similar to: Workaround for bind9 reload bug : samba_dlz Ignoring duplicate zone

Hai Baptiste, You missed my first message but here it is again. . systemctl cat bind9 # /lib/systemd/system/bind9.service [Unit] Description=BIND Domain Name Server Documentation=man:named(8) After=network.target Wants=nss-lookup.target Before=nss-lookup.target [Service] EnvironmentFile=/etc/default/bind9 ExecStart=/usr/sbin/named -f $OPTIONS ExecReload=/usr/sbin/rndc reload

Hello Samba team ! I'am in a very delicate situation. After an upgrade to debian Stretch my DRS stopped working. I have three DCs (fichdc, fichds01, fichds02), all Debian Stretch, all with the same problem. Everything seems to be fine except DRS. -> File shares works -> DNS (with bind9 DLZ) works -> "kinit administrator" works -> "kinit -k FICHDC$" works ->

On Tue, 20 Jun 2017 22:31:02 +1200 Andrew Bartlett via samba <samba at lists.samba.org> wrote: > On Tue, 2017-06-20 at 11:13 +0200, L.P.H. van Belle via samba wrote: > > Now choose, of > > dedicated keytab file = /etc/krb5.keytab > > To be clear, this parameter is not used in the AD DC. > > Thanks, > > Andrew Bartlett > Shouldn't that be

2017-06-21 14:29 GMT+02:00 Prunk Dump <prunkdump at gmail.com>: > Thank you very much Louis, Rowland, Mike ! > > I have made all the changes proposed by Louis but still have the same problem. > > -> kinit works now with /var/lib/samba/private/secrets.keytab > ------------------------ > ~# kinit -k -t /var/lib/samba/private/secrets.keytab FICHDC$ > ~# >

Hello ! I am the network administrator of a French high school. I have already configured a BIND9 server with dynamic DNS update from the ISC DHCP server for my zone : lyc-guillaume-fichet.ac-grenoble.fr And I would like to add a samba4 server in this zone. How can I add the samba's DNS entries to this existing zone keeping my previous static and dynamic entries ? I can't use directly

21.06.2017 11:45, L.P.H. van Belle via samba пишет: > I suggest before you upgrade do a very good read here. > > https://wiki.samba.org/index.php/Updating_Samba#Notable_Enhancements_and_Changes > > https://wiki.samba.org/index.php/Samba_Features_added/changed_(by_release) > And a summerize version for with all parameter changes as of upgrade from 4.2 up to 4.6 >

Hai Baptiste, What you can try; Type: ktutil (enter) rkt /etc/krb5.keytab rkt /var/lib/samba/private/krb5.keytab list Now check if you see, host/server.internal.domain.tld at REALM host/server at REALM (same (both) for nfs/.. at REALM) And NETBIOSNAME$@REALM If you see all, you can write this back to a new file. wkt /etc/krb5.keytab.new1 And if needed you can also cleanup the keytab

Thank again for your help ! 2018-01-12 21:26 GMT+01:00 Rowland Penny <rpenny at samba.org>: > The problem is, you are thinking in the wrong direction ;-) > If you give a user a uidNumber, or a group a gidNumber, these will be > used instead of the xidNumbers found in idmap.ldb, you do not need to > alter idmap.ldb at all. > The way ADUC works, is by using a couple of

Mandi! Kacper Wirski via samba In chel di` si favelave... > I understand the OP, I was asking some time ago similar question, but it was > in relation to samba domain member. Thanks, Kacper. > I couldn't get backend: ad to work for > machine accounts, so i switched to idmap: rid and it solved everything. I > tried manually adding UID and GID to Domain Computer group and to

Hello, I can't get Kerberos authentication works with my Linux clients. Server : samba 4.1.4 (compiled from source) Client : Debian Wheezy with sernet-samba 4.0.17-8 Without Kerberos authentication, everything works : -> the domain users can log with pam_winbind (with ssh, gdm ....). -> "kinit myuser at MYREALM" works fine. -> "wbinfo -K MYDOM\\myuser" works.

On Mon, 15 Jan 2018 16:18:57 +0100 Kacper Wirski via samba <samba at lists.samba.org> wrote: > Hello, > I understand the OP, I was asking some time ago similar question, but > it was in relation to samba domain member. I couldn't get backend: ad > to work for machine accounts, so i switched to idmap: rid and it > solved everything. I tried manually adding UID and GID to

Hello Samba team ! I'm network administrator in a french high school where I store my user/group ID using rfc2307. My client stations use Winbind to query rfc2307 attributes. Each new years, as all my students move to another class, almost all my user's gid are updated in AD. This gid is very important in my network because pam_mount mount only the share corresponding the to user's

Thank you very much for your help Rowland ! And sorry for my English, I'm french. Le lun. 8 oct. 2018 à 18:38, Rowland Penny via samba <samba at lists.samba.org> a écrit : > > On Mon, 8 Oct 2018 18:11:39 +0200 > Prunk Dump <prunkdump at gmail.com> wrote: > > > Hi ! > > > > I use samba 4.5 ( Debian stable ) and to get the primary group I want, >

Hai, Before you start, Backup, /etc/ /var/lib/samba better safe than sorry.. Stop samba and related services ( check it at least nmbd smbd winbind samba samba-ad-dc) > -----Oorspronkelijk bericht----- > Van: samba [mailto:samba-bounces at lists.samba.org] Namens > Prunk Dump via samba > Verzonden: woensdag 21 juni 2017 11:57 > Aan: samba at lists.samba.org > Onderwerp:

Thank you very much Louis, Rowland, Mike ! I have made all the changes proposed by Louis but still have the same problem. -> kinit works now with /var/lib/samba/private/secrets.keytab ------------------------ ~# kinit -k -t /var/lib/samba/private/secrets.keytab FICHDC$ ~# ------------------------ -> but samba-tool authentication with machine account fail : ------------------------ ~#

Hello thanks again for the help ! I have analysed samba logs more closely. I'am very worried. I have three DC (fichdc, fichds01, fichds02) but here I talk just about fichdc's logs. -> Almost every times, "AS-REQ" fail for the 3 DCs with something like this : ---------------- Kerberos: AS-REQ FICHDC$@NET.LYC-GUILLAUME-FICHET.AC-GRENOBLE.FR from ipv4:172.16.0.20:59818 for

Hai, Just saying samba does not use /etc/krb5.keytab is not totaly correct. A lot of setups use the setting : dedicated keytab file = /etc/krb5.keytab Because systemd defaults point to /etc/krb5.keytab. >From his logs: Failed to find FICHDC$@NET.LYC-GUILLAUME-FICHET.AC-GRENOBLE.FR(kvno 2) in keytab FILE:/var/lib/samba/private/secrets.keytab (arcfour-hmac-md5) And from his command

Mandi! L.P.H. van Belle via samba In chel di` si favelave... > > c) seems to use some ''random'' AD DNS, not the one in the site, for > > example. > Yes that is correct. ( The DC Locator Process does that ) > If you dont want that, you can assign by GPO a preffered server. > You can set it as preffered server per site in the GPO. ( note, a pc needs 2

On Mon, 2017-06-19 at 22:13 +0200, Prunk Dump via samba wrote: > Hello Samba team ! > > I'am in a very delicate situation. After an upgrade to debian Stretch > my DRS stopped working. Have you ever had MIT krb5 installed, or is krb5kdc now running? Samba doesn't use /etc/krb5.keytab, so this may be related to some previous install (or may be related to how you are trying to

Mathias, Thanks for your reply. Please, try to start your bind with some debug level and run commando "rndc reload" and see the end of the log. I saw samba source code and found the destroy dns function in dlz_bind9.c and called by turture blz_bind9.c. When dlz_bind9.c is shutting down, I get this error when I try to update dns. update failed: NOTAUTH Failed nsupdate: 2