Displaying 20 results from an estimated 1000 matches similar to: "Renaming a joined windows workstation"
2018 Feb 20
1
get_auth_event_server: Failed to find 'auth_event' registered on the message bus to send JSON authentication events to: NT_STATUS_OBJECT_NAME_NOT_FOUND
samba-4.7.5
debian 9.3
installed as join dc in existing domain on samba 4.1
everiting look like working
but some windows member stop to have access to shares on dc by ip
connect by \\full_domain_name work
there some log in samba dc
[2018/02/20 15:15:00.652467, 4]
../auth/auth_log.c:860(log_successful_authz_event_human_readable)
Successful AuthZ: [DCE/RPC,ncacn_np] user [NT
2017 Dec 27
0
AD replication problem "WERR_DS_DRA_ACCESS_DENIED" - need help debugging
There is additional info in the logs of the source DC (dcdo1, log level
2, manually triggered another replication):
====================
[2017/12/27 12:31:29.695121, 2]
../source4/rpc_server/drsuapi/getncchanges.c:1731(getncchanges_collect_objects)
../source4/rpc_server/drsuapi/getncchanges.c:1731: getncchanges on
DC=ad,DC=kdu,DC=com using filter (uSNChanged>=5415)
[2017/12/27
2017 Dec 27
0
AD replication problem "WERR_DS_DRA_ACCESS_DENIED" - need help debugging
Rowland,
- the DN "CN=DCNH1,..." exists on all 3 DCs (pointing the Sites and
Services console to each of them).
- I also checked that "samba-tool dbcheck" completes w/o showing errors.
- the objectGUID DNS aliases of all DCs are resolvable against all 3
DCs' builtin DNS
- I forced a full sync from the FSMO holder (dcge1) to the 2 other DCs
which finished w/o errors.
-
2017 Dec 27
2
AD replication problem "WERR_DS_DRA_ACCESS_DENIED" - need help debugging
We have 3 ADCs based on Samba-4.7.4 (compiled from source,internal DNS)/
CentOS7: dcdo1,dcnh1 and dcge1. dcge1 holds all FSMO roles. The 3 ADCs
are on different locations connected via IPSec based VPN. No traffic is
filtered out.
All 3 ADCs replicate fine except dcdo1 -->dcnh1. Symptom:
[root at dcdo1 ~]# samba-tool drs replicate dcnh1.ad.kdu.com
dcdo1.ad.kdu.com dc=ad,dc=kdu,dc=com
2017 Dec 27
2
AD replication problem "WERR_DS_DRA_ACCESS_DENIED" - need help debugging
On Wed, 27 Dec 2017 13:00:05 +0100
"Dr. Johannes-Ulrich Menzebach via samba" <samba at lists.samba.org> wrote:
> There is additional info in the logs of the source DC (dcdo1, log
> level 2, manually triggered another replication):
> ====================
> [2017/12/27 12:31:29.695121, 2]
>
2018 Jan 16
0
AD replication problem "WERR_DS_DRA_ACCESS_DENIED" - need help debugging
Hi Heinz,
> i have the same problem on samba 4.7.3 and 4.7.4.
> I start with 2 DCs and the sync works fine. After the join of a third
> DC mostly i get the WERR_DS_DRA_ACCESS_DENIED. I tested it for 10
> times.
>
> in my case i have:
> DC1 (with any FSMO Roles)
> DC2
>
> new join as DC:
> DC3
>
> After the join, the sync from DC2 to DC3 fails.
>
>
2018 Jan 16
0
AD replication problem "WERR_DS_DRA_ACCESS_DENIED" - need help debugging
no, it seems to work!!!
i did a ldapmodify on DC2:
ldapmodify -x -h dc2 -D cn=administrator,cn=users,dc=test,dc=net -W -f
serverReference.ldif
serverReference.ldif:
dn: CN=SAMBA3,CN=Servers,CN=Default-First-
SiteName,CN=Sites,CN=Configuration,DC=test,DC=net
changetype: modify
add: serverReference
serverReference: CN=SAMBA3,OU=Domain Controllers,DC=test,DC=net
-
now the question:
Why the
2018 Jan 16
0
AD replication problem "WERR_DS_DRA_ACCESS_DENIED" - need help debugging
on DC2 in the log i found:
./source4/dsdb/common/util.c:4807: Failed to find account dn
(serverReference) for CN=SAMBA3,CN=Servers,CN=Default-First-Site-
Name,CN=Sites,CN=Configuration,DC=test,DC=net, parent of DSA with
objectGUID c01a335e-1794-4997-9c7e-553be77fba04, sid S-1-5-21-
1608159440-4144762864-1017073214-18962
../source4/rpc_server/drsuapi/updaterefs.c:374: Refusing
DsReplicaUpdateRefs
2018 Feb 12
0
AD replication problem "WERR_DS_DRA_ACCESS_DENIED" - need help debugging
Hi Heinz and Johannes,
> I had exactly the same problem, and used ldbedit to apply the fix.
> Thanks for digging into this!
>
> Now I'm interested in the root cause as well ...
I just had a client calling with a replication issue due to the exact
same error. The domain was initially build on 4.7.1, upgraded to 4.7.3,
and it was also missing the serverReference attribute on one
2018 Apr 04
2
AD replication problem "WERR_DS_DRA_ACCESS_DENIED" - need help debugging
Same error here...
root at samba01:~# samba-tool ldapcmp ldap://samba01 ldap://samba02 -Uadministrator --filter=CN,DC,member CONFIGURATION
Password for [LAURENZ\administrator]:
* Comparing [CONFIGURATION] context...
* Objects to be compared: 1631
Comparing:
'CN=SAMBA03,CN=Servers,CN=Harz,CN=Sites,CN=Configuration,DC=local,DC=laurenz,DC=ws' [ldap://samba01]
2018 May 22
2
RSAT Hang
RPvs> On Tue, 22 May 2018 09:08:31 -0700
RPvs> Gregory Sloop via samba <samba at lists.samba.org> wrote:
>> I was under the impression that during provision that the
>> Administrator account got all the domain [and other] "root" privs by
>> default. If that's the case, why doesn't Administrator have the privs
>> we'd expect? [Perhaps I
2018 Jan 16
2
AD replication problem "WERR_DS_DRA_ACCESS_DENIED" - need help debugging
Hi,
i have the same problem on samba 4.7.3 and 4.7.4.
I start with 2 DCs and the sync works fine. After the join of a third
DC mostly i get the WERR_DS_DRA_ACCESS_DENIED. I tested it for 10
times.
in my case i have:
DC1 (with any FSMO Roles)
DC2
new join as DC:
DC3
After the join, the sync from DC2 to DC3 fails.
samba-tool drs replicate dc2 dc1 dc=gvcc,dc=net : OK
samba-tool drs replicate
2018 Jan 16
2
AD replication problem "WERR_DS_DRA_ACCESS_DENIED" - need help debugging
Heinz,
I had exactly the same problem, and used ldbedit to apply the fix.
Thanks for digging into this!
Now I'm interested in the root cause as well ...
Uli
Am 16.01.2018 um 16:48 schrieb Heinz Hölzl via samba:
> no, it seems to work!!!
>
>
> i did a ldapmodify on DC2:
>
> ldapmodify -x -h dc2 -D cn=administrator,cn=users,dc=test,dc=net -W -f
> serverReference.ldif
2018 Jan 16
4
AD replication problem "WERR_DS_DRA_ACCESS_DENIED" - need help debugging
Hi,
there is no firewall, all DCs are in the same subnet.
here ist the output of a test, you can see, the CNAME guid entries in
the _msdcs can be resolved on any DC: (DC1 and DC2 are the first and
second DCs, SAMBA3 was added at last.
ldbsearch -H /srv/samba/private/sam.ldb '(invocationId=*)' --cross-ncs
objectguid
# record 1
dn: CN=NTDS Settings,CN=DC2,CN=Servers,CN=Default-First-Site-
2020 May 14
4
Users loose supplementary groups after a time
All -
I seem to be suffering from the common complaint that users loose
supplementary group access after a while - in our case it seems to be
connections left overnight. Restarting smb fixes it. I haven't been able to
determine the cause.
From the logs I've been able to determine a bad access looks something like
this:
AuthZ reports a S-1-5-21- SID:
[2020/05/14 09:49:40.474490,
2018 Mar 04
1
Samba AD + Kerbero + NFS "Client no longer in database"
I am soo lost trying to get Samba AD 4.7.5 as a Kerberos source for
NFSv4. The NFS server is the Samba AD server running Ubuntu Server
16.0.4.3 and the client is Linux Mint 18.3
This export WORKS and mounts on client
########## /etc/exports ##########
/mnt/fileshare *(rw,no_subtree_check,async)
############################
This export DOES NOT
########## /etc/exports ##########
2018 Sep 10
1
samba 4.7.6-Ubuntu + ipv6 not work bind9-DLZ
Em 10-09-2018 10:43, Rowland Penny via samba escreveu:
> On Mon, 10 Sep 2018 09:56:46 -0400
> spiderslack via samba <samba at lists.samba.org> wrote:
>
>> Hi, all
>>
>>
>> I trying setting domain samba with bind9-DLZ. I followed the tutorial
>> https://wiki.samba.org/index.php/Setting_up_Samba_as_an_Active_Directory_Domain_Controller,
>> but not
2018 May 22
2
RSAT Hang
RPvs> On Mon, 21 May 2018 17:15:21 -0700
RPvs> Gregory Sloop via samba <samba at lists.samba.org> wrote:
>> See Inline
>> LPHvBvs> Hi Gregory,
>> LPHvBvs> On the questions.
>> >> Is there a good reason to avoid Samba internal DNS?
>> LPHvBvs> No, imo not, but i only use bind9_dlz because i need bind in
>> LPHvBvs> my lan for
2017 Dec 29
0
samba NT4 domain trusting samba AD domain: ephimeral
hi all,
thanks to Rowland advice, I checked the net trustdom way to establish
trust between domains.
In my setup I have a samba-4.7.4 NT4 domain named TRUSTING which needs
to have a trusting (outgoing)[1] with samba-4.7.4 AD domain named ATENEOAD.
As far as I know it is very similar to:
https://www.samba.org/samba/docs/man/Samba-HOWTO-Collection/InterdomainTrusts.html#id2620849
I added the
2019 Nov 06
0
NTLM refuses to work on a DC
Hai,
Have you seen :
https://wiki.samba.org/index.php/Authenticating_Freeradius_against_Active_Directory
Test with :
ntlm_auth --allow-mschapv2 --request-nt-key --domain=COMPANY --username=domainuser --password=userpassword
Greetz,
Louis
> -----Oorspronkelijk bericht-----
> Van: samba [mailto:samba-bounces at lists.samba.org] Namens Oleg
> Blyahher via samba
> Verzonden: