similar to: Problem looking up domain users

Hi, i need help with strange problem. I installed Fedora 28 to test Samba 4 AD DC with MIT Kerberos with Windows 10 and Windows 7 clients and i can't run GPOs for machines. GPOs for users works. On Fedora 27 is the same problem. After couple of hours changing settings I make a new installation of Debian 9.4 and everything works "out of the box". I set all like here:

Ive seen something simular here. Does this happen if you try to connect to a PC where you already are logged in. If yes, logout, test again. If no, reboot the pc and test again. What is the exact message you see. (optinal PM me the print screen) I do/did get some 0x... Message when trying to login on first attempt. The second always worked for me. And lookup the windows events. Or are

Hi all, when i try to authenticate against my AD (rdesktop authentication) i got a wrong password/logname message despite my logname and password being exact , in the log i have the following . Nothing wrong for me. the only strange thing being the : stream_terminate_connection: Terminating connection - 'kdc_tcp_call_loop: tstream_read_pdu_blob_recv() -

There is additional info in the logs of the source DC (dcdo1, log level 2, manually triggered another replication): ==================== [2017/12/27 12:31:29.695121,  2] ../source4/rpc_server/drsuapi/getncchanges.c:1731(getncchanges_collect_objects)   ../source4/rpc_server/drsuapi/getncchanges.c:1731: getncchanges on DC=ad,DC=kdu,DC=com using filter (uSNChanged>=5415) [2017/12/27

Rowland, - the DN "CN=DCNH1,..." exists on all 3 DCs (pointing the Sites and Services console to each of them). - I also checked that "samba-tool dbcheck" completes w/o showing errors. - the objectGUID DNS aliases of all DCs are resolvable against all 3 DCs' builtin DNS - I forced a full sync from the FSMO holder (dcge1) to the 2 other DCs which finished w/o errors. -

Hi, I had Samba 4.2.14 working as AD DC with shares. After upgrade to version 4.3.11 AD DC authentication, ADUC, etc, stopped working. Shares still work fine. OS. Oracle Linux 6.x with UEK, uptodate. Samba compiled from source. Upgrade procedure (nothing special): ./configure --enable-selftest make make install Testparm output: # Global parameters [global] workgroup = EXAMPLE realm =

On 02/09/2019 11:04, Dario Lesca via samba wrote: > Il giorno lun, 02/09/2019 alle 08.26 +0100, Rowland penny via samba ha > scritto: > Is it possible to cure it in some way? > >>> [2] ----[smb.conf] >>> >> Please do not post the output of 'testparm' > [root at s-addc samba]# cat /etc/samba/smb.conf > # Global parameters > [global] >

Hi Heinz, > i have the same problem on samba 4.7.3 and 4.7.4. > I start with 2 DCs and the sync works fine. After the join of a third > DC mostly i get the WERR_DS_DRA_ACCESS_DENIED. I tested it for 10 > times. > > in my case i have: > DC1 (with any FSMO Roles) > DC2 > > new join as DC: > DC3 > > After the join, the sync from DC2 to DC3 fails. > >

On Sat, 7 Dec 2024 12:56:08 +0000 Peter Mittermayer via samba <samba at lists.samba.org> wrote: > > Hi, > > I'm trying to upgrade my very old samba domain controllers (4.11) to > latest samba. (4.21). The process I'm following is to demote on of > the existing DCs and repalce it with a news system (up-to-date OS & > samba version). Unfortunately when

Hello, I have been trying to get Samba 4.21.5 setup to use an external MIT kerberos authentication system on Debian 12. I realize this feature is still experimental, but I just wanted to confirm if I am missing a critical detail as it seems to be correctly installed except that it's not passing the credentials from the windows client correctly. I I have Samba complied as per the doc with

Hi, I'm trying to upgrade my very old samba domain controllers (4.11) to latest samba. (4.21). The process I'm following is to demote on of the existing DCs and repalce it with a news system (up-to-date OS & samba version). Unfortunately when trying to join as DC I get below error: INFO 2024-12-05 19:29:42,222 pid:126140 /usr/local/samba/lib64/python3.9/site-packages/samba/join.py

Dear All, I have recently setup a completely new AD domain on my Linux server, running Samba 4.8.3. From the server, I can authenticate via kerberos and get users and groups through winbind etc. When I try to join a freshly installed Mac running macOS 10.13.6, I receive the error: "Unable to add server. Authentication server failed to completed the requested operation. (5103)" The Mac

We have 3 ADCs based on Samba-4.7.4 (compiled from source,internal DNS)/ CentOS7: dcdo1,dcnh1 and dcge1. dcge1 holds all FSMO roles. The 3 ADCs are on different locations connected via IPSec based VPN. No traffic is filtered out. All 3 ADCs replicate fine except dcdo1 -->dcnh1. Symptom: [root at dcdo1 ~]# samba-tool drs replicate dcnh1.ad.kdu.com dcdo1.ad.kdu.com dc=ad,dc=kdu,dc=com

On Wed, 27 Dec 2017 13:00:05 +0100 "Dr. Johannes-Ulrich Menzebach via samba" <samba at lists.samba.org> wrote: > There is additional info in the logs of the source DC (dcdo1, log > level 2, manually triggered another replication): > ==================== > [2017/12/27 12:31:29.695121,  2] >

On Sun, 23 Apr 2017 11:40:45 +0200 Jakub Kulesza <jakkul+samba at gmail.com> wrote: > OK, I've deleted everything what Rowland suggested. THANKS > > Now smb.conf looks like this > > [netlogon] > path = /var/local/samba/var/lib/samba/netlogon > #path = /var/lib/samba/sysvol/biuro.domain/scripts Put netlogon back into sysvol and what happened to the

The client can not access the Windows Share after authorization on samba DC samba_dc_server: samba 4.7.6 krb5-libs 1.15.2-7 windows client: windows7 windows_file_server: windows server 2008 /var/log/samba/mit_kdc.log мар 22 15:43:49 samba_dc_server krb5kdc[17891](info): commencing operation мар 22 15:43:56 samba_dc_server krb5kdc[17891](info): AS_REQ (6 etypes {18 17 23 24 -135 3}) 10.2.1.12:

Andrew, thanks for answering. My ubuntu shows this: # systemctl | grep kr krb5-admin-server.service loaded active running Kerberos 5 Admin Server krb5-kdc.service loaded active running Kerberos 5 Key Distribution Center Should I disable both? 2017-04-23 12:39 GMT+02:00 Andrew Bartlett <abartlet at samba.org>: > On Sun,

On Sun, 2017-04-23 at 09:39 +0200, Jakub Kulesza via samba wrote: > this is what kerberos throws in auth.log when I try to log in with a > win2008 client: > > Apr 23 09:17:38 pdc kadmind[610]: closing down fd 31 > Apr 23 09:17:55 pdc krb5kdc[643]: AS_REQ (6 etypes {18 17 23 24 -135 > 3}) > 192.168.0.139: CLIENT_NOT_FOUND: qubix at GPMV for krbtgt/GPMV at GPMV, > Client

Il giorno lun, 02/09/2019 alle 08.26 +0100, Rowland penny via samba ha scritto: > > set 01 22:36:56 s-addc.studiomosca.net named[639]: samba_dlz: > > cancelling transaction on zone studiomosca.net > > That is showing that a client isn't being allowed to update a record. Is it possible to cure it in some way? > > [2] ----[smb.conf] > > > Please do not post

OK, I've deleted everything what Rowland suggested. THANKS Now smb.conf looks like this [global] workgroup = GPMV realm = BIURO.domain netbios name = PDC server role = active directory domain controller dns forwarder = 192.168.0.252 max open files = 57000 full_audit:prefix = %u|%I|%m|%S full_audit:success = mkdir rename unlink rmdir pwrite full_audit:failure = none full_audit:facility =