similar to: logging of ldap queries

We have 3 ADCs based on Samba-4.7.4 (compiled from source,internal DNS)/ CentOS7: dcdo1,dcnh1 and dcge1. dcge1 holds all FSMO roles. The 3 ADCs are on different locations connected via IPSec based VPN. No traffic is filtered out. All 3 ADCs replicate fine except dcdo1 -->dcnh1. Symptom: [root at dcdo1 ~]# samba-tool drs replicate dcnh1.ad.kdu.com dcdo1.ad.kdu.com dc=ad,dc=kdu,dc=com

On Wed, 27 Dec 2017 13:00:05 +0100 "Dr. Johannes-Ulrich Menzebach via samba" <samba at lists.samba.org> wrote: > There is additional info in the logs of the source DC (dcdo1, log > level 2, manually triggered another replication): > ==================== > [2017/12/27 12:31:29.695121,  2] >

Am 18.09.19 um 19:16 schrieb Kris Lou via samba: > More than likely, certificate issues. > > If you use the IP in pfsense, then the Samba certificate needs to have the > IP as the CN. So you suggest to contact the dc via hostname ... googled this query command: # openssl s_client -connect adc1:636 tells me ... CONNECTED(00000003) depth=0 O = Samba Administration, OU = Samba -

Hi, i have the same problem on samba 4.7.3 and 4.7.4. I start with 2 DCs and the sync works fine. After the join of a third DC mostly i get the WERR_DS_DRA_ACCESS_DENIED. I tested it for 10 times. in my case i have: DC1 (with any FSMO Roles) DC2 new join as DC: DC3 After the join, the sync from DC2 to DC3 fails. samba-tool drs replicate dc2 dc1 dc=gvcc,dc=net : OK samba-tool drs replicate

Yesterday I set up the pfsense-OpenVPN-Server to auth against the samba-AD worked great already ... Now without a change I get errors and wonder why. I used the IP as "host" and TCP-STARTTLS to port 389 log.samba shows: [2019/09/18 18:38:22.123976, 1] ../source4/lib/tls/tls_tstream.c:1439(tstream_tls_retry_handshake) TLS ../source4/lib/tls/tls_tstream.c:1439 - A TLS fatal alert

Hello everybody. When a user or group account is deleted, the user or group account is moved to CN=Deleted Objects,DC=domain,DC=com I can find them with the command: ldbsearch -H ldap://localhost --show-deleted "cn=*DEL:*" -U administrator Password for [DOMAIN\administrator]: # record 1 dn: CN=user1\0ADEL:f53b71f8-a3e8-4997-bd84-5504235d3b31,CN=Deleted Objects,DC=domain,DC=com

Dear list, I am trying to restore an deleted user object with samba 4.9.1 (sernet packages).  I am aware that the object will lose some attributes without recycle bin enabled (enabling it is still not recommended, right?) I tried to rename the object in order to make the  necessary modifications afterward (as documented in Stefan Kania's Samba 4 book). But ldbrename already fails. root

Hello everybody I would like to recover a deleted object. I created a user, then I deleted this user and search for the deleted object with: ------------- ldbsearch --url=/var/lib/samba/private/sam.ldb --show-deleted --cross-ncs CN=no-bin\* # record 1 dn: CN=no-bin\0ADEL:0b2f3fb3-5b25-455f-979c-bd02569c832a,CN=Deleted Objects,DC=example,DC=net ... ------------ so the delete object is still

Hi, there is no firewall, all DCs are in the same subnet. here ist the output of a test, you can see, the CNAME guid entries in the _msdcs can be resolved on any DC: (DC1 and DC2 are the first and second DCs, SAMBA3 was added at last. ldbsearch -H /srv/samba/private/sam.ldb '(invocationId=*)' --cross-ncs objectguid # record 1 dn: CN=NTDS Settings,CN=DC2,CN=Servers,CN=Default-First-Site-

Heinz, I had exactly the same problem, and used ldbedit to apply the fix. Thanks for digging into this! Now I'm interested in the root cause as well ... Uli Am 16.01.2018 um 16:48 schrieb Heinz Hölzl via samba: > no, it seems to work!!! > > > i did a ldapmodify on DC2: > > ldapmodify -x -h dc2 -D cn=administrator,cn=users,dc=test,dc=net -W -f > serverReference.ldif

Hi, I have a problem with samba / winbind PAM authentication. Domain controller is samba4, machines users log on to via PAM are samba 3.6 (all of them ubuntu 12.04 LTS). The whole user authentication was working already, but after a reboot it somehow broke. Additional reboots don't help. The funny thing is that all logs look quite OK to me (except for the single line saying

It had been working up to Samba 4.8 and with the recyclebin active you could restore every attributre, but since 4.9 it's not working anymore Am 02.05.23 um 23:57 schrieb Anderson Sampaio Mello via samba: > Hello everybody. > > When a user or group account is deleted, the user or group account is moved > to CN=Deleted Objects,DC=domain,DC=com > > I can find them with the

There is additional info in the logs of the source DC (dcdo1, log level 2, manually triggered another replication): ==================== [2017/12/27 12:31:29.695121,  2] ../source4/rpc_server/drsuapi/getncchanges.c:1731(getncchanges_collect_objects)   ../source4/rpc_server/drsuapi/getncchanges.c:1731: getncchanges on DC=ad,DC=kdu,DC=com using filter (uSNChanged>=5415) [2017/12/27

Rowland, - the DN "CN=DCNH1,..." exists on all 3 DCs (pointing the Sites and Services console to each of them). - I also checked that "samba-tool dbcheck" completes w/o showing errors. - the objectGUID DNS aliases of all DCs are resolvable against all 3 DCs' builtin DNS - I forced a full sync from the FSMO holder (dcge1) to the 2 other DCs which finished w/o errors. -

Hi Heinz, > i have the same problem on samba 4.7.3 and 4.7.4. > I start with 2 DCs and the sync works fine. After the join of a third > DC mostly i get the WERR_DS_DRA_ACCESS_DENIED. I tested it for 10 > times. > > in my case i have: > DC1 (with any FSMO Roles) > DC2 > > new join as DC: > DC3 > > After the join, the sync from DC2 to DC3 fails. > >

Hi Denis, Follow the output. TOP 29723 root 20 0 1617024 487668 383560 R 99,7 6,1 54:25.11 samba Service: PID ----------------------------- dnsupdate 29734 cldap_server 29727 rpc_server 29723 rpc_server 29723 rpc_server 29723 rpc_server 29723 rpc_server 29723 rpc_server 29723

Tks Rowland, its work. But same with the new installation the server goes up for 100%. We dont have the Iptables enabled. Maybe if enable the iptables the cpu is goes down. what do you think ? 2016-08-23 16:42 GMT-03:00 Rowland Penny via samba <samba at lists.samba.org>: > On Tue, 23 Aug 2016 16:06:19 -0300 > Maiquel Consalter via samba <samba at lists.samba.org> wrote: >

Hi, I quote from the smb.conf man page: ------------------------------------ log level (G) The value of the parameter (a astring) allows the debug level (logging level) to be specified in the smb.conf file. This parameter has been extended since the 2.2.x series, now it allow to specify the debug level for multiple debug classes. [...] Example: log level = 3 passdb:5 auth:10 winbind:2

Hi Andrew, On 12/02/2017 07:20 PM, Andrew Bartlett via samba wrote: > I'm sorry, but while we do log it, the news isn't good. > > DEBUG(5, ("Locked out user %s after %d wrong passwords\n", >   ldb_dn_get_linearized(user_msg->dn), badPwdCount)); > > That will show up with level 5 globally. Ok, patches are difficult now, as we've sponsored quite a

Hi, i changed the options but the problem it's the same. I removed the dns forward, schema and smb2 leases = yes, but after 5 minutes the process smbd groes up for 100%. Follow the error (log leve = 3). http://pasted.co/6f36cf12 2016-08-21 5:54 GMT-03:00 Marc Muehlfeld <mmuehlfeld at samba.org>: > Hi Maiquel, > > Am 20.08.2016 um 21:03 schrieb Maiquel Consalter via samba: >