similar to: Upgraded SAMBA4 DC's, now no logon scripts

On Mon, 2016-09-19 at 20:57 +0200, Marc Muehlfeld wrote: > > Logon scripts assigned to a user do not execute when the user logs > > on; it did before the upgrade. > * What kind of upgrade are you talking about? > NT4 to AD? (migration) > x.y to 4.2? AD 4.0.21 -> 4.2.x This worked prior to the upgrade. > * Is this an PDC or DC? They are DCs. > * Where have you

I need to add persistent routes to a policy routing table. I can add rules to an IP policy table after installing NetworkManager-config- routing-rules; but I have not found how to add routes to a table other than the specific table. Manually I do a: ip route add default via 192.168.1.6 dev ens192 table pods Rules load automatically via the /etc/sysconfig/network-scripts/rules- {interface}

Hi, sometimes I see following in the logs: /source4/rpc_server/drsuapi/writespn.c:234(dcesrv_drsuapi_DsWriteAccountSpn) Failed to modify SPNs on CN=PCNAME,CN=Computers,DC=DOMAIN,DC=NAME,DC=NAME,DC=de: error in module acl: Constraint violation during LDB_MODIFY (19) In the net i found this "explanation": "LDAP_CONSTRAINT_VIOLATION Indicates that the attribute value specified in

On 12/29/2017 3:59 AM, Wojciech ?ysiak wrote: > firstly check which zone are your interface in : > > bash> firewall-cmd --get-active-zones > > then all you have to do is add a service to the firewall > > firewall-cmd --zone=<INSERT YOUR ZONE> --add-service=openvpn --permanent > > assuming that your Openvpn is running on standard port 1194/tcp|udp, > If not

I have a site with a working Samba4 AD domain with a single DC. It works. I've added three new DCs to the domain [using the SerNet packages for 4.0.21]. The intention is to then demote the old, original Samba4 DC. But problems exist for netlogon/sysvol. One of the new DCs - the second one added - works, clients can access netlogon & sysvol. However the other two DCs have ACL errors

Since upgrading S4 DCs I am see the following message in log.samba - DsCrackNames: Unsupported operation requested: FFFFFFF8DsCrackNames: Unsupported operation requested: FFFFFFF8Unable to fetch value for secret BCKUPKEY_13bb48fc-0844-4736-9972-e26453333856, are we an undetected RODC? DsCrackNames: Unsupported operation requested: FFFFFFF8DsCrackNames: Unsupported operation requested:

I added three DCs to a single DC Samba4 AD domain. They initially replicated and came up - but replication does not appear to be ongoing. A change made to a user via MMC connected to one DC does not appear on another DC. It the logs I see bursts of the following message: [2014/08/12 15:08:08.026270, 0] ../source4/librpc/rpc/dcerpc_util.c:660(dcerpc_pipe_auth_recv) Failed to bind to uuid

I believe a schema change on a Windows DC (2008rc) has broken replication with our S4 DCs. Anyone have any tips or pointers to resolve this? I have three S4 DCs [CentOS6] and one Windows 2008R2 DC. The Windows 2008R2 DC has the schema master FSMO, and I believe the Exchange schema was added. I am willing to pay US dollars to get this issue resolved. I need the replication restored, the

> > Initially, it appears to have worked. ... > > It shows the same on one of the S4 DCs, but the > > DomainDnsZonesMasterRole still shows as "no current owner" on the > > third S4 DC [all Sernet 4.5.2].  Argh. > You could try checking the database on the third DC, 'samba-tool > dbcheck --help' for more info. > You could also try forcing

> You seem to be missing two FSMO roles: > DomainDnsZonesMasterRole > ForestDnsZonesMasterRole > Just what version of Samba are you using ? My Samba 4.5.2 domain also appears to be missing these roles. Can I simply seize these roles? [root at larkin27 ~]# samba-tool fsmo show SchemaMasterRole owner: CN=NTDS Settings,CN=TEMP2008R2DC,CN=Servers,.. InfrastructureMasterRole owner:

On Mon, 2016-12-12 at 19:45 +0000, Rowland Penny via samba wrote: > You seem to be missing two FSMO roles: > > > DomainDnsZonesMasterRole > > > ForestDnsZonesMasterRole > > > Just what version of Samba are you using ? > > My Samba 4.5.2 domain also appears to be missing these roles. > > Can I simply seize these roles? > > [root at larkin27 ~]#

I removed a DC using the DC removal tool mentioned in http://gallery.technet.microsoft.com/scriptcenter/d31f091f-2642-4ede-9f97-0e1cc4d577f3 as https://bugzilla.samba.org/show_bug.cgi?id=10734 prevents normal DC demotion. The DC was still all over in DNS, so I had to pick it out. Now replication between the remaining three DCs is broken [root at larkin26 ~]# samba-tool drs showrepl

On Mon, 19 Sep 2016 10:50:25 -0400 Adam Tauno Williams via samba <samba at lists.samba.org> wrote: > On Mon, 2016-09-19 at 10:45 -0400, Adam Tauno Williams via samba > wrote: > > Since upgrading S4 DCs I am see the following message in log.samba - > > The message "Unable to fetch value for secret BCKUPKEY_13bb48fc-0844 > > -4736-9972-e26453333856, are we an

Hi all, SPN = servicePrincipalName A simple search returning all servicePrincipalName declared in your AD: ldbsearch -H $sam serviceprincipalname=* serviceprincipalname An extract from result concerning a lambda client: # record 41 dn: CN=win-client345,OU=Machines,DC=ad,DC=domain,DC=tld servicePrincipalName: HOST/MB38W746-0009 servicePrincipalName: HOST/MB38W746-0009.ad.domain.tld

On Sun, 20 Nov 2016 16:50:34 -0500 Adam Tauno Williams <awilliam at whitemice.org> wrote: > On Sun, 2016-11-20 at 21:11 +0000, Rowland Penny via samba wrote: > > On Sun, 20 Nov 2016 15:55:08 -0500 > > Adam Tauno Williams via samba <samba at lists.samba.org> wrote: > > > And it looks like nobody is listening on port 135 - > > > [root at larkin26 ~]#

On 9/19/2016 3:15 PM, Adam Tauno Williams via samba wrote: >> To see rid pool info run the following from a Windows command prompt. >> dcdiag /s:DCNAME /test:ridmanager /v >> Replace DCNAME with the dns name of your Domain Controller. I wonder >> if OP has exhausted his RID pool. Unlikely but possible. I also see a >> similar post on this same issue. >>

Greetings, Adam Tauno Williams! > Fix DNS dynamic updates in Samba versions prior 4.0.7 > > <https://wiki.samba.org/index.php/Fix_DNS_dynamic_updates_in_Samba_versions_prior_4.0.7> > Trying to clean up a Samba domain that has existed forever. And this > issue seems to apply. However the instructions are to run: > # samba-tool dns add SERVER DOMAIN

On Thu, 2016-10-20 at 16:43 -0400, Adam Tauno Williams via samba wrote: > On Thu, 2016-10-20 at 16:28 -0400, Adam Tauno Williams via samba > wrote: > > > > sernet-samba-4.2.14-23.el6.x86_64 > > Errors [on all DCs] related to incorrect userParameters values - on > > user's that are working.  How does one go about > > rebuilding/correcting > > this

> Not sure what would cause that error message, nor have I experienced it. Looks like other people have seen it: > https://www.google.com/?gws_rd=ssl#q=gss_init_sec_context+failed+with+%5BUnspecified+GSS+failure.++Minor+code+may+provide+more+information:+No+credentials+cache+found I found no way to get rid of this, although everything seems to work fine. Red Hat need to push out an update

Hi together, Demoting from a Win-Server-Based Active Directory fails root at srvf01:~# samba-tool domain demote --server windc-server -UAdministrator Using srv15.lan.compumaster.de as partner server for the demotion Password for [COMPUMASTER\Administrator]: Desactivating inbound replication Asking partner server windc-server to synchronize from us Error while demoting, re-enabling inbound