similar to: samba4.1 RODC with BIND as DNS backend

Is this a problem? Does this mean no replication links exist? michael at sles-bree:~> samba-tool drs showrepl -k yes Bree\SLES-BREE DSA Options: 0x00000025 DSA object GUID: 7ea641b0-d418-4c74-a4fa-c15b852467b8 DSA invocationId: 1017ff29-756c-4777-b395-b481f4b5387c ==== INBOUND NEIGHBORS ==== ==== OUTBOUND NEIGHBORS ==== ==== KCC CONNECTION OBJECTS ==== Connection -- Connection name:

We've joined an RODC to the domain (Windows 2008R2 running a W2003 FFL/DFL AD) but are getting these errors on first startup. It was joined with: samba-tool domain join main.adlab.netdirect.ca RODC --realm=main.adlab.netdirect.ca --username=administrator at main.adlab.netdirect.ca --dns-backend=BIND9_DLZ but we get these errors right after startup: Nov 28 12:35:27 sles-bree samba[3939]:

I was hoping this would be simpler. I'd like to prepopulate an RODC with all users accounts that are permitted. But I can only pre-populate one at a time: samba-tool rodc preload (<SID>|<DN>|<accountname>) sles-shire:~ # samba-tool group listmembers 'Allowed RODC Password Replication Group - Shire' Allowed RODC Password Replication Group - Global WIN7-SHIRE$ bilbo

OK! I'm getting farther and farther! :) I've managed to preload user and computer passwords onto a samba RODC: *sles-shire:/var/lib/samba/sysvol # samba-tool rodc preload 'win7-shire$' --server main.adlab.netdirect.ca** *Replicating DN CN=WIN7-SHIRE,CN=Computers,DC=main,DC=adlab,DC=netdirect,DC=ca Exop on[CN=WIN7-SHIRE,CN=Computers,DC=main,DC=adlab,DC=netdirect,DC=ca]

I just checked the SOA records on my samba DCs and noticed a few oddities: michael at sles-bree:~> for i in ad{1..4} sles-bree sles-shire; do host -t soa main.adlab.netdirect.ca $i | grep SOA; done main.adlab.netdirect.ca has SOA record ad1.main.adlab.netdirect.ca. hostmaster.main.adlab.netdirect.ca. 177 900 600 86400 3600 main.adlab.netdirect.ca has SOA record ad2.main.adlab.netdirect.ca.

I've set up a lab for testing Samba 4.1 as an RODC emulating a satellite office setup, using the sernet packages on SLES11SP2. ## Problem 1 samba_dnsupdate is failing: ==> /var/log/samba/log.samba <== [2013/11/18 13:22:37.416193, 0] ../lib/util/util_runcmd.c:317(samba_runcmd_io_handler) /usr/sbin/samba_dnsupdate: ; TSIG error with server: tsig verify failure [2013/11/18

I would like to get samba4 working with AD and rfc2307 attributes, while allowing the nice remote management available via samba4. Using sernet-samba packages on 4.1.3-7.el6.x86_64 CentOS 6. I have samba4 configured as follows: krb5.conf: [libdefaults] default_realm = MAIN.ADLAB.NETDIRECT.CA dns_lookup_realm = true dns_lookup_kdc = true ticket_lifetime = 24h renew_lifetime = 7d forwardable =

Hello, I'm trying to get samba4 up and running as a DC in a lab environment. I have a freshly installed AD environment (W2012R2 servers, W2008R2 functional level) and I'm trying to join samba4 to it as a domain controller. When I try, I get this: # samba-tool domain join ad.netdirect.ca DC -Uadministrator --realm=AD.NETDIRECT.CA -W AD Finding a writeable DC for domain

Hello all. I am currently working on setting an S4 domain to replace our aging samba 3 setup. We have found many answers on the net, in various documentation, but when it comes to setting up beyond one node documentation becomes a little thinner. We are setting up a Primary DC with AD, using BIND9_DLZ, also serving dhcp from Primary, and we want to setup a Secondary that is both a

I have my own custom schema for email that I have been using for years with courier_imap and exim. I am experimenting with dovecot and trying to set up my conf so that it logs in using the ldap database. In the dovecot-ldap.conf there is a section # Filter for user lookup. Some variables can be used (see # http://wiki.dovecot.org/Variables for full list): # %u - username # %n - user

I'm testing out our samba 4 migration process and when the initial forest/domain was created, it was created without using --use-rfc2307: sudo samba-tool domain provision --domain netdirect --function-level=2008_R2 --realm=ad.netdirect.ca Now that it's in place and we have machines joined, what do I need to do to add the unix attribute and NIS maps to an existing samba4 domain so

OK, I am running (for many years now) an existing courier_imap maildir ++ setup with exim as the MTA. Has been fine. I have my own custom ldap schema for user account definition and authorization. I installed dovecot 1.0 beta 7 as a test and have it listening on a different port. I would like, if possible, to set things up so that a user could use either dovecot or courier. Having to

Hi Samba documentation admins, one of the the examples given on this page https://wiki.samba.org/index.php/User_and_Group_management is incorrect and probably should be updated. The snippet of code in question: $ samba-tool user add fbaggins    --random-password --use-username-as-cn    --surname="Baggins" --given-name="Frodo"    --initials=S --mail-address=fbaggins at

hai, ? Wel after 2-3 days and a few reboots, im seeing the following message in my logs. ? ? named[8845]: samba b9_putrr: unhandled record type 0 ? Anybody knows whats going on now, nothing changed in my setup. Just installed the second DC, as first no errors. Now after a few reboots,? the same error as my first server. ? does anybody knows this error. ? I?did add a CNAME for my ntp server

Hi Everyone, My doubts are for Samba4.1 performance related enhancements (SMB2.1 / SMB3.0). My experimental samba server hardware is running 4.1 version. Want to improve robocopy WRITE throughput from a two samba client machines (win7 or win8 or server2012 x86 servers). Someone please advice me how can I use SMB2.1 or SMB3.0 capabilities to improve WRITE throughput. I tried samba4.1

We have a couple Samba4 AD domains we've implemented and I've noticed a difference between how users look when created via ADUC versus samba-tool. Created via ADUC, the following extra attributes are added: msSFU30Name: bilbo msSFU30NisDomain: netdirect unixHomeDirectory: /home/bilbo unixUserPassword: ABCD!efgh12345$67890 Created via samba-tool, the following extra attributes are added:

Although we (the authors of tinc) have done our best to make tinc as secure as possible, an unfortunate combination of encryption and key exchange techniques has created a hole in at least all versions of tinc >= 0.3, including the current CVS version. Exploit: If somebody can intercept the meta protocol to a host that is running a tinc daemon, it is possible to decrypt the passphrase, which

Although we (the authors of tinc) have done our best to make tinc as secure as possible, an unfortunate combination of encryption and key exchange techniques has created a hole in at least all versions of tinc >= 0.3, including the current CVS version. Exploit: If somebody can intercept the meta protocol to a host that is running a tinc daemon, it is possible to decrypt the passphrase, which

Hi, I bet this question was asked several times, but I'm honestly not able to find a solution. My samba4.1 (running on FreeBSD10) is part of a larger network/AD where I only have very restricted rights. Our network consists of a "toplevel" AD-Domain (top.foo.bar) and several "subdomains" (in my case: sub1.top.foo.bar), which have their own domaincontrollers (MS Windows

Hi, I would like to accelerate CURD operation of LDAP. Please let me know a tuning setup of OS or Samba. Although I am performing shift verification to Samba 4.1.12 from OpenLDAP 2.3, the CURD operation using a LDAP interface becomes 1/10 or less speed compared with OpenLDAP. Although this OpenLDAP is performing an optimized tuning setup, Samba is in the default state immediately after carrying