similar to: Macs can't join domain when 2nd DC is online

On Thu, 25 Jan 2024 09:25:02 -0800 Alex via samba <samba at lists.samba.org> wrote: > Hi, I am looking for advice troubleshooting this issue. > > > I have 2x Samba 4 DC's: > - dc1, Samba 4.7.6 (with FSMO roles) on Ubuntu 18.04 > - dc2, Samba 4.15.13 on Ubuntu 20.04 > > Any advice would be appreciated! > > Peter My advice would be to upgrade your DCs,

On 10/12/15 13:08, Ole Traupe wrote: > > > Am 09.12.2015 um 17:53 schrieb L.P.H. van Belle: >> Hai Ole, >> >> Can you run on the member where you logged in. >> >> host -t SRV _ldap._tcp.samdom.example.com. >> host -t SRV _kerberos._udp.samdom.example.com. >> >> host -t A dc1.samdom.example.com. >> host -t A dc2.samdom.example.com.

Hello, I needed to replace an old Samba AD PDC with a new one, so I've installed the new one (Ubuntu 20.04 + Samba 4.15.13 from Ubuntu repository), joined it to the AD domain, demoted the primary, then removed it. All steps have been done following the Samba official howtos: https://wiki.samba.org/index.php/Joining_a_Samba_DC_to_an_Existing_Active_Directory and

Hi, You will find attached the output of "net ads testjoin -d4" and "-d3". Yes replication seems to work properly. Alexis. On 07/06/2016 18:55, lingpanda101 at gmail.com wrote: > On 6/7/2016 12:31 PM, Alexis RIES wrote: >> I was wrong, the problem persists, it is not because of the DNS. >> You have the same configuration as me, but with two domains controller

Thank you, Louis, for your reply. By simply asking me to provide outputs of the aforementioned files, I found the cause of my first problem (auth failing). It was my /etc/hosts file on dc1. All of them should look like this, and indeed DC2 and DC3's *did* look like this: # cat /etc/hosts > 127.0.0.1 ? ? ? localhost.samdom.mycompany.net ?localhost > 192.168.3.201

Hai, Someone called me called?? I did a quick read here in this thread.. The upn part is done, so your almost there. You need to make sure your DNS is working as it should. To check on the proxy with dig a hostname.FQDN. dig -x ip_the_server Test this for the DC hostnames/ips also. If that all ok, you can try these settings in squid # For squid ( works for me as of squid 3.2 up to 3.5

Dear list, I tried to replace the AD DC in my home network (all running samba-4.2.0rc2). I followed this procedure: - setup and join DC2 to the domain served by DC1 - transfer FSMO - demote and switch off DC1 and as there were still remnants of DC1 in the domain: - wipe out the traces of DC1 in ADUC. The first issue is, that not all the traces could be wiped out. ADUC refuses to do so while

On 10/12/15 12:58, James wrote: > On 12/10/2015 6:55 AM, Rowland penny wrote: >> On 10/12/15 10:54, Rowland penny wrote: >>> On 10/12/15 10:44, L.P.H. van Belle wrote: >>>> Hai, >>>> >>>> Ah, ok, wel, yeah, i was missing the NS on the SOA. >>>> >>>> This is imo a bug, i dont know it this is by design for samba,

When running two DC's is the recommended practice for the first DC to resolve to itself, like this: first DC /etc/resolv.conf file: search samdom.tld nameserver [DC1 ip address] nameserver 127.0.0.1 And on second DC to both DC1 and DC2, like this: search samdom.tld nameserver [DC1 ip address] nameserver [DC2 ip address] nameserver 127.0.0.1 Or is the incorrect? --

Dear all, debian buster, two DCs (DC1 & DC2) samba packages updated from 4.11.9+dfsg-0.1buster1 to 4.12.3+dfsg-0.1buster1 this past Sunday night (Louis' packages). Since then, samba-tool drs showrepl shows a replication failure. DNS updates with samba-tool fail, example: root at dc1:~# samba-tool dns add dc1 samdom.example.com testrec CNAME afs3.samdom.example.com -k yes Failed to bind

Hi Louis (and Rowland), Welcome back from holiday! First: I ran everything as root. I increased log level, all the way up to 10, but I don't see much interesting. Here is the last bit with -d 10: https://paste.ubuntu.com/p/yMrw7zNKvN/ Also no different behaviour kerberos vs NTLM. Perhaps interesting: I am not getting the additional password question near the end. (neither with kerberos

On 29/02/16 11:51, Reindl Harald wrote: > > > Am 29.02.2016 um 12:29 schrieb Rowland penny: >> On 29/02/16 10:45, Reindl Harald wrote: >>> >>> >>> Am 29.02.2016 um 11:28 schrieb Rowland penny: >>>> On 29/02/16 09:42, Reindl Harald wrote: >>>>> >>>>> >>>>> Am 29.02.2016 um 10:10 schrieb Rowland penny:

Thank you, Louis, for your reply. By simply asking me to provide outputs of the aforementioned files, I found the cause of my first problem (auth failing). It was my /etc/hosts file on dc1. All of them should look like this, and indeed DC2 and DC3's *did* look like this: # cat /etc/hosts > 127.0.0.1 ? ? ? localhost.samdom.mycompany.net ?localhost > 192.168.3.201

Hello, after demote and rejoun my dc2 i have problems with replication. First of all some srv records on dc1 are missing, on dc2 they are exist. root at dc2:~# dig srv _ldap._tcp.ForestDnsZones.samdom.example.com @dc2.samdom.example.com. ; <<>> DiG 9.11.5-P4-5.1+deb10u1-Debian <<>> srv _ldap._tcp.ForestDnsZones.samdom.example.com @dc2.samdom.example.com. ;; global

On 05/06/16 18:25, Jo wrote: >> -----Ursprüngliche Nachricht----- >> Von: Rowland penny [mailto:rpenny at samba.org] >> Gesendet: Sonntag, 5. Juni 2016 17:46 >> An: Jo <j.o.l at live.com> >> Cc: 'samba' <samba at lists.samba.org> >> Betreff: Re: AW: [Samba] inconsistent DNS information, windows domain >> member issues.. >>

On 12/5/23 8:45 PM, bd730c5053df9efb via samba wrote: > Hi! > > I had a samba 4.10.8 (DC1) AD DC which was holding all the FSMO roles and a samba 4.18.9 (DC2) AD DC with one way sysvol replication using rsync from DC1 to DC2. Since I'm trying to get the admx files for group policy editor into de DC I succesfully transfered the FSMO roles from DC1 to DC2 with "samba-tool fsmo

On Sat, 20 Oct 2018 13:58:15 +0200 (CEST) tomict via samba <samba at lists.samba.org> wrote: > > > Just one thought, where does the nameserver on DC2 point ? > > Is it to DC1 ? > > or itself, DC2 ? > > > If it is pointing to itself, try pointing it at DC1 > > > Rowland > > The Nameserver on DC2 points to the ip address of DC1 > > Tom

Hai Ole, Can you run on the member where you logged in. host -t SRV _ldap._tcp.samdom.example.com. host -t SRV _kerberos._udp.samdom.example.com. host -t A dc1.samdom.example.com. host -t A dc2.samdom.example.com. and again with search my.domain.tld nameserver IP_of_2st_DC nameserver IP_of_1nd_DC looks ok to me sofare. Greetz, Louis > -----Oorspronkelijk bericht----- > Van:

Hi! Thank you botho for your answers! I ran into some problems with the FSMO migration caused by the "kdc default domain supported enctypes" and "kdc supported enctypes" so after correcting that and verifying that DC2 was working again I shut down DC1 just to make sure that the domain was working correctly again. During this downtime I tried installing the admx templates again

Hi M-J. SeBackupPrivilege only give access to read all files. You also need to set: SeRestorePrivilege to allow restoring. And it does not say anything about the ACLs needed in the AD-DB. Increase the debug level and find out where its giving this messages. On which object, if you know that, then you might find what is missing or if you found a bug ;-) (i think last) Running this on samba