similar to: content of sam.ldb vs sam.ldb.d/DC=MYDOMAIN,DC=LAN

Hi Garming, > As far I know, all this should work as you would expect. Quite recently, > Andrew Bartlett and I went about testing some of the behaviour of the > KDC and confirming behaviour such as RODC ticket forwarding. thanks for the input. It gives me hope to dig deeper! I have some more time to spend on this issue today, I gonna try some more scenario. > The one thing to check

Hi everyone, I would like to have some input on ressources access from a workstation logged on a RODC server that has to connect on hub site servers. After login in the remote windows workstation, I have LOGONSERVER environment variable set to the local RODC server (workstation and user credentials have been preloaded). Everything works fine on local server. However if I want to connect to

Hi Garming, > > If you don't make much progress on your own, one thing you could do is > turn up the logging level and send in some logs and network traces > (and the steps you took). This is usually the easiest way to diagnose > any obvious issues and gives a much better sense of what is actually > happening. sorry to come back to you so late... It seems inded to be some

Hi Denis, Thanks for your advices. I have in mind about your kerberos problem in a large environment but i was thinking about problem occuring at 20 and more DCC's So last night, i modified all my krb5.conf (DC and file server) as you suggest but problem persist. root at dc111:~# samba-tool domain join pr.educationetformation.fr DC -U administrator --realm=PR.EDUCATIONETFORMATION.FR -W PR

Hi Denis I have upgraded my samba DC-1 from 4.6.12 to 4.7.4 which has solved the replication issues between DC-1 and DC-2. Now both the DC's are running on 4.7.4. Like Rowland said previously, you should remove all RODC that have been installed prior to Samba 4.7. There are many fixes that have been added since 4.6. Before I remove my RODC's I like to clear out few doubts: 1. Instead of

Hi Jordi, > I'm trying to add new DC to my existent domain (18 Samba4 DC) but this time, domain join stuck after setting account password. > I have tried so many things but at this point, i really don't know what to do. > > I can see the new dc111 computer object on smb4dc serveur but the object is disable. > If someone have an idea... Could you try to see if it gets

Denis, Thank you for the information. I was under the impression that authentication was done through LDAP. I'm not sure what led me to this belief/understanding. How can I confirm that indeed my Linux member server is authenticating with Kerberos, and that it is encrypted? Is Kerberos traffic always encrypted? Thanks, Tim On Mon, Jan 15, 2018 at 10:37 AM, Denis Cardon <dcardon at

Hi Harsh, > Thanks for your response without your crystal ball. > > I have increased the log level =9 dns:0 on both the servers. It > replicates successfully by manually running the command > samba-tool drs replicate SERVER2 SERVER1 dc=iumnet,dc=edu,dc=na --full-sync --full-sync copy the whole partition and may hide problems. If there is a corrupted entry in it, I guess it may

Hi Harsh, > Thanks for the suggestion to trim the smb.conf after which the DC-1 is > connecting to the Windows Server 2008 shared folder smbclient -k > //IUMSVRAPP01/Pastel12 -d 9 > and DC-2 is also connecting after using the DNS name of the Windows server. > > *You'd better switch your DNS to Bind-DLZ. Internal DNS is not that good > for larger site (looking at your DNS

Hello Denis, I checked all the attributes and objectclass defined in /usr/share/samba/setup/ad-schema/MS-AD_Schema_2K8_R2_Attributes.txt and /usr/share/samba/setup/ad-schema/MS-AD_Schema_2K8_R2_Classes.txt exists in my samba 4 ldap. Nothing is missing. Can you give me some inputs to "recreate a Samba 4.7 domain with same SID by piping in all the objects" ?

Hi Harsh, > > Thanks for your advise I will not use these wordings here. thanks! > Please check the result below when I run the command on the DC-1 when > DC-2 is off or on > smbclient -k //IUMSVRAPP01/Pastel12 -d 9 > ... > session setup failed: NT_STATUS_INVALID_PARAMETER_MIX Looking at this message, I would start with doing some cleanup in your smb.conf. I would trim

Hi Denis. Since we have "tricky" people working on the Linux machines we prefer NFS because it's less hassle to mount and requires no credentials. Basically because of the users we tend to choose the easiest possible way for them to access the needed resources. I guess pam-script module mounting is exactly for this purpose, but I'll to research more since I'm not familiar

Hi Dirk, Le 11/03/2017 à 05:07 PM, Dirk Laurenz a écrit : > Nope, but that was not the problem... > > > root at samba01:~# dpkg -l | grep python-dns > root at samba01:~# apt-get install python-dns ouch, my fault, I think it should have been python-dnspython By the way, what samba package are you using? python-dnspython should be a dependency of samba package (at least it is in

Nope, but that was not the problem... root at samba01:~# dpkg -l | grep python-dns root at samba01:~# apt-get install python-dns Reading package lists... Done Building dependency tree Reading state information... Done The following NEW packages will be installed: python-dns 0 upgraded, 1 newly installed, 0 to remove and 0 not upgraded. Need to get 28.7 kB of archives. After this operation, 135

Hi, If you don't make much progress on your own, one thing you could do is turn up the logging level and send in some logs and network traces (and the steps you took). This is usually the easiest way to diagnose any obvious issues and gives a much better sense of what is actually happening. One other thing is that we generally recommend against .LOCAL domains although I would have no

Hi Denis & Rowland Thanks for the suggestion to trim the smb.conf after which the DC-1 is connecting to the Windows Server 2008 shared folder smbclient -k //IUMSVRAPP01/Pastel12 -d 9 and DC-2 is also connecting after using the DNS name of the Windows server. *You'd better switch your DNS to Bind-DLZ. Internal DNS is not that good for larger site (looking at your DNS domain name, I guess

mmm Very interesting. and...if i have 3 DCS and i change the passwords in principal but, the audit is in other DC, I suppose that by replicating the change in the other DCS the auditor will work, right? El mié., 26 sept. 2018 a las 13:54, Denis Cardon (<dcardon at tranquil.it>) escribió: > Hi > > > Good morning people from Argentine. > > > > again bothering with a

Hi Frederik, > I provisioned a new domain with "--use-rfc2307" as I want to use the > "ad" idmap backend on my domain members. unless you have really specific requirements, you should really stick with RID mapping, it will be easier on the long run. > I am thinking of mapping the "Administrator" account to UID 10000 > (this is where my UID range for

Hi Denis Thanks for your response without your crystal ball. I have increased the log level =9 dns:0 on both the servers. It replicates successfully by manually running the command samba-tool drs replicate SERVER2 SERVER1 dc=iumnet,dc=edu,dc=na --full-sync but it is still failing when I check from the samba-tool drs showrepl Also I run samba-tool dbcheck --cross-ncs --fix on both the servers

Ok I did the test of joining a new samba 4.7.5 as a domain controller. Unfortunatly we have the exact same error using dcpromo ! So now I need help to "recreate a Samba 4.7 domain with same SID by piping in all the objects". --------------------------------------------- Christophe Borivant Responsable d'exploitation informatique +33 5 62 20 71 71 (Poste 503) Devinlec - Groupe