similar to: RHEL7/Centos7 with Samba AD

On 10/06/2019 16:04, vincent at cojot.name wrote: > > There is probably some amount of redtape on this but AFAIK it works > fine for me: My RHEL7.6 hypervisors are joined to my AD DC 4.10.4 VMs > through use of realm '(and thus sssd): > > Here's a RHEL7.6 client: > # realm list > ad.lasthome.solace.krynn > ? type: kerberos > ? realm-name:

Hi Denis, Thanks for taking the time to answer. Yes, I may have been wrong with --forced-sync and --full-sync since the start but in fact I wanted to make sure to force replication between the servers. Here is what I have noticed: - replication works from dc00 -> dc00 but not from dc01 -> dc00: [root at dc00 ~]# samba-tool drs replicate DC01 DC00 dc=ad,dc=lasthome,dc=solace,dc=krynn

On 21/08/2020 21:40, vincent at cojot.name wrote: > On Fri, 21 Aug 2020, Rowland penny via samba wrote: > >> This works for me: >> >> rowland at devstation:~$ sudo ldapsearch -H >> ldaps://dc01.samdom.example.com -D 'SAMDOM\Administrator' -w >> 'xxxxxxxxxx' -b 'dc=samdom,dc=example,dc=com' >>

Hi All, On my two-DC setup (dc00 and dc01 - Used to be a 4-Dc setup but 02 and 03 are gone), I've noticed the following errors which I am unable to fix.. Any hints? * Basic dbcheck is clean. [root at dc00 ~]# samba-tool dbcheck Checking 327 objects Checked 327 objects (0 errors) * Cross-NCS shows two errors related to a de-comissionned DC (dc02) and cannot auto-fix this.. How do I fix

On Fri, 2020-08-21 at 17:51 -0400, Vincent S. Cojot via samba wrote: > Hi Rowland, > > First of all, thank you for taking the time to help me. > I tried your suggestion and all results came up empty. > > Then I did a few lapdsearch(es) and found this: > > 1) This query returns two users: > ldapsearch -H ldaps://dc00.ad.lasthome.solace.krynn:636 -x -W -D >

On Tue, 22 Jan 2019, Rowland Penny via samba wrote: > On Tue, 22 Jan 2019 14:20:21 -0500 (EST) > "Vincent S. Cojot via samba" <samba at lists.samba.org> wrote: > >> >> Hi All, >> >> On my two-DC setup (dc00 and dc01 - Used to be a 4-Dc setup but 02 >> and 03 are gone), I've noticed the following errors which I am unable >> to

Hi all, I'm running in circles trying to debug replication failures on samba 4.7.6: dc00 : is a VM on KVM host (attached to a bridge on local LAN) dc01 : is a similarly configured VM on another KVM host. I've forcibly demoted and re-promoted dc01 but I still cannot get automatic replication to work: root at dc00 ~]# samba-tool drs showrepl Krynn\DC00 DSA Options: 0x00000001 DSA

On 08/06/2019 21:32, Rowland penny via samba wrote: > On 08/06/2019 16:24, Uwe Laverenz via samba wrote: >> Hi all, >> >> when you join a linux server to an active directory with "realm" it >> uses "sssd" as default. This works well as long as you just want to >> be a simple domain member. >> >> As soon as you want a real member

On Wed, Jun 12, 2019 at 4:38 AM Rowland penny via samba <samba at lists.samba.org> wrote: > > On 10/06/2019 16:04, vincent at cojot.name wrote: > > > > There is probably some amount of redtape on this but AFAIK it works > > fine for me: My RHEL7.6 hypervisors are joined to my AD DC 4.10.4 VMs > > through use of realm '(and thus sssd): > > > >

On 21/08/2020 20:08, Rowland penny via samba wrote: > On 21/08/2020 19:28, Vincent S. Cojot via samba wrote: >> >> Hi everyone, >> >> I have a working Samba AD/DC (4.12.6 on RHEL7.8) setup I'm trying to >> use with OpenShift (a container platform to which RedHat contributes >> - aka OCP). I'm also not too skilled on LDAP even though I've been

There is probably some amount of redtape on this but AFAIK it works fine for me: My RHEL7.6 hypervisors are joined to my AD DC 4.10.4 VMs through use of realm '(and thus sssd): Here's a RHEL7.6 client: # realm list ad.lasthome.solace.krynn type: kerberos realm-name: AD.LASTHOME.SOLACE.KRYNN domain-name: ad.lasthome.solace.krynn configured: kerberos-member server-software:

On 21/08/2020 22:08, Rowland penny via samba wrote: > On 21/08/2020 21:40, vincent at cojot.name wrote: >> On Fri, 21 Aug 2020, Rowland penny via samba wrote: >> >>> This works for me: >>> >>> rowland at devstation:~$ sudo ldapsearch -H >>> ldaps://dc01.samdom.example.com -D 'SAMDOM\Administrator' -w >>> 'xxxxxxxxxx' -b

On Fri, 2018-12-07 at 23:32 -0500, Nico Kadel-Garcia via samba wrote: > On Thu, Dec 6, 2018 at 2:35 PM Vincent S. Cojot via samba > <samba at lists.samba.org> wrote: > > > So, IMHO RHEL7/Centos7 does just fine in a Samba AD/DC setup either as > > clients or DCs. I still have a few details to work out (how to move the > > Samba servers from local auth to AD auth,

Hi Andrew, Hi Rowland, I just spent close to one hour debugging this with one OpenShift specialist from RedHat. What we figured was: 1) both of my configs work (auth and group-sync) and are in fact correct. 2) OCP group sync does not sync the groups that have no explicit 'member' Attribute or groups that are 'default' groups (E.g: 'Domain Users') where membership is

On Tue, 22 Jan 2019 14:20:21 -0500 (EST) "Vincent S. Cojot via samba" <samba at lists.samba.org> wrote: > > Hi All, > > On my two-DC setup (dc00 and dc01 - Used to be a 4-Dc setup but 02 > and 03 are gone), I've noticed the following errors which I am unable > to fix.. Any hints? > > * Basic dbcheck is clean. > > [root at dc00 ~]# samba-tool

On Tue, 22 Jan 2019 15:19:10 -0500 (EST) "Vincent S. Cojot via samba" <samba at lists.samba.org> wrote: > On Tue, 22 Jan 2019, Rowland Penny via samba wrote: > > > On Tue, 22 Jan 2019 14:20:21 -0500 (EST) > > "Vincent S. Cojot via samba" <samba at lists.samba.org> wrote: > > > >> > >> Hi All, > >> > >>

Hi everyone, I have a working Samba AD/DC (4.12.6 on RHEL7.8) setup I'm trying to use with OpenShift (a container platform to which RedHat contributes - aka OCP). I'm also not too skilled on LDAP even though I've been running the above for over two years now.. There are typically two steps involved in connecting AD to OCP: 1) declare an OAuth configuration in OCP (requires a bind

Hi Vincent, > I'm running in circles trying to debug replication failures on samba 4.7.6: > > dc00 : is a VM on KVM host (attached to a bridge on local LAN) > dc01 : is a similarly configured VM on another KVM host. > > I've forcibly demoted and re-promoted dc01 but I still cannot get > automatic replication to work: > > root at dc00 ~]# samba-tool drs showrepl

Hi everyone, In case anyone's interested, I've posted the rpm builds of samba 4.8.11 that I'm using on RHEL7.6. (I run these in VMs, serving as AD DCs for my SOHO). Comments most welcomed. http://nova.polymtl.ca/~coyote/dist/samba/samba-4.8.11 If you're on RHEL7/Centos7, you've got several repos to choose from: http://azzurro.ezplanet.net/el7

On Thu, Dec 6, 2018 at 2:35 PM Vincent S. Cojot via samba <samba at lists.samba.org> wrote: > So, IMHO RHEL7/Centos7 does just fine in a Samba AD/DC setup either as > clients or DCs. I still have a few details to work out (how to move the > Samba servers from local auth to AD auth, etc.. mostly because it's not > my area of expertise) but it's been working fine for me so