similar to: Should Samba-tool RODC preload be run periodically?

On Wed, 2017-11-29 at 07:26 +1300, Andrew Bartlett via samba wrote: > On Tue, 2017-11-28 at 15:03 +0000, Andrej Gessel via samba wrote: > > Hello list, > > > > I run “samba-tool rodc preload” for multiple users. If one of this users change his password, should I repeat the preload call? (I suppose yes, I need to rerun) > > If I need to rerun samba-tool, can user login

On Thu, 2017-11-30 at 15:46 +0000, Andrej Gessel via samba wrote: > Hello Andrew, > > thank you for the answer. > > 1) User credentials need to be preloaded with samba-tool to be > automatically replicated later if they change, its correct? No, preloading just makes the first login faster. > 2) And if user try to login on RODC without preloaded credentials, this >

Hello Rowland, of course it will be started by samba, I saw this output if I run "samba -i". But I can trigger this output also by starting samba_kcc manually. Andrej -----Ursprüngliche Nachricht----- Von: Rowland Penny [mailto:rpenny at samba.org] Gesendet: Donnerstag, 9. November 2017 14:04 An: samba at lists.samba.org Cc: Andrej Gessel <Andrej.Gessel at janztec.com>

Hai Andrej, Oeps, Sorry, my mistake 4.6.x needs at least 1.1.29. But you can upgrade to 4.6.x ;-) Check again and if that problem then still exists, then i think you can better ask this one in the samba-technical list. Or if Rowland knows something more about this. One tip, wait untill tomorrow or the weekend, there wil be a new release due to the regression bug. There planning is to be

Hello everyone, i try to use Samba RODC(4.6.5) with W2K8R2. Windows AD has around 35000 objects. My Samba machine is small one (ARM 32bit CPU) with only 2GB physical memory, so i can’t join to the domain because of expensive memory usage. To solve this Problem, i decide to replicate only critical objects and then let samba_kcc to get other objects. 1 ) Is this an possible way to use Samba AD or

Hello list, I run 2 Samba 4.7.1 RODCs. One in my Default-First-Site-Name and in additional Site where only Samba RODC exists. When I start samba_kcc on first RODC it run’s without errors. If I start samba_kcc on RODC in additional Site it fails with: /usr/local/samba/sbin/samba_kcc: Traceback (most recent call last): /usr/local/samba/sbin/samba_kcc: File

Hello Andrew, thank you for the answer. 1) User credentials need to be preloaded with samba-tool to be automatically replicated later if they change, its correct? 2) And if user try to login on RODC without preloaded credentials, this credentials will not be cached? (as described in samba wiki) We using Samba 4.7.3 for RODC. Thanks Am 28.11.2017 um 19:55 schrieb Andrew Bartlett: > On

Hello Stefan, you need to use "-U" with user from Domain Admin group(maybe it works with other users too, but I didn't test it). Andrej Am 07.08.2018 um 17:00 schrieb Stefan Kania via samba: > When I start the replication from the other DC it works as you can see: > ------- > root at addc-01:~# samba-tool drs replicate rodc-01 addc-01 dc=example,dc=net > Replicate

Hello list, I try to fix my issue and found some more debug information: 1) I see error in this situation: Default-First-Site-Name: - TEST-DC (RWDC) Testsite2: - empty Testsite: - BUILDHOST (RODC) If I move TEST-DC to Testsite2, it fix the error, maybe because of 2). 2) python/samba/kcc/__init__.py:create_connections function try always to connect to Default-First-Site-Name, although

On Mon, 2017-10-16 at 13:07 +0000, Andrej Gessel via samba wrote: > Hello list, > > maybe I saw the same error with backlinks. I try to use Samba 4.7.0 as rodc and perform join with "domain-critical-only"-option. Smb.conf is generated by samba. After starting joined samba I got error like this: Does it change if you don't use that option? > Failed to apply records:

An embedded and charset-unspecified text was scrubbed... Name: memory_profiler.txt URL: <http://lists.samba.org/pipermail/samba/attachments/20170330/f5d10ac9/memory_profiler.txt>

Hello Andrew, I cannot run complete domain join without this option, because of my hardware limitations. The join ends with " Committing SAM database" and python exception, because no more memory is available. if I run ldbsearch with --extended-dn I got this error message: search failed - Unsupported critical extension 1.2.840.113556.1.4.529 If I run ldbsearch without this option no

Hi, I installed a RODC on my mailserver to have a local authentication for mailusers on the machine which doesn't rely on a always-on-connetion to the office. The problem is now that the user-preload doesn't work so that the RODC is not able to authenticate the users itself: samba-tool rodc preload <user> --server <DC1> -U Administrator Password for [AD\Administrator]:

Hello list, I am testing Samba 4.8.0rc3 and see following output every drepl-Service run: DRS replication add DN of ad1894a9-07f8-4ae2-8e5c-2a15ed9ed8b3 is CN=BUILDHOST,OU=Domain Controllers,DC=samdom,DC=local ldb: ../lib/ldb/ldb_tdb/ldb_index.c:1837: unique index violation on @IDXDN in CN=BUILDHOST,OU=Domain Controllers,DC=samdom,DC=local, conficts with 蔁墁o癣No甬瓧k in

Hi Andrej, then it works, but on a "normal" addc it works without "-U ". One more Question: When I do a "host -t srv _ldap._tcp.example.net" I only see my writeable DCs but not my RODC. So I tested with: ------ ldbsearch -H /var/lib/samba/private/sam.ldb '(invocationid=*)' --cross-ncs objectguid ------ Found a objectguid for my RODC ------- host -t CNAME

Hello, I try to test joining new RODC (samba-tool domain join unn.global RODC -U Administrator -d5) and it's fail with message: Could not find machine account in secrets database: Failed to fetch machine account password for UNN from both secrets.ldb (Could not find entry to match filter: '(&(flatname=UNN)(objectclass=primaryDomain))' base: 'cn=Primary Domains': No

What is the ldb version your using? You need : 1.1.29 with samba 4.5.7. Greetz, Louis > -----Oorspronkelijk bericht----- > Van: samba [mailto:samba-bounces at lists.samba.org] Namens Andrej Gessel via > samba > Verzonden: vrijdag 31 maart 2017 8:55 > Aan: samba at lists.samba.org > Onderwerp: Re: [Samba] possible memory leak in ldb module while dbcheck on > RODC >

Release Announcements --------------------- These are security releases in order to address the following defects: o CVE-2018-1139 (Weak authentication protocol allowed.) o CVE-2018-1140 (Denial of Service Attack on DNS and LDAP server.) o CVE-2018-10858 (Insufficient input validation on client directory listing in libsmbclient.) o CVE-2018-10918 (Denial of Service Attack on AD DC

Release Announcements --------------------- These are security releases in order to address the following defects: o CVE-2018-1139 (Weak authentication protocol allowed.) o CVE-2018-1140 (Denial of Service Attack on DNS and LDAP server.) o CVE-2018-10858 (Insufficient input validation on client directory listing in libsmbclient.) o CVE-2018-10918 (Denial of Service Attack on AD DC

======================================================== "The dads across the soccer field looked at me as a dad just like them. And I was very grateful." Garth Brooks ======================================================== Release Announcements --------------------- This is the latest stable release of the Samba 4.8 release series. Changes since 4.8.2: