similar to: Best practice with samba-tool dbcheck --fix

Hi Denis, I have seen in an old post that you have tested new KCC from full mesh to bridge head at a french school. Is your "drs showrepl" correct on such DC's ? In my case, a drs showrepl is showing a full mesh on inbound and outbound (not good) but only 1 KCC connection objects (good) Where is a full description of my trouble:

Solved ! Thanks for the script. In my case, it was just too late. I have just found a ugly but working solution: From Configuration, Schema, Domaindnszones, forestdnszones and principal, I remove using ldbdel a "repsTo" binary object. No more trouble with drs showrepl :-) -----Message d'origine----- De : samba [mailto:samba-bounces at lists.samba.org] De la part de Stefan Kania

On 9/24/2016 7:32 AM, Denis Cardon wrote: > > the job of the samba_kcc script is to create the ntdsConnection > objects. Afterward the repsFrom/repsTo attribute are created in > accordance with the ntdsConnection objects (you can force the creation > using samba-tool drs replicate although). You can check that the > process is asynchronous when you join a new DC, the INBOUND

On 9/22/2016 6:31 PM, Garming Sam wrote: > On 23/09/16 00:59, lingpanda101 at gmail.com wrote: >> For clarification I'll add a few things. >> >> I initially deleted all the NTDS site links for each site and allowed >> the new KCC to create them. However it did not create them I believe >> correctly. By that I mean it defined what appeared to be a bridgehead

Hello ! I'm trying to add new DC to my existent domain (18 Samba4 DC) but this time, domain join stuck after setting account password. I have tried so many things but at this point, i really don't know what to do. I can see the new dc111 computer object on smb4dc serveur but the object is disable. If someone have an idea... Best regards root at dc111:~# samba-tool domain join

Hi I am running Server-1 Samba4 AD 4.6.10 with an additional Server-2 Samba4 AD 4.7.2 The Inbound replication on the Server-1 is failing with the error below: DC=iumnet,DC=edu,DC=na Default-First-Site-Name\Server-2 via RPC DSA object GUID: 27182378-a9c7-451e-bb95-7b2172a5f311 Last attempt @ Tue Jan 9 12:55:59 2018 WAST failed, result 58

Hi Denis Thanks for your response without your crystal ball. I have increased the log level =9 dns:0 on both the servers. It replicates successfully by manually running the command samba-tool drs replicate SERVER2 SERVER1 dc=iumnet,dc=edu,dc=na --full-sync but it is still failing when I check from the samba-tool drs showrepl Also I run samba-tool dbcheck --cross-ncs --fix on both the servers

When trying to join a new DC to an existing Samba4 domain, I am getting this WERR_DS_DRA_MISSING_PARENT error. Does any have any suggestions on how to fix it? My original 6 dc's are running the last free Sernet (4.2.14) on CentOS6 and the error occurs if I use Sernet 4.2.14 or 4.7.5-Debian. I finally have time to upgrade and something is broke. Thanks, Steve # samba-tool domain join

Hi Denis, Thanks for your advices. I have in mind about your kerberos problem in a large environment but i was thinking about problem occuring at 20 and more DCC's So last night, i modified all my krb5.conf (DC and file server) as you suggest but problem persist. root at dc111:~# samba-tool domain join pr.educationetformation.fr DC -U administrator --realm=PR.EDUCATIONETFORMATION.FR -W PR

Hi Denis & Rowland Thanks for the suggestion to trim the smb.conf after which the DC-1 is connecting to the Windows Server 2008 shared folder smbclient -k //IUMSVRAPP01/Pastel12 -d 9 and DC-2 is also connecting after using the DNS name of the Windows server. *You'd better switch your DNS to Bind-DLZ. Internal DNS is not that good for larger site (looking at your DNS domain name, I guess

Hi all, I'm running in circles trying to debug replication failures on samba 4.7.6: dc00 : is a VM on KVM host (attached to a bridge on local LAN) dc01 : is a similarly configured VM on another KVM host. I've forcibly demoted and re-promoted dc01 but I still cannot get automatic replication to work: root at dc00 ~]# samba-tool drs showrepl Krynn\DC00 DSA Options: 0x00000001 DSA

Hi Garming, ... >> I have what appears to still be a full mesh replication. Shouldn't the >> outbound and inbound neighbors be reflective of the KCC connection >> objects? I would expect to find only inbound and outbound connections >> for SOLDC1. Maybe I'm completely misinterpreting the intended >> behavior. > > There's likely at least some stale

On Thu, 2017-11-02 at 16:19 +0100, Maxence Sartiaux via samba wrote: > Here's my full log of the --fix, no more informations :( > > https://pastebin.com/evkR0JiL > No worries. Andrew Bartlett -- Andrew Bartlett http://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org Samba Developer, Catalyst IT

Hi: I'm trying to join a samba 4.3.4 (as an additional domain controller) to a domain with Zentyal 4.3 (That has samba 4.3.4 inside). I know that this is an old samba version but I cann't upgrade zentyal first. So, When I can join the samba 4.3.4 to the domain I will demote the Zentyal. But when I try: samba-tool domain join dtcf.etecsa.cu DC -U "DTCF\administrator"

Hi Denis I have upgraded my samba DC-1 from 4.6.12 to 4.7.4 which has solved the replication issues between DC-1 and DC-2. Now both the DC's are running on 4.7.4. Like Rowland said previously, you should remove all RODC that have been installed prior to Samba 4.7. There are many fixes that have been added since 4.6. Before I remove my RODC's I like to clear out few doubts: 1. Instead of

*//* Il 05/02/2018 16:41, Rowland Penny ha scritto: > On Mon, 5 Feb 2018 16:01:27 +0100 > "Massimo Donato - Adcom.it via samba" <samba at lists.samba.org> wrote: > >> */Hi all, >>    after a couple of year of successfully working samba AD DC is >> not possible to add workstations to domain >> since a few day ago in windows i get a messagge

Hi Denis, We are using the latest version of sharepoint. samba-tool domain level show : Domain and forest function level for domain 'DC=removed,DC=com' Forest function level: (Windows) 2008 R2 Domain function level: (Windows) 2008 R2 Lowest function level of a DC: (Windows) 2008 R2 I did not have to change the revision attributes by hand. I think the MSAD2K3 was an upgrade from MSAD2K.

Hi All, I started using Samba as an AD DC on el7 a few weeks ago. I have some questions for others who mights also be using Wing's rpms on el7 (http://wing-net.ddo.jp/wing). A) Is there a wiki/issues page for that repo? I could not find any.. B) is that the only repo of samba rpms available for el7/centos7? C) Is there a reason why samba46-4.6.14 is the latest available version? Are

Hi Maxence, > Fyi, i've updated to 4.7.1, the dbcheck still not fix the broken links, > is the fix you talk about planned for a future release ? > > Our customer reported me, some users have issues when their logon server > is DC1 but not when it's DC2. > > On DC1 some users have access to all shares, some doesn't have any > access at all. actually this last

I don't know exactly, but there were problems with indexes ( as the user said ). We did not try with the current release and our manager wants to go back to Microsoft :-( Our samba version is 4.7.5. I've been able to go one step further. We first were not able to join a Windows 2008 R2 as a domain controller because it was asking for adprep. I found the missing datas in the ldap and added