similar to: samba 4.8.3 with BIND dynamic dns update failed

Displaying 20 results from an estimated 20000 matches similar to: "samba 4.8.3 with BIND dynamic dns update failed"

2018 Mar 29
0
Failed to find DC in keytab, gpupdate fails
Hi, you're right about kvno. kvno dc gives me: dc at DOMAIN.NET.PL: kvno = 1 I'm pretty sure I didn't change dc$ password nor keytab wasn't recreated (the file is from 2015). I've checked other DCs. It looks like two of them with CentOS 7 have kvno = 2, and one with CentOS 6 has also v 1. DCs on CentOS 7 are pretty new, with samba version 4.7.4 from the scratch. Main DC
2018 Jul 21
0
samba 4.8 with bind - bugged dns entry in reverse lookup zone
Hello, I found this bugged record with ldbsearch -H path/to/samba/bind-dns/dns/sam.ldb.d/DC\=DOMAINDNSZONES\,DC\=SUBDOMAIN\,DC\=DOMAIN\,DC\=PL.ldb '(name=49)' So I have a couple of questions - hopefully someone can shed some light: - am I looking in correct .ldb for bind-dns? - can I remove this record? If yes what's the best method? Should samba and/or bind be stopped? As I
2018 Mar 29
2
Failed to find DC in keytab, gpupdate fails
Try verifying kvno from the client that gives the error message. That kvno = 2 for dc$ must've come from somewhere. You can also double check e.g. via ADUC ldap attributes of the dc$: lastpwdset and kvno. If  kvno is definately 1 that means that client connecting has some error, if it's 2, than it means that dc has outdated keytab. And if it's the former, than I really am not sure
2018 Jul 21
2
samba 4.8 with bind - bugged dns entry in reverse lookup zone
Hello, I stumbled upon weird error/bug. My setup: 4.8.3 AD on centos 7.5 (compiled from source). BIND as dns running on AD DC with secure dns updates setup and working. Most of the DNS updates are dynamic, some added manually using windows DNS manager. One of the PTR entries in reverse lookup zone went missing. It's not visible in the windows DNS manager, it's nowhere to be found
2018 Jul 03
0
samba 4.8.3 "apply group policy = yes" error
Hello, I've realised that there was an error on this server, wrong idmap.ldb, 3000002 should be one of the built-in users or groups instead of machine own account. Unfortunately fixing idmap (I imported idmap.ldb from DC with correct mapping) didn't fix my original error, as it still appears each time samba is restarted. Regards, Kacper W dniu 02.07.2018 o 10:52, Kacper Wirski via
2018 Mar 29
2
Failed to find DC in keytab, gpupdate fails
what is the output of "kvno dc.domain.net.pl"? There seems to be mismatch kvno of the secrets keytab, and what is client expecting (kvno 2). Kvno increments by 1 for every password change. Was there by any chance password change for the dc$ account and keytab was not recreated? If You made some upgrades, maybe during process You for example rejoined the domain (that would set new
2018 Jul 02
2
samba 4.8.3 "apply group policy = yes" error
Hello, Centos 7.5 samba 4.8.3 installation, compiled from source working as AD DC. It was an update from 4.7 (not an in place update, but added new DC's to existing domain and demoted 4.7.x DC's). After adding to my smb.conf: /apply group policies = yes/ I see errors on samba star: ../lib/util/util_runcmd.c:327(samba_runcmd_io_handler)   /usr/local/samba/sbin/samba_gpoupdate: SID
2018 Jul 21
2
samba 4.8 with bind - bugged dns entry in reverse lookup zone
On Sat, 21 Jul 2018 20:57:07 +0200 Kacper Wirski via samba <samba at lists.samba.org> wrote: > Hello, > > I found this bugged record with > > ldbsearch -H > path/to/samba/bind-dns/dns/sam.ldb.d/DC\=DOMAINDNSZONES\,DC\=SUBDOMAIN\,DC\=DOMAIN\,DC\=PL.ldb > '(name=49)' > > So I have a couple of questions - hopefully someone can shed some > light: >
2018 Jul 21
0
samba 4.8 with bind - bugged dns entry in reverse lookup zone
Thank You for the prompt reply. By "sam.ldb" you mean the samba/bind-dns/dns/sam.ldb right? After executing: ldbsearch --cross-ncs -H /path/to/samba/bind-dns/dns/sam.ldb '(name=49)' I do find same records, as with previous search including the one I need to delete as it is bugged. It's dn is:
2018 Jun 28
1
samba 4.8.3 samba_dnsupdate odd long timeouts
Hello, I'll try to be as brief as possible. I'm testing samba 4.8.3 on centos 7.5. Fresh installation joined to existing AD domain that was ran with samba 4.7.6. I did add 2 DC's with 4.8.3, then removed all 4.7.6 DC's. Everything seemed to work fine, except for adding DNS entries on one of the machines. Samba by itself was unable to add them throwing error in log that dnsupdate
2018 Nov 21
2
samba AD - bind - deleted DNS entries are not removed completely
To answer my own question: Yes, it's seems like a feature. I ran basic ldbsearch query: ldbsearch -H /usr/local/samba/private/sam.ldb -b "DC=DomainDnsZones,DC=mydomain,DC=com" and saw in output entries with: dNSTombstoned: TRUE Overall there are a couple hundred entries with as such. So now my question is: How can I safely remove them, any tips/guideliness? I thought that
2018 Jul 03
1
samba 4.8.3 "apply group policy = yes" error
On Tue, 3 Jul 2018 08:06:44 +0200 Kacper Wirski via samba <samba at lists.samba.org> wrote: > Hello, > > I've realised that there was an error on this server, wrong > idmap.ldb, 3000002 should be one of the built-in users or groups > instead of machine own account. Unfortunately fixing idmap (I > imported idmap.ldb from DC with correct mapping) didn't fix my >
2018 Aug 16
2
explorer.exe crashes on security tab access
I've noticed myself similiar issue. Windows 10 (v 1803) - window with security tab open crashes on certain files (yes, just the window, not whole OS). Just before crash i see unresolved SID which looks like nothing I know (doesn't look like domain SID - maybe local user SID from samba member server?). All files that cause this issue are from any of the samba servers. Same files I can
2018 Nov 21
1
samba AD - bind - deleted DNS entries are not removed completely
W dniu 21.11.2018 o 21:09, Rowland Penny via samba pisze: > On Wed, 21 Nov 2018 20:48:34 +0100 > Kacper Wirski via samba <samba at lists.samba.org> wrote: > >> So in my case - is it safe to delete directly using ldbdel or using >> windows ADSI gui ldap editor? Or is there another way? What is the >> right way to do it? >> >> something like: >>
2018 Nov 21
0
samba AD - bind - deleted DNS entries are not removed completely
Hello, Since noone answered, I'll add some more information - maybe I'm unclear about the nature of the issue? I re-read samba wiki, especially about DNS management and I didn't find any information pointing to such behaviour. I was deleting all entries using windows DNS management console (which is in the sama wiki, so I suppose it's supported) I don't have
2018 Nov 21
2
samba AD - bind - deleted DNS entries are not removed completely
So in my case - is it safe to delete directly using ldbdel or using windows ADSI gui ldap editor? Or is there another way? What is the right way to do it? something like: ldbdel -H /usr/local/samba/private/sam.ldb -b"DC=DomainDnsZones,DC=mydomain,DC=com '(dNSTombstoned: TRUE)' ? I read in samba 4.9 new features release notes about scavenging but I'm not sure if it's the
2018 Aug 16
1
explorer.exe crashes on security tab access
As I said, I haven't got time to look at what's really happening, just that sometimes windows 10 + some file = security tab just closes/crashes instantly and clearly there is a long SID that's not like anything I recognize, might be well known SID (not well known enough though I'd say, as it's unresolved ;) ). I'm not sure if my experiences are related to those of OP,
2018 Nov 20
3
samba AD - bind - deleted DNS entries are not removed completely
Hello, I've posted about this issue some time ago, but I maybe didn't explain myself enough and/or didn't supply enough information. My setup is centos 7.5 samba 4.8.4 AD DCwith BIND as dns backend. I noticed that some windows clients stopped doing secure dns dynamic updates because of insufficient rights error. Upon further digging I realized that all of the entries, that were
2018 Nov 21
0
samba AD - bind - deleted DNS entries are not removed completely
On Wed, 21 Nov 2018 19:39:53 +0100 Kacper Wirski via samba <samba at lists.samba.org> wrote: > To answer my own question: > > Yes, it's seems like a feature. Yes, it is a feature, an AD feature ;-) > > I ran basic ldbsearch query: > > ldbsearch -H /usr/local/samba/private/sam.ldb -b > "DC=DomainDnsZones,DC=mydomain,DC=com" and saw in output
2017 Nov 01
0
kerberos + winbind + AD authentication for samba 4 domain member
Maybe try something like this, dont know it its right, i cant test it atm, and i never used its so.. But in krb5.conf try to match the failty one with a rule. auth_to_local = RULE:[1:SAMDOM:$1] Maybe it works maybe not, but imo, try-able ;-) , just an idee.. Greetz, Louis > -----Oorspronkelijk bericht----- > Van: samba [mailto:samba-bounces at lists.samba.org] Namens > Kacper