Displaying 20 results from an estimated 8000 matches similar to: "One DC cannot authenticate off of another DC"
2019 Jun 26
4
One DC cannot authenticate off of another DC
Thank you, Louis, for your reply.
By simply asking me to provide outputs of the aforementioned files, I found the cause of my first problem (auth failing). It was my /etc/hosts file on dc1.
All of them should look like this, and indeed DC2 and DC3's *did* look like this:
# cat /etc/hosts
> 127.0.0.1 ? ? ? localhost.samdom.mycompany.net ?localhost
> 192.168.3.201
2019 Jun 26
4
Samba 4.10 member: SMB login no longer working
Hai,
And Omg... Your right, its my fault. :-/
I didnt say to you, you needed make the changes, to change what Rowland showed.
Im really sorry.. ;-) when im in austria i'll buy you a beer.
Or if you want teach you snowboarding.. I have an other guy in austria that cant ski/board.
Im going to teach him also. .. So funny a dutch guy teaching to austria guys.. :-)
And how is it running
2019 Jun 21
1
DLZ Backend DNS Hosed
Louis,
I appreciate your efforts with my predicament. I'm very sorry to say that your advice hasn't gotten me to a solution. After updating my /etc/network/interfaces to put my localhost IP address first (192.168.3.201, for example), saving, restarting services, rebooting, running "samba_upgradedns --dns-backend=BIND9_DLZ", saving, rebooting, etc., I still cannot add, edit or
2019 Jun 26
0
Samba 4.10 member: SMB login no longer working
Thank you, Louis, for your reply.
By simply asking me to provide outputs of the aforementioned files, I found the cause of my first problem (auth failing). It was my /etc/hosts file on dc1.
All of them should look like this, and indeed DC2 and DC3's *did* look like this:
# cat /etc/hosts
> 127.0.0.1 ? ? ? localhost.samdom.mycompany.net ?localhost
> 192.168.3.201
2019 Jun 26
0
One DC cannot authenticate off of another DC
Hai,
What is the running OS and version of samba on these servers.
Can you post some configs of these DC's ( all 3 )
/etc/hosts
/etc/resolv.conf
/etc/samba/smb.conf
And for all 3 this the keytab output.
klist -ke /var/lib/samba/private/secrets.keytab
Your also sure you servers time is not out of sync?
Greetz,
Louis
> -----Oorspronkelijk bericht-----
> Van: samba
2017 Jun 21
4
DRS stopped working after upgrade from debian Jessie to Stretch
21.06.2017 11:45, L.P.H. van Belle via samba пишет:
> I suggest before you upgrade do a very good read here.
>
> https://wiki.samba.org/index.php/Updating_Samba#Notable_Enhancements_and_Changes
>
> https://wiki.samba.org/index.php/Samba_Features_added/changed_(by_release)
> And a summerize version for with all parameter changes as of upgrade from 4.2 up to 4.6
>
2019 Apr 06
5
DsReplicaSync failed - WERR_LOGON_FAILURE // Failed to bind to uuid for ncacn_ip_tcp - NT_STATUS_LOGON_FAILURE
Am Sa., 6. Apr. 2019 um 18:01 Uhr schrieb Rowland Penny via samba <
samba at lists.samba.org>:
> On Sat, 6 Apr 2019 17:21:26 +0200
> Martin Krämer <mk.maddin at gmail.com> wrote:
>
> > Hello Rowland,
> >
> > thanks for your help.
> > Below my comments
>
> > > See here:
> > >
> > > http://apt.van-belle.nl/
> > >
2017 Jun 21
0
DRS stopped working after upgrade from debian Jessie to Stretch
Hai,
Before you start,
Backup, /etc/ /var/lib/samba better safe than sorry..
Stop samba and related services ( check it at least nmbd smbd winbind samba samba-ad-dc)
> -----Oorspronkelijk bericht-----
> Van: samba [mailto:samba-bounces at lists.samba.org] Namens
> Prunk Dump via samba
> Verzonden: woensdag 21 juni 2017 11:57
> Aan: samba at lists.samba.org
> Onderwerp:
2019 Jun 20
4
DLZ Backend DNS Hosed
I've been working on this problem for a few hours. Here are some updates:
Many of the domains I listed are duplicates of domains managed by other DNS servers on my network. There was no point in having them in Samba AD, so I deleted the zones in Windows DNS Manager and created slaves in my named.conf.local folder, so that they'd pull the records from my authoritative BIND DNS server,
2020 Oct 10
10
Mail samba
Hi I am trying to authenticate my mail server with samba ad.
The only problem is that I don?t get it working.
root at dna:/data/CA/EasyRSA-v3.0.6# ldapsearch -x -h gaia.rompen.lokaal -D 'vmail' -W -b 'cn=users,dc=rompen,dc=lokaal'
Enter LDAP Password:
ldap_bind: Strong(er) authentication required (8)
additional info: BindSimple: Transport encryption required.
I can not read
2019 Apr 10
0
DsReplicaSync failed - WERR_LOGON_FAILURE // Failed to bind to uuid for ncacn_ip_tcp - NT_STATUS_LOGON_FAILURE
Hello All,
I just discovered that the last I unfortunately I send only to Louis - not
the list.
So below are my answers included (and log outputs that were requested).
Never the less in meantime I have investigated further into SAMBA & winbind.
I was able to setup samba dc based on previous instructions and guidelines
successfully.
I additionally setup a debian samba member with winbind.
2019 Jun 20
2
DLZ Backend DNS Hosed
Nice shell script,?Louis. Here are the results:
Collected config ?--- 2019-06-20-12:46 -----------
Hostname: umbriel
DNS Domain: samdom.mycompany.net
FQDN: umbriel.samdom.mycompany.net
ipaddress: 192.168.3.203?
-----------
Samba is running as an AD DC
-----------
? ? ? ?Checking file: /etc/os-release
NAME="Ubuntu"
VERSION="16.04.6 LTS (Xenial Xerus)"
ID=ubuntu
2019 Jun 19
4
DLZ Backend DNS Hosed
Hello,
I'm in trouble here with what appears to be a total meltdown of my DNS on my Domain Controllers.
I only have two DCs right now and I cannot resolve anything on either of them. I am on Ubuntu 16.04 with a compiled version of Samba 4.10.4.
I also have a compiled version of BIND 9.10.3-P4-Ubuntu <id:ebd72b3>
# service bind9 status
? bind9.service - BIND Domain Name Server
?
2019 Aug 15
2
Failing to join existing AD as DC
I tried joining the same AD before and succeeded, however after upgrading to Debian Buster and installing AD Certificate Services on the Windows DC my join does not work anymore:
samba-tool domain join samdom.example.com DC -U?SAMDOM\adadmin? ?site=?KA-H9?
fails during the ldap part with:
Join failed - cleaning up
Failed to bind - LDAP error 49 LDAP_INVALID_CREDENTIALS - <8009030C: LdapErr:
2018 Mar 02
3
Error joining Samba 4.7.4 DC to existing Win2008R2 domain
Thanks for your attention
> You are always receiving these:
>
> Adding DNS A record SRVAD-NEW.SAMDOM.LOCAL for IPv4 IP: 10.0.3.100
> Join failed - cleaning up
Yes, but the DNS record is created and it persists after the failure.
Another thing I've noticed using RSAT "Active Directory Users and
Computers" is that the new DC computer account SRVAD-NEW$@SAMDOM.LOCAL
is
2019 Aug 15
2
Failing to join existing AD as DC
Hai,
?
From what i see below.
?
kinit that should work, or error in krb5.conf or resolv.conf.
What is the first resolver in resolv.conf and is samba configured with internal DNS or Bind9_DLZ?
?
This is in /etc/ldap/ldap.conf
TLS_CACERT????? /etc/ssl/certs/ca-certificates.crt
TLS_REQCERT allow
?
cp /var/lib/samba/private/krb5.conf /etc/krb5.conf
not really needed, but it does not hurt.
?
2019 Mar 01
2
Replication and KCC problems on upgrade
Hello all-
I am trying to upgrade a old domain to a newer version. The old DCs are a custom compiled version of Samba, so instead of upgrading the DCs in place, the plan is to upgrade by joining new DCs to the domain, replicating data and then shutting down the old ones after transferring the FSMO roles.
I had the new DC (dc3, version 4.9.4-12) replicating to the other DCs (dc0, versions
2020 Nov 16
6
changes on DC not replicated, while showrepl reports no issues
Hi all,
We are running a three DC samba AD, using 4.12.8 sernet packages. Very
stable for years.
Today at 12:30 my colleague moved two users from
* CN=Users,DC=samba,DC=company,DC=com
to
* OU=disabled,DC=samba,DC=company,DC=com
This change was done on the DC4 at 12:30 using LAM (ldap-account-manager
version 7.3)
Ever since that, my automated samba-tool ldapcmp scripts started
reporting
2017 Jul 02
1
ldapcmp failures between DC's
I am in the process of preparing to demote a couple of (hardware) aging
domain controllers. At moment, I have four DC's running on my domain.
When I "ldapcmp" between any of the DC's I get failures that appear to be
simple "typos".
Like these:
root at dtdc07:~# samba-tool ldapcmp ldap://dtdc03 ldap://dtdc07 -Uadministrator
>>>>> snipped for brevity
2019 Aug 15
2
Failing to join existing AD as DC
Sorry, am not used to a list that has real sender addresses?
Samba is configured with internal DNS.
# /etc/krb5.conf
[libdefaults]
default_realm = SAMDOM.EXAMPLE.COM
dns_lookup_realm = false
dns_lookup_kdc = true
# /etc/ldap/ldap.conf?
TLS_CACERT /etc/ssl/certs/ca-certificates.crt
TLS_REQCERT allow
# /etc/resolv.conf
domain samdom.example.com
search samdom.example.com
nameserver