On 4.5.2013 0:22, Andrew Bartlett wrote:
On Fri, 2013-05-03 at 19:21 +0300, Pekka L.J. Jalkanen wrote:
On 26.4.2013 13:05, Pekka L.J. Jalkanen wrote:
So it seems that for some reason, exporting the keytab from Samba DC
doesn't work. I tried to kinit first using the domain admin account, but
On 6.5.2013 13:41, Pekka L.J. Jalkanen wrote:
I think that the thing I'm going to try right now is to actually run the
MS adprep.exe tool that ships with W2k8 R2. It should add RODC support
to the schema and MS also tells to run it before installing any W2k8 DCs
(RODC or not) to an existing
On 6.5.2013 16:31, Pekka L.J. Jalkanen wrote:
On 6.5.2013 13:41, Pekka L.J. Jalkanen wrote:
I think that the thing I'm going to try right now is to actually run the
MS adprep.exe tool that ships with W2k8 R2. It should add RODC support
to the schema and MS also tells to run it before
On 26.4.2013 13:05, Pekka L.J. Jalkanen wrote:
So it seems that for some reason, exporting the keytab from Samba DC
doesn't work. I tried to kinit first using the domain admin account, but
to no avail--exportkeytab still throws the same error.
Now, for the purposes of bug 9828 I could
On Fri, 2013-05-03 at 19:21 +0300, Pekka L.J. Jalkanen wrote:
On 26.4.2013 13:05, Pekka L.J. Jalkanen wrote:
So it seems that for some reason, exporting the keytab from Samba DC
doesn't work. I tried to kinit first using the domain admin account, but
to no avail--exportkeytab still
On 26.4.2013 6:13, Andrew Bartlett wrote:
On Wed, 2013-04-24 at 17:39 +0300, Pekka L.J. Jalkanen wrote:
By the way, is a kerberos keytab actually necessary to decrypt the
GSS-API packets in Wireshark? Samba Wiki
(https://wiki.samba.org/index.php/Capture_Packets) doesn't say so (just
tells to
On Wed, 2013-04-24 at 17:39 +0300, Pekka L.J. Jalkanen wrote:
By the way, is a kerberos keytab actually necessary to decrypt the
GSS-API packets in Wireshark? Samba Wiki
(https://wiki.samba.org/index.php/Capture_Packets) doesn't say so (just
tells to capture the kerberos exchange), but I
On 23.4.2013 19:24, Michael Wood wrote:
On 23 April 2013 16:43, Pekka L.J. Jalkanen pekka.jalka...@vihreat.fi wrote:
Nothing. It just works. I can even explicitly change it to point to the
Samba 4 DC and it still works.
It is just Vista and newer RSATs that are the problem. And they also
By the way, is a kerberos keytab actually necessary to decrypt the
GSS-API packets in Wireshark? Samba Wiki
(https://wiki.samba.org/index.php/Capture_Packets) doesn't say so (just
tells to capture the kerberos exchange), but I became somewhat
suspicious, while reading the following page:
Raising the functional level above 2003 doesn't sound like a good plan
as long as we still have to keep the Windows 2003 DC around. I don't
know about Samba, but RSAT wouldn't even let me do that.
Also note that it is the Windows DC (CN=W2K3R2DC) that doesn't have this
attribute.
I figured out
What does it say when you browse domain controllers OU for that DC using
the Ad users and computers snapin on the win2k3 dc?
On Tue, Apr 23, 2013 at 11:25 PM, Pekka L.J. Jalkanen
pekka.jalka...@vihreat.fi wrote:
Raising the functional level above 2003 doesn't sound like a good plan
as long
Nothing. It just works. I can even explicitly change it to point to the
Samba 4 DC and it still works.
It is just Vista and newer RSATs that are the problem. And they also
work just fine as long as the selected DC is the W2k3R2 DC...
Pekka L.J. Jalkanen
On 23.4.2013 16:39, Hisham Attar wrote:
On 23 April 2013 16:43, Pekka L.J. Jalkanen pekka.jalka...@vihreat.fi wrote:
Nothing. It just works. I can even explicitly change it to point to the
Samba 4 DC and it still works.
It is just Vista and newer RSATs that are the problem. And they also
work just fine as long as the selected DC is
Hello,
We have two DCs. One runs Windows 2003 R2, and the other Samba 4.0.5.
Forest functional level is Windows 2000 native.
I recently demoted (worked flawlessy now, which was a great relief),
rebuilt and re-promoted my Samba 4 DC, as my problems that I posted to
this list about two monts were
That attribute is a 2008+ schema attribute, as far as I was aware when you
provision with Samba your DC functionality is at 2008 R2 but forest/domain
is at 2003 and can be raised to 2008 R2 try samba-tool domain level raise
--domain 2008_R2 --forest 2008_R2 maybe that will add the attribute to the
15 matches
Mail list logo
