similar to: DNS issues

I bumped the logging up. samba-tool domain level raise --domain-level=2008_R2 schema_fsmo_init: we are master[yes] updates allowed[no] schema_fsmo_init: we are master[yes] updates allowed[no] The updates_allowed[no] concerns me? On Fri, Jul 8, 2016 at 9:45 AM, Jason Waters <jason at geeknocity.com> wrote: > I'm pretty sure the domain level raise is failing on this system.

Hello, we have the following problem with a ADDC Sernet 4.7.6-11 on CentOS 7.4. We have two DCs, replication is working fine. We use bind9 as dns-backend. When we do a "samba_dnsupdate --all-names" we get the following messages: ------------------- [root at dc1 ~]# samba_dnsupdate --all-names dns_tkey_negotiategss: TKEY is unacceptable dns_tkey_negotiategss: TKEY is unacceptable

Hello I tried on two vms on my vmware Workstation to use samba as DC. I want use BIND for dns system. To join the Domain had worked successfully after I recompiled the bind. It seems the zone are the same but Samba isn't in the ns-record. If I run dcpromo.exe I get this error message: This Active Directory DC is the last dns-server for the AD-zones. If I remove the DC the dns-names

Many (many) hours later, I'm finally throwing in the towel and seeking help. I have read everything I can find on the internet to no avail to get past my issues. I have to say, I'm very disappointed in the general quality and fragmentation of information on this topic. Samba isn't a turn-key solution as an AD by any stretch of the imagination. I've run the gamut so far with

Hello there. I´ve been having problems with dynamic dns update by dhcp on my samba ADDC running on CentOS 7 on an RPI2. After a while, the dhccp_dyndns.sh stops stops being able to authenticate with named. for the longest time I was stumped with this, exploring all kinds of kerberos issues, but found out that *restartint* named did resolve the issue. I have finally traced this problem down to a

Hi all, I am currently struggling to remove one of our Samba4 DC from the domain. Some time ago, adding a new Samba DC to our AD did not succeed and I had to demote the new server again. After removal, replication on one of the old/existing DCs got weird. /usr/local/samba/bin/samba-tool drs showrepl gives the following: Standardname-des-ersten-Standorts\dc02 DSA Options: 0x00000001 DSA object

I think I'm missing some SRV records... Calling nsupdate for SRV _ldap._tcp.Default-First-Site-Name._ sites.ForestDnsZones.mydomain.com dc03.mydomain.com 389 (add) Outgoing update query: ;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id: 0 ;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0 ;; UPDATE SECTION:

On 11/19/2015 9:44 AM, Thierry Hotelier wrote: > hello, > we've just upgraded from samba 3.6.6 to samba 4.3.0. We are using > INTERNAL as dns backend. We have 1 domain and 6 DCs on 5 different > sites. Replication between DCs is ok as we can see with "samba-tool > drs showrepl". We configured them like it is described on the wiki and > used the RSAT tool

I tried to synchronize the sysvol folders, on two dcs. Something went wrong since yesterday we have replication problems: One machine shows this, while the other one is happy. samba-tool drs showrepl ==== INBOUND NEIGHBORS ==== DC=DomainDnsZones,DC=ourdomain,DC=com Default-First-Site-Name\DC03 via RPC DSA object GUID: af610e1a-9e3b-4cdd-a36b-c296d77a9479 Last attempt @

L.P.H. van Belle writes: > is the time in sync on your servers ? Yes it is. I managed to make it work by specifying the primary DC as nameserver in /etc/resolv.conf of the secondary DC. As soon as I do that, samba_dnsupdate works on the secondary. When I change it back to use the local Samba as resolver, it no longer works. So it is a DNS issue (possibly related to replication

We are using Samba-4.1.11. I can run gpupdate /force without error on my machine. H:\>type \\dc01.mediture.dom\SysVol\mediture.dom\Policies\{77F82F0F-AE2B-42F3-B173-D42F4BEEC0BA}\gpt.ini [General] Version=65551 displayName=New Group Policy Object H:\>type \\dc02.mediture.dom\SysVol\mediture.dom\Policies\{77F82F0F-AE2B-42F3-B173-D42F4BEEC0BA}\gpt.ini [General] Version=65551 displayName=New

Hello! I've got this error dns_tkey_negotiategss: TKEY is unacceptable when running samba_dnsupdate --verbose With this error dynamic entries stopped working as Type A machines that entered in the field or entry to a new DC. Already tried the step described here https://wiki.samba.org/index.php/Dns_tkey_negotiategss:_TKEY_is_unacceptable But when trying to delete the account used the

L.P.H. van Belle writes: > check the rights on : > /var/lib/samba/private/dns.keytab 640 root:bind > /var/lib/samba/private/dns 750 root:bind > /var/lib/samba/private/sam.ldb.d 750 root:bind I'm using the internal DNS on both DC's, so I guess bind access rights aren't the issue. Thanks for your answer though :) Regards, Roel > >-----Oorspronkelijk

Thanks Rowland, You saved me from a world of pain, I've now got named back up and running and also accessible via windows DNS GUI. the SOA record still says ns=dc03.. which is strange and the only place dc03 exists in the ouput of samba-tool dns query localhost mydomain.com @ ALL Is this something I can fix in the windows DNS GUI or do I need to do something with like FSMO ? Which btw

I have installed samba from source (I've tried both V4-0-stable and v4-1-stable) using BIND9_DLZ on Ubuntu server 13.04 and I'm unable to get samba_dnsupdate to function. # samba_dnsupdate --all-names --fail-immediately will return dns_tkey_negotiategss: TKEY is unacceptable If I then try nsupdate directly: nsupdate -g /tmp/tmpEk4_WK I also get: dns_tkey_negotiategss: TKEY is

It's me again :-) Now we have DDNS with DHCP running but we have a problem on one of our two DCs. Btw we used the setup and the script from wiki. Doing a "dhclient" on a host we are getting the following messages: ------------- Mai 16 12:13:28 samba41 dhcpd[3961]: Commit: IP: 192.168.0.249 DHCID: 1:50:5b:5d:1c:ab:aa Name: horst Mai 16 12:13:28 samba41 dhcpd[3961]: execute_statement

Thanks for the suggestion Rowland, I had already tried that though and both secondary DC's resolve.... host -t CNAME fbce444a-8707-4c69-8066-d75aacfb07f0._msdcs.mydomain.com. fbce444a-8707-4c69-8066-d75aacfb07f0._msdcs.mydomain.com is an alias for dc02.mydomain.com. host -t CNAME 04225dbe-d69c-4ea5-8930-eb8746790180._msdcs.mydomain.com.

Ok I'll try that in the morning and will get back with the resilt. On 30 September 2016 at 21:22, Rowland Penny via samba < samba at lists.samba.org> wrote: > On Fri, 30 Sep 2016 20:24:45 +0100 > "Maton, Brett" <matonb at ltresources.co.uk> wrote: > > > Thanks for the suggestion Rowland, I had already tried that though > > and both secondary

Hello,   I am once again having troubles with a setup of a samba 4 DC and a Windows Server 2008R2 DC. Replication between these two stopped a few days ago. Since then the logs on the samba server are flooded with:   Failed to bind to uuid e3514235-4b06-11d1-ab04-xxxxxxxxxxxx for

Is it possible to specify a list of DCs for Samba to use, rather than have it look them up dynamically via DNS? I have an issue with Kerberos, Samba, and SSSD where my machines stop authenticating after a period of time – preAuthentication errors, etc. I suspect it's because of a "DC mismatch" between the three. Because we have numerous DCs all over the world, I specifically