Displaying 20 results from an estimated 1200 matches similar to: "Join AD fails DNS update"
2014 Sep 23
2
NFS4 with samba4 AD for authentication
It's probably difting slightly off the topic, but I know that there are
some people listening here, who have a decent expertise. I'm trying to
setup a file server (nfs4 at ad.domain) and mount from a client
(hunin at ad.domain) using the user database and especially Kerberos
provided by my AD (samba at ad.domain).
It already works nicely, if I forget about krb5, i.e. idmapd is
2014 Jun 29
2
Winbind does not read uidNumber
Well, seems like I hit every mudhole that could be on the way ...
root at samba4:/# getent passwd | grep mgr
mgr:*:10000:10000:Lars LH. Hanke:/home/AD/mgr:/bin/bash
root at samba4:/# ldapsearch -LLL -D
"CN=Administrator,CN=Users,DC=ad,DC=microsult,DC=de" -x -W '(uid=mgr)'
uid uidNumber gidNumber sAMAccountName name gecos
Enter LDAP Password:
dn: CN=Lars LH.
2014 Dec 29
2
samba_dlz Failed to configure reverse zone
And some more information about this strange effect apparently no-one
has seen before.
I now added the missing zone:
samba-tool dns zonecreate verdandi 10.16.172.in-addr.arpa -U Administrator
and it claims that the zone is okay, but the next one is missing:
Dec 29 10:31:12 verdandi named[2601]: Loading 'ad.microsult.de' using
driver dlopen
Dec 29 10:31:12 verdandi named[2601]:
2015 Jan 26
0
Very strange behaviour of the NAS
Recently I suddenly lose all permissions both for SMB and NFS4 on my
Synology NAS.And similarly after poking some time in muddy waters, it
suddenly works again. The NAS runs Samba 3.6.9.
What I found, when the permissions were gone:
1. id user still working, didn't work last time so I assume a caching
issue here
2. wbinfo -u same as above. This time still worked, last time only
reported
2015 Jan 28
1
[SOLVED] samba_dlz Failed to configure reverse zone
Last month I struggled with a severe DLZ issue and today I could solve
it. Credits for the important idea go to Peter Serbe, thanks!
I checked the DNS contents using RSAT. There was nothing wrong with SOA
nor NS entries, but the reverse zones were actually forward zones with
proper names in the in-addr.arpa. domain. I built proper reverse zones
and deleted the forward-reverse zones and Bind
2014 Aug 08
1
User disappears, when enabling RC2307
I'm trying to configure a Samba 3.6.6 file server running on a Synology
NAS to use uid/gid from RFC2307. The file server knows the users from
the AD, but it does not use the uid stored in the AD. The smb.conf:
[global]
printcap name=cups
winbind enum groups=yes
workgroup=AD
encrypt passwords=yes
security=ads
local master=no
2014 Jul 03
1
Strong cryptography for Kerberos available?
If I query the AD DC I see:
root at samba4:/# ldapsearch -H ldap://samba.ad.microsult.de -Y GSSAPI
'(sAMAccountName=mgr)'
SASL/GSSAPI authentication started
SASL username: Administrator at AD.MICROSULT.DE
SASL SSF: 56
SASL data security layer installed.
I would like to see SASL SSF: 112. Does anyone know whether and where
this can be configured?
Regards,
- lars.
2014 Dec 22
2
samba_dlz Failed to configure reverse zone
I just upgraded bind9 on my backup DC to 9.9.5-7-Debian and restarting
the service failed:
Dec 22 12:25:55 verdandi named[18534]: starting BIND 9.9.5-7-Debian -u
bind -4
Dec 22 12:25:55 verdandi named[18534]: built with '--prefix=/usr'
'--mandir=/usr/share/man' '--infodir=/usr/share/info'
'--sysconfdir=/etc/bind' '--localstatedir=/var'
2014 Jun 19
0
Samba-tool 4.1.7 crashes
Don't know whether this is known or has been fixed, already. I see a
reproducible crash of samba-tool when querying DNS (DLZ setup). I have
two different VMs. One called samba, which is the AD DC and another
called samba4, which is my toy for client setup.
Host samba4 cannot be resolved by DNS and it failed to add to the zone
during the join - but this is a different issue.
root at
2016 Jan 04
0
Log of DC replication error
Today I had another automatic restart of my secondary DC because
samba-tool drs showrepl showed errors. The restart was completed at
12:35. This is what I found in log.samba at log level 3:
[2016/01/04 12:33:47.201892, 3]
../source4/rpc_server/drsuapi/getncchanges.c:2007(dcesrv_drsuapi_DsGetNCChanges)
UpdateRefs on getncchanges for b19509be-c3ee-4a58-9fc9-afd61759a23f
[2016/01/04
2014 Sep 11
1
change primaryGroupID - unwilling to perform
My tool is growing fast and it takes me to the finishing line for
setting up my new user database. But nw I came across another strange issue:
I'd like to change the primaryGroupID. It is currently set to 513, which
simply does not exist. I wanted to set to 100, which exists and actually
the user is a member of this group, but then I get the following exception:
ldap.UNWILLING_TO_PERFORM:
2014 Oct 20
1
join fails: invalid server state
I'm launching the final phase of getting my new Samba4 AD DC productive.
I wanted to join the first real workstation, but it failed:
# net ads join -U Administrator
Enter Administrator's password:
Failed to join domain: failed to lookup DC info for domain
'AD.MICROSULT.DE' over rpc: Invalid server state
This issue was reported already here:
2015 Mar 12
3
AD DC out of sync
Hi Marc,
>> The cause is that the password change didn' reach both AD DCs, but only
>> one. The other one still had the old value as could be seen by
>> samba-tool ldapcmp. Restarting the DCs and waiting for a couple of
>> seconds brings them back to sync and Windows logons work as they used to.
>> Any idea, what I should do next time to obtain valuable output
2016 Oct 28
0
DNS not exactly fixed
After deletion and recreation of the reverse zone Bind9 started again.
Thanks to Rowland for the hint. However, bind complains that virtually
all zones are duplicate and thus at least one issue is ignored. Since
it's samba_dlz complaining there's either something wrong in the AD or
in the DLZ module. The Bind does not have any other zones than the DLZ.
I have trouble connecting
2015 May 18
0
AD DC Replication failure
I have 2 AD DC and apparently there is something wrong with the
replication. samba-tool drs showrepl returns kinda different information
for the two:
---8<-----------
First DC:
Default-First-Site-Name\SAMBA
DSA Options: 0x00000001
DSA object GUID: b19509be-c3ee-4a58-9fc9-afd61759a23f
DSA invocationId: 4f30d79d-2e9c-4235-88a1-c258b8622d23
==== INBOUND NEIGHBORS ====
2015 Apr 23
0
AD DC out of sync
It did happen again and this time I was a little less panicked and took
some time to figure out what happened.
On my primary DC (SAMBA) I did not notice anything extraordinary.
However, my secondary (VERDANDI) reported issues:
root at verdandi:~# samba-tool drs showrepl
Default-First-Site-Name\VERDANDI
DSA Options: 0x00000001
DSA object GUID: a03bbb51-1dca-44ae-a4d9-7aa8cb4a1ace
DSA
2014 Dec 29
0
samba_dlz Failed to configure reverse zone
On 29/12/14 09:40, Lars Hanke wrote:
> And some more information about this strange effect apparently no-one
> has seen before.
>
> I now added the missing zone:
>
> samba-tool dns zonecreate verdandi 10.16.172.in-addr.arpa -U
> Administrator
>
> and it claims that the zone is okay, but the next one is missing:
>
> Dec 29 10:31:12 verdandi named[2601]: Loading
2014 Dec 29
0
samba_dlz Failed to configure reverse zone
Just to clarify some things ...
the Bind9 and Samba4 are both current Debian Jessie on amd64. So the
applicable changelog would be
http://metadata.ftp-master.debian.org/changelogs//main/b/bind9/testing_changelog
Using 1:9.9.5.dfsg-6 the system worked nicely. Fixing a CVE pertaining
to recursion does not easily link to DLZ issues.
The system definitely has DLZ included. Otherwise it could not
2015 Mar 20
4
Debian Jessie AD DC w. BIND9 : DNS update fails for debian squeezy member server
I did not run that command at all. I did run samba-tool classicupgrade on
the DC after setting up ldap with my data. As far as I understand the
provisioning of the domain is done during that process. And on the other
machines provisioning must not be done, right?
On 20 Mar 2015 19:35, "Rowland Penny" <rowlandpenny at googlemail.com> wrote:
> On 20/03/15 18:28, Timo Altun wrote:
2014 Sep 10
0
Strange Kerberos issue
I run two Kerberos services in my network. The current production system
on domain @OLD using plain MIT and the upcoming samba4 server on domain
@AD.MICROSULT.DE. With both domains in the krb5.conf I can get tickets
from either domain.
However, I just try to setup a notebook as a reference system for the
workstation migration. Getting a ticket from samba4 fails:
kinit Administrator at