similar to: pam_winbind could not lookup name

I'm hoping the issue is just load balancing, but I'm not sure. I can't see to get the traffic balanced across two DCs. I ran this script on all Linux nodes to balance the traffic. #!/usr/bin/perl use strict; use warnings; my $primary_name_server; my $random = int(rand(10)); open(my $resolv_conf_fh, '< /etc/resolv.conf') or die("Unable to open /etc/resolv.conf for

We are using Samba-4.1.11. I can run gpupdate /force without error on my machine. H:\>type \\dc01.mediture.dom\SysVol\mediture.dom\Policies\{77F82F0F-AE2B-42F3-B173-D42F4BEEC0BA}\gpt.ini [General] Version=65551 displayName=New Group Policy Object H:\>type \\dc02.mediture.dom\SysVol\mediture.dom\Policies\{77F82F0F-AE2B-42F3-B173-D42F4BEEC0BA}\gpt.ini [General] Version=65551 displayName=New

On 3/14/2017 10:29 AM, Arthur Ramsey wrote: > Changes replicate to it, but not from it. > > vsc\VSC-DC02 > DSA Options: 0x00000001 > DSA object GUID: fe066b13-6f9e-4f3c-beb4-37df1292b8cb > DSA invocationId: 8a2b1405-07b1-4d92-89dd-1d993e59e378 > > ==== INBOUND NEIGHBORS ==== > > DC=DomainDnsZones,DC=mediture,DC=dom > vsc\DC01 via RPC >

Upgraded to 4.6.0 on all nodes. Still seeing the same issue. If I create an object on vsc-dc02, epo-dc01 or aws-dc01 DCs it doesn't replicate. If I create it on vsc-dc01 (PDC emulator) then it does replicate. On 03/13/2017 12:13 PM, Arthur Ramsey wrote: > > I believe the problem is a lack of outbound replication for non PDC > emulator DCs. You'll notice isn't even

That bug is reported? Do you have a link? You're saying it is just an issue with the logging or am I correct that this indicates an outbound replication isn't trying. On 03/13/2017 01:45 PM, lingpanda101 via samba wrote: > On 3/13/2017 2:15 PM, Arthur Ramsey via samba wrote: >> Upgraded to 4.6.0 on all nodes. Still seeing the same issue. >> >> If I create an

Changes replicate to it, but not from it. vsc\VSC-DC02 DSA Options: 0x00000001 DSA object GUID: fe066b13-6f9e-4f3c-beb4-37df1292b8cb DSA invocationId: 8a2b1405-07b1-4d92-89dd-1d993e59e378 ==== INBOUND NEIGHBORS ==== DC=DomainDnsZones,DC=mediture,DC=dom vsc\DC01 via RPC DSA object GUID: da9bb168-47a0-4368-aff3-bf06d1b869d2 Last attempt @ Tue Mar 14

I believe the problem is a lack of outbound replication for non PDC emulator DCs. You'll notice isn't even trying because last successful was epoch (never) yet there are no errors. Inbound replication for this DC seems fine. [root at vsc-dc02 ~]# samba-tool drs showrepl [...]==== OUTBOUND NEIGHBORS ==== DC=DomainDnsZones,DC=mediture,DC=dom aws\AWS-DC01 via RPC DSA object GUID:

Executing the following with nsupdate seems to have fixed replication. update add 28f7281f-3955-4885-8a7d-42a36ee87590._msdcs.mediture.dom. 900 A 192.168.222.5 show send update add 8b750a53-3d39-4bc0-8fe9-9bffa9e413aa._msdcs.mediture.dom. 900 A 172.16.1.106 show send update add fe066b13-6f9e-4f3c-beb4-37df1292b8cb._msdcs.mediture.dom. 900 A 192.168.168.65 show send New DNS records I create

On 3/13/2017 2:15 PM, Arthur Ramsey via samba wrote: > Upgraded to 4.6.0 on all nodes. Still seeing the same issue. > > If I create an object on vsc-dc02, epo-dc01 or aws-dc01 DCs it doesn't > replicate. If I create it on vsc-dc01 (PDC emulator) then it does > replicate. > > On 03/13/2017 12:13 PM, Arthur Ramsey wrote: >> >> I believe the problem is a lack

I have 4 Samba 4.7.0 DCs. I have 3 clients using samba-winbind.x86_64 0:4.6.2-11.el7_4 with an identical configuration, which produce inconsistent user group membership for multiple users. I've tried using all 4 DCs explicitly (e.g., realm = dc01.mediture.dom), net cache flush and restarting winbind. I've also tested cloning a user and setting up the user as identical as possible:

I increased the debug level to 10 and found this dreplsrv_notify: Failed to send DsReplicaSync to fe066b13-6f9e-4f3c-beb4-37df1292b8cb._msdcs.mediture.dom for DC=DomainDnsZones,DC=mediture,DC=dom - NT_STATUS_OBJECT_NAME_NOT_FOUND : WERR_BADFILE. I manually created the DNS entry, but it doesn't resolve. Other DNS records supplied by BIND_DLZ are working. I tried adding a host file

I seem to be having the same issue as https://lists.samba.org/archive/samba/2012-December/170426.html. I don't see that he ever reached a solution. Nov 20 16:02:58 appdb01-qa sshd[31622]: debug1: Unspecified GSS failure. Minor code may provide more information\nNo key table entry found matching host/appdb01-qa.mediture.dom@\n Nov 20 16:02:58 appdb01-qa sshd[31623]: debug1:

Error joining Linux member to Samba 4.5.0 DC. /usr/bin/net join -w MEDITURE -S dc01.mediture.dom -U Administrator Enter Administrator's password: Failed to join domain: failed to lookup DC info for domain 'MEDITURE.DOM' over rpc: Indicates the SID structure is not valid. ADS join did not work, falling back to RPC... Thanks, Arthur This e-mail and any attachments may contain

I have a test setup of samba 4.1.6 under ubuntu 14.04. When I do the query shown at https://wiki.samba.org/index.php/Using_RFC2307_on_a_Samba_DC#Check_if_NIS_Extensions_are_installed_in_your_Directory it shows I have the ypServ30 container installed. If I change this query to -s sub then I find 3 entries in that subtree (see [1] below) However the full schema in

The errors went away, but replication still isn't working properly. There are objects missing on all DCs, but it isn't consistent at all. showrepl: http://pastebin.com/bYfCZcNG Thanks, Arthur On 10/17/2016 12:32 PM, Arthur Ramsey wrote: > This fixed DNS issues. > > samba_upgradedns --dns-backend=BIND9_DLZ > /usr/local/samba/bin/samba-tool domain exportkeytab >

I had 4 samba 4.5.0 ADS DCs. I could connect via SMB to two of them and not to another two. I'd get an error "The request is not supported". I'd also get an "RPC server is unavailable" when trying to connect ADUC to the two DCs that I couldn't via SMB. I also intermittently got an "Access Denied" message when trying to RDP to a member Windows 2008

2018-01-15 20:14 GMT+01:00 Rowland Penny via samba <samba at lists.samba.org>: > On Mon, 15 Jan 2018 19:51:12 +0100 > Prunk Dump via samba <samba at lists.samba.org> wrote: > >> Thank again for your help ! >> >> 2018-01-12 21:26 GMT+01:00 Rowland Penny <rpenny at samba.org>: >> > The problem is, you are thinking in the wrong direction ;-)

I've had this problem as well. We created a domain with two 4.4.4 DCs and everything worked. Sometime after we upgraded the DCs to 4.5.0, the machine joins and some user logons displayed the invalid SID message. We tried recreating the domain from scratch with 4.5.0, but had the same problem. We recreated everything with 4.4.4 , and did not have problems so far. Em 20/10/2016 18:47,

I'm having the same issue as the person here <http://www.google.com/url?sa=t&rct=j&q=&esrc=s&source=web&cd=1&ved=0CCcQFjAA&url=http%3A%2F%2Fforum.zentyal.org%2Findex.php%3Ftopic%3D18368.0&ei=fZ8WU4KCJLH_yQH6poDIBg&usg=AFQjCNG2y_hN3Ct-WGP9gwobz8Yrl_DKrA&sig2=jiDkFilv4DCZw50Ay5QV1w&bvm=bv.62286460,d.aWc>. I'm using Samba-4.1.5 as PDC with 3

Yeah, I'm trying to setup the Indentikey server on Windows instead so it uses the Windows API instead of LDAP rather than setup a Windows 2008 R2 domain controller for LDAP w/ SASL DIGEST-MD5 authentication. It seems silly for them to use DIGEST-MD5, but that's what I stuck with for now. If samba4 could support DIGEST-MD5 that would be great. Thanks, Arthur On 07/10/2015 03:29 PM,