similar to: samba 4.8 with bind - bugged dns entry in reverse lookup zone

On Sat, 21 Jul 2018 20:57:07 +0200 Kacper Wirski via samba <samba at lists.samba.org> wrote: > Hello, > > I found this bugged record with > > ldbsearch -H > path/to/samba/bind-dns/dns/sam.ldb.d/DC\=DOMAINDNSZONES\,DC\=SUBDOMAIN\,DC\=DOMAIN\,DC\=PL.ldb > '(name=49)' > > So I have a couple of questions - hopefully someone can shed some > light: >

Hello, I found this bugged record with ldbsearch -H path/to/samba/bind-dns/dns/sam.ldb.d/DC\=DOMAINDNSZONES\,DC\=SUBDOMAIN\,DC\=DOMAIN\,DC\=PL.ldb '(name=49)' So I have a couple of questions - hopefully someone can shed some light: - am I looking in correct .ldb for bind-dns? - can I remove this record? If yes what's the best method? Should samba and/or bind be stopped? As I

Thank You for the prompt reply. By "sam.ldb" you mean the samba/bind-dns/dns/sam.ldb right? After executing: ldbsearch --cross-ncs -H /path/to/samba/bind-dns/dns/sam.ldb '(name=49)' I do find same records, as with previous search including the one I need to delete as it is bugged. It's dn is:

Hello, I've posted about this issue some time ago, but I maybe didn't explain myself enough and/or didn't supply enough information. My setup is centos 7.5 samba 4.8.4 AD DCwith BIND as dns backend. I noticed that some windows clients stopped doing secure dns dynamic updates because of insufficient rights error. Upon further digging I realized that all of the entries, that were

Hello, I'm struggling with an error for secure dynamic dns updates for reverse lookup zones. My environment: 2 Samba 4.8.4 DC's with BIND DLZ as dns backend, running on Centos 7.5. Samba was compiled from source with default heimdal kerberos (./configure --with-systemd --enable-gnutls) /I know now that --with-systemd is not needed, but didn't now that the time of compilation/.

To answer my own question: Yes, it's seems like a feature. I ran basic ldbsearch query: ldbsearch -H /usr/local/samba/private/sam.ldb -b "DC=DomainDnsZones,DC=mydomain,DC=com" and saw in output entries with: dNSTombstoned: TRUE Overall there are a couple hundred entries with as such. So now my question is: How can I safely remove them, any tips/guideliness? I thought that

W dniu 21.11.2018 o 21:09, Rowland Penny via samba pisze: > On Wed, 21 Nov 2018 20:48:34 +0100 > Kacper Wirski via samba <samba at lists.samba.org> wrote: > >> So in my case - is it safe to delete directly using ldbdel or using >> windows ADSI gui ldap editor? Or is there another way? What is the >> right way to do it? >> >> something like: >>

So in my case - is it safe to delete directly using ldbdel or using windows ADSI gui ldap editor? Or is there another way? What is the right way to do it? something like: ldbdel -H /usr/local/samba/private/sam.ldb -b"DC=DomainDnsZones,DC=mydomain,DC=com '(dNSTombstoned: TRUE)' ? I read in samba 4.9 new features release notes about scavenging but I'm not sure if it's the

On Wed, 1 Nov 2017 19:49:32 +0000 Rowland Penny via samba <samba at lists.samba.org> wrote: > On Wed, 1 Nov 2017 20:28:05 +0100 > Kacper Wirski <kacper.wirski at gmail.com> wrote: > > > I'm going to start with clean centos install, so I might as well use > > some additional guidelines, thank You. > > > > When You run kinit, does Your user have

I've noticed myself similiar issue. Windows 10 (v 1803) - window with security tab open crashes on certain files (yes, just the window, not whole OS). Just before crash i see unresolved SID which looks like nothing I know (doesn't look like domain SID - maybe local user SID from samba member server?). All files that cause this issue are from any of the samba servers. Same files I can

Hello, Centos 7.5 samba 4.8.3 installation, compiled from source working as AD DC. It was an update from 4.7 (not an in place update, but added new DC's to existing domain and demoted 4.7.x DC's). After adding to my smb.conf: /apply group policies = yes/ I see errors on samba star: ../lib/util/util_runcmd.c:327(samba_runcmd_io_handler)   /usr/local/samba/sbin/samba_gpoupdate: SID

Ok, I finally could try it out, and it seems to actually work, but You need samba 4.7 on all machines, not only AD, but also server with freeradius. I didn't get a chance to test it locally, that is samba AD + freeradius on the same server. Setup: 4.7.6 AD server and 4.6.2 samba member + freeradius didn't work (got simple "nt_status_wrong_password") but: 4.7.6 AD and 4.7.1

I'm going to start with clean centos install, so I might as well use some additional guidelines, thank You. When You run kinit, does Your user have ticket already? What I noticed is that when user has a ticket already, kinit works fine, uses as default principal the one from ticket. Can you do kdestroy - then kinit? Also, on Fedora, did You install samba from source or from repo's RPM?

On Tue, 3 Jul 2018 08:06:44 +0200 Kacper Wirski via samba <samba at lists.samba.org> wrote: > Hello, > > I've realised that there was an error on this server, wrong > idmap.ldb, 3000002 should be one of the built-in users or groups > instead of machine own account. Unfortunately fixing idmap (I > imported idmap.ldb from DC with correct mapping) didn't fix my >

On 03/06/2019 12:29, Kacper Wirski via samba wrote: > Hello, > > Since nobody picked this up I will try to answer myself (hopefully > correctly). > > I think I just misread documentation on wiki, but I would really > appreciate a clarification. In the wiki it states: > > "To enable other accounts than the domain administrator to set > permissions on Windows,

On Tue, 6 Nov 2018 11:24:43 +0100 Kacper Wirski via samba <samba at lists.samba.org> wrote: > Hello, > > I'm struggling with an error for secure dynamic dns updates for > reverse lookup zones. > > My environment: > > 2 Samba 4.8.4 DC's with BIND DLZ as dns backend, running on Centos > 7.5. Samba was compiled from source with default heimdal kerberos

Basically that was my initial question, should adding GID and UID to domain computers group (gid) and machine accounts (uid) be enough, and if it should, and it doesnt work - what else should be done to make it work, or what am I missong? I'm not sure what You mean about invalidating cache? Wysłano z mojego smartfona w PLAY <div>-------- Oryginalna wiadomość

Hello, I have an issue as stated in topic. My samba 4.8.3 file server, which is AD member frequently shows winbind errors (pasted below). From user perspective it seems to work fine, but I'm worried that I have something misconfigured and in the long run, I might run into some errors. My AD DC are running on samba 4.9.x (two of them), compiled from source with BIND as DNS backend (running on

Hello, I'll try to be as brief as possible. I'm testing samba 4.8.3 on centos 7.5. Fresh installation joined to existing AD domain that was ran with samba 4.7.6. I did add 2 DC's with 4.8.3, then removed all 4.7.6 DC's. Everything seemed to work fine, except for adding DNS entries on one of the machines. Samba by itself was unable to add them throwing error in log that dnsupdate

I actually posted about this here on samba list about it last year, but nobody caught interest. I used to have logs from samba and wireshark, which very nicely showed what's wrong (kerberos request was for SPN  eg. "Hyper-V Replication Service/Servername.mydomain.com" and in samba log there was an error with something like "Hyper-V\ Replication \Service.. not found".