similar to: Forwarder all reverse zones that AD DNS not authoritative

> > And I would just put 'forwarders { 172.16.1.10; };' in 'options' > I already have this entry, but for reverse lookup it does not work. Eg: dig suporte.domain.intra +short 172.16.1.15 dig -x 172.16.1.15 +short shows nothing On Mon, Mar 19, 2018 at 1:59 PM, Rowland Penny via samba < samba at lists.samba.org> wrote: > On Mon, 19 Mar 2018 13:51:00 -0300 >

> > I don't know what error you are getting, even if you have posted it, > can you post the full error. Can you please post all the lines from > syslog around the error and not just the error. The only logs that show is below. ./daemon.log.1:33430:Jul 2 06:16:28 dc3 named[9754]: client 10.10.4.3#52074: update 'campus.company.intra/IN' denied ./daemon.log.1:33432:Jul 2

> > auth-nxdomain yes; # conform to RFC1035 =no Why do you use this variable as "yes"? :) Note the lack of './daemon.log.1:33430:'. I have '/var/log/deamon.log' > and it contains lines in the format above, they all start with the date. I used a grep to find the lines with "denied" and posted. If I get the logs directly from syslog, it usually

> > To be honest, I cannot remember just why I set it, I can just tell you > that I have used it that way for nearly six years now, but if you > insist in knowing, I will search my old notes to find the reason. If it's not much work for you, I'd like to know why. :) Is the above block in syslog as posted, or is it another 'grep' block. > If the lines are not

Hi folks, I manage the AD with rsat and recently we had problems with the CN of some users that have accentuation. When checking the user configuration via samba-tool user edit <username> in the location where the CN should be readable, a hexadecimal or something of that type appears. E.g: Acentuação da Silva dn: CN=Acentuação da Silva,OU=TESTE,DC=teste,DC=intra objectClass: top

hi folks, After run *samba-tool ntacl sysvolreset *the below error occurs. I not remember of make any modification directly on the server. I only manager via rsat. root at dc3:/etc/samba# samba-tool ntacl sysvolreset *open: error=40 (Too many levels of symbolic links)* ERROR(runtime): uncaught exception - (-1073741823, '{Operation Failed} The requested operation was unsuccessful.')

Hello Louis, I use your apt for samba. Great works btw!! :D root at dc3:/etc/samba# samba -V Version 4.7.3-Debian root at dc3:/etc/samba# lsb_release -a No LSB modules are available. Distributor ID: Debian Description: Debian GNU/Linux 9.2 (stretch) Release: 9.2 Codename: stretch Did you upgrade, if so, from .. To ... Samba version ? No upgrades. And why was running : samba-tool ntacl

> > I repeat, Bind 9.12.x is unsupported at this time, just because it > worked once is no reason to use it. It may have nothing to do with your > problem, but using a supported Bind version will rule it out. Ok. :) I'll reinstall using supported version 9.11.3-2 OK, your server, but I think you should be aware that I have been using > Bind9 with Samba since December 2012

Hello, - In my domain I have 2 DCs. dc1 ... dc2 ... - Both configured as bind_dlz I set up the reverse zone on dc1. The doubt: Do I need to configure on dc2 or is it automatically replicated? Another question: >From what I've been reading, the two binds do not work as master and slave but as multi-master, correct? If so, how do I get dc2 updated with every dc1 change, if need

Hai Elias, 聽 Sorry for the late reply. I do preffer the list, and i understand why you mailt my directly, but best is to keep this on the list. The more eye that see this, the more chance you have on a reply. I must say, i personaly dont use any trust relations ships. that was long ago when i used that, so im bit rusty here. 聽 Now, i see you are using my 4.8.2 packages. so you on debian. *( or

Hello, The error described in the email title happens in version 9.10 of the bind that I have installed in our main DC. In face of that, I found the samba wiki article that talks about this problem. https://wiki.samba.org/index.php/Using_BIND_DLZ_backend_with_secured_/_signed_DNS_updates I made a new installation via source with the suggested options: root at dc3:~# fakeroot ./configure

On Mon, 26 Feb 2018 11:30:58 +0200 Arcadie Cracan <arcadiec at gmail.com> wrote: > /etc/samba/smb.conf: > # Global parameters > [global] > workgroup = DAM > realm = INTRA.DAM-APPLICATION.RO > netbios name = LOTUS > server role = active directory domain controller > server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc, >

And some more information about this strange effect apparently no-one has seen before. I now added the missing zone: samba-tool dns zonecreate verdandi 10.16.172.in-addr.arpa -U Administrator and it claims that the zone is okay, but the next one is missing: Dec 29 10:31:12 verdandi named[2601]: Loading 'ad.microsult.de' using driver dlopen Dec 29 10:31:12 verdandi named[2601]:

You do what you want! The point is the clients must resolve everything. You have two options: A - client resolver is non-DC DNS server: here the non-DC DNS server must be configured to forward DNS requests about AD to AD DNS servers (to DCs) B - client resolver is AD DNS server: here AD DNS server(s) used as resolver(s) must be configured to forward any non-AD DNS request to non-DC DNS server.

Hello Peter, Your question is similar to my recent question, and I have a similar Ping problem.But yours, with two Tinc networks, is more complex than mine. All I can say, and I hope it helps, is that in my case I have found my Ubuntu Tinc Server nodes do not like being specified as a address on the same network as the local LANsSo I have a specific network for the Tinc Server nodes, and in this

> > Hmm, bind 9.12.x isn't supported yet. He works with "dlopen /usr/lib/x86_64-linux-gnu/samba/bind9/dlz_bind9_11.so" without problems, at first. include "/etc/bind/rndc.key"; > controls { > inet 127.0.0.1 allow { localhost; } keys { rndc-key;}; > }; > You do not need the four lines above Ok, but if I leave it, does not have problems

Hi, I am about to spend one week of my holidays with transfering our (about 20 clients) NT4 domain to a AD DC one. We are running a samba NT4 PDC on debian buster which is offering dns (bind9) and dhcp (isc-dhcpd), too. I have an older server where I can play with an AD DC setup. If I see I won't make it in a week, I would like to be able to return as smooth as possible to the present

Hello, I have two samba 4.2.7-SerNet-Debian-8.wheezy AD servers. since few days now I have some winbind errorsthat block the server... It seems that they appears more and more frequently... ( about one time per day ) I have about 200 clients pc with windows 10, seven and XP. Last month I've migrated about 30 pc from seven to 10. Is there a relationship? In the following logs, you can see

Another mistake : The louis's script ddns-kerberos-check.sh was not running in hourly.cron directory ( i make a chmod 770 to resolve that ) to recall here what I did: - I cloned the Windows 2000 server AD servers on a private network and I migrated to samba4 - Meanwhile, users have continued to use the Windows 2000 AD servers on the production network - I replaced the production servers

On Mon, 26 Feb 2018 12:27:56 +0200 Arcadie Cracan <arcadiec at gmail.com> wrote: > Dear Rowland, > > I have commented out the 'idmap config' options, nothing changed. > Here are my bind9 configs: > > /etc/bind/named.conf: Nothing wrong there > > /etc/bind/named.conf.options: > options { > directory "/var/cache/bind"; >