similar to: DRS stopped working after upgrade from debian Jessie to Stretch

2017-06-21 14:29 GMT+02:00 Prunk Dump <prunkdump at gmail.com>: > Thank you very much Louis, Rowland, Mike ! > > I have made all the changes proposed by Louis but still have the same problem. > > -> kinit works now with /var/lib/samba/private/secrets.keytab > ------------------------ > ~# kinit -k -t /var/lib/samba/private/secrets.keytab FICHDC$ > ~# >

Hello thanks again for the help ! I have analysed samba logs more closely. I'am very worried. I have three DC (fichdc, fichds01, fichds02) but here I talk just about fichdc's logs. -> Almost every times, "AS-REQ" fail for the 3 DCs with something like this : ---------------- Kerberos: AS-REQ FICHDC$@NET.LYC-GUILLAUME-FICHET.AC-GRENOBLE.FR from ipv4:172.16.0.20:59818 for

Hai, Before you start, Backup, /etc/ /var/lib/samba better safe than sorry.. Stop samba and related services ( check it at least nmbd smbd winbind samba samba-ad-dc) > -----Oorspronkelijk bericht----- > Van: samba [mailto:samba-bounces at lists.samba.org] Namens > Prunk Dump via samba > Verzonden: woensdag 21 juni 2017 11:57 > Aan: samba at lists.samba.org > Onderwerp:

Hello Samba team ! I'am in a very delicate situation. After an upgrade to debian Stretch my DRS stopped working. I have three DCs (fichdc, fichds01, fichds02), all Debian Stretch, all with the same problem. Everything seems to be fine except DRS. -> File shares works -> DNS (with bind9 DLZ) works -> "kinit administrator" works -> "kinit -k FICHDC$" works ->

Hai Baptiste, What you can try; Type: ktutil (enter) rkt /etc/krb5.keytab rkt /var/lib/samba/private/krb5.keytab list Now check if you see, host/server.internal.domain.tld at REALM host/server at REALM (same (both) for nfs/.. at REALM) And NETBIOSNAME$@REALM If you see all, you can write this back to a new file. wkt /etc/krb5.keytab.new1 And if needed you can also cleanup the keytab

Hai, Just saying samba does not use /etc/krb5.keytab is not totaly correct. A lot of setups use the setting : dedicated keytab file = /etc/krb5.keytab Because systemd defaults point to /etc/krb5.keytab. >From his logs: Failed to find FICHDC$@NET.LYC-GUILLAUME-FICHET.AC-GRENOBLE.FR(kvno 2) in keytab FILE:/var/lib/samba/private/secrets.keytab (arcfour-hmac-md5) And from his command

On Mon, 2017-06-19 at 22:13 +0200, Prunk Dump via samba wrote: > Hello Samba team ! > > I'am in a very delicate situation. After an upgrade to debian Stretch > my DRS stopped working. Have you ever had MIT krb5 installed, or is krb5kdc now running? Samba doesn't use /etc/krb5.keytab, so this may be related to some previous install (or may be related to how you are trying to

On Wed, 21 Jun 2017 12:41:52 +0200 "L.P.H. van Belle via samba" <samba at lists.samba.org> wrote: > Hai, > > Before you start, > > Backup, /etc/ /var/lib/samba better safe than sorry.. > > Stop samba and related services ( check it at least nmbd smbd winbind > samba samba-ad-dc) > > > Well here is a choice, i preffer to keep the debian

Thank again for your help ! 2018-01-12 21:26 GMT+01:00 Rowland Penny <rpenny at samba.org>: > The problem is, you are thinking in the wrong direction ;-) > If you give a user a uidNumber, or a group a gidNumber, these will be > used instead of the xidNumbers found in idmap.ldb, you do not need to > alter idmap.ldb at all. > The way ADUC works, is by using a couple of

Hai Baptiste, You missed my first message but here it is again. . systemctl cat bind9 # /lib/systemd/system/bind9.service [Unit] Description=BIND Domain Name Server Documentation=man:named(8) After=network.target Wants=nss-lookup.target Before=nss-lookup.target [Service] EnvironmentFile=/etc/default/bind9 ExecStart=/usr/sbin/named -f $OPTIONS ExecReload=/usr/sbin/rndc reload

2018-01-15 20:14 GMT+01:00 Rowland Penny via samba <samba at lists.samba.org>: > On Mon, 15 Jan 2018 19:51:12 +0100 > Prunk Dump via samba <samba at lists.samba.org> wrote: > >> Thank again for your help ! >> >> 2018-01-12 21:26 GMT+01:00 Rowland Penny <rpenny at samba.org>: >> > The problem is, you are thinking in the wrong direction ;-)

On Tue, 20 Jun 2017 22:31:02 +1200 Andrew Bartlett via samba <samba at lists.samba.org> wrote: > On Tue, 2017-06-20 at 11:13 +0200, L.P.H. van Belle via samba wrote: > > Now choose, of > > dedicated keytab file = /etc/krb5.keytab > > To be clear, this parameter is not used in the AD DC. > > Thanks, > > Andrew Bartlett > Shouldn't that be

Hello ! I am the network administrator of a French high school. I have already configured a BIND9 server with dynamic DNS update from the ISC DHCP server for my zone : lyc-guillaume-fichet.ac-grenoble.fr And I would like to add a samba4 server in this zone. How can I add the samba's DNS entries to this existing zone keeping my previous static and dynamic entries ? I can't use directly

21.06.2017 11:45, L.P.H. van Belle via samba пишет: > I suggest before you upgrade do a very good read here. > > https://wiki.samba.org/index.php/Updating_Samba#Notable_Enhancements_and_Changes > > https://wiki.samba.org/index.php/Samba_Features_added/changed_(by_release) > And a summerize version for with all parameter changes as of upgrade from 4.2 up to 4.6 >

Thank you very much for your help Rowland ! And sorry for my English, I'm french. Le lun. 8 oct. 2018 à 18:38, Rowland Penny via samba <samba at lists.samba.org> a écrit : > > On Mon, 8 Oct 2018 18:11:39 +0200 > Prunk Dump <prunkdump at gmail.com> wrote: > > > Hi ! > > > > I use samba 4.5 ( Debian stable ) and to get the primary group I want, >

On Mon, 8 Oct 2018 18:11:39 +0200 Prunk Dump <prunkdump at gmail.com> wrote: > Hi ! > > I use samba 4.5 ( Debian stable ) and to get the primary group I want, > I change the user's primaryGroupID in AD. Bad idea > > I know this is usually a bad idea ( as said in the samba documentation > ). But in my case there is some arguments in favor of this method : There

Hi samba team ! I'm face with a new problem on a new Samba PDC install (Debian 9). I don't know why, but systemd run multiples "rndc reconfig" commands during the init script. So the bind9 log file show : -> A successful start -> A failed reconfig (samba_dlz Ignoring duplicate zone) at each boot/reboot. So I need to restart bind9 each time manually. I created a wrapper

Mandi! Kacper Wirski via samba In chel di` si favelave... > I understand the OP, I was asking some time ago similar question, but it was > in relation to samba domain member. Thanks, Kacper. > I couldn't get backend: ad to work for > machine accounts, so i switched to idmap: rid and it solved everything. I > tried manually adding UID and GID to Domain Computer group and to

On Mon, 15 Jan 2018 16:18:57 +0100 Kacper Wirski via samba <samba at lists.samba.org> wrote: > Hello, > I understand the OP, I was asking some time ago similar question, but > it was in relation to samba domain member. I couldn't get backend: ad > to work for machine accounts, so i switched to idmap: rid and it > solved everything. I tried manually adding UID and GID to

Hello, I can't get Kerberos authentication works with my Linux clients. Server : samba 4.1.4 (compiled from source) Client : Debian Wheezy with sernet-samba 4.0.17-8 Without Kerberos authentication, everything works : -> the domain users can log with pam_winbind (with ssh, gdm ....). -> "kinit myuser at MYREALM" works fine. -> "wbinfo -K MYDOM\\myuser" works.