similar to: Internal DNS not coming up in 4.18.0

On 22/03/2023 01:04, Anantha Raghava via samba wrote: > Hi, > > While upgrading Samba-AD fromm 4.15.9 to version 4.18, I ran into a > peculiar problem. AD Component is up, but DNS is just not coming up. > kinit is reporting KDC not found problem. > > All these years I have been compiling samba from source and for nearly 7 > years, it was working like a charm. But this

Hello Rowland, ldbsearch command is returning 0 records. # returned 0 records # 0 entries # 0 referrals On the backup front, I take the back up using samba-tool backup command and it was successful. Can I create a new ForestZone using samba-tool? I asking this question as RSAT is not connecting to DNS server. Thanks & Regards, Anantha Raghava H A This e-mail communication and any

On 23/03/2023 11:10, Anantha Raghava via samba wrote: > Hello Rowland, > > find the answers in line. > > > On 23/03/23 4:24 pm, Rowland Penny via samba wrote: >> >> >> On 23/03/2023 10:21, Anantha Raghava via samba wrote: >>> Hello Rowland, >>> >>> Find the answers to your questions & suggestions. >> >> Not all,

Hello Rowland, find the answers in line. On 23/03/23 4:24 pm, Rowland Penny via samba wrote: > > > On 23/03/2023 10:21, Anantha Raghava via samba wrote: >> Hello Rowland, >> >> Find the answers to your questions & suggestions. > > Not all, where did the domain come from ? > Was it provisioned as a Samba AD domain ? > Or > Did it it start out as an

Hi, I demoted my PDC (DC1) forcefully, because replication (among others) wasn't working anymore due to hard disk failure and I was afraid of spending a lot of time on nothing. With DC1 offline I seized the FSMO roles on DC2 (4.2.5), restarted Samba, and found errors in the samba log due to the missing DC1. I removed the two DNS entries created according to this site:

Hi, I played with demote recently on a test AD domain composed with Samba version 4.3.0 and 4.3.1. I demoted all version 4.3.0. I was facing same issue as you. I written long mails here to explain how I managed that. My DNS looks clear now. Today I played with AD sites and I found in default sites all demoted DC. They weren't removed from DNS DB nor here. For now I have no idea how to get

Hey, Thank you Louis for this script, I didn't yet took time to dig in but I'll do. I didn't took time neither to perform another test. That should be done today. Anyway I waited for DC synchronisation before posting. I joined my DC and removed the old ones almost at same time then I gave more than 12 hours to my DC to synchronize. Then I tried to understand what happened, I wrote

Thank you for hint to this VBS script. In fact I alraedy saw it but I'm not too confident in my VB knowledge, so I didn't use that script, prefering rely on Samba command and shell scripts to work around issues. You spoke about SOA record which wasn't changed, same here. There is another DNS record I had to change: _ldap._tcp.pdc._msdcs.samba.domain.tld. I spoke about removing

On 10/30/2015 9:19 AM, Ole Traupe wrote: > > > Am 30.10.2015 um 13:33 schrieb James: >> On 10/29/2015 9:56 AM, Ole Traupe wrote: >>> >>> >>> Am 29.10.2015 um 14:37 schrieb James: >>>> On 10/29/2015 9:15 AM, Ole Traupe wrote: >>>>> >>>>> >>>>> Am 29.10.2015 um 13:54 schrieb mathias dufresne:

On 10/29/2015 9:56 AM, Ole Traupe wrote: > > > Am 29.10.2015 um 14:37 schrieb James: >> On 10/29/2015 9:15 AM, Ole Traupe wrote: >>> >>> >>> Am 29.10.2015 um 13:54 schrieb mathias dufresne: >>>> Thank you for hint to this VBS script. In fact I alraedy saw it but >>>> I'm not >>>> too confident in my VB knowledge, so

On 10/29/2015 9:15 AM, Ole Traupe wrote: > > > Am 29.10.2015 um 13:54 schrieb mathias dufresne: >> Thank you for hint to this VBS script. In fact I alraedy saw it but >> I'm not >> too confident in my VB knowledge, so I didn't use that script, prefering >> rely on Samba command and shell scripts to work around issues. >> >> You spoke about SOA

On 10/30/2015 10:11 AM, Ole Traupe wrote: > > > Am 30.10.2015 um 14:56 schrieb James: >> On 10/30/2015 9:19 AM, Ole Traupe wrote: >>> >>> >>> Am 30.10.2015 um 13:33 schrieb James: >>>> On 10/29/2015 9:56 AM, Ole Traupe wrote: >>>>> >>>>> >>>>> Am 29.10.2015 um 14:37 schrieb James:

On 23/03/23 5:08 pm, Rowland Penny via samba wrote: > > > On 23/03/2023 11:30, Anantha Raghava via samba wrote: > >> You are right. They are not starting. One of the server is throwing >> NTDS and rid related error and exit. By the way this one was having >> all FSMO roles before it was removed. I haven't tried the other one. >> I will try and & turn

Answering to previous mail: AD is hearth of infrastructure. That's where all accounts are stored. That last affirmation implies few times after you start deploying AD most of your IT infrastructure depends on AD (all applications need accounts, they are in AD, no AD, no accounts, nothing work) and that you take security in consideration and that you do that seriously: an attacker with

Aaaaaaand more problems... Welcome to the continuing saga of FILER. It appears that neither SOA or NS records were updated during the process of moving fsmo roles to CBADC01. SOA entries on all three active DCs point to FILER. There aren't any NS records for any of the new DCs, only FILER. In RSAT each DNS server's properties show filer.cb.cliffbells.com is the primary server. This

On 10/12/15 13:25, Ole Traupe wrote: > Is it possible that kdc server is always the SOA, at least if derived > from DNS and not specified *explicitly* in the krb5.conf? > > In my DNS-Manager console I find that > > _tcp.dc._msdcs.bpn.tu-berlin.de > > contains only 1 "_kerberos" record, and that one points to my First_DC. > > Ole > > > Your

Hi, I demoted an outdated and offline DC following to: https://wiki.samba.org/index.php/Demoting_a_Samba_AD_DC Everthing appears to work well but there is still one, perhaps minor, question regarding to the dns SOA-record: The zone _msdcs.samdom.example.com still lists the demoted server in the SOA record. Is it ok to manually change it to fsmo holder dc or an other dc? Thanks in advance

SOA means "this DNS se'rver can modify the zone". Using Bind-DLZ all DNS servers can modify the AD zones, they all reply "I am the SOA" when you ask them about SOA for AD zones. Using Internal DNS I expect all DNS servers can modify the AD zones also (that's internal stuff) but even if they can modify the AD zone locally that's is not the process chosen by Samba

Thanks Rowland. Have submitted a bug report (No 11818). spindles7 On Thu, 31 Mar 2016 09:38:02 +0100, Rowland penny <rpenny at samba.org> wrote: >On 30/03/16 23:26, spindles7 wrote: >> Hi all, >> I am consistently getting the error: >> >> root at dc2:~# samba-tool domain demote -Uadministrator >> Using dc1.microlynx.com as partner server for the demotion

Hi, We have outdated SOA information in our samba DNS. We used to have a DC1, and it is no more, however it's listed in our SOA records on both remaining DC's. I think this is not correct. I am under the impression that in order to get full failover support, all DC's need to have listed themselves as SOA. This is also what google tells me: