similar to: AD: Replication on different network interface than standard traffic

On 16/11/15 14:33, mathias dufresne wrote: > Another error coming often: > [2015/11/16 15:11:07.592598, 0] > ../source4/librpc/rpc/dcerpc_util.c:745(dcerpc_pipe_auth_recv) > Failed to bind to uuid e3514235-4b06-11d1-ab04-00c04fc2dcd2 for >

Hi all, Thank you Mark for these precisions. I did switch a DC to --dns-backend=NONE using samba-tool domain join. This removed dns-<DCname> user for this DC and associated keytab. We changed /etc/resolv.conf to use another DC - one with Bind running - as nameserver. Stopping there, running samba_dnsupdate gave error "NOTAUTH". As we want our DC being able to push into DNS

Hi all, I'm missing some replication links between some DCs in "Active Directory Sites and Services" management console. This MSC provides tools to create manually these links or I expect it is able to do, I did not tried as I'm not yet sure enough of what I would have to do exactly. For now all present links are named (rough translation) "automatically generated".

On 16/11/15 15:09, mathias dufresne wrote: > That did not work. I've added DNS entries mentioned in that wiki page. I > also forced creation of all entries mentioned by samba_dnsupdate > --all-names --verbose. > So I expect all needed DNS entries are present. If some are still missing > they are not mentioned by samba_dnsupdate. And as samba_dnsupdate job is to > create

Hi all, I have 3 DCs running Samba 4.3.1 in the same domain. They seem to work quiet well with coherent databases on each of them. After rebuilding my RPM to include systemd units, I've joined a Samba 4.3.1 today, using --domain-critical-only. The join was successful, the replication was not. This DC has only 146 objects in the DB when it should have a bit less than 50000 objects. As I was

On Mon, 2015-11-16 at 16:50 +0100, mathias dufresne wrote: > transaction: operations error at > ../source4/dsdb/samdb/ldb_modules/descriptor.c:1147 Looking at that line in your version of Samba may give you some idea why it failed. Andrew Bartlett -- Andrew Bartlett http://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org Samba Developer,

Thank you both precisions : ) My users have no "@" in their names (samAccountName nor userPrincipalName nor anything) except in mail attribute). >From https://msdn.microsoft.com/en-us/library/ms679635%28v=vs.85%29.aspx which I read before initial post I understand AD can have this limitation of 20 chars if and only if you decide to support (so) old clients (that we should stop

The issue is (almost) solved. As shown the previously explained process to repair, nothing's clear about that resolution. Perhaps just the big clean-up was necessary, perhaps synchronisation of a first DC was necessary, no idea. Anyway replication is working, almost. On 4 DCs among 5: ldbsearch -H $sam objectclass=* dn | tail -3 # returned 50968 records # 50965 entries # 3 referrals On one

I do : ) 2016-03-03 10:52 GMT+01:00 Rowland penny <rpenny at samba.org>: > On 03/03/16 09:31, mathias dufresne wrote: > >> Hi all, >> >> Thank you Mark for these precisions. >> >> I did switch a DC to --dns-backend=NONE using samba-tool domain join. This >> removed dns-<DCname> user for this DC and associated keytab. >> >> We

Hi all, How to configure Samba to remove DNS service from DC? I thought there was an option for samba_dnsupgrade command to tell "remove all DNS service from current DC" but I don't find it anymore. This question is because we are about to deploy an AD with 20 or more DC and there is no need they are all DNS servers. In fact having them all DNS servers make design more complex and

Hi, Do you have some link to explain what are the difference between new and old KCC? Is it the old one do not respect "NTDS Settings" links in "Active Directory Sites and Services" console and force replication between every DC? If yes new KCC would rely on what is defined into each server's "NTDS Settings", is it? 2016-11-18 17:01 GMT+01:00 lingpanda101 via

Hi all, I'm wondering which version of Active Directory Samba4 can simulate. Of course we know Samba4 is not yet able to simulate the whole AD, things are still missing as Trust Relationship to name one, but for things which are working, until which version of Windows Server / AD can we compare Samba4 / AD? Hoping this question was clear enough... Thanks and regards, mathias

Thank you again Rowland for precision : ) In userPrincipalName there is a "@". It is forged with cn at ad.domain.tld and cn is forged with firstname.sn, as samAccountName, which often is longer than 20 chars. I'll change that... Thank you again all, have a nice day! mathias 2015-07-01 18:56 GMT+02:00 Rowland Penny <rowlandpenny241155 at gmail.com>: > On 01/07/15 17:44,

Hi, Following that link https://support.microsoft.com/en-us/kb/932455 we created a delegation to permit some group to add computers into AD. That works except if some computer with same name was already added (even if this computer with same name was previously cleanly removed from AD). Anyone who has idea what we missed? Cheers, M.

Hi Marc, I appreciate that you reply, but I got it resolved by following the advice of Mathias. I was aware of the links below, however the first is about using the BIND9_DLZ backend, and at the time I experienced the issue I was using the internal one. Marc & Mathias, The 2nd link that Marc references is about a DC should not use itself for DNS queries is exactly the opposite of your

Hi, I have nowhere seen information about restrictions of Samba: How many objects Samba can store in sambadb? What maximum size tdb database? How many domain controllers can be in one samba domain? How many sites can be store in one Samba domain? Best regards, DMITRIY LUCHKO

Ok, I see. Nevertheless, thank you very much for your effort! I must say that I can't actually believe that no one knows an answer to this problem. It must affect MANY people using Samba DCs. According to all the tests on the wiki, everything is working fine. Then I pull the plug on my first DC and no one can log on. And this time I waited far longer than the suggested "refresh

Thanks for the clarification, Daniel. And I like to think my users are fast thinkers and might restart their machines eventually. But without file and compute (Samba 4 member) servers being accessible, my infrastructure virtually is down. Again I ask: am I the only one having this problem? It must affect many users of a basic Samba4 setup: two or more DCs, some Windows clients and the

Although I don't know what "dig" actually means, I was able to dig up the following for my SOA: my.domain.tld. 3600 IN SOA DC2.my.domain.tld. hostmaster.my.domain.tld. 29 180 600 86400 180 This is after I reduced refresh interval and minimum TTL to 3 min (180 s). Still, the TTL of the SOA itself is 1h (3600 s). This strongly suggests, that the TTL for DNS info

On Wed, 5 Oct 2016 12:04:53 +0200 mathias dufresne via samba <samba at lists.samba.org> wrote: > I just tested on some DC running also 4.4.5 and "getent group > my_group" does not show groups content. > > I read here > http://serverfault.com/questions/625416/samba-4-group-members-not-shown-in-getent-group > a proposal to use samba-tool as a replacement but