similar to: BIND9.8 DLZ performance issue

I'm hoping the issue is just load balancing, but I'm not sure. I can't see to get the traffic balanced across two DCs. I ran this script on all Linux nodes to balance the traffic. #!/usr/bin/perl use strict; use warnings; my $primary_name_server; my $random = int(rand(10)); open(my $resolv_conf_fh, '< /etc/resolv.conf') or die("Unable to open /etc/resolv.conf for

We are using Samba-4.1.11. I can run gpupdate /force without error on my machine. H:\>type \\dc01.mediture.dom\SysVol\mediture.dom\Policies\{77F82F0F-AE2B-42F3-B173-D42F4BEEC0BA}\gpt.ini [General] Version=65551 displayName=New Group Policy Object H:\>type \\dc02.mediture.dom\SysVol\mediture.dom\Policies\{77F82F0F-AE2B-42F3-B173-D42F4BEEC0BA}\gpt.ini [General] Version=65551 displayName=New

I forgot to associate inter-site links (all using default), which fixed a lot though I'm still having an issue. * vsc site o vsc-dc01 o vsc-dc02 * aws site o aws-dc01 * epo site o epo-dc01 * vsc-dc01 => anywhere: OK * vsc-dc02 => anywhere: not replicating * aws-dc01 => anywhere: OK * epo-dc01 => anywhere: OK I've tried with samba_kcc =

On 3/13/2017 2:15 PM, Arthur Ramsey via samba wrote: > Upgraded to 4.6.0 on all nodes. Still seeing the same issue. > > If I create an object on vsc-dc02, epo-dc01 or aws-dc01 DCs it doesn't > replicate. If I create it on vsc-dc01 (PDC emulator) then it does > replicate. > > On 03/13/2017 12:13 PM, Arthur Ramsey wrote: >> >> I believe the problem is a lack

I believe the problem is a lack of outbound replication for non PDC emulator DCs. You'll notice isn't even trying because last successful was epoch (never) yet there are no errors. Inbound replication for this DC seems fine. [root at vsc-dc02 ~]# samba-tool drs showrepl [...]==== OUTBOUND NEIGHBORS ==== DC=DomainDnsZones,DC=mediture,DC=dom aws\AWS-DC01 via RPC DSA object GUID:

I tried to synchronize the sysvol folders, on two dcs. Something went wrong since yesterday we have replication problems: One machine shows this, while the other one is happy. samba-tool drs showrepl ==== INBOUND NEIGHBORS ==== DC=DomainDnsZones,DC=ourdomain,DC=com Default-First-Site-Name\DC03 via RPC DSA object GUID: af610e1a-9e3b-4cdd-a36b-c296d77a9479 Last attempt @

Is it possible to specify a list of DCs for Samba to use, rather than have it look them up dynamically via DNS? I have an issue with Kerberos, Samba, and SSSD where my machines stop authenticating after a period of time – preAuthentication errors, etc. I suspect it's because of a "DC mismatch" between the three. Because we have numerous DCs all over the world, I specifically

I think I'm missing some SRV records... Calling nsupdate for SRV _ldap._tcp.Default-First-Site-Name._ sites.ForestDnsZones.mydomain.com dc03.mydomain.com 389 (add) Outgoing update query: ;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id: 0 ;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0 ;; UPDATE SECTION:

You believe that SSSD is bypassing Samba entirely and going direct to Kerberos? That’s possible. At the moment, to the best of my understanding, Samba is only being used to join the domain. There are no file/printer/etc. shares happening; this is just basic domain join/membership and keytab generation and after that it’s done. The question was still specific to Samba itself: can I specify the DCs

I've googled and I believe that SASL method DIGEST-MD5 is supported and I see it in the samba startup, but it doesn't work. ldapsearch -Y DIGEST-MD5 -h dc03.mediture.dom SASL/DIGEST-MD5 authentication started ldap_sasl_interactive_bind_s: Operations error (1) additional info: SASL:[DIGEST-MD5]: Failed to start authentication backend: NT_STATUS_INVALID_PARAMETER [root at dc03 ~]# samba

I found adcli a little too late; I plan to use it in the future but for the time being I just deployed 16 VMs using Samba so we’re going to keep that for now! Also, the rest of what I wrote can be disregarded – I figured out exactly why my hosts were failing to authenticate after a period of time. It’s too stupid to admit publicly. On 8/23/16, 3:50 PM, "samba on behalf of Kris Lou via

On Tue, 6 Sep 2016 13:59:43 +0000 Julian Zielke via samba <samba at lists.samba.org> wrote: > BTW, this is our smb.conf: > > # Global parameters > [global] > workgroup = mydomain > realm = mydomain.local > netbios name = myhostname > server string = Samba AD Client Version %v > security = ads > password server = dc03, dc04, dc01, dc02, * You should let Samba

I bumped the logging up. samba-tool domain level raise --domain-level=2008_R2 schema_fsmo_init: we are master[yes] updates allowed[no] schema_fsmo_init: we are master[yes] updates allowed[no] The updates_allowed[no] concerns me? On Fri, Jul 8, 2016 at 9:45 AM, Jason Waters <jason at geeknocity.com> wrote: > I'm pretty sure the domain level raise is failing on this system.

Hi, - I have changed my /etc/resolv.conf for all my three DCs. ### DC 01-03 nameserver 10.10.10.11 nameserver 10.10.10.12 nameserver 10.10.10.13 search intern.preiss.network - In the next step I changed my /etc/hosts for each DC ### DC1 127.0.0.1 localhost 10.10.10.11 01-dc01.intern.preiss.network 01-dc01 ### DC2 127.0.0.1 localhost 10.10.10.12 01-dc02.intern.preiss.network 01-dc02

Changes replicate to it, but not from it. vsc\VSC-DC02 DSA Options: 0x00000001 DSA object GUID: fe066b13-6f9e-4f3c-beb4-37df1292b8cb DSA invocationId: 8a2b1405-07b1-4d92-89dd-1d993e59e378 ==== INBOUND NEIGHBORS ==== DC=DomainDnsZones,DC=mediture,DC=dom vsc\DC01 via RPC DSA object GUID: da9bb168-47a0-4368-aff3-bf06d1b869d2 Last attempt @ Tue Mar 14

Hi All, In my environment, I have a total of 4 DCs (Samba 4.7.6) running in VMs. Their uptime schedule goes like this: dc00 : usually 100% unless there's a failure. dc01 : same as above dc02 : a few days per week. dc03 : a few days per month. This has the consequence that a DNS A lookup on the AD domain shows 4 IPs, 2 of which are usually not up. Because I don't have shared storage in

On Fri, 14 Jun 2024 08:04:57 +0200 Ronny Preiss via samba <samba at lists.samba.org> wrote: > Am Mo., 10. Juni 2024 um 10:14 Uhr schrieb Rowland Penny via samba < > samba at lists.samba.org>: > > > On Sun, 9 Jun 2024 13:18:10 +0200 > > Ronny Preiss via samba <samba at lists.samba.org> wrote: > > > > > > No need to build Samba yourself, you

Replication has been running smoothly until I upgraded to 4.5.0. I had various errors with all BDCs and a force sync didn't resolve it. I shutdown all BDCs, demoted them with --remove-other-dead-server then joined new BDCs with new names. At first replication was intermittently failing (consecutive failures counter kept resetting), but it seemed OK, just slow if anything. Now they all

Hi all, I am currently struggling to remove one of our Samba4 DC from the domain. Some time ago, adding a new Samba DC to our AD did not succeed and I had to demote the new server again. After removal, replication on one of the old/existing DCs got weird. /usr/local/samba/bin/samba-tool drs showrepl gives the following: Standardname-des-ersten-Standorts\dc02 DSA Options: 0x00000001 DSA object

a nice example about dns islanding. http://retrohack.com/a-word-or-two-about-dns-islanding/ and with only 2 dc's setup the resolv.confs like : DC01 Primary DNS 10.1.1.2 Secondary DNS 127.0.0.1 DC02 Primary DNS 10.1.1.1 Secondary DNS 127.0.0.1 http://technet.microsoft.com/en-us/library/ff807362%28v=ws.10%29.aspx says: If the loopback IP address is the first entry in the list of