similar to: demoted DC's still arround

Is there a way to list all the current entries with samba-tool? Use it as a way to check what is happening? On Tue, Jul 4, 2017 at 11:15 AM, Rowland Penny via samba < samba at lists.samba.org> wrote: > On Tue, 4 Jul 2017 10:58:40 -0500 > Robert Wooden <bob at donelsontrophy.com> wrote: > > > Due to an unrelated incident I was forced to restart the DC. Further > >

Replaced as instructed and ran the command. It claimed "success", however (RSAT) DNS Manager still shows demoted DC as SOA record. BTW, this demoted DC is now shut off. Suggestions? > Run this on a DC: > > samba-tool dns delete 127.0.0.1 samdom.example.com @ NS fqdn_string -U > Administrator > > Replace: 'samdom.example.com' with your dns domain name. >

I followed the "Demoting_a_Samba_AD_DC" on the Samba Wiki. After demoting the online controller and receiving a "successful" notation I scrolled down to the "Verifying The Demotion" via the listed Windows RSAT. The controller was not listed as a domain controller any more. Only the remaining two DC's appeared. Great! The "Active Directory Sites and

So, for now, should I work my way through the DNS manager and delete any references for the old dc manually or just leave it alone? On Thu, Mar 8, 2018 at 6:16 PM, Andrew Bartlett <abartlet at samba.org> wrote: > On Thu, 2018-03-08 at 17:49 -0600, Robert Wooden via samba wrote: > > Will these DNS listings clear themselves with time or do I have a problem > > here? > >

I Google searched this morning and had found this: " https://superuser.com/questions/1281015/changing-computer-name-on-dns-samba4-ad-server" which discusses a similarity to your suggestion. I was concerned because I cannot tell if the OP is referencing 'internal dns' or 'bind9'. However, what the OP is talking about doing, makes sense. (Could be later today before I

The "DNS_TYPE_NS" records show the correct DC's (both, I have two). The "DNS_TYPE_A" records show the correct DC's ip addresses. The "DNS_TYPE_SOA" shows the demoed DC FQDN in the "mname" > It should produce the SOA record (after you make the obvious changes), > what 'dnsRecord' objects does it show ? There should a

I have manually removed all entries of the demoted DC with the exception of the SOA record. The DNS Manager (offered by RSAT) will not allow adjustment of the SOA record. I have begun searching for a linux solution. Any suggestions would be greatly appreciated. On Thu, Mar 8, 2018 at 7:39 PM, Andrew Bartlett <abartlet at samba.org> wrote: > On Thu, 2018-03-08 at 19:02 -0600, Robert

In the event demoting a DC caused an issue due to an error (yes, on the user part) could the demoted DC be re-joined to allow correction of the issue? Or should one never rejoin a demoted DC? -- Thank you. Bob Wooden

At one point, I thought the same. Tried a "sleep 5" and still got some failures. (That was before I started counting the fails.) This is a P4 3.2Ghz with 1Gb RAM. Could it be that sluggish (at that moment) and need a "sleep 10" or "sleep 15" or more? It worked on my VM (of course it is running on a multi-core Xeon processor so maybe a sleep?) I'm going to try

Thanks Rowland but that idea did not work. I will simply grant access to those that failed manually. (Really wish I had kept the VM that the scripthad worked on so I could go back and see what happened but, too late, I have already deleted to save precious hard drive space.) If I have any issues, I'll be back. --- ------------------------- Bob Wooden of Donelson Trophy 615.885.2846

No. What I did was change the first few to see what happens. And still the first 13 (this time, last time 17) failed. I am baffled why the first 11 to 17 fail (randomly) and the remainder receive "Successfully granted rights." --- ------------------------- Bob Wooden of Donelson Trophy 615.885.2846 (main) www.donelsontrophy.com [1] "Everyone deserves an award!!" On

Here yau go: root at dc01:~# cat /etc/bind/named.conf.options // Defined ACL Begin acl thisserverip { 192.168.16.54; }; acl all-networks { 192.168.16.0/24; }; // Defined ACL End options { directory "/var/cache/bind"; version "0.0.7"; // If there is a firewall between you and nameservers you want // to talk to, you may need to fix the firewall to allow multiple //

Thanks Rowland. Being the novice that I am, I thought the line would 'pickup' my DOMAIN and replace the ${SAMBA_NT_DOMAIN}. So, I just tried the line correctly and it asked for my Administrator password and subsequently granted access. At least I know I can go and correct manually, if I need too. My /etc/resolv.conf is: root at dt01:~# cat /etc/resolv.conf search dts***m.dt

Now, more appropriately answering after the message. SEE BELOW, please. On 2015-01-09 07:24, L.P.H. van Belle wrote: > Hai, > > Not entiraly correct.. > > change : > >> dns-nameservers 208.67.222.222 <<<<<< have always struggled > > to > dns-search dtshrm.lan > dns-nameservers IP_OF_AD_DC > > and use : > net rpc rights

I have been having issues with my W7 client "access is denied" to changing the security (user permissions) settings and have been posting regarding that issue yesterday. I have discovered that my "ads join member server" is not completely joined (I think.) I discovered a post from February 2014, by Louis "[Samba] member joined, but . . ." and ran some of his

On 05/01/15 14:04, Bob of Donelson Trophy wrote: > > > My shop is 10 minutes from my house. House and shop are connected by vpn > (between two IpFire firewalls.) I do a lot of configuring and testing > from home. Due to a Windows wake-on-lan issue (right now) I cannot wake > the lone DC W7 client from home. When I get to work this morning, W7 > client (thru ADUC) shows

On 01/04/16 22:38, spindles7 wrote: > Hi Rowland, > Have tried your patch, and now the Demote succeeds: > > root at dc3:~# samba-tool domain demote -Uadministrator > Using dc1.microlynx.com as partner server for the demotion > Password for [MICROLYNX\administrator]: > Deactivating inbound replication > Asking partner server dc1.microlynx.com to synchronize from us >

On 2015-01-09 08:44, Rowland Penny wrote: > On 09/01/15 14:34, Bob of Donelson Trophy wrote: > Now, more appropriately answering after the message. SEE BELOW, please. On 2015-01-09 07:24, L.P.H. van Belle wrote: Hai, Not entiraly correct.. change : dns-nameservers 208.67.222.222 <<<<<< have always struggled to dns-search dtshrm.lan dns-nameservers IP_OF_AD_DC and use :

I run "logcheck" on my servers and have noticed that my DC01 log has these: Feb 4 06:58:16 dc01 named[2096]: validating @0xb1c75c18: . NS: got insecure response; parent indicates it should be secure Feb 4 06:58:16 dc01 named[2096]: error (insecurity proof failed) resolving './NS/IN': 208.67.222.222#53 Feb 4 06:58:16 dc01 named[2096]: validating @0xb1c75c18: . NS: got insecure

I did a fresh install of Debian with the desktop. I know from Ubuntu that the network is handled differently in the desktop and the server versions. So, I am assuming it is a similar situation with Debian. I could be wrong but . . . When kerberos installs via the script it (the script) suggests accepting the 'defaults on the next three screens.' The first screen included the correct