similar to: Tests with Secondary DC

27.06.2016 18:45, mathias dufresne: > Perhaps you don't have yet duplicate objectSid as that's not supposed to be > possible. > Rather than scripting something to look for objectSid used twice I would > start with dbcheck and other tools to verify that your database is > consistent and identical on all servers. [root at pdc ~]# samba-tool dbcheck Checking 3346 objects

Hai, Since your getting. finddcs: No matching server found > ERROR: Invalid IP address '3(NXDOMAIN)'! There is something wrong in the base of you setup. Check all DC's for ipnumbers (A) and PTR records. Dont forget to create the reverse zone yourself. https://wiki.samba.org/index.php/Samba_AD_DC_Troubleshooting

Thank you Rowland for these info. So no more issue with 4.2.3 and auto-replication : ) Cheers 2015-09-03 11:52 GMT+02:00 Rowland Penny <rowlandpenny241155 at gmail.com>: > On 03/09/15 09:59, mathias dufresne wrote: > >> Hi Mourik, >> >> whenChanged was replicated in my test once I did replicate in both way, so >> it seems to me it is supposed to be

Louis, Upgraded to 4.13 and running "samba-check-db-repl.sh" exits with: "No Samba NT DOMAIN Name found exitting now...: Complete output: > #!/bin/bash -v > > ## > ## Version : 1.0.8 > ## release d.d. : 24-03-2015 > ## Author : L. van Belle > ## E-mail : louis at van-belle.nl > ## Copyright : Free as free can be, copy it, change it if

Hi all! Today, after two years of production, I get this error: samba-tool user create test20160627 testpassword ERROR(ldb): Failed to add user 'test20160627': - ../lib/ldb/ldb_tdb/ldb_index.c:1216: Failed to re-index objectSid in CN=test20160627,CN=Users,DC=ad... - ../lib/ldb/ldb_tdb/ldb_index.c:1148: unique index violation on objectSid in CN=test20160627,CN=Users,DC=ad... Help me

I'm understand, why I get error about unique index violation on objectSid: samba-tool fsmo show RidAllocationMasterRole owner: CN=NTDS Settings,CN=PDC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=ad,... Last created object have objectSid S-1-5-21-763247336-2482037999-3416227170-2001 (it is record for computer) Last symbols is 2001, and last assigned RID is 2001: [root

On 28/06/16 12:05, Zhuchenko Valery wrote: > I'm understand, why I get error about unique index violation on objectSid: > > samba-tool fsmo show > RidAllocationMasterRole owner: CN=NTDS > Settings,CN=PDC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=ad,... > > Last created object have objectSid > S-1-5-21-763247336-2482037999-3416227170-2001 (it is

21.11.2016 12:32, L.P.H. van Belle via samba пишет: > Hai, > > Since your getting. > finddcs: No matching server found >> ERROR: Invalid IP address '3(NXDOMAIN)'! > There is something wrong in the base of you setup. yes, and it is a server own local hostname see "DC server own hostname must be part of ad dc domain?" thread your script relies on

Problems with Secondary DC My scenario: DC1 = = SRV14=primary DC + DHCP Bind9 DC2 = SRV15=secondary DC + Bind9 Both running Samba 4.4.5. Through the Group Policy Management, when switching DC, when I try to connect to DC2, I get error message: "There was an error processing to collect data using this base domain controller. Change the base domain controller and try again." When

Hi Valery, First thank you for this detailed information about your searches. I find them very interesting. Here I'm thinking of two workarounds. The first one would be to list deleted objects RIDs, to verify RID=2002 is really the last one used, being sure there is no deleted object with RID=2003 and so on. Then once you get the last RID used, you could change RidNextRid to match this

On my site with samba 4.18 on centos 6: 'samba-tool ldapcmp ldap://DC1 ldap://DC2 -Uadministrator' failed with this result msDS-NC Type failed : [root at s4master ~]# samba-tool ldapcmp ldap://s4master ldap://s4slave -Uadministrator Password for [TPLK\administrator]: * Comparing [DOMAIN] context... * Objects to be compared: 606 Comparing: 'CN=Builtin,DC=tplk,DC=loc'

I want to create another DC in my network. Today, my DC is Debian 7 with Samba 4.2.1 compiled (source package). Are ther problem if I install another DC with Debian 8 and Samba 4.1.17 (apt-get -t backports)? I will follow the tutorial below: https://wiki.samba.org/index.php/Join_a_domain_as_a_DC Regards, Márcio

Hi Mourik, whenChanged was replicated in my test once I did replicate in both way, so it seems to me it is supposed to be replicated... Then the fact it is not always replicated seems to me an issue. Perhaps a bug report for these two issue (whenChanged not always replicated and ldapcmp hanging once DB is too much filled) would be the right way to proceed... Cheers, mat 2015-09-03 10:42

Hi all, I have just updated our dc's from sernet 4.1.11 to sernet 4.1.12. And suddenly since that update, we're getting many ldapcmp failures on the attribute 'whenChanged'. In 4.1.11 life was good, and ldapcmp reported no differences at all. Here is a sample: (dc2 <-> dc3) Comparing: 'CN=podcast,CN=Users,DC=samba,DC=company,DC=com' [ldap://dc2]

Morning, On a DC: [root at BPCTASRVSDC003 ~]# samba-tool drs showrepl | grep failure 0 consecutive failure(s). 0 consecutive failure(s). 0 consecutive failure(s). 0 consecutive failure(s). 0 consecutive failure(s). 0 consecutive failure(s). 0 consecutive failure(s). 0 consecutive failure(s). 0 consecutive failure(s). 0 consecutive failure(s). 0 consecutive failure(s). 0

Seems to relate to kerberos. I cannot "kinit administrator". Returns "kinit cannot contact KDC for realm 'subdom.example.com' while getting initial credentials." "samba-info.sh" script returns 'NT_STATUS_CONNECTION_REFUSED' and that 'ERROR: invalid ip address for dc1.subdom.example.com' (Sorry on my laptop. Difficult to copy & paste

Hi all, It seems "samba-tool ldapcmp" does not support too much items in Samba's database. Playing for a while with DB I was never able to run ldapcmp successfully. So yesterday I installed a platform to fill piece by piece my two small DCs and to run ldapcmp. The process follows. Test platform: 2 DCs using Debian 8.1 "net install" with only system tools, up to date,

Hello, Checking on the health of my DC's I ran samba-tool ldapcmp ldap://DC1 ldap://DC2 -Uadministrator This returned several failure results for both Domain and Configuration. Similar to the following Comparing: 'CN=Incoming Forest Trust Builders,CN=Builtin,DC=domain,DC=local' [ldap://dc1] 'CN=Incoming Forest Trust Builders,CN=Builtin,DC=domain,DC=local' [ldap://dc2]

Hi all! I'm attempting to configure sudo rights from Samba ldap. Alas, libsssd_samba receives 0 rules and config doesn't work. I think I have the problem identified here but I don't understand why. The way sssd_sudo searches for sudoers leave all important attributes out and of course filtering then fails. Can you help me to understand why following search results are so different (and

Hi, I'm having hard time getting sssd_sudo to work: when sssd_sudo accesses Samba ldap with host principal 'dc1$@teemu.local' it can't read necessary attributes like objectclass: sudoRole. When accessing as Administrator all attributes are shown. How can I enable other users then Administrator to access sudoers' attributes? Below is an example. [root at dc1 var]# kinit