similar to: Keeping DNS out of Samba

Hi Michael, I'm aware of the dns_update_cache file, and I saw it being generated when starting samba service for the first time. However, I don't understand when it gets updated. For example, I have added an additional DC to my domain and moved the PDC role to it for a while. So the line for PDC record was added to the file. Once I removed the PDC role the line in the file is still

19.12.2024 17:52, Peter Mittermayer via samba wrote: > > Hi Michael, > > I'm aware of the dns_update_cache file, and I saw it being generated when starting samba service for the first time. However, I don't understand when it gets updated. It gets updated when "something" changes in the DC. Your FSMO role transfer is one such example. > For example, I have

On 12/19/24 5:31 AM, Michael Tokarev via samba wrote: ... > > I understand some people on this list don't found this approach good, > but I haven't seen an explanation of their opinion, despite numerous > questions about this.? To me, this is much more reliable, manageable > and bug- and hassle-free than using samba internal DNS.? Especially > with "don't

On 08/27/2015 04:37 PM, Rowland Penny wrote: > On 27/08/15 21:23, Robert Moskowitz wrote: >> >> >> On 08/27/2015 04:18 PM, Marc Muehlfeld wrote: >>> Hello Jim, >>> >>> Am 27.08.2015 um 21:49 schrieb Jim Seymour: >>>> BIND would be the auth nameserver for example.com and delegate >>>> the samdom.example.com zone to

Hi, - I have changed my /etc/resolv.conf for all my three DCs. ### DC 01-03 nameserver 10.10.10.11 nameserver 10.10.10.12 nameserver 10.10.10.13 search intern.preiss.network - In the next step I changed my /etc/hosts for each DC ### DC1 127.0.0.1 localhost 10.10.10.11 01-dc01.intern.preiss.network 01-dc01 ### DC2 127.0.0.1 localhost 10.10.10.12 01-dc02.intern.preiss.network 01-dc02

On Fri, 14 Jun 2024 08:04:57 +0200 Ronny Preiss via samba <samba at lists.samba.org> wrote: > Am Mo., 10. Juni 2024 um 10:14 Uhr schrieb Rowland Penny via samba < > samba at lists.samba.org>: > > > On Sun, 9 Jun 2024 13:18:10 +0200 > > Ronny Preiss via samba <samba at lists.samba.org> wrote: > > > > > > No need to build Samba yourself, you

On 08/27/2015 04:52 PM, Rowland Penny wrote: > On 27/08/15 21:42, Robert Moskowitz wrote: >> >> >> On 08/27/2015 04:37 PM, Rowland Penny wrote: >>> On 27/08/15 21:23, Robert Moskowitz wrote: >>>> >>>> >>>> On 08/27/2015 04:18 PM, Marc Muehlfeld wrote: >>>>> Hello Jim, >>>>> >>>>> Am

On Sun, 9 Jun 2024 13:18:10 +0200 Ronny Preiss via samba <samba at lists.samba.org> wrote: > > No need to build Samba yourself, you can find packages here: > > > > http://www.corpit.ru/mjt/packages/samba/ > How can I install these files? Try reading the 'README' file from the link I posted. > > Here are the requested files from both servers. > >

Hi! I joined a newly installed samba (4.20.1) server to a domain, - just testing things. Now I want to remove this test server from a domain, but I can't: root at svdcm2:/# samba-tool domain leave -U tls\\mjt-adm WARNING: Using passwords on command line is insecure. Installing the setproctitle python module will hide these from shortly after program start. Password for [TLS\mjt-adm]:

Am Mo., 10. Juni 2024 um 10:14 Uhr schrieb Rowland Penny via samba < samba at lists.samba.org>: > On Sun, 9 Jun 2024 13:18:10 +0200 > Ronny Preiss via samba <samba at lists.samba.org> wrote: > > > > No need to build Samba yourself, you can find packages here: > > > > > > http://www.corpit.ru/mjt/packages/samba/ > > How can I install these

On 27/08/15 22:00, Robert Moskowitz wrote: > Ah, LDAP is included within Samba, I find. Don't install provided one... > > I suppose I will have to find what schemas, particularly if the bind > dlz schema is included? ER, you don't actually need to add any extra schemas, it is all built into samba4 when run as an AD DC, if you are struggling to understand this, just think a

On Wed, Apr 13, 2016 at 10:29 AM, Sketch <smblist at rednsx.org> wrote: > My understanding of Unbound is that designed as a caching nameserver, not an > authoratative nameserver. It's supposed to serve DNS to clients from > another server, such as BIND or Samba's internal DNS server. Pointing it to > your domain's authoratative Samba/BIND9_DLZ DNS servers seems like

FWIW, samba 4.20 broke kerberos auth in smbclient. Namely, this commit: commit ef205f6b52ea1fec13e647e15e4f3edf536fd93e Author: Stefan Metzmacher <metze at samba.org> Date: Thu Apr 14 15:23:13 2022 +0200 s3:gse: get an explicit ccache_name from creds and kinit if required This means we may call kinit multiple times for now, but we'll remove the kinit from the callers

Hi! We had a painful debugging session today, with a samba AS member server not being able to auth users anymore. The issue seems to be due to defect in samba internal DNS resolution as done in winbind. TL;DR: samba internal DNS client should not rely on UDP-only DNS, but should retry using TCP if TC bit is set in answer. There's a real-life issue with this simplistic DNS implementation.

20.06.2024 15:16, Rowland Penny via samba wrote: > On Thu, 20 Jun 2024 15:07:11 +0300 > Michael Tokarev via samba <samba at lists.samba.org> wrote: > >> 20.06.2024 15:03, Michael Tokarev via samba wrote: >> Still, it'd be nice if samba-tool domain leave displayed some more >> appropriate error message, and no insecure-password-on-command-line >> warning

08.07.2024 17:18, Sonic wrote: > On Mon, Jul 8, 2024 at 6:46?AM Michael Tokarev <mjt at tls.msk.ru> wrote: > ... >> I think the main ingredient here is to have apt-listchanges package >> installed (which, while part of standard install, is optional). > ... > > I've always installed using the netinstall.iso which does not install > that package. Will add it

11.03.2024 17:40, spindles seven via samba: > Hi > > After seeing that Bookworm Backports has now got Samba version 4.19.5, I decided to update my samba machines. However, I find that those running on AMD64 architecture, the update doesn't appear. Machines running on arm architectures (armel & arm64) are updated correctly. I haven't changed anything in the

31.01.2023 08:55, Matt Savin via samba ?????: > In group policies use DNS aliases, then you'll need to change only DNS > entries for these aliases to point to a new host(s). I'd say don't use simple dns aliases (cnames) in a DC, but use SPNs instead (see samba-tool spn). This will manage CNAMEs too, and also manages the KRB tickets and proper autentication of the server to the

On Tue, 2023-01-31 at 10:13 +0300, Michael Tokarev via samba wrote: > 31.01.2023 08:55, Matt Savin via samba ?????: > > In group policies use DNS aliases, then you'll need to change only > > DNS > > entries for these aliases to point to a new host(s). > > I'd say don't use simple dns aliases (cnames) in a DC, but use SPNs > instead > (see samba-tool

Hi all If I do a "dig mydomain.co.za" from a Linux server, how do I know which DNS nameserver returns the queries? I seem to have a faulty DNS server, but can't see which one, so I want to find out which nameserver (if there's 4 - ns1.myserver, ns2.myserver, ns3.myserver & ns4.myserver) returns the queries? -- Kind Regards Rudi Ahlers CEO, SoftDux Web: