similar to: samba AD - bind - deleted DNS entries are not removed completely

Displaying 20 results from an estimated 5000 matches similar to: "samba AD - bind - deleted DNS entries are not removed completely"

2018 Nov 21
2
samba AD - bind - deleted DNS entries are not removed completely
To answer my own question: Yes, it's seems like a feature. I ran basic ldbsearch query: ldbsearch -H /usr/local/samba/private/sam.ldb -b "DC=DomainDnsZones,DC=mydomain,DC=com" and saw in output entries with: dNSTombstoned: TRUE Overall there are a couple hundred entries with as such. So now my question is: How can I safely remove them, any tips/guideliness? I thought that
2018 Nov 21
2
samba AD - bind - deleted DNS entries are not removed completely
So in my case - is it safe to delete directly using ldbdel or using windows ADSI gui ldap editor? Or is there another way? What is the right way to do it? something like: ldbdel -H /usr/local/samba/private/sam.ldb -b"DC=DomainDnsZones,DC=mydomain,DC=com '(dNSTombstoned: TRUE)' ? I read in samba 4.9 new features release notes about scavenging but I'm not sure if it's the
2018 Nov 21
1
samba AD - bind - deleted DNS entries are not removed completely
W dniu 21.11.2018 o 21:09, Rowland Penny via samba pisze: > On Wed, 21 Nov 2018 20:48:34 +0100 > Kacper Wirski via samba <samba at lists.samba.org> wrote: > >> So in my case - is it safe to delete directly using ldbdel or using >> windows ADSI gui ldap editor? Or is there another way? What is the >> right way to do it? >> >> something like: >>
2018 Nov 21
0
samba AD - bind - deleted DNS entries are not removed completely
Hello, Since noone answered, I'll add some more information - maybe I'm unclear about the nature of the issue? I re-read samba wiki, especially about DNS management and I didn't find any information pointing to such behaviour. I was deleting all entries using windows DNS management console (which is in the sama wiki, so I suppose it's supported) I don't have
2018 Jan 15
3
Fwd: Re: Sysvolreset
Hello! After process, error continue...... ---------------------------------------------------------------- C: \ Users \ USER1XXX> gpupdate / force Updating Policy ... Unable to update user policy successfully. The following errors for found: Group Policy was not processed. Windows was unable to apply the settings registry-based policy for the LDAP Group Policy object LDAP://CN
2018 Mar 26
3
freeradius + NTLM + samba AD 4.5.x
Ok, I finally could try it out, and it seems to actually work, but You need samba 4.7 on all machines, not only AD, but also server with freeradius. I didn't get a chance to test it locally, that is samba AD + freeradius on the same server. Setup: 4.7.6 AD server and 4.6.2 samba member + freeradius didn't work (got simple "nt_status_wrong_password") but: 4.7.6 AD and 4.7.1
2018 Mar 26
1
freeradius + NTLM + samba AD 4.5.x
It is an issue that I myself would also like to solve. I found multiple threads in samba and freeradius mailing lists. It seems that every couple of months there is question like this either here on FR mailing list and all point down to the same issue, that is: freeradius uses ntlm_auth (even when using winbind with newer freeradius versions, it also in the end uses ntlm_auth). And since
2017 Nov 01
5
kerberos + winbind + AD authentication for samba 4 domain member
Hello, Thank You for fast response. I'm glad that it's a mistake somewhere on my side, it means it will work when I fix it :) Ok, first of all: Everything is on centos 7.4 All config files will be below, but to start off: behaviour is stranger than I thought, but there is a pattern: when doing [DOMAIN\kacper_wirski at vs-files ~]$ kinit -V Using default cache: /tmp/krb5cc_101003
2018 Jul 21
2
samba 4.8 with bind - bugged dns entry in reverse lookup zone
Hello, I stumbled upon weird error/bug. My setup: 4.8.3 AD on centos 7.5 (compiled from source). BIND as dns running on AD DC with secure dns updates setup and working. Most of the DNS updates are dynamic, some added manually using windows DNS manager. One of the PTR entries in reverse lookup zone went missing. It's not visible in the windows DNS manager, it's nowhere to be found
2019 Jun 03
2
samba file server - sediskoperatorprivilege not being honored
On 03/06/2019 12:29, Kacper Wirski via samba wrote: > Hello, > > Since nobody picked this up I will try to answer myself (hopefully > correctly). > > I think I just misread documentation on wiki, but I would really > appreciate a clarification. In the wiki it states: > > "To enable other accounts than the domain administrator to set > permissions on Windows,
2018 Aug 02
1
ODP: Re: SAMBA 4 as Active Direcotry and Hyper-V
I actually posted about this here on samba list about it last year, but nobody caught interest. I used to have logs from samba and wireshark, which very nicely showed what's wrong (kerberos request was for SPN  eg. "Hyper-V Replication Service/Servername.mydomain.com" and in samba log there was an error with something like "Hyper-V\ Replication \Service.. not found".
2019 Oct 22
3
Win7 vs. Win10 GPO Editing
Hi, I have a problem with GPO editing. I have some GPO first created with RSAT and GPO editor on Win 7 x64. I have modified recently this object with RSAT and GPO editor on Win 10 x64 . If I try to edit the GPO back to Win7 I got the following error (in french): La ressource ? $(string.SiteDiscoveryEnableWMI) ? r?f?renc?e dans l?attribut displayName est introuvable. Fichier
2018 Mar 27
5
ODP: Re: freeradius + NTLM + samba AD 4.5.x
Hello, I can definately confirm that it's working. My basic setup is: 1) Samba 4.7.6 AD DC (2 of them), compiled from source, on centos 7 2) Freeradius 3.0.13 + samba 4.6.2 as domain member, packages straight from centos repo. // I  tested also on freeradius 3.0.14 and samba 4.7.x smb.conf on the DC is pretty basic, most important is obviously in [globall]:         ntlm auth =
2018 Mar 26
4
freeradius + NTLM + samba AD 4.5.x
Hi, we have updated our samba AD domain from 4.4.x to 4.5.x. The release notes for 4.5.0 included  "NTLMv1 authentication disabled by default". So we had to enable it to get our radius (freeradius) server working (for 802.1x). What would be the best way to change the freeradius configuration in such a way, that we can disable NTLMv1 again. The radius server is used for WLAN
2018 Aug 16
2
explorer.exe crashes on security tab access
I've noticed myself similiar issue. Windows 10 (v 1803) - window with security tab open crashes on certain files (yes, just the window, not whole OS). Just before crash i see unresolved SID which looks like nothing I know (doesn't look like domain SID - maybe local user SID from samba member server?). All files that cause this issue are from any of the samba servers. Same files I can
2018 Jul 03
1
samba 4.8.3 "apply group policy = yes" error
On Tue, 3 Jul 2018 08:06:44 +0200 Kacper Wirski via samba <samba at lists.samba.org> wrote: > Hello, > > I've realised that there was an error on this server, wrong > idmap.ldb, 3000002 should be one of the built-in users or groups > instead of machine own account. Unfortunately fixing idmap (I > imported idmap.ldb from DC with correct mapping) didn't fix my >
2018 Mar 29
2
Failed to find DC in keytab, gpupdate fails
Try verifying kvno from the client that gives the error message. That kvno = 2 for dc$ must've come from somewhere. You can also double check e.g. via ADUC ldap attributes of the dc$: lastpwdset and kvno. If  kvno is definately 1 that means that client connecting has some error, if it's 2, than it means that dc has outdated keytab. And if it's the former, than I really am not sure
2018 Jul 21
2
samba 4.8 with bind - bugged dns entry in reverse lookup zone
On Sat, 21 Jul 2018 20:57:07 +0200 Kacper Wirski via samba <samba at lists.samba.org> wrote: > Hello, > > I found this bugged record with > > ldbsearch -H > path/to/samba/bind-dns/dns/sam.ldb.d/DC\=DOMAINDNSZONES\,DC\=SUBDOMAIN\,DC\=DOMAIN\,DC\=PL.ldb > '(name=49)' > > So I have a couple of questions - hopefully someone can shed some > light: >
2018 Mar 26
3
freeradius + NTLM + samba AD 4.5.x
Also I just facepalmed, as I double checked smb.conf right after sending mail, and in samba 4.7 there are new options available for "ntlm auth", as stated in docs: |mschapv2-and-ntlmv2-only| - Only allow NTLMv1 when the client promises that it is providing MSCHAPv2 authentication (such as the |ntlm_auth| tool). So that is is I suppose that special "flag" that is used by
2017 Nov 01
4
kerberos + winbind + AD authentication for samba 4 domain member
On Wed, 1 Nov 2017 19:49:32 +0000 Rowland Penny via samba <samba at lists.samba.org> wrote: > On Wed, 1 Nov 2017 20:28:05 +0100 > Kacper Wirski <kacper.wirski at gmail.com> wrote: > > > I'm going to start with clean centos install, so I might as well use > > some additional guidelines, thank You. > > > > When You run kinit, does Your user have