similar to: Fwd: Re: Invalid data for index DN=@INDEX:OBJECTCLASS:DNSNODE

We have a Samba primary domain controller "empire", which seems to have DNS update issues. We can seem to query all records on empire just fine, and we can modify IPs for existing records, but it will not delete or add new records. Attempting to delete via the AD tools shows "Local security authority database contains an internal inconsistency". Adding a record on the command

> OK, could this just be a permissions problem i.e. user 'ash' doesn't > have the required rights to add a dns record, try again, but this time > use the 'Administrator' user. I've repeated the "samba-tool dns add", and the "samba-tool domain join" commands with "-UAdministrator". I get the same errors with either user. (the error

> This certainly sounds stressful. Yes! > Another way to (on a backup, particularly given your history above) remove the index is with samba-tool dbcheck --reindex. Re-indexing... completed re-index OK 0 root at empire:~[0] samba-tool dns add empire chester-dc.example.com p-cats A 10.4.4.142 -U ash Password for [CHESTER-DC\ash]: Record added successfully Thanks! > The missing

On Fri, 2016-05-13 at 14:49 +0100, ash-samba at comtek.co.uk wrote: > We have a Samba primary domain controller "empire", which seems to > have > DNS update issues. We can seem to query all records on empire just > fine, > and we can modify IPs for existing records, but it will not delete or > add new records. Attempting to delete via the AD tools shows "Local >

On 13/05/16 18:42, ash-samba at comtek.co.uk wrote: >> OK, could this just be a permissions problem i.e. user 'ash' doesn't >> have the required rights to add a dns record, try again, but this >> time use the 'Administrator' user. > I've repeated the "samba-tool dns add", and the "samba-tool domain > join" commands with

>> Andrew Bartlett > I haven't actually got ldbdump on the machine, and I can't see it in > the Debian packages. That said, I do appear to be able to add DNS > records now, so I'm assuming it was the index. If you particularly > want me to find out then I'll try to get a dump, but as long as its > working I'm happy to leave it be! > > Ash Well, I

The system described by https://lists.samba.org/archive/samba/2016-May/199829.html (Invalid data for index DN=@INDEX:OBJECTCLASS:DNSNODE) now appears to perform DNS updates correctly, all systems are 4.2.10-Debian, and we've been able to add a user and a new DC. (Thanks for the help!) Synchronisation between v-ward (the new local DC), and empire isn't entirely working, though. >

On 17/05/16 12:11, ash-samba at comtek.co.uk wrote: > >> G'Day, >> >> This is a serious situation. What it means is that the nextRid value >> for that DC points at a user account that already exists, so when we >> go to create it, the create fails. > I've just looked at the LDAP output, and nextRid is 1000 for both dn: >

On Mon, 2016-05-16 at 16:41 +0100, ash-samba at comtek.co.uk wrote: > > > Andrew Bartlett > > I haven't actually got ldbdump on the machine, and I can't see it > > in > > the Debian packages. That said, I do appear to be able to add DNS > > records now, so I'm assuming it was the index. If you particularly > > want me to find out then I'll

Hi All, Hopefully someone can help here. I'm being asked for user name and password when I try to connect directly to the share from computers that are not on the managed domain. My config (the relevant parts) - > [global] > server role = active directory domain controller > map to guest = Bad User > map untrusted to domain = yes > security =

An awful response: change tombstoneLifetime : ) When deleting objects they go to recycle bin then to deleted objects then are deleted. This if you have some recycle bin working which is not the case by default I reckon. tombstoneLifetime is the number of days AD has to keep deleted objects before the real deletion. If you use the recycle bin this very same tombstoneLifetime is also used to

On Tue, 13 Sep 2016 15:20:29 +0100 ash-samba--- via samba <samba at lists.samba.org> wrote: > > And to get it editable: > > > > ldbedit -e nano -H /usr/local/samba/private/sam.ldb --cross-ncs > > --show-binary -b > > 'DC=_ldap._tcp.pdc,DC=_msdcs.samdom.example.com,CN=MicrosoftDNS,DC=ForestDnsZones,DC=samdom,DC=example,DC=com' > > -s base > >

We appear to have some phantom DNS records on both our domain controllers. We can see the records using "dig", but not with samba-tool. We can't remove the records either. (v-ward and v-fief are the DCs, Hawaii and Alaska are old DCs which were demoted without errors, I'm trying to clean up some DNS records which don't seem to have been cleaned). All machines are

On Mon, 12 Sep 2016 15:41:24 -0400 lingpanda101--- via samba <samba at lists.samba.org> wrote: > On 9/12/2016 3:23 PM, ash-samba--- via samba wrote: > > On 09/09/16 16:35, lingpanda101--- via samba wrote: > >> On 9/9/2016 10:59 AM, ash-samba--- via samba wrote: > >>> We appear to have some phantom DNS records on both our domain > >>> controllers.

On 09/09/16 16:35, lingpanda101--- via samba wrote: > On 9/9/2016 10:59 AM, ash-samba--- via samba wrote: >> We appear to have some phantom DNS records on both our domain >> controllers. >> [...] >> # dig _ldap._tcp.dc._msdcs.chester-dc.example.com srv @10.4.4.155 >> [...] >> > > For me I had to use ADSI edit to remove the entries. > I've managed

>> We can successfully "/usr/bin/samba-tool user add" with alaska (a >> machine located on another continent, with a quite unreliable link!), >> and that gives us an account with >> S-1-5-21-2702589905-558746101-3641499263-7125 on -both- alaska and >> empire, so there is clearly some amount of working replication. >> Confusingly, after doing this

Hello, I'm running Samba 4.4.5 with enabled SMB Multichannel. The Linux server has two 1GBit/s NICs and for testing purposes I've shared a tmpfs mountpoint with 2GiB and ~2GiB large test-file. My Windows 10 host has one dual-port 1GBit/s NIC, and if both interfaces are enabled, Get-SmbMultichannelConnection lists active multichannel connections to my Linux SMB server. If I disable one

On 01/07/15 13:36, John Cobley wrote: > Ok, I've worked out the caching was due to setting up administratively > assigned offline folders. > > However I think I was getting a little mixed up with my servers. The > error log was from a server that still had the share enabled. I've now > removed the share from the config and restarted the Samba server. > Despite

> On 25 Jul 2016, at 19:49, Rowland penny <rpenny at samba.org> wrote: > > On 25/07/16 19:32, Kevin Davidson wrote: >>> On 25 Jul 2016, at 16:39, Rowland penny <rpenny at samba.org> wrote: >>> >>> On 25/07/16 16:02, Kevin Davidson wrote: >>>> Having problems with rfc2307 user ids. This was working briefly and now it’s not.

> G'Day, > > This is a serious situation. What it means is that the nextRid value for that DC points at a user account that already exists, so when we go to create it, the create fails. I've just looked at the LDAP output, and nextRid is 1000 for both dn: CN=Builtin,DC=chester-dc,etc and for dn: DC=chester-dc,etc The most recent successful new user (that I'm aware of) is