similar to: Removed a DC but...

Following: https://wiki.samba.org/index.php/Demoting_a_Samba_AD_DC i've demoted and removed a DC. Seems all went as expected: root at vdcud1:~# samba-tool domain demote --server=vdcsv1.ad.fvg.lnf.it -U gaio Using vdcsv1.ad.fvg.lnf.it as partner server for the demotion Password for [LNFFVG\gaio]: Deactivating inbound replication Asking partner server vdcsv1.ad.fvg.lnf.it to synchronize

In our network we found some client with clock differences. Some machine have effectively some troubles, eg have NO 'Windows Time' service defined, probably some glitches happened when moving from our old NT-like domain. Anyway, catching for that, we have found some other strangeness. Windows time service run: C:\Users\gaio>sc query w32time NOME_SERVIZIO: w32time TIPO

Mandi! Rowland penny via samba In chel di` si favelave... > > can i safely run 'samba-tool dbcheck --cross-ncs --fix'? > I do not see any reason why not. 1 error fixed, 7 remains: root at vdcsv1:~# samba-tool dbcheck --cross-ncs --fix Checking 4952 objects ERROR: no target object found for GUID component for msDS-NC-Replica-Locations in object

samba-tool dbcheck --cross-ncs --fix Yes, should be possible, but i normaly do that after i do the following. search for : CN=58eba604-07e5-4c5d-a104-9e6f4907248f And CN=16b8c008-6c59-4b65-9f1b-530751904a75 In _msdc.dom.tld. Verify which GUID is removed, you can see that, then remove the old server GUID. Run : dig CNAME 58eba604-07e5-4c5d-a104-9e6f4907248f._msdcs.ad.fvg.lnf.it dig CNAME

Hi Marco, As far i can see here. Are all your ADDC servers set to the same source NTP ( preffered a stratum 1 or 2 ) server. ( and not pool ntp sources ) Because below i see stratum 4 and stratum 3 servers and a timeout on one server. When i look at this. > C:\Users\gaio>w32tm /query /peers > N. peer: 1

Hai, If the primary domain is set in windows, which is after domain join, it used that. Ipconfig /all and see primary DNS suffix. The dns suffix and first dns search list should be the same. Yes, other settings are possible, but stick to this for now. The Primay DNS suffix is used for the register of the IP in the DNS. The DHCP Service User MUST be a member of the DNSAdmins. The DHCP

On Fri, 8 Jun 2018 12:04:30 +0200 Marco Gaiarin via samba <samba at lists.samba.org> wrote: > > > You are meaning here, literally: windows client try to > > register/update DNS using ONLY the dns provided by DHCP? > > Or, speaking differently the same thing, windows client suppose > > blindly that DNS got by DHCP ARE AD DCs? > > Ok, DNS registration seems

Happy new year to all! Samba 4.9.17 on stretch, Louis package. On 22/12, at midnight, office closed, i suffered a network outgage that 'broke in two' my domain. On 23/12, at 14.00, network come back. After that, some scripts written around ldbsearch i run on DM (against vdcsv1 that is the DC with FSMO roles) start to complain: Failed to bind - LDAP client internal error:

Hi Marco, > Following: > https://wiki.samba.org/index.php/Demoting_a_Samba_AD_DC > > i've demoted and removed a DC. Seems all went as expected: > > root at vdcud1:~# samba-tool domain demote --server=vdcsv1.ad.fvg.lnf.it -U gaio > Using vdcsv1.ad.fvg.lnf.it as partner server for the demotion > Password for [LNFFVG\gaio]: > Deactivating inbound replication >

I need to do a simple query, against some LDAP data in 'laster draft schema' format i've added to te samba/AD schema. All LDAP query return the same result on all (6) of the DC: root at vdcsv1:~# ldapsearch -H ldap://vdcsv2.ad.fvg.lnf.it -W -D CN=mta,OU=Restricted,DC=ad,DC=fvg,DC=lnf,DC=it -b DC=ad,DC=fvg,DC=lnf,DC=it "(cn=prova123)" rfc822MailMember Enter LDAP Password:

Hai, The steps shown here dont work? https://wiki.samba.org/index.php/Demoting_a_Samba_AD_DC If that is the case and you besides that free of errors. Then upgrade, and try again once your on at least samba 4.9 or 4.10. As im hoping you are upgrade straight to Buster. Greetz, Louis > -----Oorspronkelijk bericht----- > Van: samba [mailto:samba-bounces at lists.samba.org] Namens

Mandi! Andrew Bartlett via samba In chel di` si favelave... > It is an operational attribute. simply add  > msDS-UserPasswordExpiryTimeComputed > to the list of attributes requested when searching for the user. root at vdcsv1:~# ldbsearch -H /var/lib/samba/private/sam.ldb -b "dc=ad,dc=fvg,dc=lnf,dc=it" -s base "" maxPwdAge # record 1 dn:

> You are meaning here, literally: windows client try to register/update > DNS using ONLY the dns provided by DHCP? > Or, speaking differently the same thing, windows client suppose blindly > that DNS got by DHCP ARE AD DCs? Ok, DNS registration seems to work, but on a (form me) strange way... Spotted in logs: Jun 8 10:14:25 vdcud1 named[1049]: client 10.5.2.127#50250: request has

On 02/10/2019 14:42, Marco Gaiarin via samba wrote: > Mandi! Rowland penny via samba > In chel di` si favelave... > >>> samba-tool dbcheck --cross-ncs --fix >>> Yes, should be possible, but i normaly do that after i do the following. >> Yes, but why wasn't it removed in the first place ? > [...] >>> Run : >>> dig CNAME

Mandi! Rowland Penny via samba In chel di` si favelave... > > No. Anyway, note that query return correctly 'result: 0 Success', > > simply return no data. > That just means the search retuned without error Eh. Query succeded and return no data. Yes. > If you run the command: > ldapsearch -H ldap://vdcpp1.ad.fvg.lnf.it -W -D >

On 02/10/2019 15:37, Marco Gaiarin via samba wrote: > Mandi! Rowland penny via samba > In chel di` si favelave... > >>> can i safely run 'samba-tool dbcheck --cross-ncs --fix'? >> I do not see any reason why not. > 1 error fixed, 7 remains: > > root at vdcsv1:~# samba-tool dbcheck --cross-ncs --fix > Checking 4952 objects > ERROR: no target object

Currently for my user: root at vdmsv1:/etc/exim4# ldbsearch -H ldap://vdcsv1 -P -b DC=ad,DC=fvg,DC=lnf,DC=it "(cn=gaio)" | grep ": gaio$" cn: gaio name: gaio sAMAccountName: gaio uid: gaio msSFU30Name: gaio what field is betetr to use for querying for user 'gaio'? 'uid' no (because RFC2307 data can be missing), so? 'sAMAccountName'? or

Mandi! Rowland Penny via samba In chel di` si favelave... > I think you need to post your smb.conf, I (at least) am struggling to > understand why you have moved 'sysvol' from /var/lib/samba/ > to /var/lib/samba/usershare/, it isn't a usershare! I've not done that! root at vdcsv1:/home# samba-tool testparm Press enter to see a dump of your service definitions #

On Thu, 9 Nov 2017 11:08:26 +0100 Marco Gaiarin via samba <samba at lists.samba.org> wrote: > Mandi! L.P.H. van Belle via samba > In chel di` si favelave... > > > I dont beleave it. > > Eh. «De gustibus non disputandum est». ;-) > > > > The setup for the Ad in the link below is the same but if you want > > access without auth, Have you tried to

Mandi! Rowland Penny via samba In chel di` si favelave... > You need to explicitly ask for it, for instance: Oh, cool! Seems effectivaly different: root at vdcsv1:~# ldbsearch -H /var/lib/samba/private/sam.ldb -b "DC=ad,DC=fvg,DC=lnf,DC=it" "(cn=prova123)" nTSecurityDescriptor # record 1 dn: CN=prova123,CN=Aliases,OU=FVG,DC=ad,DC=fvg,DC=lnf,DC=it nTSecurityDescriptor: