similar to: AD RODC not being used because of missing DNS entries?

Thanks for the quick reply Rowland >Never ran an RODC (yet), but this all sounds like the problems that >used to occur when joining a second DC, try reading this: >https://wiki.samba.org/index.php/Verifying_and_Creating_a_DC_DNS_Record I Checked this, both the A record and the objectGUID CNAME records exist for DC1 and DC2 on bth servers. >You could try restarting Samba, there is

On Fri, 19 Oct 2018 22:09:27 +0200 (CEST) tomict via samba <samba at lists.samba.org> wrote: > Hi All, > > Is it correct that my RODC domain controller (DC2.ad.example.nl) has > only one entry in the (internal) DNS on domain controller DC1? It > seems to me that because of missing dns entries it is not used by > clients in the ad domain > > I recently installed a

On Sat, 20 Oct 2018 00:06:40 +0200 (CEST) tomict via samba <samba at lists.samba.org> wrote: > Thanks for the quick reply Rowland > > >Never ran an RODC (yet), but this all sounds like the problems that > >used to occur when joining a second DC, try reading this: > > >https://wiki.samba.org/index.php/Verifying_and_Creating_a_DC_DNS_Record > > > I

On Sat, 20 Oct 2018 13:58:15 +0200 (CEST) tomict via samba <samba at lists.samba.org> wrote: > > > Just one thought, where does the nameserver on DC2 point ? > > Is it to DC1 ? > > or itself, DC2 ? > > > If it is pointing to itself, try pointing it at DC1 > > > Rowland > > The Nameserver on DC2 points to the ip address of DC1 > > Tom

On Sat, 20 Oct 2018 17:04:20 +0200 (CEST) tomict via samba <samba at lists.samba.org> wrote: > > > OK, I have checked from Windows and my dns looks like this: > > DC2-| > > |- Forward Lookup Zone > > |- samdom.example.com > > You have much more dc2 entries, I only have 4 from my manual > additions. Your dns setup is the same as the setup that

> Obviously there is something wrong with the dns updates on DC2. Any > ideas? > > Tom > >The problem is (as far as I understand it), you cannot write to an >RODC, it forwards write actions to a writeable DC, which then replicates >them back. >From the above, it is timing out, is there a firewall or similar in the >way ? Can you ping a DC from the RODC ? >

Hi, We have encountered these timeout issues with Samba 4.7 as an RODC too. We created a ticket about it here : https://bugzilla.samba.org/show_bug.cgi?id=13502 One thing is that even after the timeouts got resolved, I still get a weird behaviour with two entries that keeps trying to update themselves when I run "samba_dnsupdate". The call succeeds, but the entries are actually

Hi, >Are you using Bind9, if so, post your named.conf files (the ones from /etc/bind) No, I'm using DNS Internal. >Is winbind installed ? No, because the Samba tutorial said that for DC it was not necessary. Regards, M?rcio Bacci Em qui, 22 de ago de 2019 ?s 15:43, Rowland penny via samba < samba at lists.samba.org> escreveu: > On 22/08/2019 19:22, Marcio Demetrio Bacci

Hi, I noticed some problems in my DC2 (secondary) Logs, as below: root at samba4-dc2:/var/log/samba# tail log.samba ago 22 14:55:21 samba4-dc2 samba[2812]: [2019/08/22 14:55:21.106213, 0] ../lib/util/util_runcmd.c:316(?andler) ago 22 14:55:21 samba4-dc2 samba[2812]: /usr/sbin/samba_dnsupdate: GENSEC backend 'krb5' registered ago 22 14:55:21 samba4-dc2 samba[2812]: [2019/08/22

Hi, It's my first try to setup RODC using Samba 4.8. We have latest Samba 4.7 environnement with 2 DC and some file servers. Joining the DC to the domain is OK using samba-tool domain join command. The domain controller appears in the DC list (MMC) However, users cannot be authenticated. Samba is running but these ports are closed : netbios-ssn 139/tcp # NETBIOS session service

Ah, so the error changed.. ? Can you try ? samba-tool domain join empresa.com.br DC -k yes -d 3 --server=samba4-dc01.empresa.com.br? so we try to join through samba4-dc1 and not the windows DC. ? Looking at below again. (objectclass=primaryDomain))' base: 'cn=Primary Domains': No such object: dsdb_search at ../source4/dsdb/common/util.c:4691) and from

Thank you Denis and Rowland - I didn't realise this was the script, makes sense now. I've run it (on dc2) and it gets as far as: need update: SRV _ldap._tcp.mysite._sites.ForestDnsZones.mydomain.org.uk dc2.mydomain.org.uk 389 [lots of updates needed] 10 DNS updates and 0 DNS deletes needed Successfully obtained Kerberos ticket to DNS/dc1.mydomain.org.uk as DC2$ and then it fails here:

Hi, I have 2 DC in my network. DC master is a Samba 4 and the secondary is Windows Server 2008. I want to put another Samba 4 as DC to replace Windows Server, however the following errors are emerging: root at samba4-dc2:~# samba-tool domain join empresa.com.br DC -k yes -d 3 lpcfg_load: refreshing parameters from /etc/samba/smb.conf GENSEC backend 'gssapi_spnego' registered GENSEC

Hi, All 3 of my DCs regularly display an error in syslog almost exactly every 10 minutes. They have been doing this for quite some time, and I have so far ignored the message as everything else DNS-wise seemed to mostly be working - but I figured it was worth getting to the bottom of it if I can. So this isn't new at all but rather something that has been present for some time. I am using

On 18.07.2016 20:10, Rowland penny wrote: > On 18/07/16 00:02, Norbert Hanke wrote: >> Hello, >> >> I'm trying to join a samba 4 DC to an already existing samba 4 DC, >> both with BIND9_DLZ. Samba is at version 4.4.5, bind is version >> 9.10.4-P1, all brand new. >> >> The existing DC runs fine, but the added DC refuses to update its >>

Hello there, I have a problem with replication between two domain controllers, dc1 and dc2. Distribution: Debian 8.5 Samba-Distribution: sernet-samba 4.3.11-14 The replication on dc2 working fine without any failures. But the synchronization on dc1 gives the failure "WERR_BAD_NETPATH". Because the message "BAD_NETPATH" I checked the DNS-resolution:

Hello, sorry to ask this many questions, but I want to know why things happen they way they do and if perhaps something is wrong. Our new, shiny domain created by classicupgrade consists of 4 (four) domain controllers. dc1 was the first, which was created by classicupgrade. Then I added dc2, dchks and dcirm using samba-tool domain join iww.lan DC -U "IWW\Administrator"

Hi, We have three DC's, and one of them has been misbehaving a few times lately, stopping to replicate, showing the following error in samba-tool drs showrepl, for all DC partitions: > DC=DomainDnsZones,DC=samba,DC=company,DC=com > Default-First-Site-Name\DC2 via RPC > DSA object GUID: 5e93a102-2963-496a-af16-0c51eebb2e31 > Last attempt @ Wed Nov 11 06:41:21 2015 CET

Then I don't know what caused it. I had no problems prior to the upgrade, and the upgrade was done without errors.. Unfortunately, no, I don't have backups. 'sam.ldb' is still there, though, and so are the databases unter 'sam.ldb.d'. Yes, I tried restarting Samba, even rebooted the server but to no avail. Here are the results from running samba in the shell: lpcfg_load:

> OK, I have checked from Windows and my dns looks like this: > DC2-| > |- Forward Lookup Zone > |- samdom.example.com You have much more dc2 entries, I only have 4 from my manual additions. Your dns setup is the same as the setup that I had last year when testing with a second non-RODC Domain Controller. BTW how did you make this tree view? There seem to be two problems