similar to: Demoted/removed a DC, and the NS records?

In our network we found some client with clock differences. Some machine have effectively some troubles, eg have NO 'Windows Time' service defined, probably some glitches happened when moving from our old NT-like domain. Anyway, catching for that, we have found some other strangeness. Windows time service run: C:\Users\gaio>sc query w32time NOME_SERVIZIO: w32time TIPO

Some month ago a local branch office closed; the local branch had a DC, that i've simply removed the dc with: samba-tool domain demote --server=vdcsv1.ad.fvg.lnf.it -U gaio (see https://lists.samba.org/archive/samba/2019-February/221195.html) But this leave some old DNS records, eg: root at vdcsv1:~# host -t SRV _kerberos._udp.ad.fvg.lnf.it | awk '{print $NF}'| sed

Mandi! Rowland Penny via samba In chel di` si favelave... > This is probably where you are going wrong. AD lives and dies on DNS, > your DC MUST be authoritative for the AD domain. ...but *is* authoritative! Simply DHCP server assign the ''old'' DNS, where all resolution fr the AD (sub)domain are forwarded to AD DNS... > Your AD clients should be using the DC as

Mandi! Robert Marcano via samba In chel di` si favelave... > Yes, check the documentation of krb5.conf. Ahem, 'apt-get install krb5-doc' misses. ;-) > In summary you will need to > disable dns_canonicalize_hostname dns_lookup_kdc , etc if enabled and set > you admin and kdc hostnames there, something like: How can i determine kdc and master_kdc values? All DC server are

On Fri, 8 Jun 2018 12:04:30 +0200 Marco Gaiarin via samba <samba at lists.samba.org> wrote: > > > You are meaning here, literally: windows client try to > > register/update DNS using ONLY the dns provided by DHCP? > > Or, speaking differently the same thing, windows client suppose > > blindly that DNS got by DHCP ARE AD DCs? > > Ok, DNS registration seems

Hi Marco, > Following: > https://wiki.samba.org/index.php/Demoting_a_Samba_AD_DC > > i've demoted and removed a DC. Seems all went as expected: > > root at vdcud1:~# samba-tool domain demote --server=vdcsv1.ad.fvg.lnf.it -U gaio > Using vdcsv1.ad.fvg.lnf.it as partner server for the demotion > Password for [LNFFVG\gaio]: > Deactivating inbound replication >

On 02/10/2019 14:42, Marco Gaiarin via samba wrote: > Mandi! Rowland penny via samba > In chel di` si favelave... > >>> samba-tool dbcheck --cross-ncs --fix >>> Yes, should be possible, but i normaly do that after i do the following. >> Yes, but why wasn't it removed in the first place ? > [...] >>> Run : >>> dig CNAME

Mandi! Rowland Penny via samba In chel di` si favelave... > If an ldap lookup works on every DC, except for one and the data is > definitely there on the one DC it doesn't work on, then it must be > something on that DC. is there a firewall or apparmor/selinux in the > way ? No. Anyway, note that query return correctly 'result: 0 Success', simply return no data. Another

I need to do a simple query, against some LDAP data in 'laster draft schema' format i've added to te samba/AD schema. All LDAP query return the same result on all (6) of the DC: root at vdcsv1:~# ldapsearch -H ldap://vdcsv2.ad.fvg.lnf.it -W -D CN=mta,OU=Restricted,DC=ad,DC=fvg,DC=lnf,DC=it -b DC=ad,DC=fvg,DC=lnf,DC=it "(cn=prova123)" rfc822MailMember Enter LDAP Password:

Mandi! Andrew Bartlett via samba In chel di` si favelave... > It is an operational attribute. simply add  > msDS-UserPasswordExpiryTimeComputed > to the list of attributes requested when searching for the user. root at vdcsv1:~# ldbsearch -H /var/lib/samba/private/sam.ldb -b "dc=ad,dc=fvg,dc=lnf,dc=it" -s base "" maxPwdAge # record 1 dn:

Hai, If the primary domain is set in windows, which is after domain join, it used that. Ipconfig /all and see primary DNS suffix. The dns suffix and first dns search list should be the same. Yes, other settings are possible, but stick to this for now. The Primay DNS suffix is used for the register of the IP in the DNS. The DHCP Service User MUST be a member of the DNSAdmins. The DHCP

Hi Marco, As far i can see here. Are all your ADDC servers set to the same source NTP ( preffered a stratum 1 or 2 ) server. ( and not pool ntp sources ) Because below i see stratum 4 and stratum 3 servers and a timeout on one server. When i look at this. > C:\Users\gaio>w32tm /query /peers > N. peer: 1

Mandi! Rowland Penny via samba In chel di` si favelave... > > No. Anyway, note that query return correctly 'result: 0 Success', > > simply return no data. > That just means the search retuned without error Eh. Query succeded and return no data. Yes. > If you run the command: > ldapsearch -H ldap://vdcpp1.ad.fvg.lnf.it -W -D >

On Thu, 9 Nov 2017 11:08:26 +0100 Marco Gaiarin via samba <samba at lists.samba.org> wrote: > Mandi! L.P.H. van Belle via samba > In chel di` si favelave... > > > I dont beleave it. > > Eh. «De gustibus non disputandum est». ;-) > > > > The setup for the Ad in the link below is the same but if you want > > access without auth, Have you tried to

Happy new year to all! Samba 4.9.17 on stretch, Louis package. On 22/12, at midnight, office closed, i suffered a network outgage that 'broke in two' my domain. On 23/12, at 14.00, network come back. After that, some scripts written around ldbsearch i run on DM (against vdcsv1 that is the DC with FSMO roles) start to complain: Failed to bind - LDAP client internal error:

Hai, The steps shown here dont work? https://wiki.samba.org/index.php/Demoting_a_Samba_AD_DC If that is the case and you besides that free of errors. Then upgrade, and try again once your on at least samba 4.9 or 4.10. As im hoping you are upgrade straight to Buster. Greetz, Louis > -----Oorspronkelijk bericht----- > Van: samba [mailto:samba-bounces at lists.samba.org] Namens

Currently for my user: root at vdmsv1:/etc/exim4# ldbsearch -H ldap://vdcsv1 -P -b DC=ad,DC=fvg,DC=lnf,DC=it "(cn=gaio)" | grep ": gaio$" cn: gaio name: gaio sAMAccountName: gaio uid: gaio msSFU30Name: gaio what field is betetr to use for querying for user 'gaio'? 'uid' no (because RFC2307 data can be missing), so? 'sAMAccountName'? or

Mandi! Rowland Penny via samba In chel di` si favelave... > I think you need to post your smb.conf, I (at least) am struggling to > understand why you have moved 'sysvol' from /var/lib/samba/ > to /var/lib/samba/usershare/, it isn't a usershare! I've not done that! root at vdcsv1:/home# samba-tool testparm Press enter to see a dump of your service definitions #

On Mon, 11 Feb 2019 14:47:01 +0100 Marco Gaiarin via samba <samba at lists.samba.org> wrote: > > Sorry. Still on this issue. > > Today i'm upgrading my DC (with latest 4.5 from louis repo). Note that > i've 7 DC in total. > > In site 'PP' i've upgraded samba, then rebooted the container. reboot > on 'vdcpp2' happen on: > > Feb

Ahem no one reply me. A little fast-rewind: i need to have some 'aliases' to my servers (DM); seems i need to add in smb.conf: netbios aliases = FILESV but also add a 'SPN'; trying to look around for an examples, lead me to ''nothing'', or to examples that seems to me unrelated. Supposing the domain is 'ad.fvg.lnf.it' and the FQDN of the real host is