similar to: Use of specific DCs within smb.conf

You believe that SSSD is bypassing Samba entirely and going direct to Kerberos? That’s possible. At the moment, to the best of my understanding, Samba is only being used to join the domain. There are no file/printer/etc. shares happening; this is just basic domain join/membership and keytab generation and after that it’s done. The question was still specific to Samba itself: can I specify the DCs

I found adcli a little too late; I plan to use it in the future but for the time being I just deployed 16 VMs using Samba so we’re going to keep that for now! Also, the rest of what I wrote can be disregarded – I figured out exactly why my hosts were failing to authenticate after a period of time. It’s too stupid to admit publicly. On 8/23/16, 3:50 PM, "samba on behalf of Kris Lou via

On Tue, 23 Aug 2016 13:01:09 -0700 Sean via samba <samba at lists.samba.org> wrote: > Is it possible to specify a list of DCs for Samba to use, rather than > have it look them up dynamically via DNS? > > > > I have an issue with Kerberos, Samba, and SSSD where my machines stop > authenticating after a period of time – preAuthentication errors, > etc. I suspect

This doesn't really answer your question, but it already looks like you're using SSSD for authentication, and specifying local DC's (instead of DNS lookups). Why not bind to AD directly with that? Using realmd/adcli makes it easy, and with a minimal samba installation (libs only) -Kris Kris Lou klou at themusiclink.net On Tue, Aug 23, 2016 at 2:47 PM, Sean via samba <samba at

We are using Samba-4.1.11. I can run gpupdate /force without error on my machine. H:\>type \\dc01.mediture.dom\SysVol\mediture.dom\Policies\{77F82F0F-AE2B-42F3-B173-D42F4BEEC0BA}\gpt.ini [General] Version=65551 displayName=New Group Policy Object H:\>type \\dc02.mediture.dom\SysVol\mediture.dom\Policies\{77F82F0F-AE2B-42F3-B173-D42F4BEEC0BA}\gpt.ini [General] Version=65551 displayName=New

Hi all, I am currently struggling to remove one of our Samba4 DC from the domain. Some time ago, adding a new Samba DC to our AD did not succeed and I had to demote the new server again. After removal, replication on one of the old/existing DCs got weird. /usr/local/samba/bin/samba-tool drs showrepl gives the following: Standardname-des-ersten-Standorts\dc02 DSA Options: 0x00000001 DSA object

Hi All, In my environment, I have a total of 4 DCs (Samba 4.7.6) running in VMs. Their uptime schedule goes like this: dc00 : usually 100% unless there's a failure. dc01 : same as above dc02 : a few days per week. dc03 : a few days per month. This has the consequence that a DNS A lookup on the AD domain shows 4 IPs, 2 of which are usually not up. Because I don't have shared storage in

I think I'm missing some SRV records... Calling nsupdate for SRV _ldap._tcp.Default-First-Site-Name._ sites.ForestDnsZones.mydomain.com dc03.mydomain.com 389 (add) Outgoing update query: ;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id: 0 ;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0 ;; UPDATE SECTION:

Hello, I'm running Samba 4.5.0 and bind-9.8.2-0.47.rc1.el6_8.1. One DC of four, the PDC, is magnitudes slower running /usr/local/samba/sbin/samba_dnsupdate --verbose --all-names. When that is running on that DC it seems to block any queries. The load average is usually under 0.5. The DC was unsafely halted, which could have corrupted something. I ran a dbcheck with samba-tool and it

Thanks for the suggestion Rowland, I had already tried that though and both secondary DC's resolve.... host -t CNAME fbce444a-8707-4c69-8066-d75aacfb07f0._msdcs.mydomain.com. fbce444a-8707-4c69-8066-d75aacfb07f0._msdcs.mydomain.com is an alias for dc02.mydomain.com. host -t CNAME 04225dbe-d69c-4ea5-8930-eb8746790180._msdcs.mydomain.com.

We have three Windows domain controllers in our AD domain. They are DC01, DC02, and DC03. We have Linux (RHEL5 and 6) servers in the domain as well. The Linux servers are working fine with AD. However, they are currently configured in krb.conf and krb5.conf to use only DC01 for AD domain controller. if DC01 is down, Linux servers cannot authenticate. How do we configure the Linux servers to use

Ok I'll try that in the morning and will get back with the resilt. On 30 September 2016 at 21:22, Rowland Penny via samba < samba at lists.samba.org> wrote: > On Fri, 30 Sep 2016 20:24:45 +0100 > "Maton, Brett" <matonb at ltresources.co.uk> wrote: > > > Thanks for the suggestion Rowland, I had already tried that though > > and both secondary

so the DC with FSMO is not done first?     Van: Kristján Valur Jónsson [mailto:kristjan at rvx.is] Verzonden: vrijdag 28 december 2018 17:08 Aan: L.P.H. van Belle Onderwerp: Re: [Samba] replication failing for 4.9.4 dc01 is still running 4.7.7.  No need to restart it.  There is also still a DC03 running 4.7.7.  the only one I've upgraded is DC02.  resolv.conf on DC02 is configured with

Thanks Rowland, You saved me from a world of pain, I've now got named back up and running and also accessible via windows DNS GUI. the SOA record still says ns=dc03.. which is strange and the only place dc03 exists in the ouput of samba-tool dns query localhost mydomain.com @ ALL Is this something I can fix in the windows DNS GUI or do I need to do something with like FSMO ? Which btw

Hi Rowland thanks for your response. I'm running samba 4.5.0rc1 on CentOS 7.2 I've dumped the DNS records, and it doesn't appear to have any SRV or NS records. Also the SOA record is pointing at the wrong server dc03 instead of dc01. I'm pretty sure it can be fixed, but I don't know how or what to do On 27 September 2016 at 07:59, Rowland Penny via samba < samba at

Hi I have multi domain environment with root domain and subdomain. Forest and domain level windows 2003 native. Also forest prep and domain prep did for sccm 2007 ocs 2007 and Exchange 2003. After join Samba to domain like ad dc I had some problem with replication: ################################################# [root at dc03 ~]# samba-tool drs replicate dc02 dc03

Hi Andrew, thanks for your reply. Find attached the output of the command. Looks like it fails on renaming an object to me. Regards, Alexander On 7. February 2020 at 08:50:02, Andrew Bartlett via samba (samba at lists.samba.org) wrote: On Wed, 2020-02-05 at 23:41 +0100, Alexander Harm via samba wrote: > Hello, > > we could need some help resolving a replication issue we

On Tue, 6 Sep 2016 13:59:43 +0000 Julian Zielke via samba <samba at lists.samba.org> wrote: > BTW, this is our smb.conf: > > # Global parameters > [global] > workgroup = mydomain > realm = mydomain.local > netbios name = myhostname > server string = Samba AD Client Version %v > security = ads > password server = dc03, dc04, dc01, dc02, * You should let Samba

Hi there. I'm trying to upgrad from 4.7.7 to 4.9.4. I built from source, running on centos 7.6 on a Raspberry Pi. When testing on a secondary DC, my "samba-tool drs showrepl" errors out with: ERROR(<class 'samba.drs_utils.drsException'>): DRS connection to dc02.rvx.is > failed - drsException: DRS connection to dc02.rvx.is failed: (8, >

a nice example about dns islanding. http://retrohack.com/a-word-or-two-about-dns-islanding/ and with only 2 dc's setup the resolv.confs like : DC01 Primary DNS 10.1.1.2 Secondary DNS 127.0.0.1 DC02 Primary DNS 10.1.1.1 Secondary DNS 127.0.0.1 http://technet.microsoft.com/en-us/library/ff807362%28v=ws.10%29.aspx says: If the loopback IP address is the first entry in the list of