similar to: DC01 & DC02 differences?

Thank you, Rowland. Copied your simpler ntp.conf file into my member server. Made the appropriate changes. Restarted all the ntp service on all machines (just in case.) Ran 'ntpq -p' (on member server) and got the correct answer. Proper connection to DC's. --- ------------------------- Bob Wooden of Donelson Trophy 615.885.2846 (main) www.donelsontrophy.com [1] "Everyone

Copied Roweland's DC ntp.conf file into my two DC's. Restarted (all) ntp. Member still timing out! (I am starting to think that there is 'something' about the sernet packages that "they" do differently.) Rowland, Could I ask you to copy the ntp.conf from your client (appears to be your laptop) so I could review it's contents? --- ------------------------- Bob

I upped 1.0.4 of the script.. I added checks if no DC's are found, error message and exits script, so no python errors anymore, if i did it right. ;-) on both DC's do the following. and whats the output of : cat /etc/hosts cat /etc/resolv.conf and kinit Administrator SETDNSDOMAIN=`hostname -d` SETHOSTNAME=`hostname -s` SERVER_IP_ADRESS=`hostname -i` echo "Test domainname:

Made the suggested adjustments (4 locations in the member server ntp.conf file) and restarted ntp. Still (member server) timing out. Not sure what you mean about removing "server 0.debian.pool.ntp.org iburst" lines. Those on the DC's. Aren't they necessary? Running 'ntpq -p' on DC's results in correct response. --- ------------------------- Bob Wooden of

I went and got the newest (upped recently) script. No love. I removed the email address line to get more command line output. root at dc01:~# ./samba-check-db-repl.sh Running with with console output Running : /usr/bin/samba-tool ldapcmp --filter='whenChanged' ldap://dc01 ldap://dc02.dtsh***m.dt. Please wait.. this can take a while.. Failed to bind - LDAP error 49

I run "logcheck" on my servers and have noticed that my DC01 log has these: Feb 4 06:58:16 dc01 named[2096]: validating @0xb1c75c18: . NS: got insecure response; parent indicates it should be secure Feb 4 06:58:16 dc01 named[2096]: error (insecurity proof failed) resolving './NS/IN': 208.67.222.222#53 Feb 4 06:58:16 dc01 named[2096]: validating @0xb1c75c18: . NS: got insecure

I have two DC's running Version 4.1.16-SerNet-Debian-9.wheezy and a member server running Version 4.1.11-Debian. When I 'ntpq -p' from the member server I get: localhost: timed out, nothing received ***Request timed out Member server ntp.conf file: cat /etc/ntp.conf # Local clock (this is not the localhost address!) server 127.127.1.0 fudge 127.127.1.0 stratum 10 # The source,

When I run ./samba-check-db-repl.sh script I am getting the following: root at dc01:~# ./samba-check-db-repl.sh Failed to bind - LDAP error 49 LDAP_INVALID_CREDENTIALS - <SASL:[GSS-SPNEGO]: NT_STATUS_LOGON_FAILURE> <> Failed to connect to 'ldap://dc02.dtsh**m.dt.' with backend 'ldap': (null) ERROR(ldb): uncaught exception - None File

Once again, Bob is in 'the land of unknown bind knowledge.' What type of data am I adding? Shouldn't dns_update be run when adding the member server? Is this a "simple-bind-dn"? hum-m-m-m! --- ------------------------- Bob Wooden of Donelson Trophy 615.885.2846 (main) www.donelsontrophy.com [1] "Everyone deserves an award!!" On 2015-02-08 02:56,

W7 client domain member? yes. Logged in as domainAdministrator? yes. "SeDiskOperatorPrivilege" set? yes Read "/Setup_and_configure_file_shares_with_Windows_ACLs"? yes. --- ------------------------- Bob Wooden of Donelson Trophy 615.885.2846 (main) www.donelsontrophy.com [2] "Everyone deserves an award!!" On 2015-01-28 10:40, Marcel de Reuver wrote: >

I have been improving my DC. I now have a DC01, DC02 and a DCMEMBER01. All running sernet-samba 4.1.16 on Debian 7.8.0 thanks to Louis' (old) scripts. (Any linux client work has gone on hold, for the moment.) Next step was to adjust the file permissions as instructed on "Setup and configure file shares with Windows ACLs". When I access the "Computer Management" (thru ADUC

At one point, I thought the same. Tried a "sleep 5" and still got some failures. (That was before I started counting the fails.) This is a P4 3.2Ghz with 1Gb RAM. Could it be that sluggish (at that moment) and need a "sleep 10" or "sleep 15" or more? It worked on my VM (of course it is running on a multi-core Xeon processor so maybe a sleep?) I'm going to try

Thanks Rowland but that idea did not work. I will simply grant access to those that failed manually. (Really wish I had kept the VM that the scripthad worked on so I could go back and see what happened but, too late, I have already deleted to save precious hard drive space.) If I have any issues, I'll be back. --- ------------------------- Bob Wooden of Donelson Trophy 615.885.2846

No. What I did was change the first few to see what happens. And still the first 13 (this time, last time 17) failed. I am baffled why the first 11 to 17 fail (randomly) and the remainder receive "Successfully granted rights." --- ------------------------- Bob Wooden of Donelson Trophy 615.885.2846 (main) www.donelsontrophy.com [1] "Everyone deserves an award!!" On

On 08/02/15 19:03, Bob of Donelson Trophy wrote: > > > Okay!!! My member server ip address is 192.168.**.56 (static). > > When I run your command it is reporting the ip address of 192.168.**.55 > (which is my DC02 address.) > > So, I need to correct this. How do I remove the 'old member server' ip > address 192.168.**.55 reference and correct to 192.168.**.56?

I have setup 'profiles' and 'home share' per the instructions on Samba wiki. That seemed to go fine. When I moved on to 'folder re-direction' I tried to open GPO management on my W7 client and received a "User policy could not be updated successfully . . ." on the windows CP console. Started googling the error and ran into "samba-tool ntacl

Louis, I ran your "1-setup-sernet-samba4-ADDC-wheezy.sh" script and noticed this (during install:) ==========SE Privileges =============================== Enter administrator's password: Could not connect to server 127.0.0.1 Connection failed: NT_STATUS_CONNECTION_REFUSED This is my /etc/resolv.conf: root at dc01:~# cat /etc/resolv.conf search dts***m.dt nameserver

Here yau go: root at dc01:~# cat /etc/bind/named.conf.options // Defined ACL Begin acl thisserverip { 192.168.16.54; }; acl all-networks { 192.168.16.0/24; }; // Defined ACL End options { directory "/var/cache/bind"; version "0.0.7"; // If there is a firewall between you and nameservers you want // to talk to, you may need to fix the firewall to allow multiple //

Rowland, I think you have confused my email with a different thread. Uhm . . what? --- ------------------------- Bob Wooden of Donelson Trophy 615.885.2846 (main) www.donelsontrophy.com [1] "Everyone deserves an award!!" On 2015-01-29 07:30, Rowland Penny wrote: > On 29/01/15 12:54, Bob of Donelson Trophy wrote: > Rowland, I have tried your various alteration

Thanks Rowland. Being the novice that I am, I thought the line would 'pickup' my DOMAIN and replace the ${SAMBA_NT_DOMAIN}. So, I just tried the line correctly and it asked for my Administrator password and subsequently granted access. At least I know I can go and correct manually, if I need too. My /etc/resolv.conf is: root at dt01:~# cat /etc/resolv.conf search dts***m.dt