similar to: AD: smb.conf of newly joined DC

Thank you Rowland for your replies. Isn't it possible to forward during join time the content of the right smb.conf? This could make deployment easier which would help some of us... Just my two cents... 2016-02-08 14:03 GMT+01:00 Rowland penny <rpenny at samba.org>: > On 08/02/16 12:36, mathias dufresne wrote: > >> Hi all, >> >> When provisionning a Samba 4 AD

On 16/11/15 14:33, mathias dufresne wrote: > Another error coming often: > [2015/11/16 15:11:07.592598, 0] > ../source4/librpc/rpc/dcerpc_util.c:745(dcerpc_pipe_auth_recv) > Failed to bind to uuid e3514235-4b06-11d1-ab04-00c04fc2dcd2 for >

Hi all, I have 3 DCs running Samba 4.3.1 in the same domain. They seem to work quiet well with coherent databases on each of them. After rebuilding my RPM to include systemd units, I've joined a Samba 4.3.1 today, using --domain-critical-only. The join was successful, the replication was not. This DC has only 146 objects in the DB when it should have a bit less than 50000 objects. As I was

On 16/11/15 15:09, mathias dufresne wrote: > That did not work. I've added DNS entries mentioned in that wiki page. I > also forced creation of all entries mentioned by samba_dnsupdate > --all-names --verbose. > So I expect all needed DNS entries are present. If some are still missing > they are not mentioned by samba_dnsupdate. And as samba_dnsupdate job is to > create

No replication this morning but FSMO was rebooted yesterday. Only joined DC were rebooted. After verifying all A records related to new DC were created, I forced creation of replication related DNS entries as described there : https://wiki.samba.org/index.php/Check_and_fix_DNS_entries_on_DC_joins#Resolve_the_objectGUID_CNAME_record_of_the_new_joined_Domain_Controller I forced replication (drs

On Mon, 2015-11-16 at 16:50 +0100, mathias dufresne wrote: > transaction: operations error at > ../source4/dsdb/samdb/ldb_modules/descriptor.c:1147 Looking at that line in your version of Samba may give you some idea why it failed. Andrew Bartlett -- Andrew Bartlett http://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org Samba Developer,

The issue is (almost) solved. As shown the previously explained process to repair, nothing's clear about that resolution. Perhaps just the big clean-up was necessary, perhaps synchronisation of a first DC was necessary, no idea. Anyway replication is working, almost. On 4 DCs among 5: ldbsearch -H $sam objectclass=* dn | tail -3 # returned 50968 records # 50965 entries # 3 referrals On one

2015-11-11 9:11 GMT+01:00 Rowland Penny <rowlandpenny241155 at gmail.com>: > On 11/11/15 06:52, Michael Adam wrote: > >> On 2015-11-10 at 13:57 +0000, Rowland Penny wrote: >> >>> On 10/11/15 13:42, mathias dufresne wrote: >>> >>>> Thank you for this quick answer Louis. >>>> >>>> On DC: >>>> >>>>

Le 23/05/2016 à 14:46, Rowland penny a écrit : > On 23/05/16 12:56, Sam wrote: >> > > It looks like your problems have nothing to do with dhcp, one problem > appears to be related to dnssec: > > May 23 10:52:27 S4 named[2162]: validating @0x7eff24296b50: > choices.truste.com A: no valid signature found > > If you have 'dnssec-validation yes;' in

2017-07-27 16:33 GMT+02:00 mathias dufresne <infractory at gmail.com>: > > > 2017-07-27 15:14 GMT+02:00 Rowland Penny via samba <samba at lists.samba.org> > : > >> On Thu, 27 Jul 2017 08:51:52 +0100 >> Rowland Penny via samba <samba at lists.samba.org> wrote: >> >> > On Thu, 27 Jul 2017 08:36:51 +0100 >> > Rowland Penny via

hi Louis thank for the suggestion. first i tried switching back to winbind in nsswitch.conf then getent an id worked as they should so i've cornered the problem down to sssd but i had another problem with the winbind solution the home dir was not being pulled from AD, with a bit of net searching i found this from the samba mail archives Sébastien Le Ray says in smb.conf idmap_ldb:use

Under ubuntu 16.04, compiling samba 4.5.1 from source, I've created an initial DC and a replica DC by following: https://wiki.samba.org/index.php/Setting_up_Samba_as_an_Active_Directory_Domain_Controller https://wiki.samba.org/index.php/Joining_a_Samba_DC_to_an_Existing_Active_Directory For the second one I had to add the extra DNS records as per:

Hi all, Is there a command line to add DC to some site? The idea is to have a domain with several sites. If the whole AD database get corrupt I would restore some backup to recreate the first DC (the one with FSMO) then I'll join all others DC to that domain to force them to rebuild their database according to the one restored. Doing that I'll get all DC with the right DB but also in

Hai mathias, You welkom, always happy to help out and nice too hear you got it working. I must ask.. Did you reboot the servers after you added the second server to the DNS? And especialy in order, DC_with_FSMO, wait until its up again, then DC2. This often fixes the repliction problem and as far as i know, this only happend just after the install of a extra DC. Greetz, Louis

2015-11-12 14:42 GMT+01:00 Rowland Penny <rowlandpenny241155 at gmail.com>: > On 12/11/15 13:22, mathias dufresne wrote: > >> >> >> 2015-11-11 9:11 GMT+01:00 Rowland Penny <rowlandpenny241155 at gmail.com >> <mailto:rowlandpenny241155 at gmail.com>>: >> >> >> On 11/11/15 06:52, Michael Adam wrote: >> >> On

On 2015-11-10 at 13:57 +0000, Rowland Penny wrote: > On 10/11/15 13:42, mathias dufresne wrote: > >Thank you for this quick answer Louis. > > > >On DC: > > > >On DC I had to add one line to have winbind retrieving uidNumber AD field > >rather than having Winbind chosing some random UID for my users. > >This line is: > > > >idmap_ldb:use

James, it took me a while, but now I am doing this. I created the new site with RSAT (want to move over my 1st DC), but this new site isn't showing in the DNS console. Do I have to create the new site there, as well? Ole On 25.04.2016 14:27, lingpanda101 at gmail.com wrote: > On 4/22/2016 3:43 PM, Ole Traupe wrote: >> Hi Mathias, lingpanda101, thank you for the quick reply!

Hi all, Playing with delegation today we delegated rights to some user on some OU and its contents for it can modify users inside that OU and children. We used "advanced view" in ADUC then "properties" on our delegated OU, then "security" tab, and finally we gave rights to our user. Perhaps this process is not correct but we believe it is a valid process to delegate

2015-06-30 12:42 GMT+02:00 Rowland Penny <rowlandpenny241155 at gmail.com>: > On 30/06/15 11:17, mathias dufresne wrote: > >> @Andrew: I expect these lines came from RDP issue workaround which should >> be happening with previous Samba version. I removed all these lines as >> now, >> with 4.2.2 Samba version RDP and RSAT are working well without them. >>

Hi all, Thank you Mark for these precisions. I did switch a DC to --dns-backend=NONE using samba-tool domain join. This removed dns-<DCname> user for this DC and associated keytab. We changed /etc/resolv.conf to use another DC - one with Bind running - as nameserver. Stopping there, running samba_dnsupdate gave error "NOTAUTH". As we want our DC being able to push into DNS