed RPM and also the one at ATrpms thunderbird (the distributed version which is thunderbird-1.5-6) I am running both dovecot and thunderbird on the same machine, pointing thunderbird at 127.0.0.1 for its imap server. The symptoms are an inability to access mail -

Hi One Wed I posted the following message and have had no replies. I am reposting as I think this is a Dovecot bug but I am not sure. If anyone can assist on this I'd be most grateful. Tks ----------------------------------------------------- Hi I am testing FC5 before upgrading my main server and I am getting errors with dovecot 1.0 beta3 - both the distributed RPM and also the

Hi guys, I'm about to replace an existing Windows Server 2003 Active Directory domain with Samba4 (package from Debian Wheezy). Joining the Samba4 dc according the Samba Wiki[1] is working great, replication works without errors from both worlds (windows or samba). After transferring the fsmo roles with ntdsutil to the samba4 domain controller (btw: does it matter if ntdsutil or samba-tool

Hi, I think the problem is in Dovecot. I'm using both Evolution and Thunderbird on a Gentoo box. One of my folders keeps locking up and the clients can't retrieve the messages. The situation appears to be triggered by trying to move a message into that folder. Deleting the index files (under /var/log/dovecot/xxx/) solves the problem (temporarily). I get these error messages in the

Hi all, We're still experimenting with the samba3 -> samba4 upgrade. Lot's of nice progression. :-) ANyway: my question is how to deal with the userPrincipalName AD field. The classicupgrade does not fill this field. Reading up on it, tells me that it appears to be required, and should be something like username at samba4.domain Is this correct? How do you generally deal with

Hi, Is the rsync-minimalist still supported for windows? I am using Windows XP Home. I am testing, to get a solution for a client. The minimalist looked very nice--a cygwin.dll and an rsync and an ssh.exe. However, I can connect with ssh, but not with rsync over ssh using these files. I have also tried plink from putty with this rsync. I gather from a lot of the messages that the consenus is

On 07/08/2019 23:17, Igor Sousa via samba wrote: > Hello everybody, > > I've had a samba environment with the following "brief" description: > > - There are 2 DC (*samba4 *and *samba4bkp*) running samba version 4.1.6 Ouch, using seriously old and EOL Samba versions is not a good idea. I would suggest you upgrade at regular intervals. > on my domain (*SMB*).

sure.. but we need some info.. OS used? compiled samba or binaries used from OS or Sernet Samba ? samba version? ( 4.1.17 ) The output of you bind9 config files. and the output of the smb.conf and the provisoning.. done how? best is the line u used. Greetz, Louis >-----Oorspronkelijk bericht----- >Van: johannesa at celluloid-vfx.com >[mailto:samba-bounces at

On 09/08/2019 21:19, Igor Sousa wrote: > Em qui, 8 de ago de 2019 ?s 04:30, Rowland penny via samba > <samba at lists.samba.org <mailto:samba at lists.samba.org>> escreveu: > > > What a lot of work you didn't need to do, 'samba-tool domain demote > --remove-other-dead-server=samba4bkp' would have done it for you ;-) > > Good to know it.