similar to: Unable to demote DC

Hi Chris, Le 22/03/2016 22:07, Chris Hastie a écrit : > I'm trying to remove a DC from a Samba4 based AD network, but run into > an error that I can't fathom. Can anyone point me in the right direction? > > # samba-tool domain demote -Uadministrator which version of samba are you using? 4.4 or below? is the sogo3.ad.oak-wood.co.uk server still running ok or do you have

Hi together, Demoting from a Win-Server-Based Active Directory fails root at srvf01:~# samba-tool domain demote --server windc-server -UAdministrator Using srv15.lan.compumaster.de as partner server for the demotion Password for [COMPUMASTER\Administrator]: Desactivating inbound replication Asking partner server windc-server to synchronize from us Error while demoting, re-enabling inbound

Hi, I have been trying for days to solve this to no avail. I have taken over the IT responsibilities at a small school and am trying to get my head around their network and why they are having problems. They have 3 servers, Matthew, Genesis and Luke. Matthew is a Windows 2008 R2 server and holds all the FSMO roles but appears to be screwed up. It won't replicate with anything and randomly

Hi, I have set up two AD DCs (both running Samba 4.1). This is my setup: dc1.mydomain.lan: The first DC (used for domain provision) dc2.mydomain.lan: Promoted to AD DC after domain setup I promoted dc2 using this command: samba-tool domain join mydomain.lan DC -Uadministrator --realm=mydomain.lan While the promotion worked without any issues I now want to demote dc2 again. This is what I did:

Hello, We have a Windows 2008 DC (inview-dc1 and a samba 4.4.16 (inview-dc2) server as a backup DC. The system for the most-part works OK, but occasionally the Samba DC goes wildly out of sync (with respect to group membership), normally after a change to a large group. I have noted previously before the out-of-sync event occurs, this command always fails thus : root at inview-dc2:~#

Thanks Garming. We currently use a standalone bind DNS server. Will the later version of samba work without the integrated DNS backend? Cheers Chris On 21/06/18 23:41, Garming Sam wrote: > Hi, > > Many of these syncing problems were solved in Samba 4.7 (and probably a > few more in 4.8). There were a number of unresolved locking issues that > we uncovered as well as some

Hi The DRS sync between two Domain Controllers connected on one network is failing. I have enabled the log level 9. samba-tool drs replicate 172.16.10.5 iumsvrpdc DC=iumnet,DC=edu,DC=na --full-sync -UAdministrator INFO: Current debug levels: all: 9 tdb: 9 printdrivers: 9 lanman: 9 smb: 9 rpc_parse: 9 rpc_srv: 9 rpc_cli: 9 passdb: 9 sam: 9 auth: 9 winbind: 9 vfs: 9

I started with one dc, 'dc1', running samba v4.0.21, in subnet1. I successfully added two more dc's, 'dc2' and 'dc3', both running samba v4.0.24, both in subnet2. There are several firewalls between subnets 1 & 2. I continued to make firewall holes on behalf of msad after I added dc's 2 & 3. I.e. when they were added, there were patterns of communication

Hi I have tried using FQDN for DC1 and DC2 but still it is failing.Please assist to fix samba-tool drs replicate iumdcdp01.iumnet.edu.na iumsvrpdc DC=iumnet,DC=edu,DC=na --sync-forced -UAdministrator INFO: Current debug levels: all: 9 tdb: 9 printdrivers: 9 lanman: 9 smb: 9 rpc_parse: 9 rpc_srv: 9 rpc_cli: 9 passdb: 9 sam: 9 auth: 9 winbind: 9 vfs: 9 idmap: 9

Hello everyone, I have setup two Samba AD DC's with BIND9_DLZ dns backend. faiserver.example.corp is one of them hosting all FSMO Roles. location-000001.example.corp is the second one. Both are in different subnets but can reach each other. Unfortunately replication only works from faiserver.example.corp -> location-000001.example.corp. In the other direction location-000001.example.corp

Checking the databases against each other throws up pages and pages of errors. The two are completely out of sync now. What I have seen is that for no apparent reason, one of the servers suddenly decided it would sync with the Windows server, which appears to have updated the schema. Yesterday when I compared the databases on the two linux servers they only had a couple of errors, today, many

Hi, I have 2 DC Samba 4 in my network. My new DC is Samba 4.6.3 My Old DC is Samba 4.2.1 I want demote my DC (old) with Samba 4.2.1, but the following message appears: ~# samba-tool domain demote -Uadministrator Using dc1.empresa.com.br as partner server for the demotion Password for [EMPRESA\administrator]: Deactivating inbound replication Asking partner server dc1.empresa.com.br to

On 16/02/16 16:01, Rowland penny wrote: > Do you have the ldb-tools package installed on the DC ? if not can you > install it, then run this command: > > ldbsearch -H /var/lib/samba/private/sam.ldb > '(&(objectclass=user)(samaccountname=*))' | grep chris > > Can you post the results. Here you go, without any changes to generic names (ie I've kept my

OK, tried that. Kicked myself for not trying earlier... but it didn't work. In fact, the error has got worse. Now when I try to go from Genesis to Luke I get: sudo samba-tool drs replicate luke genesis DC=kcs,DC=local -Udomainadmin . . ERROR(<class 'samba.drs_utils.drsException'>): DsReplicaSync failed - drsException: DsReplicaSync failed (1359, 'WERR_INTERNAL_ERROR')

On Sun, 2019-11-03 at 16:24 +0100, Johannes Engel via samba wrote: > 2 hours and I am a little further: > Helped myself with Andrew's script in source4/scripts/devel/chgtdcpass > which updated the machine password as well as the keytab. > After a restart samba keeps complaining now that the (outdated) KVNO 6 is > no longer part of the secrets.keytab: > [2019/11/03

Do you tnink I can simply apt-get install from that repo to upgrade the current samba? Going down the demote/re-join route, I'm encountering problems demoting the DC: Deactivating inbound replication Asking partner server DC1.mydomain.local to synchronize from us Error while demoting, re-enabling inbound replication ERROR(<class 'samba.drs_utils.drsException'>): Error while

We have 3 ADCs based on Samba-4.7.4 (compiled from source,internal DNS)/ CentOS7: dcdo1,dcnh1 and dcge1. dcge1 holds all FSMO roles. The 3 ADCs are on different locations connected via IPSec based VPN. No traffic is filtered out. All 3 ADCs replicate fine except dcdo1 -->dcnh1. Symptom: [root at dcdo1 ~]# samba-tool drs replicate dcnh1.ad.kdu.com dcdo1.ad.kdu.com dc=ad,dc=kdu,dc=com

I added three DCs to a single DC Samba4 AD domain. They initially replicated and came up - but replication does not appear to be ongoing. A change made to a user via MMC connected to one DC does not appear on another DC. It the logs I see bursts of the following message: [2014/08/12 15:08:08.026270, 0] ../source4/librpc/rpc/dcerpc_util.c:660(dcerpc_pipe_auth_recv) Failed to bind to uuid

On Wed, 27 Dec 2017 13:00:05 +0100 "Dr. Johannes-Ulrich Menzebach via samba" <samba at lists.samba.org> wrote: > There is additional info in the logs of the source DC (dcdo1, log > level 2, manually triggered another replication): > ==================== > [2017/12/27 12:31:29.695121,  2] >

I have a server that is not replicating correctly, but passes all the tests listed here: https://wiki.samba.org/index.php/Samba4/HOWTO/Join_a_domain_as_a_DC In particular running # host -t CNAME 976c9c86-288d-483e-baec-7043a9c4a6cd._msdcs.ncs.k12.de.us 976c9c86-288d-483e-baec-7043a9c4a6cd._msdcs.ncs.k12.de.us is an alias for ncssamba2.ncs.k12.de.us. returns correct information on all DCs.