similar to: Verify that user replication between master and slave through the logs?

On 01/09/15 22:50, Elias Pereira wrote: > Hello guys, > > On my other e-mail does not properly explain what I was looking for. > > I made the data replication between two domain controllers Samba 4. At this > point everything is okay. When I create a user, for example in master, > after a few seconds the slave already have this user. > > What I want to know is how can I

Hello, - In my domain I have 2 DCs. dc1 ... dc2 ... - Both configured as bind_dlz I set up the reverse zone on dc1. The doubt: Do I need to configure on dc2 or is it automatically replicated? Another question: >From what I've been reading, the two binds do not work as master and slave but as multi-master, correct? If so, how do I get dc2 updated with every dc1 change, if need

On 20/09/2020 15:31, Elias Pereira via samba wrote: >> But, the error with the replication still occurs. I thought the replication >> error was linked to the ghost entry error. >> # samba-tool drs replicate DC3 DC4 dc=campus,dc=company,dc=br --full-sync >> --sync-forced >> ERROR(<class 'samba.drs_utils.drsException'>): DsReplicaSync failed - >>

Rowland, Can I use AD bind as slave for some zones of our bind master server? On Wed, May 17, 2017 at 1:00 PM, Rowland Penny <rpenny at samba.org> wrote: > On Wed, 17 May 2017 11:59:21 -0300 > Elias Pereira via samba <samba at lists.samba.org> wrote: > > > > > > > Is anything else listening on port 53 ? > > > > > > I don't think so.

hello folks, About ad sites, would work on an infrastructure as shown in the link image below? https://i.imgur.com/tYoxaYi.png The subnets (public IP) for communication is different on each others, of course. :D -- Elias Pereira

You do what you want! The point is the clients must resolve everything. You have two options: A - client resolver is non-DC DNS server: here the non-DC DNS server must be configured to forward DNS requests about AD to AD DNS servers (to DCs) B - client resolver is AD DNS server: here AD DNS server(s) used as resolver(s) must be configured to forward any non-AD DNS request to non-DC DNS server.

On 21/09/2020 00:35, Elias Pereira via samba wrote: > No errors occur, but still not replicating. It is not of all entries. > > For example, there are some users that the groups they are part, differ > between the two DCs. > > In the link below there is a diff between groups of a specific user. > # ldbsearch -H /var/lib/samba/private/sam.ldb "(samAccountName=125202)"

Ok. I understood your explanations, but I do not know where else I can get information about it. I thought that this functionality between an existing dns server and the dns server that samba provided was not so complicated! On Wed, May 17, 2017 at 4:35 PM, Rowland Penny via samba < samba at lists.samba.org> wrote: > On Wed, 17 May 2017 15:54:20 -0300 > Elias Pereira via samba

Here we (the DNS team of our company, not me ;) chose the zone type forward as it is the way DNS works (one resolver on client system, this resolver will forward requests to others DNS server to get answer) and also because that seemed to them the strongest against failure: there is no data stored on the client resolver, there can't be corrupted data on this DNS server when with masters /

On 20/09/2020 00:30, Elias Pereira via samba wrote: > hi, > > I listed the 0ADEL entries with the command below and didn't find the > object. > # ldbsearch --cross-ncs --show-deleted -H /var/lib/samba/private/sam.ldb | > grep "\0ADEL" > > I tried to delete using the command below, but it says it doesn't exist. > # ldbdel -H

hello, We have some computers with ubuntu that are in the domain. They are configured through a package called C.I.D because it saves configuration time. When removing the unix client directly via RSAT, I still get ping via wbinfo --ping-dc and also wbinfo -u returns me the users of the domain. How can I check the connectivity between a linux client and AD properly? -- Elias Pereira

Hi samba list!!! Douglas, /usr/sbin/samba_kcc is made in python. Does it have a link to source4/dsdb/kcc/kcc_periodic.c which is made in C? The errors that appear in my DCs have their output in the C code. Correct me if I'm wrong, but I read in some old posts on the list that samba would have a new code for kcc (python code?), which would be closer to what M$ uses. Could this have anything

> > What is 'C.I.D' ? "CID (Closed In Directory) is a set of scripts for inserting and managing a Linux system in an "Active Directory" domain." https://sourceforge.net/projects/c-i-d/ Define 'remove' , do you mean leave the domain ? I right click on the computer and press delete. :D This could be coming from the winbind cache or your Unix client

Thanks for the answer ligpanda101!! For DC's that are not present on a subnet, assign the subnet to the closet > site to a DC Visibly via RSAT, how would that look? On Wed, Jun 27, 2018 at 1:06 PM lingpanda101 <lingpanda101 at gmail.com> wrote: > On 6/27/2018 11:44 AM, Elias Pereira via samba wrote: > > Hello, > > > > Reading about, specifically in the wiki

1.5 seconds is pretty long, I would look into what those queries are. I would also look into repeated queries, sometimes these things are clients stuck in a loop where they don't complete because they expect some termination condition. Andrew Bartlett On Tue, 2024-04-02 at 09:25 -0300, Elias Pereira via samba wrote: > The saga continues... > I've spent a whole day with log level 5

Hello Andrew, 1. What is the explanation for the fact that when the log level is set to 5 or 7, the NT_STATUS_IO_TIMEOUT error does not appear, but when it is at the default log level, it does? Another point I've noticed before is that when I run the command "samba-tool dbcheck --cross-ncs --reset-well-known-acls --fix --yes" (*Checked 15337 objects (0 errors)*), and in another

hello, There is a group in my AD that has a user that does not exist. I can see it via RSAT. By running the command: samba-tool dbcheck --cross-ncs --reset-well-known-acls --fix --yes The following error occurs: Checking 10016 objects WARNING: no target object found for GUID component for one-way forward link member in object CN=ALUNOS,OU=GRUPOS,OU=CAMPUS,DC=mycompany,DC=net -

On 21/09/2020 15:00, Elias Pereira via samba wrote: > Another doubt is about this bydefaults entry. > The dc4 has this entry, but the dc3 does not. The dc3 is the fmso roles guy. > Does it work that way or is there something wrong there? Whilst there are a few attributes that do not replicate, all DN's should. > * Comparing [DOMAIN] context... > > * DN lists have different

> > Is anything else listening on port 53 ? I don't think so. # netstat -npl |grep 53 tcp 0 0 0.0.0.0:53 0.0.0.0:* LISTEN 27882/samba tcp6 0 0 :::53 :::* LISTEN 27882/samba udp 0 0 0.0.0.0:53 0.0.0.0:* 27882/samba udp6 0 0 :::53

On Thu, 2024-04-11 at 14:21 -0300, Elias Pereira wrote: > Hello?Andrew, > > 1. What is the explanation for the fact that when the log level is > set to 5 or 7, the NT_STATUS_IO_TIMEOUT error does not appear, but > when it is at the default log level, it does? I don't have an explanation for this, sorry. ?Have you looked into the 1.5 second queries, what is sending them and