similar to: Renaming a joined windows workstation

samba-4.7.5 debian 9.3 installed as join dc in existing domain on samba 4.1 everiting look like working but some windows member stop to have access to shares on dc by ip connect by \\full_domain_name work there some log in samba dc [2018/02/20 15:15:00.652467, 4] ../auth/auth_log.c:860(log_successful_authz_event_human_readable) Successful AuthZ: [DCE/RPC,ncacn_np] user [NT

There is additional info in the logs of the source DC (dcdo1, log level 2, manually triggered another replication): ==================== [2017/12/27 12:31:29.695121,  2] ../source4/rpc_server/drsuapi/getncchanges.c:1731(getncchanges_collect_objects)   ../source4/rpc_server/drsuapi/getncchanges.c:1731: getncchanges on DC=ad,DC=kdu,DC=com using filter (uSNChanged>=5415) [2017/12/27

Rowland, - the DN "CN=DCNH1,..." exists on all 3 DCs (pointing the Sites and Services console to each of them). - I also checked that "samba-tool dbcheck" completes w/o showing errors. - the objectGUID DNS aliases of all DCs are resolvable against all 3 DCs' builtin DNS - I forced a full sync from the FSMO holder (dcge1) to the 2 other DCs which finished w/o errors. -

We have 3 ADCs based on Samba-4.7.4 (compiled from source,internal DNS)/ CentOS7: dcdo1,dcnh1 and dcge1. dcge1 holds all FSMO roles. The 3 ADCs are on different locations connected via IPSec based VPN. No traffic is filtered out. All 3 ADCs replicate fine except dcdo1 -->dcnh1. Symptom: [root at dcdo1 ~]# samba-tool drs replicate dcnh1.ad.kdu.com dcdo1.ad.kdu.com dc=ad,dc=kdu,dc=com

On Wed, 27 Dec 2017 13:00:05 +0100 "Dr. Johannes-Ulrich Menzebach via samba" <samba at lists.samba.org> wrote: > There is additional info in the logs of the source DC (dcdo1, log > level 2, manually triggered another replication): > ==================== > [2017/12/27 12:31:29.695121,  2] >

Hi Heinz, > i have the same problem on samba 4.7.3 and 4.7.4. > I start with 2 DCs and the sync works fine. After the join of a third > DC mostly i get the WERR_DS_DRA_ACCESS_DENIED. I tested it for 10 > times. > > in my case i have: > DC1 (with any FSMO Roles) > DC2 > > new join as DC: > DC3 > > After the join, the sync from DC2 to DC3 fails. > >

no, it seems to work!!! i did a ldapmodify on DC2: ldapmodify -x -h dc2 -D cn=administrator,cn=users,dc=test,dc=net -W -f serverReference.ldif serverReference.ldif: dn: CN=SAMBA3,CN=Servers,CN=Default-First- SiteName,CN=Sites,CN=Configuration,DC=test,DC=net changetype: modify add: serverReference serverReference: CN=SAMBA3,OU=Domain Controllers,DC=test,DC=net - now the question: Why the

on DC2 in the log i found: ./source4/dsdb/common/util.c:4807: Failed to find account dn (serverReference) for CN=SAMBA3,CN=Servers,CN=Default-First-Site- Name,CN=Sites,CN=Configuration,DC=test,DC=net, parent of DSA with objectGUID c01a335e-1794-4997-9c7e-553be77fba04, sid S-1-5-21- 1608159440-4144762864-1017073214-18962 ../source4/rpc_server/drsuapi/updaterefs.c:374: Refusing DsReplicaUpdateRefs

Hi Heinz and Johannes, > I had exactly the same problem, and used ldbedit to apply the fix. > Thanks for digging into this! > > Now I'm interested in the root cause as well ... I just had a client calling with a replication issue due to the exact same error. The domain was initially build on 4.7.1, upgraded to 4.7.3, and it was also missing the serverReference attribute on one

Same error here... root at samba01:~# samba-tool ldapcmp ldap://samba01 ldap://samba02 -Uadministrator --filter=CN,DC,member CONFIGURATION Password for [LAURENZ\administrator]: * Comparing [CONFIGURATION] context... * Objects to be compared: 1631 Comparing: 'CN=SAMBA03,CN=Servers,CN=Harz,CN=Sites,CN=Configuration,DC=local,DC=laurenz,DC=ws' [ldap://samba01]

RPvs> On Tue, 22 May 2018 09:08:31 -0700 RPvs> Gregory Sloop via samba <samba at lists.samba.org> wrote: >> I was under the impression that during provision that the >> Administrator account got all the domain [and other] "root" privs by >> default. If that's the case, why doesn't Administrator have the privs >> we'd expect? [Perhaps I

Hi, i have the same problem on samba 4.7.3 and 4.7.4. I start with 2 DCs and the sync works fine. After the join of a third DC mostly i get the WERR_DS_DRA_ACCESS_DENIED. I tested it for 10 times. in my case i have: DC1 (with any FSMO Roles) DC2 new join as DC: DC3 After the join, the sync from DC2 to DC3 fails. samba-tool drs replicate dc2 dc1 dc=gvcc,dc=net : OK samba-tool drs replicate

Heinz, I had exactly the same problem, and used ldbedit to apply the fix. Thanks for digging into this! Now I'm interested in the root cause as well ... Uli Am 16.01.2018 um 16:48 schrieb Heinz Hölzl via samba: > no, it seems to work!!! > > > i did a ldapmodify on DC2: > > ldapmodify -x -h dc2 -D cn=administrator,cn=users,dc=test,dc=net -W -f > serverReference.ldif

Hi, there is no firewall, all DCs are in the same subnet. here ist the output of a test, you can see, the CNAME guid entries in the _msdcs can be resolved on any DC: (DC1 and DC2 are the first and second DCs, SAMBA3 was added at last. ldbsearch -H /srv/samba/private/sam.ldb '(invocationId=*)' --cross-ncs objectguid # record 1 dn: CN=NTDS Settings,CN=DC2,CN=Servers,CN=Default-First-Site-

All - I seem to be suffering from the common complaint that users loose supplementary group access after a while - in our case it seems to be connections left overnight. Restarting smb fixes it. I haven't been able to determine the cause. From the logs I've been able to determine a bad access looks something like this: AuthZ reports a S-1-5-21- SID: [2020/05/14 09:49:40.474490,

I am soo lost trying to get Samba AD 4.7.5 as a Kerberos source for NFSv4. The NFS server is the Samba AD server running Ubuntu Server 16.0.4.3 and the client is Linux Mint 18.3 This export WORKS and mounts on client ########## /etc/exports ########## /mnt/fileshare         *(rw,no_subtree_check,async) ############################ This export DOES NOT ########## /etc/exports ##########

Em 10-09-2018 10:43, Rowland Penny via samba escreveu: > On Mon, 10 Sep 2018 09:56:46 -0400 > spiderslack via samba <samba at lists.samba.org> wrote: > >> Hi, all >> >> >> I trying setting domain samba with bind9-DLZ. I followed the tutorial >> https://wiki.samba.org/index.php/Setting_up_Samba_as_an_Active_Directory_Domain_Controller, >> but not

RPvs> On Mon, 21 May 2018 17:15:21 -0700 RPvs> Gregory Sloop via samba <samba at lists.samba.org> wrote: >> See Inline >> LPHvBvs> Hi Gregory, >> LPHvBvs> On the questions. >> >> Is there a good reason to avoid Samba internal DNS? >> LPHvBvs> No, imo not, but i only use bind9_dlz because i need bind in >> LPHvBvs> my lan for

hi all, thanks to Rowland advice, I checked the net trustdom way to establish trust between domains. In my setup I have a samba-4.7.4 NT4 domain named TRUSTING which needs to have a trusting (outgoing)[1] with samba-4.7.4 AD domain named ATENEOAD. As far as I know it is very similar to: https://www.samba.org/samba/docs/man/Samba-HOWTO-Collection/InterdomainTrusts.html#id2620849 I added the

Hai, Have you seen : https://wiki.samba.org/index.php/Authenticating_Freeradius_against_Active_Directory Test with : ntlm_auth --allow-mschapv2 --request-nt-key --domain=COMPANY --username=domainuser --password=userpassword Greetz, Louis > -----Oorspronkelijk bericht----- > Van: samba [mailto:samba-bounces at lists.samba.org] Namens Oleg > Blyahher via samba > Verzonden: