Displaying 20 results from an estimated 9000 matches similar to: "[samba4ad] Duplicate attributes list ?"
2016 Feb 08
1
[samba4ad] Duplicate attributes list ?
Thank you Rowland for that reply, even if answer to Q2 is not a list of
deplicated attributes but the schema which contains all attributes.
To answer you: I'm trying to understand.
I'm currently working for one company to help them design an AD hosted by
Samba. I won't be there to manage it and they already have peoples working
with LDAP trees, these coming with their own habits.
I
2016 Feb 05
0
[samba4ad] Duplicate attributes list ?
On 05/02/16 16:27, mathias dufresne wrote:
> Hi all,
>
> I just add into my AD a user with different values for attributes "CN" and
> "name".
>
> Here is an extract of the LDIF used to add this user:
> ------------------------------------------------------------------------------------
> dc202:~# egrep 'cn:|name:' mathias.ldif
> cn: Mathias
2015 Dec 24
2
Authentication to Secondary Domain Controller initially fails when PDC is offline
Hi James and everyone,
There is a real issue with samba_dnsupdate and DNS records creation with
Samba 4 as AD when it comes to AD Sites.
Samba does not seems to create at all any Site relevant DNS record. As AD
relies on DNS to find DC on the correct AD site, if no DNS entry is created
related to AD Site, no usage of AD Sites.
Here Win client ask for domain
11:37:28.671044 IP
2015 Dec 24
2
Authentication to Secondary Domain Controller initially fails when PDC is offline
And to get mentioned entries list I used:
"samba_dnsupdate --verbose --all-names | grep Default-First-Site-name"
This list 8 DNS records related to Default Site.
Next was to change Default-First... by the name of another AD Site (sed is
still working :p)
I was able to create DNS entries which were missing for one of my sites.
Next, test:
Back on one Windows on the network associated
2015 Dec 28
2
Authentication to Secondary Domain Controller initially fails when PDC is offline
On 12/24/2015 11:32 AM, Rowland penny wrote:
> On 24/12/15 15:32, mathias dufresne wrote:
>> And to get mentioned entries list I used:
>> "samba_dnsupdate --verbose --all-names | grep Default-First-Site-name"
>>
>> This list 8 DNS records related to Default Site.
>>
>> Next was to change Default-First... by the name of another AD Site
>> (sed
2015 Dec 23
2
Authentication to Secondary Domain Controller initially fails when PDC is offline
On 12/23/2015 12:39 PM, mathias dufresne wrote:
> And for Ole, the OP, to solve its own failover issue:
> As there is 2 physical sites and only 2 DC.
> Let's say
> Site1 is 10.1.0.0/16
> Site2 is 10.2.0.0/16
> I would create 2 additional AD Sites : Site1 + Site2
> To AD site "Site1" I would associate 10.1.0.0/16 and associate also DC1
> To AD site
2016 Apr 05
5
DNS issues after FSMO seize
2016-04-04 14:20 GMT+02:00 Rowland penny <rpenny at samba.org>:
> On 04/04/16 10:23, mathias dufresne wrote:
>
>> SOA means "this DNS se'rver can modify the zone".
>>
>
> No it doesn't, it stands for 'Start Of Authority' and contains who to
> contact for the domain records.
>
Rowland... thank you again Captain Obvious. Yes SOA means
2015 Dec 28
1
Authentication to Secondary Domain Controller initially fails when PDC is offline
On 12/28/2015 9:21 AM, Rowland penny wrote:
> On 28/12/15 14:06, James wrote:
>> On 12/24/2015 11:32 AM, Rowland penny wrote:
>>> On 24/12/15 15:32, mathias dufresne wrote:
>>>> And to get mentioned entries list I used:
>>>> "samba_dnsupdate --verbose --all-names | grep Default-First-Site-name"
>>>>
>>>> This list 8 DNS
2016 Apr 05
3
DNS issues after FSMO seize
For me:
- SOA means where updates can be sent.
- SOA can be one or several.
- NS is a record to help non-authoritative name servers to find a valid
name server for the zone they receive a request and they don't know
anything about that zone.
- SOA is often declared as NS, I agree. I explained this is not mandatory.
There is no link between these two notions except they share a zone.
You are
2016 Mar 03
3
AD, multiple DC, some DC without DNS at all
Hi all,
Thank you Mark for these precisions.
I did switch a DC to --dns-backend=NONE using samba-tool domain join. This
removed dns-<DCname> user for this DC and associated keytab.
We changed /etc/resolv.conf to use another DC - one with Bind running - as
nameserver.
Stopping there, running samba_dnsupdate gave error "NOTAUTH".
As we want our DC being able to push into DNS
2015 Nov 24
1
No more replication for new DC
The issue is (almost) solved.
As shown the previously explained process to repair, nothing's clear about
that resolution. Perhaps just the big clean-up was necessary, perhaps
synchronisation of a first DC was necessary, no idea.
Anyway replication is working, almost.
On 4 DCs among 5:
ldbsearch -H $sam objectclass=* dn | tail -3
# returned 50968 records
# 50965 entries
# 3 referrals
On one
2015 Oct 29
2
Demote a dead PDC: residuals in "DNS" console
On 10/29/2015 9:15 AM, Ole Traupe wrote:
>
>
> Am 29.10.2015 um 13:54 schrieb mathias dufresne:
>> Thank you for hint to this VBS script. In fact I alraedy saw it but
>> I'm not
>> too confident in my VB knowledge, so I didn't use that script, prefering
>> rely on Samba command and shell scripts to work around issues.
>>
>> You spoke about SOA
2015 Oct 29
3
Demote a dead PDC: residuals in "DNS" console
Thank you for hint to this VBS script. In fact I alraedy saw it but I'm not
too confident in my VB knowledge, so I didn't use that script, prefering
rely on Samba command and shell scripts to work around issues.
You spoke about SOA record which wasn't changed, same here. There is
another DNS record I had to change: _ldap._tcp.pdc._msdcs.samba.domain.tld.
I spoke about removing
2015 Nov 24
2
No more replication for new DC
On Mon, 2015-11-16 at 16:50 +0100, mathias dufresne wrote:
> transaction: operations error at
> ../source4/dsdb/samdb/ldb_modules/descriptor.c:1147
Looking at that line in your version of Samba may give you some idea
why it failed.
Andrew Bartlett
--
Andrew Bartlett http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
Samba Developer,
2015 Oct 19
5
Samba 4 + Squidguardian
On 19/10/15 16:46, mathias dufresne wrote:
> AD from Samba or Microsoft is mainly a database for storing users (and
> associated stuffs). It comes also with stuffs (protocols) to connect and
> retrieve information.
>
> How the client uses these information is, as always, a choice from that
> specific client.
>
> Your AD client is your Squid/Squidguard(ian) server. Its job
2015 Dec 24
0
Authentication to Secondary Domain Controller initially fails when PDC is offline
Using ldbsearch we can find needed informations if we know AD Sites names
list.
Sites informations are stored in CN=CONFIGURATION,DC=SAMBA,DC=DOMAIN,DC=TLD.
Here there is a CN=Sites which seems to contains Sites informations.
Next using a search with -b
'CN=<site-name>,CN=Sites,CN=CONFIGURATION,DC=SAMBA,DC=DOMAIN,DC=TLD' we can
list object related to <site-name>.
And we
2015 Oct 30
2
Demote a dead PDC: residuals in "DNS" console
On 10/29/2015 9:56 AM, Ole Traupe wrote:
>
>
> Am 29.10.2015 um 14:37 schrieb James:
>> On 10/29/2015 9:15 AM, Ole Traupe wrote:
>>>
>>>
>>> Am 29.10.2015 um 13:54 schrieb mathias dufresne:
>>>> Thank you for hint to this VBS script. In fact I alraedy saw it but
>>>> I'm not
>>>> too confident in my VB knowledge, so
2015 Oct 30
2
Demote a dead PDC: residuals in "DNS" console
On 10/30/2015 9:19 AM, Ole Traupe wrote:
>
>
> Am 30.10.2015 um 13:33 schrieb James:
>> On 10/29/2015 9:56 AM, Ole Traupe wrote:
>>>
>>>
>>> Am 29.10.2015 um 14:37 schrieb James:
>>>> On 10/29/2015 9:15 AM, Ole Traupe wrote:
>>>>>
>>>>>
>>>>> Am 29.10.2015 um 13:54 schrieb mathias dufresne:
2015 May 28
2
ACLs on OUs
Hi all,
When created through RSAT OUs receive, by default, ACLs to refuse removal.
When created through LDIF and ldbadd OUs do not receive these ACLs.
Is there a way to create these ACLs using command line tools?
Cheers,
mathias
2015 Oct 15
2
ldapsearch against Samba4 AD questions
ERRATUM:
It seems GSSAPI and TLS are *NOT* meant to be used together:
2015-10-15 16:20 GMT+02:00 mathias dufresne <infractory at gmail.com>:
> Things goes further. To use GSSAPI and so the Kerberos ticket obtained
> with kinit I was missing "-Y GSSAPI".
>
> It seems GSSAPI and TLS are meant to be used together:
> ----------------------------------------
>