similar to: keytab question.

Hai, ? Just a question . Why are the Principals in the dns.keytab?? different from what is in the named.conf.update file. ? ktutil:? rkt /var/lib/samba/private/dns.keytab ktutil:? list slot KVNO Principal ---- ---- --------------------------------------------------------------------- ?? 1??? 1 DNS/rtd-dc1.INTERNAL.DOMAIN.TLD at INTERNAL.DOMAIN.TLD ?? 2??? 1????????? dns-rtd-dc1 at

> On Sep 14, 2016, at 12:57 PM, Achim Gottinger <achim at ag-web.biz> wrote: > > > > Am 14.09.2016 um 18:23 schrieb Michael A Weber: >> >>> On Sep 14, 2016, at 10:44 AM, Achim Gottinger via samba <samba at lists.samba.org <mailto:samba at lists.samba.org>> wrote: >>> >>> >>> >>> Am 14.09.2016 um 05:53

hai, ? I just noticed, after my pc woke up my A record disapearred. of my 64bit windows. ? ? Mar? 5 15:43:13 rtd-dc1 named[3717]: samba_dlz: starting transaction on zone INTERNAL.DOMAIN.TLD Mar? 5 15:43:13 rtd-dc1 named[3717]: client 10.249.250.64#49271: update 'INTERNAL.DOMAIN.TLD/IN' denied Mar? 5 15:43:13 rtd-dc1 named[3717]: samba_dlz: cancelling transaction on zone

i will do so.... thanks Am 25.01.2017 um 08:46 schrieb L.P.H. van Belle via samba: > Still > > Check this line from you named config. > > include "/etc/bind/named.conf.default-zones"; > > This can cause an overlap in the zones, so be carefull with that one. > > > Greetz, > > Louis > > >> -----Oorspronkelijk bericht----- >> Van: samba

Hai,   Seeing : > Jan 23 14:55:40 samba01 named[3279]: samba_dlz: configured writeable > zone '168.192.in-addr.arpa' > Jan 23 14:55:40 samba01 named[3279]: zone local.laurenz.ws/NONE: has no > NS records > Jan 23 14:55:40 samba01 named[3279]: samba_dlz: Failed to configure zone > 'local.laurenz.ws'   Normaly you should see first the local.laurenz.ws

> On Sep 14, 2016, at 10:44 AM, Achim Gottinger via samba <samba at lists.samba.org> wrote: > > > > Am 14.09.2016 um 05:53 schrieb Michael A Weber via samba: >> Experts— >> >> I’m attempting to export a keytab for a created SPN on the AD DC machine but I’m receiving an error: >> >> ERROR(runtime): uncaught exception - Key table entry not

Yes, offcourse, the 172.19 is a "bad" example. I suggest we use the official RFC 1918 zones. 10.0.0.0/8 172.16.0.0/12 192.168.0.0/16 And for example 192.168.0.0/24 as extra, or people get confused. ;-) Greetz, Louis > -----Oorspronkelijk bericht----- > Van: samba [mailto:samba-bounces at lists.samba.org] Namens > Rowland penny via samba > Verzonden: woensdag 7

Hai, ? I have automated the install of my member server. Followed the wiki : https://wiki.samba.org/index.php/Samba/Domain_Member? ? Everything works nicely, but...?.. read on..? ;-) ? ok, so wiki says: https://wiki.samba.org/index.php/Setup_and_configure_file_shares? ? and now im at the point : SeDiskOperatorPrivilege and .. for the DC's installed this worked without problems... ? but

Hello, I'm currently running a test setup with Samba4 internal DNS (Version 4.1.5 from Debian backports) and 2 clients (Linux and a Windows). Everything seems to work so far. However, I do not manage to get automatic PTR generation working. I'm using the internal DNS at the moment, but I wouldn't mind changing to bind if this will make it work. While reverse DNS seem to work with

Hai.. ? Just tested an upgrade of 4.1.17 to 4.2.1? result... Fail.. ? setup, Debian wheezy, sernet samba packages. 2 clean installed DC's? and 1 windows 7 pc joined. resolv.conf setup? DC1 : namserver DC2 then DC1. DC2:? namserver DC1 then DC2. ? stopped samba on both servers. upgraded the packages on both servers. ? started samba on DC1 ( the one with fsmo roles ) waited 5 min.

Hai, Someone called me called?? I did a quick read here in this thread.. The upn part is done, so your almost there. You need to make sure your DNS is working as it should. To check on the proxy with dig a hostname.FQDN. dig -x ip_the_server Test this for the DC hostnames/ips also. If that all ok, you can try these settings in squid # For squid ( works for me as of squid 3.2 up to 3.5

Hello, I try to setup Dovecot with Kerberos/GSSAPI and use this howto: https://wiki.samba.org/index.php/Authenticating_Dovecot_against_Active_Directory#Create_the_Dovecot_user_and_keytab I also try https://wiki.dovecot.org/Authentication/Kerberos I can login as windows user on win7 and access shares. When I open Thunderbird I get the message: "kerberos/gssapi ticket was not accepted"

I suspect a zone overlap. Did you add an extra zone manualy in bind? Or something like this... You added : Zone1.Domain.TLD and then Domain.TLD But then with the reverse zones. Because this : > Jan 20 13:58:09 samba02 named[10811]: zone 2.168.192.in-addr.arpa/NONE: > has no NS records Does not look likes the samba_DLZ log lines but a pure bind log line. Review you bind config and

Hai, ? I have some strange things and i cant figure out whats going on. The problem is the my domain users and the extra Domain Admin ( Admin )? cant access my member server ( and shares ) ? ? When?i login with the DOMAIN\Administrator it all works fine, can access all shares not popups with authorisation requests. ? but as DOMAIN\Admin ( has the same rights as domain Administrator ), is added

On 7/13/2020 2:43 AM, L.P.H. van Belle via samba wrote: > samba-tool dns query rtd-dc1 0.168.192.in-addr.arpa @ ALL -U administrator I overlooked this check string the other day. Ran it just now and got the following: root at dc1:~# samba-tool dns query rtd-dc1 0.168.192.in-addr.arpa @ ALL -U administrator ERROR: Connecting to DNS RPC server rtd-dc1 failed with (3221225524, 'The object

Am 14.09.2016 um 18:23 schrieb Michael A Weber: > >> On Sep 14, 2016, at 10:44 AM, Achim Gottinger via samba >> <samba at lists.samba.org <mailto:samba at lists.samba.org>> wrote: >> >> >> >> Am 14.09.2016 um 05:53 schrieb Michael A Weber via samba: >>> Experts— >>> >>> I’m attempting to export a keytab for a created

Hi! I maintain Linux servers that are members of a Samba4 Domain. User authentication / login via ssh works fine with Kerberos. But: only via one hostname. Those machines need a working Kerberos login via multiple hostnames (each hostname has its own IP address and DNS is set up correctly.) "net ads keytab list" of course gives me the main hostname that was in use when joining the

i found the following also .. Aug 7 08:44:10 rtd-print1 autofs[15991]: Starting automount.... Aug 7 08:48:26 rtd-print1 autofs[16291]: Stopping automount.... Aug 7 08:48:27 rtd-print1 automount[16302]: syntax error in map near [ * server.internal.domain.tld: ] Aug 7 08:48:27 rtd-print1 autofs[16297]: Starting automount.... Aug 7 08:48:46 rtd-print1 rpcbind: rpcbind terminating on signal.

Ok, you did to much as far i can tell. You want to see this: i'll show my output, then i is better to see what i mean. this is where you start with. klist -ke |sort ( default member ) ---- -------------------------------------------------------------------------- 3 host/HOSTNAME1 at REALM.DOMAIN.TLD (aes128-cts-hmac-sha1-96) 3 host/HOSTNAME1 at REALM.DOMAIN.TLD

Hi Marcel thx. for your fast response. I didn't manage to follow up sooner. I had already verbose logging turned on but I don't seem to find the real reason, why the domain controller searchs for a userPrincipalName instead of servicePrincipalName. Because I wasn't sure whether it is the nfs client process or the server process that failed to get the kerberos ticket when I tried the