similar to: Replication failures

Hai Mason,   I had a look at the debug output.   on 1) why around 15-16 second, that i really dont know. im trying to figure that out. on 2) if DNS is inconsistance, that everything is unrelayable. This is really the first the that needs fixing. then we look again at the replication.   The debug output still shows several messages about zones in flat files. I still do believe also that this

All- I've got 3 DCs (version 4.9.6-12) that, prior to today, were running without issue (as best I could tell). Every night I run a few commands to monitor the status of the DCs/domain. I run: * dbcheck --cross-ncs * samba-tool drs kcc <other DCs> * samba-tool ldapcmp <local DC> <other DCs> (domain|configuration|schema|dnsdomain|dnsforest) * samba-tool drs showrepl These

Ok thank you guys for you input.     So we need tot add something here :  cat /var/lib/samba/private/dns_update_list | grep ldap ${IF_RWDC}SRV          _ldap._tcp.${DNSDOMAIN}                               ${HOSTNAME} 389 ${IF_RWDC}SRV          _ldap._tcp.dc._msdcs.${DNSDOMAIN}                     ${HOSTNAME} 389 ${IF_RWDC}SRV          _ldap._tcp.${DOMAINGUID}.domains._msdcs.${DNSFOREST} 

On 15:14:06 wrote Rowland Penny via samba: > On Thu, 25 Aug 2016 10:22:36 +0200 > > "L.P.H. van Belle via samba" <samba at lists.samba.org> wrote: > > Ok thank you guys for you input. > > > > > > > > > > > > So we need tot add something here : > > > > cat /var/lib/samba/private/dns_update_list | grep ldap >

27.06.2016 18:45, mathias dufresne: > Perhaps you don't have yet duplicate objectSid as that's not supposed to be > possible. > Rather than scripting something to look for objectSid used twice I would > start with dbcheck and other tools to verify that your database is > consistent and identical on all servers. [root at pdc ~]# samba-tool dbcheck Checking 3346 objects

Hai Mason, > -----Oorspronkelijk bericht----- > Van: M B [mailto:mmx at exm0.net] > Verzonden: dinsdag 30 april 2019 20:42 > Aan: L.P.H. van Belle; samba at lists.samba.org > Onderwerp: Re: [Samba] Replication failures > > Hi Louis, > > In the past few days I’ve removed all bind flat file configs > from my environment, and I’ve checked carefully that all DCs

Louis, Upgraded to 4.13 and running "samba-check-db-repl.sh" exits with: "No Samba NT DOMAIN Name found exitting now...: Complete output: > #!/bin/bash -v > > ## > ## Version : 1.0.8 > ## release d.d. : 24-03-2015 > ## Author : L. van Belle > ## E-mail : louis at van-belle.nl > ## Copyright : Free as free can be, copy it, change it if

Hai,   Im wondering, im missing the  _ldaps._tcp. INTERNAL.DOMAIN.TLD entries in my dns. Now, before the updates ( badlock ) etc. this wasnt notice i think. But now since im setting up that everything is doing ldaps i noticed this in my squid setup   ( squid mailing subject : [squid-users] ext_kerberos_ldap_group_acl problem )   My question is...   did someone resently setup a new AD

----- On May 22, 2019, at 10:01 AM, samba samba at lists.samba.org wrote: > Try again with : > > samba-tool ldapcmp dc5.$(hostname -d) dc3.$(hostname -d) DNSFOREST > As in dc5.your.dns.domain.tld ... > > Whats the result.? The failure is still present -- no change in the output of the command: # samba-tool ldapcmp dc3.domain.local dc5.domain.local DNSFOREST ERROR(ldb):

Hi all! Today, after two years of production, I get this error: samba-tool user create test20160627 testpassword ERROR(ldb): Failed to add user 'test20160627': - ../lib/ldb/ldb_tdb/ldb_index.c:1216: Failed to re-index objectSid in CN=test20160627,CN=Users,DC=ad... - ../lib/ldb/ldb_tdb/ldb_index.c:1148: unique index violation on objectSid in CN=test20160627,CN=Users,DC=ad... Help me

Help, my Samba DC's refuse to sync :-( I have 2 Samba 4.1.17 DC servers. I made some changes via Active Directory USer and Computers on Windows. However even after a weekend the changes do not appear on the second DC. If I run samba-tool ldapcmp ldap://dc1 ldap://dc2 -Uadministrator --filter=msDS-NcType,serverState,subrefs I see:

Dear all, Running samba-tool ldapcmp on my both DCs samba 4.1.7 leads to the output : Attributes found only in ldap://s4master: msDS-NcType serverState FAILED How to deal with this? I am missing something? [root at s4slave ~]# samba-tool ldapcmp ldap://s4master ldap://s4slave -Uadministrator domain Password for [TPLK\administrator]: * Comparing [DOMAIN]

Problems with Secondary DC My scenario: DC1 = = SRV14=primary DC + DHCP Bind9 DC2 = SRV15=secondary DC + Bind9 Both running Samba 4.4.5. Through the Group Policy Management, when switching DC, when I try to connect to DC2, I get error message: "There was an error processing to collect data using this base domain controller. Change the base domain controller and try again." When

On Tue, 7 Aug 2018 17:44:37 +0200 Stefan Kania via samba <samba at lists.samba.org> wrote: > Hi Andrej, > > then it works, but on a "normal" addc it works without "-U ". This is probably because you will be running the command from the RODC on the RWDC. > > One more Question: > When I do a "host -t srv _ldap._tcp.example.net" I only see

Hello, I have 2 samba DCs. DC1 with FSMO role and DC2. These days, when I use dbcheck in DC1 ,I got the following error: # samba-tool dbcheck --cross-ncs Checking 4419 objects ERROR: incorrect DN SID component for member in object CN=Domain Users,CN=Users,DC=adagene,DC=cn - <GUID=c5c33d48-226b-4105-9c69-0506a22d3a15>;<RMD_ADDTIME=131526914300000000>

On my site with samba 4.18 on centos 6: 'samba-tool ldapcmp ldap://DC1 ldap://DC2 -Uadministrator' failed with this result msDS-NC Type failed : [root at s4master ~]# samba-tool ldapcmp ldap://s4master ldap://s4slave -Uadministrator Password for [TPLK\administrator]: * Comparing [DOMAIN] context... * Objects to be compared: 606 Comparing: 'CN=Builtin,DC=tplk,DC=loc'

Hi Rowland, I'm here at the Microsoft plugfest trying to help a vendor join a Samba AD-DC (I just did a standard local provision on my laptop using the internal DNS server). They fail due to looking for a DNS name of: _ldap._tcp.dc._msdcs.sambadom.example.com (I provisioned with the standard realm name of sambadom.example.com). Should we be creating this record on provision ? It seems

Louis, Just wanted to say 'thanks' for your work. I just ran your "old script' (to create a DC02) yesterday so I am familiar with it's content. The (old) script appeared to have processed okay and the DC02 appeared as a 'computer' when I checked thru ADUC on my W7 client. Any other tests you'd suggest to confirm the DC02 is operating properly? (About the new

Hai Nico,   Ok great, its fixed, and yes, i do think that the reboot fixed it, dont ask my why, i dont know.. i only know the fix ;-) Seen this few times before..   About the script, did you run it without the password in the script or with the password in the script? So i can check whats wrong there.   Your running samba 4.1.17 ? on which os?   Greetz,   Louis       Van:

Am 13.03.19 um 17:13 schrieb Stefan G. Weichinger via samba: > Am 13.03.19 um 16:53 schrieb L.P.H. van Belle: >> Ok thats small, a dc should be rebooted within 1-2 min and 1-2 min really max for AD sync. one more observation: manually running this works: root at pre01svdeb03:~# samba-tool drs replicate dc PRE01SVDEB03 dc=blabla,dc=at --full-sync but the one user I created (and