similar to: RODC User's password replication, not implemented ?

I think you missed these in the firewall, if you allowed the "in" for the DC, you also need the OUT. 49152:65535/tcp ALLOW OUT Greetz, Louis > -----Oorspronkelijk bericht----- > Van: samba [mailto:samba-bounces at lists.samba.org] Namens > Gaetan SLONGO via samba > Verzonden: dinsdag 29 mei 2018 16:40 > Aan: Rowland Penny > CC: samba at lists.samba.org

On Wed, 13 Jun 2018 10:40:28 +0200 (CEST) Gaetan SLONGO <gslongo at it-optics.com> wrote: > Hi Louis, Hi Rowland, > > > I will respond to both in this mail. > > > Yes winbind is installed : > > > > [root at dmzrodc ~]# which winbindd > /usr/sbin/winbindd > [root at dmzrodc ~]# rpm -qa |grep winbind >

Hai Gaetan,   Can you post the output this this command : netstat -plaunt | egrep "ntp|bind|named|samba|?mbd" and iptables -S     @Rowland, https://wiki.samba.org/index.php/Samba_AD_DC_Port_Usage  might need a smal change.  test as followed The wiki line:  netstat -tulpn | egrep "samba|smbd|nmbd|winbind"  Now test my line and see the changes. this catches everything a DC

On Wed, 13 Jun 2018 12:28:23 +0200 (CEST) Gaetan SLONGO <gslongo at it-optics.com> wrote: > Hi Rowland, > > > I have no homes share. As far as I know I should not have that share > on a DC ..? Then don't worry about it, I was just checking if you had one. > > > Regarding the security consideration for a DMZ zone, what do you > suggest instead of putting

Hi Rowland, As said into the reply sent to Andrew, Winbind is installed, but not started by samba (this is sernet packages) Thanks ----- Mail original ----- De: "Rowland Penny via samba" <samba at lists.samba.org> À: samba at lists.samba.org Envoyé: Jeudi 24 Mai 2018 20:48:22 Objet : Re: [Samba] Samba 4.8 RODC not working On Thu, 24 May 2018 11:30:40 +0200 (CEST)

On Wed, 13 Jun 2018 10:05:23 +0200 (CEST) Gaetan SLONGO <gslongo at it-optics.com> wrote: > Hi Rowland, > > > Same, as said; winbind isn't started :-) > > > > [root at dmzrodc ~]# ps ax | egrep "ntp|bind|named|samba|?mbd" > 650 ? Ss 0:00 /usr/sbin/ntpd -u ntp:ntp -g > 1205 ? Ss 0:00 /usr/sbin/samba -D > 1225 ? S 0:00 /usr/sbin/samba

On Thu, 14 Jun 2018 10:23:56 +0200 (CEST) Gaetan SLONGO <gslongo at it-optics.com> wrote: > Hi Rowaland, > > > I read the doc. > The reason is the usual one. We need authentication inside the DMZ > zone and do not want any modification from this zone. We also need a > fileserver into this zone where corporate users can log-in. We are > asked to keep the solution

On Wed, 13 Jun 2018 11:33:48 +0200 (CEST) Gaetan SLONGO <gslongo at it-optics.com> wrote: > > > > > Here it is. It talks about homes share but I think we don't care ? > Final error is not explicit to me.. Maybe you? > > > > INFO: Current debug levels: > all: 10 > tdb: 10 > printdrivers: 10 > lanman: 10 > smb: 10 > rpc_parse:

Hi, Not sure sernet can help. It really looks like a samba issue to me..? Just found this in logs when starting the RODC : [2018/06/13 10:59:11.546077, 3, pid=12673, effective(0, 0), real(0, 0)] ../lib/util/util_runcmd.c:291(samba_runcmd_io_handler) samba_runcmd_io_handler: Child /usr/sbin/winbindd exited 1 [2018/06/13 10:59:11.546131, 0, pid=12673, effective(0, 0), real(0, 0)]

Hai, i did see something else you might want to check. I suspect a possible wrong character in smb.conf. The line : server role = active directory domain controller It the only line with "server" in it, i've just checked the smb.conf you posted. Try this, run # backup cp /etc/samba/smb.conf{,-TEST) # This will remove all special characters except the keyboard characters perl

On Wed, 13 Jun 2018 09:46:03 +0200 (CEST) Gaetan SLONGO <gslongo at it-optics.com> wrote: > Hi, > > Here is the current process list. We can see missing winbind and *mbd > processes : > > > > [root at dmzrodc ~]# netstat -plaunt | egrep "ntp|bind|named|samba|?mbd" I wouldn't worry about 'winbind' not being in the output of the above

On Wed, 13 Jun 2018 11:12:43 +0200 (CEST) Gaetan SLONGO <gslongo at it-optics.com> wrote: > Hi, > > > I was just investigating the winbind execution issue : > > > This is what happens when winbind is started by samba > > > > [root at dmzrodc ~]# winbindd -D --option=server role check:inhibit=yes > --foreground -S -d 10 Error setting option

On Thu, 31 May 2018 15:37:20 +0200 "L.P.H. van Belle via samba" <samba at lists.samba.org> wrote: > Hai, > > Yes, but with or without internal dns server, the command is missing > ports. > > netstat -plaunt | egrep "ntp|bind|named|samba|?mbd" > > And do note here that i used the "bind" for bind and winBIND > detection. >

Hi, It's my first try to setup RODC using Samba 4.8. We have latest Samba 4.7 environnement with 2 DC and some file servers. Joining the DC to the domain is OK using samba-tool domain join command. The domain controller appears in the DC list (MMC) However, users cannot be authenticated. Samba is running but these ports are closed : netbios-ssn 139/tcp # NETBIOS session service

Rowland, Yes, I mean uidNumber and gidNumber. I'm aware I need to work with AD but at this time I need my unix IDs (on NSS) to keep services working. Not only for files ownership, but also for some other services. Yeah, that's complex... If I undestand well, the best way to do is to join the server using "net ads join" and use nss_winbind. This what I do but I only use the

On Tue, 2017-12-19 at 11:00 +0100, Gaetan SLONGO wrote: > Hi Andrew, > > Thank you for your answer. The issue is in the source or destination ? > Because meanwhile I noticed the destination server was on 4.6.11 and not 4.7.3 as the source. What do you think about it ? Update the destination to 4.7.4 when this is released in a few days. I hope this helps, Andrew Bartlett -- Andrew

On Mon, 2017-03-27 at 10:43 +0200, Gaetan SLONGO via samba wrote: > Zarafa is not on the same server as Samba  > > We only have 2 AD/DC Samba 4.5 (CentOS 7) and we put required indexes > on LDAP .  > > Arround 1000 mailboxes but not all are simultaneously in use (approx > 1/3 in use).  > MTA is postfix (and is still connected to Samba AD, this one is not > causing the

Can you tell more about your setup? Is zarafa and samba on the same server for example. Which MTA are you using postfix/exim?   My top was about 150 users, and all my printers are connected also so about 200 devices do ldap searches. but my setup is split over 10+ servers ( 2 are AD DC )   So best is to tell what you can about your setup, anonimize if needed.   Greetz,   Louis  

On Thu, 2017-12-14 at 11:40 +0100, Gaetan SLONGO wrote: > Hi Andrew, > > By increasing global logs (not only drs) I get this : Failed to apply records: ../source4/dsdb/samdb/ldb_modules/repl_meta_data.c:3643: Failed to remove backlink of msDS-RevealedDSAs when deleting CN=DMZRODC This is bug https://bugzilla.samba.org/show_bug.cgi?id=13095 and

Hi All, We would like to know if recent developments and improvements allow to use a Microsoft Exchange infrastructure with Samba 4 as an Active Directory Controller ? Any informations about it ? Thank you very much