Displaying 20 results from an estimated 800 matches similar to: "group policy update fails"
2016 Nov 18
2
group policy update fails
Ok just to verify.
DC name=
ad41.dc.samges.ru
dnsdomain= dc.samges.ru
Kerberos domain ??
Im guessing you kerberos to dnsdomain mapping is wrong.
Can you post the
/etc/hosts
/etc/resolv.conf
/etc/krb5.conf
And, can you post this line u used for provisioning?
Greetz,
Louis
> -----Oorspronkelijk bericht-----
> Van: Mike Lykov [mailto:combr at samges.ru]
> Verzonden:
2016 Nov 21
0
group policy update fails
21.11.2016 12:32, L.P.H. van Belle via samba пишет:
> Hai,
>
> Since your getting.
> finddcs: No matching server found
>> ERROR: Invalid IP address '3(NXDOMAIN)'!
> There is something wrong in the base of you setup.
yes, and it is a server own local hostname
see "DC server own hostname must be part of ad dc domain?" thread
your script relies on
2016 Nov 18
2
DC server own hostname must be part of ad dc domain?
Hi all.
If I have AD domain dc.samges.ru, how to setup a hostname, hosts file
and resolv.conf file? DNS is samba internal type.
Now I have settigs as here:
(ad41 is dc with fsmo roles, ip 172.16.214.141, ad51 is a second dc, ip
172.16.214.151)
root at ad51:~# hostname -s
ad51
root at ad51:~# hostname -d
samges.ru
root at ad51:~# hostname -f
ad51.samges.ru
Must I have an $SERV.$ADDOMAIN
2016 Nov 18
0
group policy update fails
18.11.2016 16:45, L.P.H. van Belle via samba пишет:
> Ok just to verify.
>
> DC name=
> ad41.dc.samges.ru
>
> dnsdomain= dc.samges.ru
yes
> Kerberos domain ??
/etc/krb5.conf
[libdefaults]
default_realm = DC.SAMGES.RU
dns_lookup_realm = false
dns_lookup_kdc = true
> Im guessing you kerberos to dnsdomain mapping is wrong.
> Can you
2016 Nov 17
3
group policy update fails
We can login just fine but Group Policy Update is throwing an error
gpupdate
Updating Policy...
User policy could not be updated successfully. The following errors
were encount
ered:
The processing of Group Policy failed. Windows could not determine if
the user a
nd computer accounts are in the same forest. Ensure the user domain
name matches
the name of a trusted domain that resides in
2016 Nov 18
1
DC server own hostname must be part of ad dc domain?
18.11.2016 15:22, Rowland Penny via samba пишет:
>> root at ad51:~# hostname -f
>> ad51.samges.ru
>> Must I have an $SERV.$ADDOMAIN hostname, like ad51.dc.samges.ru ?
> Yes
>
>> If I change hostname now, what will happen in AD domain ?
>
> Your machine will not be found.
But it can be found via DNS, why changing local (for this server)
hostname affects this?
2016 Nov 08
2
DNS "internal db error", samba 4.1.9
Hi all!
I operate an AD domain on samba4, provisioned some years ago. At
provision some dns zones created, linked to my domain.
I name domain as subdomain of my internet domain:
AD dc.samges.ru, internet zone samges.ru
Forward zones:
dc.samges.ru
_msdcs.dc.samges.ru
All worked normal, but then my coworker create forward zone
samges.ru (using windows RSAT tools)
It serves some names, I can
2016 Nov 18
0
DC server own hostname must be part of ad dc domain?
See inline comments:
On Fri, 18 Nov 2016 14:49:28 +0400
Mike Lykov via samba <samba at lists.samba.org> wrote:
> Hi all.
>
> If I have AD domain dc.samges.ru, how to setup a hostname, hosts file
> and resolv.conf file? DNS is samba internal type.
>
> Now I have settigs as here:
> (ad41 is dc with fsmo roles, ip 172.16.214.141, ad51 is a second dc,
> ip
2017 Mar 27
8
Provision new domain keeping users and passwords
Hello,
I try to add a new dc to my domain, but the sysadmin installed the
main dc left misconfigured dns zones that I can not remove.
¿Is it possible to provision the domain again using new samba as main
dc Keeping users and passwords Of the previous dc?
The current main dc runs samba 4.4.
Best regards,
Santiago.
--
Santiago Londoño Mejía
Analista de Infraestructura
t. (574) 605 25
2016 Dec 19
2
[Announce] Samba 4.5.3, 4.4.8 and 4.3.13 Security Releases Available for Download
On Mon, 19 Dec 2016 13:56:41 +0400
Mike Lykov via samba <samba at lists.samba.org> wrote:
> 19.12.2016 13:18, Karolin Seeger via samba пишет:
>
> > 100000 - 33554431 and similar lines) was ignored formerly and leads
> > to errors now. The typical error you see is NT_STATUS_INVALID_SID.
> > For more details, please see the following bug:
> >
> >
2014 Dec 10
1
Samba 4.1.7 ldapcmp msDS-NcType Error comparing DCs
Dear all,
Running samba-tool ldapcmp on my both DCs samba 4.1.7 leads to the output
:
Attributes found only in ldap://s4master:
msDS-NcType
serverState
FAILED
How to deal with this?
I am missing something?
[root at s4slave ~]# samba-tool ldapcmp ldap://s4master ldap://s4slave
-Uadministrator domain
Password for [TPLK\administrator]:
* Comparing [DOMAIN]
2015 Jul 16
3
4.2.2 as AD with 2 DCs: database incoherency
On my site with samba 4.18 on centos 6:
'samba-tool ldapcmp ldap://DC1 ldap://DC2 -Uadministrator' failed with this result msDS-NC Type failed :
[root at s4master ~]# samba-tool ldapcmp ldap://s4master ldap://s4slave -Uadministrator
Password for [TPLK\administrator]:
* Comparing [DOMAIN] context...
* Objects to be compared: 606
Comparing:
'CN=Builtin,DC=tplk,DC=loc'
2015 Jul 16
2
4.2.2 as AD with 2 DCs: database incoherency
Here I obtained:
---------------------
* Comparing [DOMAIN] context...
Failed search of base=DC=ad,DC=domain,DC=tld
ERROR(ldb): uncaught exception - LDAP client internal error:
NT_STATUS_UNEXPECTED_NETWORK_ERROR
File "/usr/lib/python2.7/dist-packages/samba/netcmd/__init__.py", line
175, in _run
return self.run(*args, **kwargs)
File
2017 Nov 30
2
added spn and exported keytab not match
Hello All.
I am using Samba AD DC and Linux server with Squid, and
I try to configure kerberos authentication for proxy server users.
I need to add SPN for user and then export keytab with it to file.
I am add user with RSAT and add SPN for it with samba-tool (like
https://wiki.samba.org/index.php/Generating_Keytabs):
--------------------
root at ad41:/# samba-tool spn list proxy
proxy
User
2016 Nov 08
0
DNS "internal db error", samba 4.1.9
On Tue, 8 Nov 2016 11:20:07 +0400
Mike Lykov via samba <samba at lists.samba.org> wrote:
> Hi all!
>
> I operate an AD domain on samba4, provisioned some years ago. At
> provision some dns zones created, linked to my domain.
>
> I name domain as subdomain of my internet domain:
> AD dc.samges.ru, internet zone samges.ru
>
> Forward zones:
> dc.samges.ru
2017 Dec 15
4
DNS issue with clean install of samba 4.5.12-Debian
Hai Mike,
I post it to the list so everybody can learn from it.
> Why you use "hostname -i" ?
man hostname wil tell.. But i'll try to explain it a bit.
Read the Description, its also about how the hostnames are resolved within the systemfuntions.
Like gethostname and gethostbyname
> root at ad51:~# hostname -i
> 127.0.0.1
> root at ad51:~# hostname -I
>
2017 Dec 11
4
DNS issue with clean install of samba 4.5.12-Debian
On 12/8/2017 2:54 PM, Taylor Hammerling via samba wrote:
> Glad you guys replied, here is my output :D
>
> root at dc1:~# ./samba-setup-checkup.sh
> Check hostnames : Ok
> ./samba-setup-checkup.sh: line 89: [: too many arguments
> Checking detected host ipnumbers from resolv.conf and default gateway
> Ping gateway ip : 172.28.0.1 : Ok
> ping nameserver1: 172.28.255.49 : Ok
2016 Dec 19
2
[Announce] Samba 4.5.3, 4.4.8 and 4.3.13 Security Releases Available for Download
Release Announcements
---------------------
This is a security release in order to address the following CVEs:
o CVE-2016-2123 (Samba NDR Parsing ndr_pull_dnsp_name Heap-based Buffer
Overflow Remote Code Execution Vulnerability).
o CVE-2016-2125 (Unconditional privilege delegation to Kerberos servers in
trusted realms).
o CVE-2016-2126 (Flaws in Kerberos PAC validation can trigger
2016 Dec 19
2
[Announce] Samba 4.5.3, 4.4.8 and 4.3.13 Security Releases Available for Download
Release Announcements
---------------------
This is a security release in order to address the following CVEs:
o CVE-2016-2123 (Samba NDR Parsing ndr_pull_dnsp_name Heap-based Buffer
Overflow Remote Code Execution Vulnerability).
o CVE-2016-2125 (Unconditional privilege delegation to Kerberos servers in
trusted realms).
o CVE-2016-2126 (Flaws in Kerberos PAC validation can trigger
2016 Jan 14
1
Samab DC's not syncing
Hi,
I am running a Windows Domain based on 2 Samba AD servers. The setup is
running mostly fine but I have the impression that the 2 DC's are not
syncing their information. For instance:
- I added a Windows pc to the domain last week, when I started 'Active
directory users and computers' today on a windows pc I could not see that
pc, after rebooting one of the DC's the pc