similar to: Unable to join Windows 2008 R2 server DC to Samba DC

I have identified and fixed the problem! The wellKnownObject for the default computer container was missing! I’m wondering if this was a bug from an old version of Samba, as we provisioned the domain with Samba 4.0.3. I used ldbedit to manually modify the directory and add CN=Computers as the wellKnownObject default computer container. Windows 2008 R2 now joins successfully. Thanks, Justin

This showed up at -d3: DRS replication add DN of aca72580-587e-4dab-adee-07a5f8027dfa is CN=foo,OU=bar,DC=baz Failed to apply records: Failed to locally apply remote add of CN=foo,OU=bar,DC=baz: ../lib/ldb/ldb_tdb/ldb_index.c:2012: Failed to re-index servicePrincipalName in CN=blah,OU=blah,DC=blah - (null): Operations error Failed to commit objects: WERR_GEN_FAILURE I've deleted the object

When I attempt to join samba 4.8.0 (stable) to my samba 4.6.7 DC (Ubuntu), I receive the following error: Partition[DC=us,DC=dignitastech,DC=com] objects[500/1605] linked_values[0/118] Failed to commit objects: WERR_GEN_FAILURE Join failed - cleaning up Deleted CN=DC3-CLONE,OU=Domain Controllers,DC=us,DC=dignitastech,DC=com Deleted CN=NTDS

Hi, Does anyone have experience of using ldbedit or similar, to remove the duplicates below? (Is that even the right way for me to go?) Can I perhaps query something using ldbsearch, to find the duplicates, before using ldbedit? On Sun, 18 Nov 2018 at 21:37, Jonathan Hunter <jmhunter1 at gmail.com> wrote: > [...] > In my database, as reported by the domain join command above, I have

On Tue, 13 Nov 2018 at 21:26, Rowland Penny via samba <samba at lists.samba.org> wrote: > > On Tue, 13 Nov 2018 20:55:08 +0000 > Jonathan Hunter via samba <samba at lists.samba.org> wrote: > > > After running the following: > > $ sudo samba-tool domain join mydomain.org DC -U myadmin --site=mysite > > --server=dc3 > > all seems well, until: > >

Hi Justin, Thank you for your answer, I had found this utility during my searches, and will probably try it. As you say, reversible + plaintext is far for optimal from a security point of view. Also, I would like to integrate the solution in a "packaged" distribution like for example Zentyal or UCS. But I'm happy to learn that this solution is viable, I wouldn't lose my time

Note that I turned up to -d5 but the relevant output didn't seem to change. I just cleaned up my obfuscation for clarity (all referenced DNs were identical): DRS replication add DN of aca72580-587e-4dab-adee-07a5f8027dfa is CN=foo,OU=bar,DC=baz Failed to apply records: Failed to locally apply remote add of CN=foo,OU=bar,DC=baz: ../lib/ldb/ldb_tdb/ldb_index.c:2012: Failed to re-index

Hi, I have a little problem with dc10, dc11. I use three quad dc cards, so far from dc0 up to dc8 with no problems. All (dc0 to dc11) are displayed correctly with pciconf and with ifconfig. The trouble is with dc10 and dc11 that they don't send any data out and also don't react to arp requests etc. - at least using tcpdump won't show anything coming in or going out. Monitoring from

Hello, Changing "CN=Computers" to another OU doesn't seem to work correctly in Samba 4.8.5. Running redircmp or changing the wellKnownObject AA312825768811D1ADED00C04FD8D5CD to another OU worked in Samba 4.4 but now the Windows clients don't seem to respect that entry. They instead try to create their computer object under "CN=Computers" which they no longer have

Hi, I haven't see any stuff with [print$] section from `man smb.conf` of samba v4.6.7, is this section still available for drivers auto-installation for windows ? I know it is usable from some out-of-date tutorial of old samba. But I don't figure out How-TO in the latest one. Thanks, -hongquan

I have existing domain controllers running v4.6.7 installed from source (on Ubuntu OS.) I see that the install from source system requirements have changed for Debian/Ubuntu OS on the https://wiki.samba.org/index.php/Operating_System_Requirements page. There are some additional packages listed that were not in my original build of v4.6.7. The additional packages include libarchive-dev,

Hi, I have 2 domain controllers with samba4, and i realized i have some missing spns for the second domain controller: > samba-tool spn list dc1$ dc1$ User CN=dc1,OU=Domain Controllers,DC=test,DC=pt has the following servicePrincipalName: ?? ? HOST/dc1.test.pt ?? ? HOST/dc1.test.pt/test[1] ?? ? ldap/dc1.test.pt/test[1] ?? ? GC/dc1.test.pt/test.pt[2] ?? ?

I'm trying to have my Samba 4 AD DC users mapped and synchronized with google apps for education accounts. I would like to start from the native windows password update procedure to eventually update the google apps password (actually, I think only some types of hashes are stored). Google actually provides a tool to synchronize user accounts and profiles which works juste fine. This tools

Am Donnerstag, den 03.10.2019, 14:13 +0100 schrieb Rowland penny via samba: > On 03/10/2019 13:43, Dipl.-Ing. P?ter Varkoly via samba wrote: > > Hi, > > > > after installing a samba-4.8.9 AD-Server there is/are an A-Records > > created for the domain delivering the ip-address(es) of the AD- > > server. > > This ip can be changed vie "samba-tool dns

On Tue, 20 Nov 2018 13:17:58 +0000 Jonathan Hunter via samba <samba at lists.samba.org> wrote: > Hi, > > Does anyone have experience of using ldbedit or similar, to remove the > duplicates below? (Is that even the right way for me to go?) Can I > perhaps query something using ldbsearch, to find the duplicates, > before using ldbedit? > > On Sun, 18 Nov 2018 at

Hi all, SPN = servicePrincipalName A simple search returning all servicePrincipalName declared in your AD: ldbsearch -H $sam serviceprincipalname=* serviceprincipalname An extract from result concerning a lambda client: # record 41 dn: CN=win-client345,OU=Machines,DC=ad,DC=domain,DC=tld servicePrincipalName: HOST/MB38W746-0009 servicePrincipalName: HOST/MB38W746-0009.ad.domain.tld

directory service replication does not work between windows DC and samba DC, as the samba DC has 2 identical WSMAN records samba-tool  spn list m7-arhiv$ m7-arhiv$ User CN=M7-ARHIV,OU=Computers M07,DC=example,DC=ru has the following servicePrincipalName:      HOST/M7-ARHIV      HOST/m7-arhiv.example.ru      RestrictedKrbHost/M7-ARHIV      RestrictedKrbHost/m7-arhiv.example.ru    

Today's episode of "why is AD break", brought to you by: > [2017/09/05 10:17:06.015617, 3] ../source4/auth/gensec/gensec_gssapi.c:613(gensec_gssapi_update) > Server GC/graz-dc-1b.ad.tao.at/ad.tao.at is not registered with our KDC: Miscellaneous failure (see text): Server (GC/graz-dc-1b.ad.tao.at/ad.tao.at at AD.TAO.AT) unknown > [2017/09/05 10:17:06.015717, 0]

On Tue, 2023-04-04 at 09:37 +0200, Kees van Vloten wrote: > Op 04-04-2023 om 00:32 schreef Andrew Bartlett: > > > > > On Mon, 2023-04-03 at 15:08 +0000, Tim ODriscoll via samba wrote: > > > > > Unfortunately it's still erroring out: > > > (7) mschap: Creating challenge hash with username: host/SL-6S4BBS3.MYDOMAIN.co.uk > > > (7) mschap:

Hi, In samba role DC, is the issue of duplicate SPN records fixed?