similar to: DNS logging for TLD queries?

On 1/2/2018 2:50 AM, Denis Cardon wrote: > Hi LingPanda101, > > >>     Is it possible to filter DNS queries for specific TLD's using the >> internal logging system? My IPS/IDS alerts me when a suspicious TLD is >> being queried. However I'm only able to see the DC as the source.  >> Thanks. >> >> Ubuntu 14.04 Samba 4.7.3. > > First you

On 1/3/2018 10:05 AM, L.P.H. van Belle wrote: > The last error you get is because bind was not stopped, there is still something running. > ps -faux | egrep "rndc|bind|named" > > Kill it and run the stopcommand again ( systemctl stop bind9 ) > The start it again, should work. > > > Gr, > > Louis > > >> -----Oorspronkelijk bericht----- >>

The last error you get is because bind was not stopped, there is still something running. ps -faux | egrep "rndc|bind|named" Kill it and run the stopcommand again ( systemctl stop bind9 ) The start it again, should work. Gr, Louis > -----Oorspronkelijk bericht----- > Van: samba [mailto:samba-bounces at lists.samba.org] Namens > lingpanda101 via samba > Verzonden:

Hi LingPanda101, > Is it possible to filter DNS queries for specific TLD's using the > internal logging system? My IPS/IDS alerts me when a suspicious TLD is > being queried. However I'm only able to see the DC as the source. Thanks. > > Ubuntu 14.04 Samba 4.7.3. First you should really upgrade to 4.7.4 (see recent changelog) Second, if you are not using Bind DLZ,

Hi Denis & Rowland Thanks for the suggestion to trim the smb.conf after which the DC-1 is connecting to the Windows Server 2008 shared folder smbclient -k //IUMSVRAPP01/Pastel12 -d 9 and DC-2 is also connecting after using the DNS name of the Windows server. *You'd better switch your DNS to Bind-DLZ. Internal DNS is not that good for larger site (looking at your DNS domain name, I guess

Hi Denis I have upgraded my samba DC-1 from 4.6.12 to 4.7.4 which has solved the replication issues between DC-1 and DC-2. Now both the DC's are running on 4.7.4. Like Rowland said previously, you should remove all RODC that have been installed prior to Samba 4.7. There are many fixes that have been added since 4.6. Before I remove my RODC's I like to clear out few doubts: 1. Instead of

Hi Louis, > > At this point i can not recommend to upgrade to 4.9.0 or 4.9.1, a side note on this. > The bug in question why im blocking it for production, does not happen for domain members and AD-DC's but it's still a risk in my opinion. > Because for this bug, your obligated to set the idmap ... : settings or run : net groupmap add sid=S-1-5-32-546 unixgroup=nobody

Hi, I have two Samba domain controllers version 4.6.4 on Centos 7.3. I need to log every login/logout from windows PCs and I read on the wiki that I have to set log level >=3, this works. The problem is that my log.samba is filled by internal DNS messages, most of them about forwarding. in my smb.conf:         log level = 3 auth:10         vfs objects = full_audit I googled around but

On Tue, 24 Apr 2018 09:50:10 +0200 Denis Cardon via samba <samba at lists.samba.org> wrote: > A more expeditive way is to delete and recreate the zone using the > samba-tool dns zonedelete / zonecreate. The SRV entries are recreated > when the server restart. You should just be careful about having your > kerberos configuration properly so it does not needs DNS to find its

Hi Denis Thanks for your advise I will not use these wordings here. Please check the result below when I run the command on the DC-1 when DC-2 is off or on smbclient -k //IUMSVRAPP01/Pastel12 -d 9 INFO: Current debug levels: all: 9 tdb: 9 printdrivers: 9 lanman: 9 smb: 9 rpc_parse: 9 rpc_srv: 9 rpc_cli: 9 passdb: 9 sam: 9 auth: 9 winbind: 9 vfs: 9 idmap: 9 quota: 9

Hi I am running Server-1 Samba4 AD 4.6.10 with an additional Server-2 Samba4 AD 4.7.2 The Inbound replication on the Server-1 is failing with the error below: DC=iumnet,DC=edu,DC=na Default-First-Site-Name\Server-2 via RPC DSA object GUID: 27182378-a9c7-451e-bb95-7b2172a5f311 Last attempt @ Tue Jan 9 12:55:59 2018 WAST failed, result 58

Hi Denis Thanks for your response without your crystal ball. I have increased the log level =9 dns:0 on both the servers. It replicates successfully by manually running the command samba-tool drs replicate SERVER2 SERVER1 dc=iumnet,dc=edu,dc=na --full-sync but it is still failing when I check from the samba-tool drs showrepl Also I run samba-tool dbcheck --cross-ncs --fix on both the servers

Thanks Denis, I was looking for the option 'dns:x' in the wiki but I didn't find it. Now it works. I used    log level = 3 auth:3  dns:0 auth_audit:3 gives me unknown class message But where I can find a complete list of classes for log level? I'll also give a try on the last version of samba with json. Thanks again Giuseppe On 1/18/2018 4:52 PM, Denis Cardon wrote:

Hi I am trying to remove a dead offline domain using the below command which is failing samba-tool domain demote --remove-other-dead-server=IUMONG-RODC -UAdministrator ERROR: Demote failed: DemoteException: IUMONG-RODC is not an AD DC in iumnet.edu.na A transaction is still active in ldb context [0x2bf15b0] on tdb:///var/lib/samba/private/sam.ldb IUMONG-RODC domain is still visible under domain

Hi! I have 3 Samba 4 , version 4.7.3 running in Ubuntu Server 16.04. All is ok, but GPO in DC3, with erro the permission, with dont load in windows(gpresult /force). My smb.conf all samba server DC. [global]         netbios name = SAMBA-DC103         realm = <DOMAIN>         server role = active directory domain controller         server services = s3fs, rpc, nbt, wrepl, ldap,

Hi I have tried to setup freebsd (with samba3 ports), backend is openldap with smbldap-tools. After a windows client joined the domain, I tried to right click a folder to set Security/permission. The windows client has a popup windows which display: The program cannot open the required dialog box because it cannot determine whether the computer named "DOMAIN" is joined to a domain I

Because of other issues using ADUC, I tried to remove a domain member using: > samba-tool group removemembers "Domain Computers" MARKA\$ Removed members from group Domain Computers As shown, it say it "Removed members", but ... > samba-tool group listmembers "Domain Computers" : LABRAT$ : OHPRSSTORAGE$ MARKA$ : COMMON$ : listmembers still shows the computer

Hi list, are there preparations for upgrading a samba 4.8.5 to 4.9.1 via van-belle-repository to change the backend db? Is there some handwork necessary? Regards, Oliver

On 1/2/2018 3:37 PM, Rowland Penny wrote: > On Tue, 2 Jan 2018 15:23:18 -0500 > lingpanda101 <lingpanda101 at gmail.com> wrote: > > >> Actually it looks as if Bind isn't running. Though I could've sworn >> it did at one point. >> >> service bind9 restart >>  * Stopping domain name service... bind9 >>               rndc: connect

Hi Rowland, >>> - Option 1: ( my personal choice, because this keeps thing in sight >>> ) >>> - ( Domain Member settings and/or Stand-Alone installs ) >>> - Configure smb.conf ( make sure you have configured the idmap >>> settings. ) # - You must set a DOMAIN backend configuration, see >>> below idmap config * : backend = tdb >>>