You may want to see if it is this bug, which is fixed in 4.0.9:
https://bugzilla.samba.org/show_bug.cgi?id=9820
- Original Message -
From: Kevin Field k...@brantaero.com
To: samba@lists.samba.org
Sent: Tuesday, August 20, 2013 9:38:32 AM
Subject: [Samba] AD DC eventually not
Has anyone successfully added a Win2008R2 DC to a Samba4 domain?
The issue I am encountering is the sysvol/netlogon shares are not created. I
can manually create them and copy files, but as soon as I demote/forcefully
remove the Samba4 server, the Win2008R2 server refuses to serve requests for
I realize that Samba 4 doesn't yet support DFS replication. But my question is
if Samba 4 as an AD server supports DFS replication within the environment. For
example, if all we have are Samba 4 servers for AD domain controllers, and we
have 2+ Windows servers doing DFS between each other
Is it possible that this may be related to and fixed by the patch in this bug:
https://bugzilla.samba.org/show_bug.cgi?id=9820
- Original Message -
From: Kristofer Pettijohn kristo...@cybernetik.net
To: Andrew Bartlett abart...@samba.org
Cc: samba@lists.samba.org
Sent: Thursday
Is the KCC in Samba4 set up to honor site links?
I set up a few site links between sites (hub-spoke model), but Samba still
appears to be replicating everything everywhere from each domain controller.
Am I missing something?
--
To unsubscribe from this list go to the following URL and read
I have a script that is adding about 16,000 users to my domain.
While monitoring the script, I noticed that as soon as a user is added, 500
additional RID's are allocated from the RID Master
Please see below the output of the CN=RID Manager$,CN=System and CN=RID
Set,CN=DC1,OU=Domain
=RID Set,CN=DC1,OU=Domain Controllers,DC=ad,DC=domain,DC=com
rIDAllocationPool: 4889600-4890099
rIDPreviousAllocationPool: 4889600-4890099
rIDUsedPool: 39
rIDNextRID: 4889601
On Jul 11, 2013, at 7:54 PM, Kristofer kristo...@cybernetik.net wrote:
I have a script that is adding about 16,000 users
It's just a bug, with a fix in master and a patch attached for 4.0 to
https://bugzilla.samba.org/show_bug.cgi?id=10014
Great, thank you.
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
It happened again. When it happens, it happens at exactly the top of the hour.
Same symptoms and results as below.
On Jun 11, 2013, at 12:08 AM, Kristofer Pettijohn kristo...@cybernetik.net
wrote:
I would need logs and network traces to investigate this further.
Could it be a kerberos
I would need logs and network traces to investigate this further.
Could it be a kerberos ticket expiring?
Does it still happen if you upgrade a test member server to 3.6 or 4.0
(so we can narrow down the issue)?
I have logs (debug 16 from the client) and a network trace. If you would
Message -
From: Andrew Bartlett abart...@samba.org
To: Kristofer Pettijohn kristo...@cybernetik.net
Cc: samba@lists.samba.org
Sent: Friday, June 7, 2013 7:36:47 PM
Subject: Re: [Samba] Samba 4.0.6 update - login issues
On Wed, 2013-06-05 at 23:49 -0500, Kristofer Pettijohn wrote:
I updated all 14
I updated all 14 of our Domain Controllers to 4.0.6, and now I am having random
authentication issues.
Our radius server uses ntlm_auth to authenticate users. Every morning at 3AM
since the update, ntlm_auth fails to authenticate. If I restart Samba 4 on the
domain controller that the radius
Since the internal DNS server became available, I switched to that and it is
replicating between DC's just fine.
Only issue I see with it is that it does not return multiple A records in a
round robin fashion.
- Original Message -
From: Andrew Hamilton ahamil...@facilityone.com
To:
Andrew,
I thought RODC still had some blockers in development? Or is it production
ready now?
I am referring to
http://wiki.samba.org/index.php/Samba4/DRS_TODO_List#Support_RODC where it
still looks like its in development.
- Original Message -
From: Andrew Bartlett
Christian,
I believe Samba 4's RODC option is still not quite ready for production. We
have 14 DC's across remote sites, a few of which are connected with VPN's.
You will want to make sure there are no networking or firewall issues blocking
connections between the servers. But it should work
Hello,
With Samba 4 Active Directory, how can I determine from the command-line
(wbinfo, samba-tool, etc.) whether or not a user is disabled?
Thanks,
Kris
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
I seem to have nothing but issues with DRS replication in my environment.
This is my most recent error, that I can't seem to figure out
(WERR_SEM_TIMEOUT). What might be causing that?
CN=Configuration,DC=ad,DC=domain,DC=com
HQ\HQADS1 via RPC
DSA object GUID:
If the replication schedules are modified in AD Sites and Services, will Samba
4 respect those?
I'd like to change some schedules for some of our lower bandwidth remote
offices.
Kris
--
To unsubscribe from this list go to the following URL and read the
instructions:
).
Currently about 10 Windows 7 machines, and 5 Windows 2008 servers joined to the
directory. In the coming months, we will have 400 Windows 7 machines joined.
- Original Message -
From: Andrew Bartlett abart...@samba.org
To: Kristofer kristo...@cybernetik.net
Cc: samba list samba
A late change turned on read ACL enforcement, but your directory won't
have the correct ACLs set, so you can set 'acl:search=false' to return
to rc5 behaviour here, until we provide an upgrade script. (This seems
to hit joining windows DCs to the domain in particular).
I added
Hello,
I upgraded from Samba 4 RC4 to GA, and now authentication from CentOS 6.3
winbind clients are failing:
Dec 12 23:56:37 host1 net: [2012/12/12 23:56:37.842299, 0]
libads/kerberos.c:333(ads_kinit_password)
Dec 12 23:56:37 host1 net: kerberos_kinit_password HOST1$@AD.DOMAIN.COM
failed:
, Kristofer wrote:
Hello,
I upgraded from Samba 4 RC4 to GA, and now authentication from CentOS 6.3
winbind clients are failing:
Dec 12 23:56:37 host1 net: [2012/12/12 23:56:37.842299, 0]
libads/kerberos.c:333(ads_kinit_password)
Dec 12 23:56:37 host1 net: kerberos_kinit_password HOST1
Update:
I downgraded back to RC4, and the servers are able to authenticate once again.
Something definitely broke things in one of the recent updates for me. I just
need to figure out what and why.
On Dec 13, 2012, at 12:26 AM, Kristofer wrote:
I'm also no longer to do id username on any
Does Samba 4 provide any logging as far as who authenticated from where, =
similar to how Windows AD servers log it to the security event log?
Not at this point, sorry.
Are you aware of any plans to add this type of logging in the future?
Thanks,
Kris
--
To unsubscribe from this
Does Samba 4 provide any logging as far as who authenticated from where,
similar to how Windows AD servers log it to the security event log?
Kris
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
I believe there is an issue with winbind. I saw the same thing, and scheduled
a winbind restart every 6 hours (probably don't need to do it that often, but I
wanted to be safer than sorry).
On Nov 13, 2012, at 4:19 PM, Andrew Galdes wrote:
Hi all,
I have a Linux server running Samba
I am still having this issue. Does anyone have any ideas??
- Original Message -
From: Kristofer kristo...@cybernetik.net
To: samba@lists.samba.org
Sent: Monday, October 15, 2012 10:08:05 AM
Subject: Re: [Samba] Re-replicate LDAP
samba4 service needs to be running to demote. When
On Oct 15, 2012, at 12:56 AM, Andreas Oster aos...@novanetwork.de wrote:
I guess you can achieve the same with:
samba-tool domain demote -Uadministrator
afterwards you can join the DC again.
That has been unsuccessful to me also.
I receiver errors:
Failed to bind to uuid
samba4 service needs to be running to demote. When samba is started what
does samba-tool drs showrepl say ?
Samba IS running.
I also receive this error when trying it against a specific server:
Using BRSAD as partner server for the demotion
ERROR(class 'samba.drs_utils.drsException'):
I currently have 10 domain controllers (all Samba 4rc1), and I would like to
reset one of them.
I would like to completely clear out their LDAP database, and force it to get a
fresh copy replicated from one of the other 9 DC's out there.
What would be the proper way of doing this with Samba
I am trying to set up Samba 3 with CUPS printers, and installing the drivers to
the server.
I have been able to add drivers to the server just fine, but when a client
connects to a printer and tries to set it up, Windows 7 is seeing a null
printer type, so it is not finding the appropriate
In addition, this is what I am seeing in CUPS:
Unpacked printer [PRINTERNAME] name [\\SERVER\PRINTERNAME] running driver []
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
Have you tried adding the directive use client drivers = yes in the
printers section of smb.conf?
Carolos,
I have not. The reason is because in the man page I read This parameter MUST
not be enabled on a print share which has valid print driver installed on the
Samba server.
But in
I can't even get cupsaddsmb to work right. I followed the configuration
instructions from the documentation, and my smb.conf matches what the
cupsaddsmb man page says.
I am getting extremely frustrated with this and not being able to allow clients
to download drivers from Samba.
With
: WERR_INVALID_PARAM
result was WERR_INVALID_PARAM
On Sep 25, 2012, at 5:59 PM, Kristofer wrote:
I can't even get cupsaddsmb to work right. I followed the configuration
instructions from the documentation, and my smb.conf matches what the
cupsaddsmb man page says.
I am getting extremely
Even if you could get it to work, is this really what you want?
Printing with native Windows drivers is the more normal pattern these
days, rather than printing postscript and getting CUPS to do the
conversion.
I want to use the Windows drivers (see earlier thread which I created), but
that
I have several Samba 4 AD controllers set up at multiple sites.
I set up sites and subnets. We have several /24's at each site, but each site
is dedicated a /16, so I set up the Sites Subnets using the /16's.
However, when I log into any system that is joined to the AD domain, it is
using a
I have several Samba 4 AD controllers set up at multiple sites.
I set up sites and subnets. We have several /24's at each site, but each
site is dedicated a /16, so I set up the Sites Subnets using the /16's.
However, when I log into any system that is joined to the AD domain, it is
Scratch this one, I found that my default site had to DC's in there that
shouldn't have been.
… in DNS. Everything was set up correctly in Sites Subnets, so this one was
kind of hidden buried in DNS.
--
To unsubscribe from this list go to the following URL and read the
instructions:
I am seeing this same error repeating several times.
I used ADExplorer to search LDAP for the GUID, but it doesn't find it anywhere.
I'm not sure what is causing this error, or what the offending object is in the
tree.
[2012/09/16 19:52:42, 0]
I think these are per-NC attributes, but I'm not sure. I looked into it
a few weeks back hoping to add it to our default test roster, and found
something similar. That is, I can assure you that what you see is sadly
normal: this test isn't expected to pass on the current codebase.
Okay, so
I have three DC's in an environment, and ldapcmp is failing. How can I figure
out either what went wrong, or how to resolve the issue so that the databases
are truly in sync?
Nobody ?
--
To unsubscribe from this list go to the following URL and read the
instructions:
Hello,
I have three DC's in an environment, and ldapcmp is failing. How can I figure
out either what went wrong, or how to resolve the issue so that the databases
are truly in sync?
* Comparing [DOMAIN] context...
* Objects to be compared: 2277
Comparing:
Hello,
I an running an AD infrastructure running Samba 4 beta7.
If I want to upgrade all of the DC's to beta8, is there any particular order
they should be done in, or can I just do a rolling upgrade (one down at a time)
across all of them?
Thanks,
Kris
--
To unsubscribe from this list go
The differences between beta7 and beta8 are pretty minimal, so in this
particular case it doesn't matter very much. In general, the dbcheck
command we recommend is detailed in the
Will I be able I continue to upgrade a multi-DC environment going forward, or
might there be a point where I
I realize you don't know what upgrades are going to be like in the
future, so I guess intent is the point of the question. We are
bleeding edge and running Samba 4 beta in production, so I'm just
trying to be as cautious as I can in a beta environment.
We expect this to continue to 'just
Hello,
I am currently migrating from OpenLDAP to Samba 4 PDC, and I have a webpage
(PHP/Apache) available for users so that they can change their password on the
existing LDAP server.
I attempted to adjust that script to change the password on the Samba 4 AD
controller, but I get a cannot
Hello,
I am testing Samba 4's active directory with the latest master copy.
I have joined a Windows 7 desktop to it fine without any issues. From Windows
7, I can browse to the AD controller IP address in Windows and see the standard
Active Directory shares.
I attempted to join Samba 3.0.33
48 matches
Mail list logo