similar to: dns_tkey_gssnegotiate: TKEY is unacceptable

On 12/08/2019 20:19, Joachim Lindenberg wrote: > Hi Rowland, > did read, actually cited the page it myself, but didn?t help me to identify the cause. > Kerberos credentials exists, dns users exists, file permission are correct. So either that is insufficient or I am blind.. > Regards, Joachim > > -----Urspr?ngliche Nachricht----- > Von: samba <samba-bounces at

I figured it out myself. The kerberos configuration on the old dc cobra was bad ? no clue why it worked at all until yesterday. After fixing it, testing with kinit, and restarting the dc processes it resumed replication. Joachim Von: Joachim Lindenberg <samba at lindenberg.one> Gesendet: Friday, 19 July 2019 16:54 An: samba at lists.samba.org Betreff: replication stuck? Until

I need to implement split horizon DNS, as I have just one external IP address (dynamic.lindenberg.one in external DNS) but multiple internal ones. External requests are distributed by port or using sniproxy (in particular 443), and all externally visible names are in a distinct zone then my domain, but with an additional indirection: names like backup.lindenberg.one resolve to CNAME

In installed a new DC (Samba 4.12.8 on Ubuntu 20.4) and initially everything appeared to work smoothly. Now I experience issues: DCDIAG /s:cobra.samba.lindenberg.one Directory Server Diagnosis Performing initial setup: [cobra.samba.lindenberg.one] LDAP bind failed with error 1326, The user name or password is incorrect.. With the other DC (still samba 4.11.14 on Ubuntu

Until yesterday replication between my two DCs (boa and cobra) was running fine. Now I am observing one direction boa->cobra being stuck. I noticed this with a missing update of a DNS entry, but samba-tool drs showrepl confirms? Output of cobra shows plenty entries like the following (including just he first of each type): ==== INBOUND NEIGHBORS ====

On 22/10/2020 19:49, Joachim Lindenberg wrote: > Password for Administrator at SAMBA.LINDENBERG.ONE: > > Failed to bind to uuid 50abc2a4-574d-40b3-9d66-ee4fd5fba076 for ncacn_ip_tcp:192.168.177.19[49153,sign,target_hostname=cobra.samba.lindenberg.one,abstract_syntax=50abc2a4-574d-40b3-9d66-ee4fd5fba076/0x00000005,localaddress=192.168.177.19] NT_STATUS_LOGON_FAILURE > ERROR: Connecting

Hai, Have you ever tried this with a systemd networking setup. I suggest you try this, this at least helped me with some split dns issues. Below shows how i did it. Configure you network with system, the configs.. #/etc/systemd/network/lan-dev.network # # Configure global settings in /etc/systemd/*.conf # # Dont forget : rm /etc/resolv.conf && ln -s /run/systemd/resolve/resolv.conf

On 7/3/2020 9:50 AM, Rowland penny via samba wrote: > I thought I explained that, but lets try again ;-) > > Originally, Samba used /var/lib/samba/private for the dns.keytab and > other dns files. This was then found to be possibly insecure, so it > was decided to use /var/lib/samba/bind-dns instead. When you upgrade > the Samba packages, the old files are not removed, but the

On 31/07/2019 12:04, Stefan G. Weichinger via samba wrote: > Am 31.07.19 um 12:50 schrieb Rowland penny via samba: >> On 31/07/2019 11:40, Stefan G. Weichinger via samba wrote: >>> Am 31.07.19 um 12:32 schrieb Rowland penny via samba: >>>> On 31/07/2019 11:22, Stefan G. Weichinger via samba wrote: >>>>> "dc" was the old name a few years ago

On 10/12/15 14:00, Ole Traupe wrote: > > > Am 10.12.2015 um 14:38 schrieb Rowland penny: >> On 10/12/15 13:25, Ole Traupe wrote: >>> Is it possible that kdc server is always the SOA, at least if >>> derived from DNS and not specified *explicitly* in the krb5.conf? >>> >>> In my DNS-Manager console I find that >>> >>>

On 10/12/15 14:40, Ole Traupe wrote: > >>> However, my 2nd DC is not that new, I restarted it many times, just >>> again (samba service). No DNS records are created anywhere. >>> >>> If I go through the DNS console, in each and every container there >>> is some entry for the 1st DC, but none for the 2nd (except on the >>> top levels: FQDN

Please see replies inline: On 22/10/2020 19:06, Joachim Lindenberg wrote: > root at cobra:/home/joachim# cat /tmp/samba-debug-info.txt > Collected config --- 2020-10-22-17:57 ----------- > > Hostname: cobra > DNS Domain: > FQDN: cobra > ipaddress: 192.168.177.19 I actually expected more output, but lets start with what we have :-) You do not seem to have a domain name, you

"--seize" helped: root at pre01svdeb03:~# samba-tool fsmo show SchemaMasterRole owner: CN=NTDS Settings,CN=PRE01SVDEB03,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=pilsbacher,DC=at InfrastructureMasterRole owner: CN=NTDS Settings,CN=PRE01SVDEB03,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=pilsbacher,DC=at RidAllocationMasterRole owner:

> So you never read this: > https://wiki.samba.org/index.php/Changing_the_DNS_Back_End_of_a_Samba_AD_DC > Which means that you probably never ran the aptly named > 'samba_upgradedns'Of course I ran this. Many times. I'm not stupid, Rowland. At least I can read:D If I've seen that Bind doesn't work, I had to change backend to internal DNS.I carefully read and made

Ah i see.. /usr/local/samba/private/dns.keytab Thats the "old" path.. Your using bind9 you should have: /usr/local/samba/bind-dns/dns.keytab dont forget to set the needed rights on bind-dns folder. On road, cant look deeper in it. Greetz, Louis > -----Oorspronkelijk bericht----- > Van: Rommel Rodriguez Toirac [mailto:rommelrt at nauta.cu] > Verzonden:

Ah, ok, my thats where its different here. My setup is AD-DNS => eth0 Server_split_DNS (Proxy) eth1 => internet > -----Oorspronkelijk bericht----- > Van: Joachim Lindenberg [mailto:samba at lindenberg.one] > Verzonden: dinsdag 30 juli 2019 10:44 > Aan: 'L.P.H. van Belle'; samba at lists.samba.org > Onderwerp: AW: [Samba] split horizon and authoritative answers..?

Hello I tried on two vms on my vmware Workstation to use samba as DC. I want use BIND for dns system. To join the Domain had worked successfully after I recompiled the bind. It seems the zone are the same but Samba isn't in the ns-record. If I run dcpromo.exe I get this error message: This Active Directory DC is the last dns-server for the AD-zones. If I remove the DC the dns-names

Many (many) hours later, I'm finally throwing in the towel and seeking help. I have read everything I can find on the internet to no avail to get past my issues. I have to say, I'm very disappointed in the general quality and fragmentation of information on this topic. Samba isn't a turn-key solution as an AD by any stretch of the imagination. I've run the gamut so far with

Hello List, I am trying to compile and install Samba 4 using the wiki guide on Centos 6.2. I am currently using the current source from git. It seems that the zone file used for Bind is not configured and not installed in the private directory. Is there any way to get this file generated so I can finish my install? Thank you for your time and have a great day!! Kind regards, Jeremy

Hi, Samba team! I am trying to install samba4 on FreeBSD 9.2 as a domain DC to join an existing samba4 domain controller on FreeBSD 9.2. I followed the instruction of: Samba4/HOWTO/Join a domain as a DC Everything is OK until I run the following command: root at mtm:/var/named/etc/namedb # samba-tool drs showrepl Default-First-Site-Name\MTM DSA Options: 0x00000001 DSA object GUID: