similar to: TKEY is unacceptable

Roland, Thank you very much for your attention to this. You should get a medal for all the help you give everyone on this list. On Sun, 10 May 2015, Rowland Penny wrote: > Why ? And why don't they show up when you ask for the zones with samba-tool ? I have that many subnets. As for why they don't show up: they are defined in BIND's configuration and not samba's; they never

On Sun, 10 May 2015, Rowland Penny wrote: > Have you really got 19 reverse zones for your samba 4 active directory ? Yep :-) > Can you try running 'samba-tool ldapcmp ldap://<YOUR_FIRST_DC> ldap://<YOUR_SECOND_DC> Interesting. DC1 and DC2 have many differences; DC1 and DC3 are the same. Maybe I will demote DC2 and join it again. > Check if you actually have dns

On Sun, 10 May 2015, Rowland Penny wrote: > You definitely seem to have problems there. Indeed I do :-( > You do know that there are 7 (yes seven) fsmoroles ? Oh crap. I checked on the original DC before I demoted it, and there were only 5 displayed, so I thought that was all I should have. At least, I transferred -all roles, and only those 5 made it. This is going to be a pain to

Samba 4.0.0, CentOS 6.4, bind 9.9 DLZ. I could use some help debugging a strange DNS issue. I have two Samba4 domain controllers, dc-1.europa.icse.cornell.edu and dc-2.europa.icse.cornell.edu. On either dc-1 or dc-2 or any client host: # host dc-1.europa.icse.cornell.edu dc-2 dc-1.europa.icse.cornell.edu has address 192.168.15.250 dc-1.europa.icse.cornell.edu has address 192.168.3.250

Samba 4.1.16, Centos 6.6 x86-64, BIND_DLZ 9.9. I have three AD DC's that were functioning normally. However, today I restarted BIND on one node, and it failed to start with this message in the log (names changed): May 10 07:02:49 benford named[6767]: Loading 'AD DNS Zone' using driver dlopen May 10 07:02:49 benford named[6767]: samba_dlz: started for DN DC=samdom,DC=example,DC=com May

On Sun, 10 May 2015, Rowland Penny wrote: > can you post your named conf files. Sure. This is samba's: dlz "AD DNS Zone" { database "dlopen /mnt/domain/samba/europa/lib/bind9/dlz_bind9_9.so"; }; and this is BIND's (notice the last line commented out): options { directory "/var/named"; dump-file "/var/named/data/cache_dump.db";

On 10/05/15 15:34, Steve Thompson wrote: > On Sun, 10 May 2015, Rowland Penny wrote: > >> Have you really got 19 reverse zones for your samba 4 active directory ? > > Yep :-) Why ? And why don't they show up when you ask for the zones with samba-tool ? > >> Can you try running 'samba-tool ldapcmp ldap://<YOUR_FIRST_DC> >>

On 10/05/15 16:08, Steve Thompson wrote: > Roland, > > Thank you very much for your attention to this. You should get a medal > for all the help you give everyone on this list. > > On Sun, 10 May 2015, Rowland Penny wrote: > >> Why ? And why don't they show up when you ask for the zones with >> samba-tool ? > > I have that many subnets. As for why they

In CentOS 5.7 and earlier versions, an alias interface is defined via ifcfg-<interface>:foo which contains "ONBOOT=no". The ONBOOT setting appears to be ignored, and the interface always starts when the system boots or if networking is restarted. This is a serious bug that seems to date back many years (I found references in 2005). Anyone know why it hasn't been fixed, or

Samba 4.0.0beta4, CentOS 6.3 (openldap 2.4.23-26.el6), samba-generated krb5.conf. I have joined a Linux client to the samba4 domain and extracted the kerberos5 keytab (using "kerberos method = system keytab"): # kinit Administrator (succeeds) # net ads join createupn=host/<client.fqdn>@REALM -k (succeeds) # net ads keytab create (succeeds) # net ads testjoin (is OK) #

On 10/05/15 12:18, Steve Thompson wrote: > Samba 4.1.16, Centos 6.6 x86-64, BIND_DLZ 9.9. I have three AD DC's that > were functioning normally. However, today I restarted BIND on one node, > and it failed to start with this message in the log (names changed): > > May 10 07:02:49 benford named[6767]: Loading 'AD DNS Zone' using > driver dlopen > May 10 07:02:49

This idea is intruiging... Suppose one has a set of file servers called A, B, C, D, and so forth, all running CentOS 6.5 64-bit, all being interconnected with 10GbE. These file servers can be divided into identical pairs, so A is the same configuration (diks, processors, etc) as B, C the same as D, and so forth (because this is what I have; there are ten servers in all). Each file server has

Short story: cannot get Kerberized NFSv4 to work. I've googled a great deal and cannot find where I have goofed (and there sure is a lot of misleading and just plain incorrect information out there), so would appreciate another pair of eyes. NFSv4 without Kerberos does work fine, as does ID mapping. We're using NFSv4 in production with sec=sys, but I'm not happy with that. My

Short story: cannot get Kerberized NFSv4 to work. I've googled a great deal and cannot find where I have goofed (and there sure is a lot of misleading and just plain incorrect information out there), so would appreciate another pair of eyes. NFSv4 without Kerberos does work fine, as does ID mapping. We're using NFSv4 in production with sec=sys, but I'm not happy with that. My

On Sun, 10 May 2015, Rowland Penny wrote: > It might not be as bad as what you think, do you have the two DNs ? > > ldbedit -e nano -H /var/lib/samba/private/sam.ldb -b > "CN=Infrastructure,DC=DomainDnsZones,DC=europa,DC=icse,DC=cornell,DC=edu" Yes, I have both of the dn's. However, neither of them have an fSMORoleOwner attribute. That I will fix and report back.

CentOS 5.2 with OpenLDAP 2.3.27, nss_ldap_253.13, using TLS, i686 and x86_64. If a user with an expired password (shadowLastChange + shadowMax < current day) logs in to a system where ldap.conf points first to a consumer-only LDAP server, the password change operation (exop) proceeds and fails with: LDAP password information update failed: Referral If I comment out "ssl

OK, I had this working a few days ago, but have evidently changed something that I cannot locate. Someone hit me with their 2x4. Samba 3.0.22, Fedora Core 4, ldapsam (OpenLDAP 2.3.24). smbd will not start, with the "ERROR: failed to setup guest info" error (I have "guest account = guest", which is a valid user with correct info in LDAP): ldap_connect_system: Binding to ldap

On 10/05/15 12:49, Steve Thompson wrote: > On Sun, 10 May 2015, Rowland Penny wrote: > >> can you post your named conf files. > > Sure. This is samba's: > > dlz "AD DNS Zone" { > database "dlopen /mnt/domain/samba/europa/lib/bind9/dlz_bind9_9.so"; > }; > > and this is BIND's (notice the last line commented out): > > options

I have a pair of CentOS 6.4 servers running Samba 4.0.3 as DC, and a set of member file servers, also CentOS 6, running Samba 3.6.9, joined to the Samba4 domain and running sssd. Birds sing and violins play. Everyone is happy. Until... A share definition such as: [g_sysmgr] path = /fs/europa/g_sysmgr valid users = +sysgrp works fine from both Linux and Windows clients, eg: %

CentOS 6.4 x86_64, Samba 3.6.9 on member servers, joined to a Samba 4.0.3 AD domain. I am attempting to use the Samba3 member server ("TS-1") as a print server. While CUPS works well, I cannot upload any drivers ("access denied"), and I cannot see any drivers in the [print$] share, even though I have populated these from a functioning Samba3 domain. I can map the