similar to: Cleaning up old DC DNS records

On Tue, 2017-09-05 at 18:39 -0400, Patrick Lepore via samba wrote: > Hi, I demoted a running domain controller by running the samba-tool demote > command on the running system to be demoted and there's still some DNS > entries for the old one kicking around. It's still listed under _msdcs and > also _kerberos._udp and _ldap._tcp. > > Should I manually remove them?

> So you never read this: > https://wiki.samba.org/index.php/Changing_the_DNS_Back_End_of_a_Samba_AD_DC > Which means that you probably never ran the aptly named > 'samba_upgradedns'Of course I ran this. Many times. I'm not stupid, Rowland. At least I can read:D If I've seen that Bind doesn't work, I had to change backend to internal DNS.I carefully read and made

On 10/12/15 14:00, Ole Traupe wrote: > > > Am 10.12.2015 um 14:38 schrieb Rowland penny: >> On 10/12/15 13:25, Ole Traupe wrote: >>> Is it possible that kdc server is always the SOA, at least if >>> derived from DNS and not specified *explicitly* in the krb5.conf? >>> >>> In my DNS-Manager console I find that >>> >>>

On 10/12/15 14:40, Ole Traupe wrote: > >>> However, my 2nd DC is not that new, I restarted it many times, just >>> again (samba service). No DNS records are created anywhere. >>> >>> If I go through the DNS console, in each and every container there >>> is some entry for the 1st DC, but none for the 2nd (except on the >>> top levels: FQDN

On 01/04/16 22:38, spindles7 wrote: > Hi Rowland, > Have tried your patch, and now the Demote succeeds: > > root at dc3:~# samba-tool domain demote -Uadministrator > Using dc1.microlynx.com as partner server for the demotion > Password for [MICROLYNX\administrator]: > Deactivating inbound replication > Asking partner server dc1.microlynx.com to synchronize from us >

Hello, I had tried to demote a samba DC and re-join it as a member over the weekend, but something went horribly wrong. Starting point was a samba DC which also acted as a file server. It was the single DC in that domain. I first set up a Windows 2008 R2 machine and promoted it to DC within the same domain. I then changed DNS entries on all machines to point to the new DC, transferred the FSMO

On 23/07/15 16:23, mathias dufresne wrote: > Hi all, > > I tried "samba-tool ldapcmp" several times to solve this issue, without > success. > > On DC acting as full FSMO: > dc20:~# samba-tool ldapcmp ldap://dc00.ad.dgfip.lan > ldap://dc20.ad.dgfip.lan domain > ERROR(ldb): uncaught exception - ldb_wait: Time limit exceeded (3) > File

Hi Massimo, >>> >>>> Il 05/02/2018 16:41, Rowland Penny ha scritto: >>>>> On Mon, 5 Feb 2018 16:01:27 +0100 >>>>> "Massimo Donato - Adcom.it via samba" <samba at lists.samba.org> wrote: >>>>> >>>>>> */Hi all, >>>>>> after a couple of year of successfully working samba AD DC

"--seize" helped: root at pre01svdeb03:~# samba-tool fsmo show SchemaMasterRole owner: CN=NTDS Settings,CN=PRE01SVDEB03,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=pilsbacher,DC=at InfrastructureMasterRole owner: CN=NTDS Settings,CN=PRE01SVDEB03,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=pilsbacher,DC=at RidAllocationMasterRole owner:

On 31/07/2019 12:04, Stefan G. Weichinger via samba wrote: > Am 31.07.19 um 12:50 schrieb Rowland penny via samba: >> On 31/07/2019 11:40, Stefan G. Weichinger via samba wrote: >>> Am 31.07.19 um 12:32 schrieb Rowland penny via samba: >>>> On 31/07/2019 11:22, Stefan G. Weichinger via samba wrote: >>>>> "dc" was the old name a few years ago

?? And we did compair this months ago.. You did say, everything is in sync now. Ahhh... ;-) If you really want to know if you DC's are setup the same. Tip.. Copy /etc of both server into a new folder. And runn diff -r /etc-dc1/ /etc-dc2/ > check-me.txt And check-me.txt I just did that on my brand new Buster proxy servers, 2 with keepalived. I'm almost done with this, you

On 10/29/2015 9:56 AM, Ole Traupe wrote: > > > Am 29.10.2015 um 14:37 schrieb James: >> On 10/29/2015 9:15 AM, Ole Traupe wrote: >>> >>> >>> Am 29.10.2015 um 13:54 schrieb mathias dufresne: >>>> Thank you for hint to this VBS script. In fact I alraedy saw it but >>>> I'm not >>>> too confident in my VB knowledge, so

On 10/30/2015 9:19 AM, Ole Traupe wrote: > > > Am 30.10.2015 um 13:33 schrieb James: >> On 10/29/2015 9:56 AM, Ole Traupe wrote: >>> >>> >>> Am 29.10.2015 um 14:37 schrieb James: >>>> On 10/29/2015 9:15 AM, Ole Traupe wrote: >>>>> >>>>> >>>>> Am 29.10.2015 um 13:54 schrieb mathias dufresne:

*//* Hi Denis, Il 06/02/2018 20:05, Denis Cardon via samba ha scritto: > Hi Massimo, > >> Il 05/02/2018 16:41, Rowland Penny ha scritto: >>> On Mon, 5 Feb 2018 16:01:27 +0100 >>> "Massimo Donato - Adcom.it via samba" <samba at lists.samba.org> wrote: >>> >>>> */Hi all, >>>>      after a couple of year of successfully

We appear to have some phantom DNS records on both our domain controllers. We can see the records using "dig", but not with samba-tool. We can't remove the records either. (v-ward and v-fief are the DCs, Hawaii and Alaska are old DCs which were demoted without errors, I'm trying to clean up some DNS records which don't seem to have been cleaned). All machines are

On 10/29/2015 9:15 AM, Ole Traupe wrote: > > > Am 29.10.2015 um 13:54 schrieb mathias dufresne: >> Thank you for hint to this VBS script. In fact I alraedy saw it but >> I'm not >> too confident in my VB knowledge, so I didn't use that script, prefering >> rely on Samba command and shell scripts to work around issues. >> >> You spoke about SOA

Following: https://wiki.samba.org/index.php/Demoting_a_Samba_AD_DC i've demoted and removed a DC. Seems all went as expected: root at vdcud1:~# samba-tool domain demote --server=vdcsv1.ad.fvg.lnf.it -U gaio Using vdcsv1.ad.fvg.lnf.it as partner server for the demotion Password for [LNFFVG\gaio]: Deactivating inbound replication Asking partner server vdcsv1.ad.fvg.lnf.it to synchronize

Thank you for hint to this VBS script. In fact I alraedy saw it but I'm not too confident in my VB knowledge, so I didn't use that script, prefering rely on Samba command and shell scripts to work around issues. You spoke about SOA record which wasn't changed, same here. There is another DNS record I had to change: _ldap._tcp.pdc._msdcs.samba.domain.tld. I spoke about removing

Hi, I played with demote recently on a test AD domain composed with Samba version 4.3.0 and 4.3.1. I demoted all version 4.3.0. I was facing same issue as you. I written long mails here to explain how I managed that. My DNS looks clear now. Today I played with AD sites and I found in default sites all demoted DC. They weren't removed from DNS DB nor here. For now I have no idea how to get

Hi Denis & Rowland Thanks for the suggestion to trim the smb.conf after which the DC-1 is connecting to the Windows Server 2008 shared folder smbclient -k //IUMSVRAPP01/Pastel12 -d 9 and DC-2 is also connecting after using the DNS name of the Windows server. *You'd better switch your DNS to Bind-DLZ. Internal DNS is not that good for larger site (looking at your DNS domain name, I guess