Displaying 20 results from an estimated 500 matches similar to: "Samba 4 AD SmartCard Authentication Problem"
2020 Nov 19
1
Smartcard logon
>
> Hi friends,
> I need your help.
>
> I implemented
> https://wiki.samba.org/index.php/Samba_AD_Smart_Card_Login
>
> https://docs.microsoft.com/en-us/troubleshoot/windows-server/windows-security/enabling-smart-card-logon-third-party-certification-authorities
> enabling smart card logon on a Windows Server 2016 as a domain member of
> Samba DC.
>
> Currently I
2014 Jul 21
1
samba-tool domain demote - current DC is still the owner of 2 role(s)
Hey guys,
I had recently setup a new DC (called dc0) (in accordance with the wiki) and now I would like to demote the old DC (called pdc0 :)). I followed the wiki again, but I ran into the following issue. When trying to demote the old DC, I get this error message:
pdc0 # samba-tool domain demote
ERROR: Current DC is still the owner of 2 role(s), use the role command to transfer roles to another
2004 May 06
1
scheduled pings
Hello,
I have just setup some ipfw rules to checkout some traffic to one of my
boxes. I have three servers, only one of which has weird traffic. It
is getting ping'd on a five minute interval from approx 3 to 8 different
ip addresses within the same second. For example:
May 3 20:20:03 gaspra kernel: ipfw: 65002 Deny ICMP:8.0 202.160.241.130
xxx.xxx.xxx.xxx in via dc0
May 3 20:20:13
2019 Oct 18
0
Samba AD-DC idmap config
On 18/10/2019 18:48, John Redmond wrote:
> DNS is another area where I have read and experimented a lot.? Result:
> confusion.? Again, I'm using fresh installs of Ubuntu 18.04 LTS
> "server" for both the AD-DC and the fileserver machines.? Here's what
> the various config files on the fileserver look like now.? Test
> results are not exactly what they
2013 Apr 29
1
Global Catalog replication error to win 2008
Hi all,
Running Samba 4.0.0apha18 with good results but getting an error when I attempt to replicate the Global Catalog to a Windows 2008 Machine.
Samba machine = DC1
Windows 2008 machine = DC0
samba-tool Showrepl result:
Default-First-Site-Name\DC1
DSA Options: 0x00000001
DSA object GUID: 05c3c860-0a0d-4672-a39e-a212ccb0ce9c
DSA invocationId: abb0cab3-13d3-456c-8a16-e65a4855a2df
==== INBOUND
2019 Mar 01
0
Replication and KCC problems on upgrade
On Thu, 28 Feb 2019 18:04:50 -0600 (CST)
Mike Ray via samba <samba at lists.samba.org> wrote:
> Hello all-
>
> I am trying to upgrade a old domain to a newer version. The old DCs
> are a custom compiled version of Samba, so instead of upgrading the
> DCs in place, the plan is to upgrade by joining new DCs to the
> domain, replicating data and then shutting down the old
2019 May 15
0
Workstations cannot update DNS
On 15/05/2019 21:43, durwin at mgtsciences.com wrote:
> > > *named.conf.options*
> > > options {
> > > directory "/var/cache/bind";
> > >
> > > // If there is a firewall between you and nameservers you want
> > > // to talk to, you may need to fix the firewall to allow
> multiple
> > > //
2020 Feb 28
1
User names not replicating to secondary DC
> >
> > > Why are you using the internal dns server on one DC and Bind9 on the
> > other ?
> > I am very familiar with configuring Named on Fedora. I thought it
> > would be
> > just as easy on Ubuntu. After discovering the files were in different
> > places
> > and so many more being 'included', I decided to use internal on the
2019 Mar 01
2
Replication and KCC problems on upgrade
Hello all-
I am trying to upgrade a old domain to a newer version. The old DCs are a custom compiled version of Samba, so instead of upgrading the DCs in place, the plan is to upgrade by joining new DCs to the domain, replicating data and then shutting down the old ones after transferring the FSMO roles.
I had the new DC (dc3, version 4.9.4-12) replicating to the other DCs (dc0, versions
2012 Sep 25
1
DRS replication fails with Windows 2003 R2
Hello.
We're trying to integrate Samba 4 as a DC in production. We aim to replace our only Windows 2003 Enterprise R2 Russian DC with 2 Samba DCs. However, we've got a replication problem, we aren't shure is it a bug or misconfiguration.
Both Windows and Samba DCs are virtual amd64 machines, running under the control of Xen (so, at least the time is the same). Windows VM has GPLPV
2019 Apr 30
0
Group policies are not applied
Hai,
Why would you ever add Domain users to Local Admins?
Thas really a very big NO NO, dont do that, really.. Dont..
If you want to be an victum of online crime, that thats the way to allow it to happen.
Now your GPO.
Its a new setup, correct? If so.
Login on the AD and kinit Administrator
Run : samba-tool ntacl sysvolreset -k
Now, goto the Default Domain policy, is
2023 Jul 04
1
Found multiple results for "tga":
I only have a tga user. But it says it has multiple entries.
( ERROR: Failed to add members ['tga'] to group "backup" - Found
multiple results for "tga": )
root at dc0:~# samba-tool group list |grep backup
lpcfg_do_global_parameter: WARNING: The "domain logons" option is
deprecated
ldb_wrap open of secrets.ldb
backup
root at dc0:~# samba-tool user
2019 Apr 29
0
Group policies are not applied
I looked into Windows EventViewer and I found 'Invalid Credentials'.
But I do not know how to deal with it. I have authenticated with
Domain Controller, why is it saying 'Invalid Credentials'?
- System
- Provider
[ Name] Microsoft-Windows-GroupPolicy
[ Guid] {aea1b4fa-97d1-45f2-a64c-4d69fffd92c9}
EventID 1006
Version 0
Level 2
Task 0
Opcode 1
2017 Sep 29
2
Replication Error Between Differing Samba Versions During Upgrade
Hey all-
Trying to upgrade the domain and running into issues getting my data into the
new controller.
Current configuration:
dc0 - Ubuntu 12.04.2 - Samba: 2:4.0.6-12
dc1 - Ubuntu 12.04.2 - Samba: 2:4.0.6-8
dc2 - Ubuntu 12.04.3 - Samba: 2:4.0.6-8
I'm trying upgrade to Ubuntu 16.04.3, Samba: 2:4.3.11+dfsg-0ubuntu0.16.04.10
The documentation
2017 Oct 05
0
Magically disappearing errors during FSMO transfer
On Thu, 5 Oct 2017 14:14:56 -0500 (CDT)
Mike Ray via samba <samba at lists.samba.org> wrote:
> Recently tried transferring roles from Samba 4.3.11 to Samba 4.7.0.
> Ultimately, both dcs agreed that the 4.7.0 dc (dc3) had all the roles
> and replication and the databases were in good shape. However, during
> the process, I got a lot of errors that seemed to magically
>
2019 May 15
2
Workstations cannot update DNS
> > *named.conf.options*
> > options {
> > directory "/var/cache/bind";
> >
> > // If there is a firewall between you and nameservers you want
> > // to talk to, you may need to fix the firewall to allow
multiple
> > // ports to talk. See http://www.kb.cert.org/vuls/id/800113
> >
> > // If
2019 May 15
1
Workstations cannot update DNS
> > > > *named.conf.options*
> > > > options {
> > > > directory "/var/cache/bind";
> > > >
> > > > // If there is a firewall between you and nameservers you
want
> > > > // to talk to, you may need to fix the firewall to allow
> > multiple
> > > > // ports to talk.
2020 Feb 28
1
User names not replicating to secondary DC
Your setup is in consistant.
> 127.0.0.1 localhost.localdomain localhost
> 127.0.0.1 localhost
I suggest run my debugscript, make sure the servers there base setup is the same.
+ set both DC's there /etc/resolv.conf
search msi.mydomain.com mydomain.com
# IF THIS IS DC1
nameserver 172.23.93.26
nameserver 172.23.93.25
nameserver 172.23.93.3
# and for DC0
2020 Feb 27
2
User names not replicating to secondary DC
Two attachments are not being sent. Pasting contents.
DC0 smb.conf
# Global parameters
[global]
netbios name = DC0
realm = MSI.MYDOMAIN.COM
server role = active directory domain controller
server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc, drepl,
winbindd, ntp_signd, kcc, dnsupdate
workgroup = MSI
# This line was added 190710 (DFD)
2019 Apr 29
2
Group policies are not applied
I have hollowed these instructions.
https://github.com/thctlo/samba4/blob/master/full-howto-Ubuntu18.04-samba-AD_DC.txt
My normal domain is company.com. For the Samba domain it is
msi.company.com.
DNS is working. I ran these commands.
host -t SRV _ldap._tcp.msi.company.com.
_ldap._tcp.msi.company.com has SRV record 0 100 389 dc0.msi.company.com.
host -t SRV _kerberos._udp.msi.company.com.