[Samba] Fwd: net rpc lookup from group names that start with "-"
Webfilter Dev
webfilter.dev at gmail.com
Mon Oct 5 23:36:46 UTC 2015
Hi ,
Thank you for your input. I have had tried all of the escape characters you
have have tested with but I have had no luck with them. I am curious to
know which versions of net have you been tested with?
I do agree that the best practice for this is to remove "-" from the
beginning of the object name, However, seeing that it can be created that
way allowed, I would like to find a way to get it working.
On Thu, Oct 1, 2015 at 5:00 AM, <samba-request at lists.samba.org> wrote:
> Send samba mailing list submissions to
> samba at lists.samba.org
>
> To subscribe or unsubscribe via the World Wide Web, visit
> https://lists.samba.org/mailman/listinfo/samba
> or, via email, send a message with subject or body 'help' to
> samba-request at lists.samba.org
>
> You can reach the person managing the list at
> samba-owner at lists.samba.org
>
> When replying, please edit your Subject line so it is more specific
> than "Re: Contents of samba digest..."
>
> Today's Topics:
>
> 1. Re: Fwd: net rpc lookup from group names that start with "-"
> (mathias dufresne)
> 2. Re: Joining an 2008R2 a Samba AD Takes forever. (Cesar DiMartino)
> 3. Re: Joining an 2008R2 a Samba AD Takes forever.
> (Stéphane PURNELLE)
> 4. Re: Fwd: net rpc lookup from group names that start with "-"
> (Rowland Penny)
> 5. Re: Joining an 2008R2 a Samba AD Takes forever. (Rowland Penny)
> 6. Re: Joining an 2008R2 a Samba AD Takes forever. (Ali Bendriss)
> 7. Re: Joining an 2008R2 a Samba AD Takes forever. (Rowland Penny)
> 8. Re: Joining an 2008R2 a Samba AD Takes forever. (Cesar DiMartino)
> 9. Re: Joining an 2008R2 a Samba AD Takes forever. (Rowland Penny)
> 10. Re: Joining an 2008R2 a Samba AD Takes forever. (Cesar DiMartino)
> 11. Re: Questions About Bind_DLZ (Marc Muehlfeld)
> 12. Re: Questions About Bind_DLZ (Rowland Penny)
> 13. Re: Questions About Bind_DLZ (David Minard)
> 14. 4th DC Unable to Replicate - WERR_DS_DRA_ACCESS_DENIED
> (David Minard)
> 15. Replication Failing - NT_STATUS_IO_TIMEOUT (David Minard)
> 16. Re: Fwd: net rpc lookup from group names that start with "-"
> (mathias dufresne)
> 17. Re: Fwd: net rpc lookup from group names that start with "-"
> (Rowland Penny)
> 18. DDNS and internal_DNS Server (Stefan Kania)
> 19. authentication problems sernet-samba (Lulzim KELMENI)
> 20. Re: Replication Failing - NT_STATUS_IO_TIMEOUT (Rowland Penny)
> 21. Re: DDNS and internal_DNS Server (Rowland Penny)
> 22. Re: authentication problems sernet-samba (Rowland Penny)
> 23. ntlm_password_check: LM password, NT MD4 password in LM field
> and LMv2 failed for user username (mourik jan heupink)
>
>
> ---------- Forwarded message ----------
> From: mathias dufresne <infractory at gmail.com>
> To: samba <samba at lists.samba.org>
> Cc:
> Date: Wed, 30 Sep 2015 16:59:58 +0200
> Subject: Re: [Samba] Fwd: net rpc lookup from group names that start with
> "-"
> I bet that won't work.
> net rpc ..... "\-dash group" -> the shell look into quotes and interpret
> things inside quotes. Because of double quotes. So the shell will interpret
> \- and send only the dash to the command.
>
> net rpc ..... '\-dash group' -> the shell do not interpret things inside
> the quotes, because simple quotes. The shell will send [\-dash group] to
> the command.
>
> This is the same as:
> net rpc ..... "\\-dash group" -> shell interpret \\, transform it into \
> and send \- to the command.
>
> But the point is command is waiting for switches after dashes (-a -o...
> anything to tell the command how to react). The standard to tell commands
> there is no more switches is double dashes "--". And that double dashes
> must be surrounded by spaces to be one word and be correctly interpreted by
> the command.
>
>
>
> 2015-09-30 12:50 GMT+02:00 Rowland Penny <rowlandpenny241155 at gmail.com>:
>
> > On 29/09/15 01:15, Webfilter Dev wrote:
> >
> >> # net rpc -U "administrator%<server password>" -S <my windows server IP>
> >> group members "- dash group"
> >>
> >
> > Try this:
> >
> > # net rpc -U "administrator%<server password>" -S <my windows server IP>
> > group members "\-dash group"
> >
> > Rowland
> >
> >
> >
> >
> > --
> > To unsubscribe from this list go to the following URL and read the
> > instructions: https://lists.samba.org/mailman/options/samba
> >
>
>
>
> ---------- Forwarded message ----------
> From: Cesar DiMartino <cesardimartino at gmail.com>
> To: Lee Brown <leeb at ratnaling.org>
> Cc: samba at lists.samba.org
> Date: Wed, 30 Sep 2015 15:31:35 +0000
> Subject: Re: [Samba] Joining an 2008R2 a Samba AD Takes forever.
> Lee. That patch is already in the 4.2.3 Samba from ports. I was hopping
> that it would be the case.
> Update: samba log complains about missing rndc.conf and rndc.key. Those
> should pop with bind as Dns Backend but I'm using Samba Internal!
>
> On Wed, Sep 30, 2015, 01:23 Lee Brown <leeb at ratnaling.org> wrote:
>
> > That would be this <https://bugzilla.samba.org/show_bug.cgi?id=11455>
> bug.
> > Still waiting for testing to push it into 4.3 and 4.2 though.
> >
> > On Tue, Sep 29, 2015 at 12:59 PM, Cesar DiMartino <
> > cesardimartino at gmail.com>
> > wrote:
> >
> > > Marc. Thanks for the reply. I'm sure that should work. But since samba
> > 4.1
> > > FreeBSD port I was unable to make it work.
> > > As I wrote both DC are Samba internal as Dns back end. The only thing
> > that
> > > I remember doing different from the guide is joining the 2008R2 to the
> > > domain first an then running dcpromo logged as domain admin. Also the
> > > strange in the logs is winbindd restarting frequently and the
> Samba-tool
> > > drs showrepl not working while joining.
> > >
> > > Cesar.
> > >
> > > On Tue, Sep 29, 2015, 15:37 Marc Muehlfeld <mmuehlfeld at samba.org>
> wrote:
> > >
> > > > Hello Cesar,
> > > >
> > > > Am 28.09.2015 um 23:12 schrieb Cesar DiMartino:
> > > > > I have a problem with Samba 4.2.4 on FreeBSD. If I add another
> samba
> > DC
> > > > to
> > > > > de Domain it works without problems, but adding a Windows Server
> 2008
> > > R2
> > > > DC
> > > > > is taking more than 10 hours, even days in the raeplication dialog.
> > In
> > > > fact
> > > > > it never finishes.
> > > >
> > > > I'm currently working on documentation about a SYSVOL replication
> > > > workaround between Samba and Windows DCs. For that yesterday I joined
> > > > three times a 2008R2 DC to an existing Samba driven AD with two Samba
> > > > DCs. So I can at least say, that this works, as I wrote it down a
> while
> > > > ago here:
> > > >
> > > >
> > >
> >
> https://wiki.samba.org/index.php/Joining_a_Windows_Server_2008_/_2008_R2_DC_to_a_Samba_AD
> > > >
> > > > Can you check this guide carefully, if you maybe missed something?
> > > >
> > > > Is there anything special in your AD? Maybe AD sites? What DNS are
> you
> > > > using? BIND9_DLZ or internal?
> > > >
> > > > Does the Samba log says anything during the join?
> > > >
> > > >
> > > > Regards,
> > > > Marc
> > > >
> > > --
> > > To unsubscribe from this list go to the following URL and read the
> > > instructions: https://lists.samba.org/mailman/options/samba
> > >
> > --
> > To unsubscribe from this list go to the following URL and read the
> > instructions: https://lists.samba.org/mailman/options/samba
> >
>
>
>
> ---------- Forwarded message ----------
> From: "Stéphane PURNELLE" <stephane.purnelle at corman.be>
> To: Cesar DiMartino <cesardimartino at gmail.com>
> Cc: Lee Brown <leeb at ratnaling.org>, samba at lists.samba.org, samba <
> samba-bounces at lists.samba.org>
> Date: Wed, 30 Sep 2015 17:44:35 +0200
> Subject: Re: [Samba] Joining an 2008R2 a Samba AD Takes forever.
>
> Hi,
>
> I have the same problem with my samba 4.1.4 on linux.
> my DC use internal DNS.
>
> nothing in log.
> samba not move new windows 2008 R2 dc as a domain controler.
>
> regards
>
> Stéphane Purnelle
>
>
> "samba" <samba-bounces at lists.samba.org> a écrit sur 30/09/2015 17:31:35 :
>
> > De : Cesar DiMartino <cesardimartino at gmail.com>
> > A : Lee Brown <leeb at ratnaling.org>,
> > Cc : samba at lists.samba.org
> > Date : 30/09/2015 17:36
> > Objet : Re: [Samba] Joining an 2008R2 a Samba AD Takes forever.
> > Envoyé par : "samba" <samba-bounces at lists.samba.org>
> >
> > Lee. That patch is already in the 4.2.3 Samba from ports. I was hopping
> > that it would be the case.
> > Update: samba log complains about missing rndc.conf and rndc.key. Those
> > should pop with bind as Dns Backend but I'm using Samba Internal!
> >
> > On Wed, Sep 30, 2015, 01:23 Lee Brown <leeb at ratnaling.org> wrote:
> >
> > > That would be this <https://bugzilla.samba.org/show_bug.cgi?id=11455>
> bug.
> > > Still waiting for testing to push it into 4.3 and 4.2 though.
> > >
> > > On Tue, Sep 29, 2015 at 12:59 PM, Cesar DiMartino <
> > > cesardimartino at gmail.com>
> > > wrote:
> > >
> > > > Marc. Thanks for the reply. I'm sure that should work. But since
> samba
> > > 4.1
> > > > FreeBSD port I was unable to make it work.
> > > > As I wrote both DC are Samba internal as Dns back end. The only
> thing
> > > that
> > > > I remember doing different from the guide is joining the 2008R2 to
> the
> > > > domain first an then running dcpromo logged as domain admin. Also the
> > > > strange in the logs is winbindd restarting frequently and the
> Samba-tool
> > > > drs showrepl not working while joining.
> > > >
> > > > Cesar.
> > > >
> > > > On Tue, Sep 29, 2015, 15:37 Marc Muehlfeld <mmuehlfeld at samba.org>
> wrote:
> > > >
> > > > > Hello Cesar,
> > > > >
> > > > > Am 28.09.2015 um 23:12 schrieb Cesar DiMartino:
> > > > > > I have a problem with Samba 4.2.4 on FreeBSD. If I add another
> samba
> > > DC
> > > > > to
> > > > > > de Domain it works without problems, but adding a Windows Server
> 2008
> > > > R2
> > > > > DC
> > > > > > is taking more than 10 hours, even days in the raeplication
> dialog.
> > > In
> > > > > fact
> > > > > > it never finishes.
> > > > >
> > > > > I'm currently working on documentation about a SYSVOL replication
> > > > > workaround between Samba and Windows DCs. For that yesterday I
> joined
> > > > > three times a 2008R2 DC to an existing Samba driven AD with two
> Samba
> > > > > DCs. So I can at least say, that this works, as I wrote it down a
> while
> > > > > ago here:
> > > > >
> > > > >
> > > >
> > > https://wiki.samba.org/index.php/Joining_a_Windows_Server_2008_/
> > _2008_R2_DC_to_a_Samba_AD
> > > > >
> > > > > Can you check this guide carefully, if you maybe missed something?
> > > > >
> > > > > Is there anything special in your AD? Maybe AD sites? What DNS are
> you
> > > > > using? BIND9_DLZ or internal?
> > > > >
> > > > > Does the Samba log says anything during the join?
> > > > >
> > > > >
> > > > > Regards,
> > > > > Marc
> > > > >
> > > > --
> > > > To unsubscribe from this list go to the following URL and read the
> > > > instructions: https://lists.samba.org/mailman/options/samba
> > > >
> > > --
> > > To unsubscribe from this list go to the following URL and read the
> > > instructions: https://lists.samba.org/mailman/options/samba
> > >
> > --
> > To unsubscribe from this list go to the following URL and read the
> > instructions: https://lists.samba.org/mailman/options/samba
>
>
> ---------- Forwarded message ----------
> From: Rowland Penny <rowlandpenny241155 at gmail.com>
> To: samba at lists.samba.org
> Cc:
> Date: Wed, 30 Sep 2015 17:04:37 +0100
> Subject: Re: [Samba] Fwd: net rpc lookup from group names that start with
> "-"
> On 30/09/15 15:59, mathias dufresne wrote:
>
>> I bet that won't work.
>> net rpc ..... "\-dash group" -> the shell look into quotes and interpret
>> things inside quotes. Because of double quotes. So the shell will
>> interpret
>> \- and send only the dash to the command.
>>
>> net rpc ..... '\-dash group' -> the shell do not interpret things inside
>> the quotes, because simple quotes. The shell will send [\-dash group] to
>> the command.
>>
>> This is the same as:
>> net rpc ..... "\\-dash group" -> shell interpret \\, transform it into \
>> and send \- to the command.
>>
>> But the point is command is waiting for switches after dashes (-a -o...
>> anything to tell the command how to react). The standard to tell commands
>> there is no more switches is double dashes "--". And that double dashes
>> must be surrounded by spaces to be one word and be correctly interpreted
>> by
>> the command.
>>
>>
> Hi Mathias, This got my interest and after I thought 'why would you be
> daft enough to start any object name with a dash', I wondered if it was
> possible to do what the OP wanted.
> I tried to create a group called '-dashtest' and I was able to create it
> (after a couple of attempts). I then added a user to the group, I had to
> resort to ldbedit to do this.
> I then tried the command the OP posted and it didn't work (as expected),
> so I tried adding the forwardslash, not really expecting it to work, but it
> did.
>
> Rowland
>
>
> Rowland
>
>
>
>
> ---------- Forwarded message ----------
> From: Rowland Penny <rowlandpenny241155 at gmail.com>
> To: samba at lists.samba.org
> Cc:
> Date: Wed, 30 Sep 2015 17:19:12 +0100
> Subject: Re: [Samba] Joining an 2008R2 a Samba AD Takes forever.
> On 30/09/15 16:31, Cesar DiMartino wrote:
>
>> Lee. That patch is already in the 4.2.3 Samba from ports. I was hopping
>> that it would be the case.
>> Update: samba log complains about missing rndc.conf and rndc.key. Those
>> should pop with bind as Dns Backend but I'm using Samba Internal!
>>
>>
>>
> rndc is used by bind, so even if you were using bind it shouldn't log to
> the samba logs.
> Can you post a sample of this and the actual name of the logfile it
> appears in.
> I would also like to point out that whilst I do use bind, the rndc.key
> does not appear anywhere in the conf files, so it looks like I am not
> actually using it.
>
> Rowland
>
>
>
>
>
> ---------- Forwarded message ----------
> From: Ali Bendriss <ali.bendriss at gmail.com>
> To: Rowland Penny <rowlandpenny241155 at gmail.com>, samba at lists.samba.org
> Cc:
> Date: Wed, 30 Sep 2015 19:46:11 +0200
> Subject: Re: [Samba] Joining an 2008R2 a Samba AD Takes forever.
> On 09/30/2015 06:19 PM, Rowland Penny wrote:
>
>> On 30/09/15 16:31, Cesar DiMartino wrote:
>>
>>> Lee. That patch is already in the 4.2.3 Samba from ports. I was hopping
>>> that it would be the case.
>>> Update: samba log complains about missing rndc.conf and rndc.key. Those
>>> should pop with bind as Dns Backend but I'm using Samba Internal!
>>>
>>>
>>>
>> rndc is used by bind, so even if you were using bind it shouldn't log to
>> the samba logs.
>> Can you post a sample of this and the actual name of the logfile it
>> appears in.
>> I would also like to point out that whilst I do use bind, the rndc.key
>> does not appear anywhere in the conf files, so it looks like I am not
>> actually using it.
>>
>> Rowland
>>
>>
>>
> Not sure about the internal DNS but I remember that nsupdate was called by
> samba when using Bind as the DNS.
>
> --
> Ali Bendriss
> http://tele-solve.com
>
>
>
>
>
> ---------- Forwarded message ----------
> From: Rowland Penny <rowlandpenny241155 at gmail.com>
> To: samba at lists.samba.org
> Cc:
> Date: Wed, 30 Sep 2015 18:50:35 +0100
> Subject: Re: [Samba] Joining an 2008R2 a Samba AD Takes forever.
> On 30/09/15 18:46, Ali Bendriss wrote:
>
>> On 09/30/2015 06:19 PM, Rowland Penny wrote:
>>
>>> On 30/09/15 16:31, Cesar DiMartino wrote:
>>>
>>>> Lee. That patch is already in the 4.2.3 Samba from ports. I was hopping
>>>> that it would be the case.
>>>> Update: samba log complains about missing rndc.conf and rndc.key. Those
>>>> should pop with bind as Dns Backend but I'm using Samba Internal!
>>>>
>>>>
>>>>
>>> rndc is used by bind, so even if you were using bind it shouldn't log to
>>> the samba logs.
>>> Can you post a sample of this and the actual name of the logfile it
>>> appears in.
>>> I would also like to point out that whilst I do use bind, the rndc.key
>>> does not appear anywhere in the conf files, so it looks like I am not
>>> actually using it.
>>>
>>> Rowland
>>>
>>>
>>>
>> Not sure about the internal DNS but I remember that nsupdate was called
>> by samba when using Bind as the DNS.
>>
>>
> That still wouldn't use rndc, so we still need the info I asked for
>
> Rowland
>
>
>
>
> ---------- Forwarded message ----------
> From: Cesar DiMartino <cesardimartino at gmail.com>
> To: Ali Bendriss <ali.bendriss at gmail.com>, Rowland Penny <
> rowlandpenny241155 at gmail.com>, samba at lists.samba.org
> Cc:
> Date: Wed, 30 Sep 2015 18:25:05 +0000
> Subject: Re: [Samba] Joining an 2008R2 a Samba AD Takes forever.
> That's log.Samba in freebsd. The error is generated by a call to rndc. The
> error itself is a msg from rndc which Samba seems to install even If you
> chose samba internal in the options for the port (installs bind9). I don't
> know if some Samba update script is trying to call rndc by default or it's
> necessary for Samba Internal Dns to work. Anyways seems that is related to
> the FreeBsd port more than Samba itself.
>
> On Wed, Sep 30, 2015, 14:51 Ali Bendriss <ali.bendriss at gmail.com> wrote:
>
> > On 09/30/2015 06:19 PM, Rowland Penny wrote:
> > > On 30/09/15 16:31, Cesar DiMartino wrote:
> > >> Lee. That patch is already in the 4.2.3 Samba from ports. I was
> hopping
> > >> that it would be the case.
> > >> Update: samba log complains about missing rndc.conf and rndc.key.
> Those
> > >> should pop with bind as Dns Backend but I'm using Samba Internal!
> > >>
> > >>
> > >
> > > rndc is used by bind, so even if you were using bind it shouldn't log
> to
> > > the samba logs.
> > > Can you post a sample of this and the actual name of the logfile it
> > > appears in.
> > > I would also like to point out that whilst I do use bind, the rndc.key
> > > does not appear anywhere in the conf files, so it looks like I am not
> > > actually using it.
> > >
> > > Rowland
> > >
> > >
> >
> > Not sure about the internal DNS but I remember that nsupdate was called
> > by samba when using Bind as the DNS.
> >
> > --
> > Ali Bendriss
> > http://tele-solve.com
> >
> >
> > --
> > To unsubscribe from this list go to the following URL and read the
> > instructions: https://lists.samba.org/mailman/options/samba
> >
>
>
>
> ---------- Forwarded message ----------
> From: Rowland Penny <rowlandpenny241155 at gmail.com>
> To: samba at lists.samba.org
> Cc:
> Date: Wed, 30 Sep 2015 19:41:48 +0100
> Subject: Re: [Samba] Joining an 2008R2 a Samba AD Takes forever.
> On 30/09/15 19:25, Cesar DiMartino wrote:
>
>>
>> That's log.Samba in freebsd. The error is generated by a call to rndc.
>> The error itself is a msg from rndc which Samba seems to install even If
>> you chose samba internal in the options for the port (installs bind9). I
>> don't know if some Samba update script is trying to call rndc by default
>> or it's necessary for Samba Internal Dns to work. Anyways seems that is
>> related to the FreeBsd port more than Samba itself.
>>
>>
>>
>>
> You only need the portion of bind9 that contains 'nsupdate' , on debian
> this is bind9-utils. Now if your 'port' has installed bind9, has it also
> started it? if so, try stopping it.
>
> Rowland
>
>
>
>
>
>
> ---------- Forwarded message ----------
> From: Cesar DiMartino <cesardimartino at gmail.com>
> To: Rowland Penny <rowlandpenny241155 at gmail.com>, samba at lists.samba.org
> Cc:
> Date: Wed, 30 Sep 2015 19:32:26 +0000
> Subject: Re: [Samba] Joining an 2008R2 a Samba AD Takes forever.
> Here are the logs from my las attempt.:
> ==> /var/log/samba4/log.samba <==
>
> [2015/09/30 12:14:44.758121, 0]
>
> ../source4/rpc_server/dnsserver/dcerpc_dnsserver.c:1483(dnsserver_complex_operate_server)
>
>
> ==> /var/log/samba4/log.smbd <==
>
> [2015/09/30 12:18:41.774189, 0]
> ../source3/rpc_server/svcctl/srv_svcctl_nt.c:326(_svcctl_OpenServiceW)
>
> root at BSD:/usr/home/crd # [2015/09/30 12:21:42.559677, 0]
> ../source3/smbd/server.c:562(smbd_accept_connection)
>
> accept: Software caused connection abort
>
> ==> /var/log/samba4/log.samba <==
>
> [2015/09/30 12:23:01.316110, 0]
> ../lib/util/util_runcmd.c:324(samba_runcmd_io_handler)
>
> /usr/sbin/rndc: rndc: neither /etc/namedb/rndc.conf nor
> /etc/namedb/rndc.key was found
>
> Regards. Cesar.
>
> On Wed, Sep 30, 2015, 15:47 Rowland Penny <rowlandpenny241155 at gmail.com>
> wrote:
>
> > On 30/09/15 19:25, Cesar DiMartino wrote:
> > >
> > > That's log.Samba in freebsd. The error is generated by a call to rndc.
> > > The error itself is a msg from rndc which Samba seems to install even
> > > If you chose samba internal in the options for the port (installs
> > > bind9). I don't know if some Samba update script is trying to call
> > > rndc by default or it's necessary for Samba Internal Dns to work.
> > > Anyways seems that is related to the FreeBsd port more than Samba
> itself.
> > >
> > >
> > >
> >
> > You only need the portion of bind9 that contains 'nsupdate' , on debian
> > this is bind9-utils. Now if your 'port' has installed bind9, has it also
> > started it? if so, try stopping it.
> >
> > Rowland
> >
> >
> >
> > --
> > To unsubscribe from this list go to the following URL and read the
> > instructions: https://lists.samba.org/mailman/options/samba
> >
>
>
>
> ---------- Forwarded message ----------
> From: Marc Muehlfeld <mmuehlfeld at samba.org>
> To: David Minard <david at scem.uws.edu.au>, samba at lists.samba.org
> Cc:
> Date: Wed, 30 Sep 2015 22:01:47 +0200
> Subject: Re: [Samba] Questions About Bind_DLZ
> Am 30.09.2015 um 03:50 schrieb David Minard:
> > ldbsearch -H /usr/local/samba/private/sam.ldb '(objectClass=dnsZone)' -b
> > 'DC=SAMBA4,DC=SCEM,DC=WESTERNSYDNEY,DC=EDU,DC=AU' --cross-ncs name
> >
> > # record 1
> > dn:
> > DC=samba4.scem.westernsydney.edu.au
> ,CN=MicrosoftDNS,DC=DomainDnsZones,DC=samba4,DC=scem,DC=westernsydney,DC=edu,DC=au
> >
> > name: samba4.scem.westernsydney.edu.au
> >
> > # record 2
> > dn:
> >
> DC=RootDNSServers,CN=MicrosoftDNS,DC=DomainDnsZones,DC=samba4,DC=scem,DC=westernsydney,DC=edu,DC=au
> >
> > name: RootDNSServers
> >
> > # record 3
> > dn:
> > DC=_msdcs.samba4.scem.westernsydney.edu.au
> ,CN=MicrosoftDNS,DC=ForestDnsZones,DC=samba4,DC=scem,DC=westernsydney,DC=edu,DC=au
> >
> > name: _msdcs.samba4.scem.westernsydney.edu.au
> >
> > # record 4
> > dn:
> >
> DC=RootDNSServers,CN=MicrosoftDNS,CN=System,DC=samba4,DC=scem,DC=westernsydney,DC=edu,DC=au
> >
> > name: RootDNSServers
> >
> > # returned 4 records
> > # 4 entries
> > # 0 referrals
>
> Looks like it should.
>
> Do the duplicate zone messages appear in the Samba or BIND logs?
>
> What log level are you using in smb.conf?
>
> Regards,
> Marc
>
>
>
>
> ---------- Forwarded message ----------
> From: Rowland Penny <rowlandpenny241155 at gmail.com>
> To: samba at lists.samba.org
> Cc:
> Date: Wed, 30 Sep 2015 21:44:09 +0100
> Subject: Re: [Samba] Questions About Bind_DLZ
> On 30/09/15 21:01, Marc Muehlfeld wrote:
>
>> Am 30.09.2015 um 03:50 schrieb David Minard:
>>
>>> ldbsearch -H /usr/local/samba/private/sam.ldb '(objectClass=dnsZone)' -b
>>> 'DC=SAMBA4,DC=SCEM,DC=WESTERNSYDNEY,DC=EDU,DC=AU' --cross-ncs name
>>>
>>> # record 1
>>> dn:
>>> DC=samba4.scem.westernsydney.edu.au
>>> ,CN=MicrosoftDNS,DC=DomainDnsZones,DC=samba4,DC=scem,DC=westernsydney,DC=edu,DC=au
>>>
>>> name: samba4.scem.westernsydney.edu.au
>>>
>>> # record 2
>>> dn:
>>>
>>> DC=RootDNSServers,CN=MicrosoftDNS,DC=DomainDnsZones,DC=samba4,DC=scem,DC=westernsydney,DC=edu,DC=au
>>>
>>> name: RootDNSServers
>>>
>>> # record 3
>>> dn:
>>> DC=_msdcs.samba4.scem.westernsydney.edu.au
>>> ,CN=MicrosoftDNS,DC=ForestDnsZones,DC=samba4,DC=scem,DC=westernsydney,DC=edu,DC=au
>>>
>>> name: _msdcs.samba4.scem.westernsydney.edu.au
>>>
>>> # record 4
>>> dn:
>>>
>>> DC=RootDNSServers,CN=MicrosoftDNS,CN=System,DC=samba4,DC=scem,DC=westernsydney,DC=edu,DC=au
>>>
>>> name: RootDNSServers
>>>
>>> # returned 4 records
>>> # 4 entries
>>> # 0 referrals
>>>
>> Looks like it should.
>>
>> Do the duplicate zone messages appear in the Samba or BIND logs?
>>
>
> The messages are coming from Samba, to be precise, from dlz_bind9.c
>
> if (b9_zone_exists(state, zone)) {
> state->log(ISC_LOG_WARNING, "samba_dlz: Ignoring duplicate
> zone '%s' from '%s'",
> zone, ldb_dn_get_linearized(zone_dn));
> continue;
> }
>
>
>> What log level are you using in smb.conf?
>>
>
> I wonder if the log level is turned up too high, I personally have never
> seen this message.
>
> I think it may help if the OP was to post the bind9 conf files and more of
> the logfile that contains the error, bits of a log can so easily be
> mis-understood.
>
> Rowland
>
>>
>> Regards,
>> Marc
>>
>>
>
>
>
>
> ---------- Forwarded message ----------
> From: David Minard <david at scem.uws.edu.au>
> To: Marc Muehlfeld <mmuehlfeld at samba.org>, samba at lists.samba.org
> Cc:
> Date: Thu, 01 Oct 2015 09:58:22 +1000
> Subject: Re: [Samba] Questions About Bind_DLZ
> G'day Marc,
>
> On 01/10/15 06:01, Marc Muehlfeld wrote:
>
>> Am 30.09.2015 um 03:50 schrieb David Minard:
>>
>>> ldbsearch -H /usr/local/samba/private/sam.ldb '(objectClass=dnsZone)' -b
>>> 'DC=SAMBA4,DC=SCEM,DC=WESTERNSYDNEY,DC=EDU,DC=AU' --cross-ncs name
>>>
>>> # record 1
>>> dn:
>>> DC=samba4.scem.westernsydney.edu.au
>>> ,CN=MicrosoftDNS,DC=DomainDnsZones,DC=samba4,DC=scem,DC=westernsydney,DC=edu,DC=au
>>>
>>> name: samba4.scem.westernsydney.edu.au
>>>
>>> # record 2
>>> dn:
>>>
>>> DC=RootDNSServers,CN=MicrosoftDNS,DC=DomainDnsZones,DC=samba4,DC=scem,DC=westernsydney,DC=edu,DC=au
>>>
>>> name: RootDNSServers
>>>
>>> # record 3
>>> dn:
>>> DC=_msdcs.samba4.scem.westernsydney.edu.au
>>> ,CN=MicrosoftDNS,DC=ForestDnsZones,DC=samba4,DC=scem,DC=westernsydney,DC=edu,DC=au
>>>
>>> name: _msdcs.samba4.scem.westernsydney.edu.au
>>>
>>> # record 4
>>> dn:
>>>
>>> DC=RootDNSServers,CN=MicrosoftDNS,CN=System,DC=samba4,DC=scem,DC=westernsydney,DC=edu,DC=au
>>>
>>> name: RootDNSServers
>>>
>>> # returned 4 records
>>> # 4 entries
>>> # 0 referrals
>>>
>> Looks like it should.
>>
>> Do the duplicate zone messages appear in the Samba or BIND logs?
>>
>
> I'm seeing these messages in the bind logs. The samba logs look normal.
>
> What log level are you using in smb.conf?
>>
>
> Just default log levels at the moment. I was hoping someone had seen this
> before. I'll up the samba and bind logs now, and see if anything more
> interesting pops up.
>
> Regards,
>> Marc
>>
>>
> --
>
> Cheers,
> David Minard.
> Ph: 0247 360 155
> Fax: 0247 360 770
>
> School of Computing, Engineering, and Mathematics
> Building Y - Penrith Campus (Kingswood)
> Locked bag 1797
> Penrith South DC
> NSW 1797
>
> [Sometimes waking up just isn't worth the insult of the day to come.]
>
>
> --
> This message has been scanned for viruses and
> dangerous content by MailScanner, and is
> believed to be clean.
>
>
>
>
>
> ---------- Forwarded message ----------
> From: David Minard <david at scem.uws.edu.au>
> To: samba at lists.samba.org
> Cc:
> Date: Thu, 01 Oct 2015 10:24:59 +1000
> Subject: [Samba] 4th DC Unable to Replicate - WERR_DS_DRA_ACCESS_DENIED
> G'day All,
>
> I've been setting up a new set of DCs, using 4.2.3 and all was going
> well until I tried to get a 4th DC going. I'm using bind_DLZ, and I think
> this is where I went wrong.
>
> I provisioned the new DC before having set up bind properly (I forgot
> to "yum install bind bind-util bind-libs") before hand. The provision
> worked okay, except that it told me that it couldn't work out what version
> of bind was installed, and that I had to edit the
> "/usr/local/samba/private/named.conf" file. Which I have done, and
> uncommented out the 9.9 line).
>
> Then, I started bind, and then samba. All seemed well, except that it
> has replication errors. So I went through the ownership of files, as
> described by the wiki, making changes as appropriate, and compared them to
> my other DCs. They now all seemed right. bind and samba restarted.
>
>
> samba-tool drs showrepl
>
> ERROR(<class 'samba.drs_utils.drsException'>): DRS connection to
> samba4-40.samba4.scem.westernsydney.edu.au failed - drsException: DRS
> connection to samba4-40.samba4.scem.westernsydney.edu.au failed:
> (-1073741772, 'The object name is not found.')
> File
> "/usr/local/samba/lib64/python2.7/site-packages/samba/netcmd/drs.py", line
> 39, in drsuapi_connect
> (ctx.drsuapi, ctx.drsuapi_handle, ctx.bind_supported_extensions) =
> drs_utils.drsuapi_connect(ctx.server, ctx.lp, ctx.creds)
> File
> "/usr/local/samba/lib64/python2.7/site-packages/samba/drs_utils.py", line
> 54, in drsuapi_connect
> raise drsException("DRS connection to %s failed: %s" % (server, e))
>
>
> I have the server name in /etc/hosts. I have resolve.conf pointing to the
> other DCs.
>
> If I "samba-tool drs showrepl samba4-40" I get
>
> Default-First-Site-Name\SAMBA4-40
> DSA Options: 0x00000001
> DSA object GUID: 072d7de1-f6f3-45e0-bbcd-4ba17b0054ab
> DSA invocationId: acea15ea-f471-42b9-84c3-8dc44bd98da4
>
> ==== INBOUND NEIGHBORS ====
>
> CN=Configuration,DC=samba4,DC=scem,DC=westernsydney,DC=edu,DC=au
> Default-First-Site-Name\SAMBA4-10 via RPC
> DSA object GUID: 7fa7fc88-8d99-4217-b329-7e82324ec084
> Last attempt @ Thu Oct 1 10:13:37 2015 AEST was successful
> 0 consecutive failure(s).
> Last success @ Thu Oct 1 10:13:37 2015 AEST
>
> CN=Configuration,DC=samba4,DC=scem,DC=westernsydney,DC=edu,DC=au
> Default-First-Site-Name\SAMBA4-00 via RPC
> DSA object GUID: 56352be2-bdf3-4a54-87a5-1355417519de
> Last attempt @ Thu Oct 1 10:13:37 2015 AEST failed, result 8453
> (WERR_DS_DRA_ACCESS_DENIED)
> 205 consecutive failure(s).
> Last success @ Thu Oct 1 10:13:37 2015 AEST
>
> CN=Configuration,DC=samba4,DC=scem,DC=westernsydney,DC=edu,DC=au
> Default-First-Site-Name\SAMBA4-20 via RPC
> DSA object GUID: 21a9f003-e429-4320-81c3-06e995652d11
> Last attempt @ Thu Oct 1 10:13:37 2015 AEST failed, result 8453
> (WERR_DS_DRA_ACCESS_DENIED)
> 205 consecutive failure(s).
> Last success @ Thu Oct 1 10:13:37 2015 AEST
>
> DC=samba4,DC=scem,DC=westernsydney,DC=edu,DC=au
> Default-First-Site-Name\SAMBA4-10 via RPC
> DSA object GUID: 7fa7fc88-8d99-4217-b329-7e82324ec084
> Last attempt @ Thu Oct 1 10:13:37 2015 AEST was successful
> 0 consecutive failure(s).
> Last success @ Thu Oct 1 10:13:37 2015 AEST
>
> DC=samba4,DC=scem,DC=westernsydney,DC=edu,DC=au
> Default-First-Site-Name\SAMBA4-00 via RPC
> DSA object GUID: 56352be2-bdf3-4a54-87a5-1355417519de
> Last attempt @ Thu Oct 1 10:13:37 2015 AEST failed, result 8453
> (WERR_DS_DRA_ACCESS_DENIED)
> 205 consecutive failure(s).
> Last success @ Thu Oct 1 10:13:37 2015 AEST
>
> DC=samba4,DC=scem,DC=westernsydney,DC=edu,DC=au
> Default-First-Site-Name\SAMBA4-20 via RPC
> DSA object GUID: 21a9f003-e429-4320-81c3-06e995652d11
> Last attempt @ Thu Oct 1 10:13:38 2015 AEST failed, result 8453
> (WERR_DS_DRA_ACCESS_DENIED)
> 205 consecutive failure(s).
> Last success @ Thu Oct 1 10:13:38 2015 AEST
>
> DC=ForestDnsZones,DC=samba4,DC=scem,DC=westernsydney,DC=edu,DC=au
> Default-First-Site-Name\SAMBA4-10 via RPC
> DSA object GUID: 7fa7fc88-8d99-4217-b329-7e82324ec084
> Last attempt @ Thu Oct 1 10:13:36 2015 AEST was successful
> 0 consecutive failure(s).
> Last success @ Thu Oct 1 10:13:36 2015 AEST
>
> DC=ForestDnsZones,DC=samba4,DC=scem,DC=westernsydney,DC=edu,DC=au
> Default-First-Site-Name\SAMBA4-00 via RPC
> DSA object GUID: 56352be2-bdf3-4a54-87a5-1355417519de
> Last attempt @ Thu Oct 1 10:13:36 2015 AEST failed, result 8453
> (WERR_DS_DRA_ACCESS_DENIED)
> 205 consecutive failure(s).
> Last success @ Thu Oct 1 10:13:36 2015 AEST
>
> DC=ForestDnsZones,DC=samba4,DC=scem,DC=westernsydney,DC=edu,DC=au
> Default-First-Site-Name\SAMBA4-20 via RPC
> DSA object GUID: 21a9f003-e429-4320-81c3-06e995652d11
> Last attempt @ Thu Oct 1 10:13:36 2015 AEST failed, result 8453
> (WERR_DS_DRA_ACCESS_DENIED)
> 205 consecutive failure(s).
> Last success @ Thu Oct 1 10:13:36 2015 AEST
>
> CN=Schema,CN=Configuration,DC=samba4,DC=scem,DC=westernsydney,DC=edu,DC=au
> Default-First-Site-Name\SAMBA4-10 via RPC
> DSA object GUID: 7fa7fc88-8d99-4217-b329-7e82324ec084
> Last attempt @ Thu Oct 1 10:13:38 2015 AEST was successful
> 0 consecutive failure(s).
> Last success @ Thu Oct 1 10:13:38 2015 AEST
>
> CN=Schema,CN=Configuration,DC=samba4,DC=scem,DC=westernsydney,DC=edu,DC=au
> Default-First-Site-Name\SAMBA4-00 via RPC
> DSA object GUID: 56352be2-bdf3-4a54-87a5-1355417519de
> Last attempt @ Thu Oct 1 10:13:38 2015 AEST failed, result 8453
> (WERR_DS_DRA_ACCESS_DENIED)
> 205 consecutive failure(s).
> Last success @ Thu Oct 1 10:13:38 2015 AEST
>
> CN=Schema,CN=Configuration,DC=samba4,DC=scem,DC=westernsydney,DC=edu,DC=au
> Default-First-Site-Name\SAMBA4-20 via RPC
> DSA object GUID: 21a9f003-e429-4320-81c3-06e995652d11
> Last attempt @ Thu Oct 1 10:13:39 2015 AEST failed, result 8453
> (WERR_DS_DRA_ACCESS_DENIED)
> 205 consecutive failure(s).
> Last success @ Thu Oct 1 10:13:39 2015 AEST
>
> DC=DomainDnsZones,DC=samba4,DC=scem,DC=westernsydney,DC=edu,DC=au
> Default-First-Site-Name\SAMBA4-10 via RPC
> DSA object GUID: 7fa7fc88-8d99-4217-b329-7e82324ec084
> Last attempt @ Thu Oct 1 10:13:36 2015 AEST was successful
> 0 consecutive failure(s).
> Last success @ Thu Oct 1 10:13:36 2015 AEST
>
> DC=DomainDnsZones,DC=samba4,DC=scem,DC=westernsydney,DC=edu,DC=au
> Default-First-Site-Name\SAMBA4-00 via RPC
> DSA object GUID: 56352be2-bdf3-4a54-87a5-1355417519de
> Last attempt @ Thu Oct 1 10:13:36 2015 AEST failed, result 8453
> (WERR_DS_DRA_ACCESS_DENIED)
> 205 consecutive failure(s).
> Last success @ Thu Oct 1 10:13:36 2015 AEST
>
> DC=DomainDnsZones,DC=samba4,DC=scem,DC=westernsydney,DC=edu,DC=au
> Default-First-Site-Name\SAMBA4-20 via RPC
> DSA object GUID: 21a9f003-e429-4320-81c3-06e995652d11
> Last attempt @ Thu Oct 1 10:13:36 2015 AEST failed, result 8453
> (WERR_DS_DRA_ACCESS_DENIED)
> 205 consecutive failure(s).
> Last success @ Thu Oct 1 10:13:36 2015 AEST
>
> ==== OUTBOUND NEIGHBORS ====
>
> ==== KCC CONNECTION OBJECTS ====
>
> Connection --
> Connection name: 0809eed4-d61d-4c7f-89cb-f230311fc7e3
> Enabled : TRUE
> Server DNS name : samba4-00.samba4.scem.westernsydney.edu.au
> Server DN name : CN=NTDS
> Settings,CN=SAMBA4-00,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=samba4,DC=scem,DC=westernsydney,DC=edu,DC=au
> TransportType: RPC
> options: 0x00000001
> Warning: No NC replicated for Connection!
> Connection --
> Connection name: 78bb6883-6d6a-4c5c-9d6b-39f256823401
> Enabled : TRUE
> Server DNS name : samba4-10.samba4.scem.westernsydney.edu.au
> Server DN name : CN=NTDS
> Settings,CN=SAMBA4-10,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=samba4,DC=scem,DC=westernsydney,DC=edu,DC=au
> TransportType: RPC
> options: 0x00000001
> Warning: No NC replicated for Connection!
> Connection --
> Connection name: c91eece0-11bb-416f-888d-6e87e9439abf
> Enabled : TRUE
> Server DNS name : samba4-20.samba4.scem.westernsydney.edu.au
> Server DN name : CN=NTDS
> Settings,CN=SAMBA4-20,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=samba4,DC=scem,DC=westernsydney,DC=edu,DC=au
> TransportType: RPC
> options: 0x00000001
> Warning: No NC replicated for Connection!
>
>
>
> On another dc "samba-tool drs showrepl" gives me:
>
> Default-First-Site-Name\SAMBA4-20
> DSA Options: 0x00000001
> DSA object GUID: 21a9f003-e429-4320-81c3-06e995652d11
> DSA invocationId: e5e45b36-50e5-4f56-97d3-11e1cb7f1b22
>
> ==== INBOUND NEIGHBORS ====
>
> CN=Configuration,DC=samba4,DC=scem,DC=westernsydney,DC=edu,DC=au
> Default-First-Site-Name\SAMBA4-00 via RPC
> DSA object GUID: 56352be2-bdf3-4a54-87a5-1355417519de
> Last attempt @ Thu Oct 1 10:13:55 2015 AEST was successful
> 0 consecutive failure(s).
> Last success @ Thu Oct 1 10:13:55 2015 AEST
>
> CN=Configuration,DC=samba4,DC=scem,DC=westernsydney,DC=edu,DC=au
> Default-First-Site-Name\SAMBA4-10 via RPC
> DSA object GUID: 7fa7fc88-8d99-4217-b329-7e82324ec084
> Last attempt @ Thu Oct 1 10:13:55 2015 AEST was successful
> 0 consecutive failure(s).
> Last success @ Thu Oct 1 10:13:55 2015 AEST
>
> CN=Configuration,DC=samba4,DC=scem,DC=westernsydney,DC=edu,DC=au
> Default-First-Site-Name\SAMBA4-40 via RPC
> DSA object GUID: 072d7de1-f6f3-45e0-bbcd-4ba17b0054ab
> Last attempt @ Thu Oct 1 10:13:55 2015 AEST failed, result 2
> (WERR_BADFILE)
> 208 consecutive failure(s).
> Last success @ NTTIME(0)
>
> DC=samba4,DC=scem,DC=westernsydney,DC=edu,DC=au
> Default-First-Site-Name\SAMBA4-00 via RPC
> DSA object GUID: 56352be2-bdf3-4a54-87a5-1355417519de
> Last attempt @ Thu Oct 1 10:13:55 2015 AEST was successful
> 0 consecutive failure(s).
> Last success @ Thu Oct 1 10:13:55 2015 AEST
>
> DC=samba4,DC=scem,DC=westernsydney,DC=edu,DC=au
> Default-First-Site-Name\SAMBA4-10 via RPC
> DSA object GUID: 7fa7fc88-8d99-4217-b329-7e82324ec084
> Last attempt @ Thu Oct 1 10:13:56 2015 AEST was successful
> 0 consecutive failure(s).
> Last success @ Thu Oct 1 10:13:56 2015 AEST
>
> DC=samba4,DC=scem,DC=westernsydney,DC=edu,DC=au
> Default-First-Site-Name\SAMBA4-40 via RPC
> DSA object GUID: 072d7de1-f6f3-45e0-bbcd-4ba17b0054ab
> Last attempt @ Thu Oct 1 10:13:56 2015 AEST failed, result 2
> (WERR_BADFILE)
> 208 consecutive failure(s).
> Last success @ NTTIME(0)
>
> DC=ForestDnsZones,DC=samba4,DC=scem,DC=westernsydney,DC=edu,DC=au
> Default-First-Site-Name\SAMBA4-00 via RPC
> DSA object GUID: 56352be2-bdf3-4a54-87a5-1355417519de
> Last attempt @ Thu Oct 1 10:13:54 2015 AEST was successful
> 0 consecutive failure(s).
> Last success @ Thu Oct 1 10:13:54 2015 AEST
>
> DC=ForestDnsZones,DC=samba4,DC=scem,DC=westernsydney,DC=edu,DC=au
> Default-First-Site-Name\SAMBA4-10 via RPC
> DSA object GUID: 7fa7fc88-8d99-4217-b329-7e82324ec084
> Last attempt @ Thu Oct 1 10:13:54 2015 AEST was successful
> 0 consecutive failure(s).
> Last success @ Thu Oct 1 10:13:54 2015 AEST
>
> DC=ForestDnsZones,DC=samba4,DC=scem,DC=westernsydney,DC=edu,DC=au
> Default-First-Site-Name\SAMBA4-40 via RPC
> DSA object GUID: 072d7de1-f6f3-45e0-bbcd-4ba17b0054ab
> Last attempt @ Thu Oct 1 10:13:54 2015 AEST failed, result 2
> (WERR_BADFILE)
> 208 consecutive failure(s).
> Last success @ NTTIME(0)
>
> CN=Schema,CN=Configuration,DC=samba4,DC=scem,DC=westernsydney,DC=edu,DC=au
> Default-First-Site-Name\SAMBA4-00 via RPC
> DSA object GUID: 56352be2-bdf3-4a54-87a5-1355417519de
> Last attempt @ Thu Oct 1 10:13:56 2015 AEST was successful
> 0 consecutive failure(s).
> Last success @ Thu Oct 1 10:13:56 2015 AEST
>
> CN=Schema,CN=Configuration,DC=samba4,DC=scem,DC=westernsydney,DC=edu,DC=au
> Default-First-Site-Name\SAMBA4-10 via RPC
> DSA object GUID: 7fa7fc88-8d99-4217-b329-7e82324ec084
> Last attempt @ Thu Oct 1 10:13:56 2015 AEST was successful
> 0 consecutive failure(s).
> Last success @ Thu Oct 1 10:13:56 2015 AEST
>
> CN=Schema,CN=Configuration,DC=samba4,DC=scem,DC=westernsydney,DC=edu,DC=au
> Default-First-Site-Name\SAMBA4-40 via RPC
> DSA object GUID: 072d7de1-f6f3-45e0-bbcd-4ba17b0054ab
> Last attempt @ Thu Oct 1 10:13:57 2015 AEST failed, result 2
> (WERR_BADFILE)
> 208 consecutive failure(s).
> Last success @ NTTIME(0)
>
> DC=DomainDnsZones,DC=samba4,DC=scem,DC=westernsydney,DC=edu,DC=au
> Default-First-Site-Name\SAMBA4-00 via RPC
> DSA object GUID: 56352be2-bdf3-4a54-87a5-1355417519de
> Last attempt @ Thu Oct 1 10:13:54 2015 AEST was successful
> 0 consecutive failure(s).
> Last success @ Thu Oct 1 10:13:54 2015 AEST
>
> DC=DomainDnsZones,DC=samba4,DC=scem,DC=westernsydney,DC=edu,DC=au
> Default-First-Site-Name\SAMBA4-10 via RPC
> DSA object GUID: 7fa7fc88-8d99-4217-b329-7e82324ec084
> Last attempt @ Thu Oct 1 10:13:54 2015 AEST was successful
> 0 consecutive failure(s).
> Last success @ Thu Oct 1 10:13:54 2015 AEST
>
> DC=DomainDnsZones,DC=samba4,DC=scem,DC=westernsydney,DC=edu,DC=au
> Default-First-Site-Name\SAMBA4-40 via RPC
> DSA object GUID: 072d7de1-f6f3-45e0-bbcd-4ba17b0054ab
> Last attempt @ Thu Oct 1 10:13:55 2015 AEST failed, result 2
> (WERR_BADFILE)
> 208 consecutive failure(s).
> Last success @ NTTIME(0)
>
> ==== OUTBOUND NEIGHBORS ====
>
> CN=Configuration,DC=samba4,DC=scem,DC=westernsydney,DC=edu,DC=au
> Default-First-Site-Name\SAMBA4-40 via RPC
> DSA object GUID: 072d7de1-f6f3-45e0-bbcd-4ba17b0054ab
> Last attempt @ Thu Oct 1 10:14:58 2015 AEST failed, result 2
> (WERR_BADFILE)
> 12196 consecutive failure(s).
> Last success @ NTTIME(0)
>
> CN=Configuration,DC=samba4,DC=scem,DC=westernsydney,DC=edu,DC=au
> Default-First-Site-Name\SAMBA4-00 via RPC
> DSA object GUID: 56352be2-bdf3-4a54-87a5-1355417519de
> Last attempt @ NTTIME(0) was successful
> 0 consecutive failure(s).
> Last success @ NTTIME(0)
>
> CN=Configuration,DC=samba4,DC=scem,DC=westernsydney,DC=edu,DC=au
> Default-First-Site-Name\SAMBA4-10 via RPC
> DSA object GUID: 7fa7fc88-8d99-4217-b329-7e82324ec084
> Last attempt @ NTTIME(0) was successful
> 0 consecutive failure(s).
> Last success @ NTTIME(0)
>
> DC=samba4,DC=scem,DC=westernsydney,DC=edu,DC=au
> Default-First-Site-Name\SAMBA4-40 via RPC
> DSA object GUID: 072d7de1-f6f3-45e0-bbcd-4ba17b0054ab
> Last attempt @ Thu Oct 1 10:14:59 2015 AEST failed, result 2
> (WERR_BADFILE)
> 12195 consecutive failure(s).
> Last success @ NTTIME(0)
>
> DC=samba4,DC=scem,DC=westernsydney,DC=edu,DC=au
> Default-First-Site-Name\SAMBA4-00 via RPC
> DSA object GUID: 56352be2-bdf3-4a54-87a5-1355417519de
> Last attempt @ NTTIME(0) was successful
> 0 consecutive failure(s).
> Last success @ NTTIME(0)
>
> DC=samba4,DC=scem,DC=westernsydney,DC=edu,DC=au
> Default-First-Site-Name\SAMBA4-10 via RPC
> DSA object GUID: 7fa7fc88-8d99-4217-b329-7e82324ec084
> Last attempt @ NTTIME(0) was successful
> 0 consecutive failure(s).
> Last success @ NTTIME(0)
>
> DC=ForestDnsZones,DC=samba4,DC=scem,DC=westernsydney,DC=edu,DC=au
> Default-First-Site-Name\SAMBA4-40 via RPC
> DSA object GUID: 072d7de1-f6f3-45e0-bbcd-4ba17b0054ab
> Last attempt @ Thu Oct 1 10:14:58 2015 AEST failed, result 2
> (WERR_BADFILE)
> 12197 consecutive failure(s).
> Last success @ NTTIME(0)
>
> DC=ForestDnsZones,DC=samba4,DC=scem,DC=westernsydney,DC=edu,DC=au
> Default-First-Site-Name\SAMBA4-00 via RPC
> DSA object GUID: 56352be2-bdf3-4a54-87a5-1355417519de
> Last attempt @ NTTIME(0) was successful
> 0 consecutive failure(s).
> Last success @ NTTIME(0)
>
> DC=ForestDnsZones,DC=samba4,DC=scem,DC=westernsydney,DC=edu,DC=au
> Default-First-Site-Name\SAMBA4-10 via RPC
> DSA object GUID: 7fa7fc88-8d99-4217-b329-7e82324ec084
> Last attempt @ NTTIME(0) was successful
> 0 consecutive failure(s).
> Last success @ NTTIME(0)
>
> CN=Schema,CN=Configuration,DC=samba4,DC=scem,DC=westernsydney,DC=edu,DC=au
> Default-First-Site-Name\SAMBA4-40 via RPC
> DSA object GUID: 072d7de1-f6f3-45e0-bbcd-4ba17b0054ab
> Last attempt @ Thu Oct 1 10:14:59 2015 AEST failed, result 2
> (WERR_BADFILE)
> 12194 consecutive failure(s).
> Last success @ NTTIME(0)
>
> CN=Schema,CN=Configuration,DC=samba4,DC=scem,DC=westernsydney,DC=edu,DC=au
> Default-First-Site-Name\SAMBA4-00 via RPC
> DSA object GUID: 56352be2-bdf3-4a54-87a5-1355417519de
> Last attempt @ NTTIME(0) was successful
> 0 consecutive failure(s).
> Last success @ NTTIME(0)
>
> CN=Schema,CN=Configuration,DC=samba4,DC=scem,DC=westernsydney,DC=edu,DC=au
> Default-First-Site-Name\SAMBA4-10 via RPC
> DSA object GUID: 7fa7fc88-8d99-4217-b329-7e82324ec084
> Last attempt @ NTTIME(0) was successful
> 0 consecutive failure(s).
> Last success @ NTTIME(0)
>
> DC=DomainDnsZones,DC=samba4,DC=scem,DC=westernsydney,DC=edu,DC=au
> Default-First-Site-Name\SAMBA4-40 via RPC
> DSA object GUID: 072d7de1-f6f3-45e0-bbcd-4ba17b0054ab
> Last attempt @ Thu Oct 1 10:14:58 2015 AEST failed, result 2
> (WERR_BADFILE)
> 12196 consecutive failure(s).
> Last success @ NTTIME(0)
>
> DC=DomainDnsZones,DC=samba4,DC=scem,DC=westernsydney,DC=edu,DC=au
> Default-First-Site-Name\SAMBA4-00 via RPC
> DSA object GUID: 56352be2-bdf3-4a54-87a5-1355417519de
> Last attempt @ NTTIME(0) was successful
> 0 consecutive failure(s).
> Last success @ NTTIME(0)
>
> DC=DomainDnsZones,DC=samba4,DC=scem,DC=westernsydney,DC=edu,DC=au
> Default-First-Site-Name\SAMBA4-10 via RPC
> DSA object GUID: 7fa7fc88-8d99-4217-b329-7e82324ec084
> Last attempt @ NTTIME(0) was successful
> 0 consecutive failure(s).
> Last success @ NTTIME(0)
>
> ==== KCC CONNECTION OBJECTS ====
>
> Connection --
> Connection name: 19cae640-3d3a-4c64-83f0-7cb99b8e2303
> Enabled : TRUE
> Server DNS name : samba4-10.samba4.scem.westernsydney.edu.au
> Server DN name : CN=NTDS
> Settings,CN=SAMBA4-10,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=samba4,DC=scem,DC=westernsydney,DC=edu,DC=au
> TransportType: RPC
> options: 0x00000001
> Warning: No NC replicated for Connection!
> Connection --
> Connection name: 9648274d-fbcc-4974-8e00-32dedef0482c
> Enabled : TRUE
> Server DNS name : samba4-00.samba4.scem.westernsydney.edu.au
> Server DN name : CN=NTDS
> Settings,CN=SAMBA4-00,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=samba4,DC=scem,DC=westernsydney,DC=edu,DC=au
> TransportType: RPC
> options: 0x00000001
> Warning: No NC replicated for Connection!
> Connection --
> Connection name: dd40f960-8f12-4d8e-8027-e4284a3e063b
> Enabled : TRUE
> Server DNS name : samba4-40.samba4.scem.westernsydney.edu.au
> Server DN name : CN=NTDS
> Settings,CN=SAMBA4-40,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=samba4,DC=scem,DC=westernsydney,DC=edu,DC=au
> TransportType: RPC
> options: 0x00000001
> Warning: No NC replicated for Connection!
>
>
> Which is what I'd expect given that samba4-40 has issues.
>
> So, I thought that I'd try to demote samba4-40 and re-try the domain join.
>
> samb-tool domain demote -U administrator
>
> Using samba4-00.samba4.scem.westernsydney.edu.au as partner server for
> the demotion
> Password for [SCEM_AD\administrator]:
> Deactivating inbound replication
> Asking partner server samba4-00.samba4.scem.westernsydney.edu.au to
> synchronize from us
> Error while demoting, re-enabling inbound replication
> ERROR(<class 'samba.drs_utils.drsException'>): Error while sending a
> DsReplicaSync for partion
> CN=Schema,CN=Configuration,DC=samba4,DC=scem,DC=westernsydney,DC=edu,DC=au
> - drsException: DsReplicaSync failed (2, 'WERR_BADFILE')
> File
> "/usr/local/samba/lib64/python2.7/site-packages/samba/netcmd/domain.py",
> line 712, in run
> sendDsReplicaSync(drsuapiBind, drsuapi_handle, ntds_guid, str(part),
> drsuapi.DRSUAPI_DRS_WRIT_REP)
> File
> "/usr/local/samba/lib64/python2.7/site-packages/samba/drs_utils.py", line
> 83, in sendDsReplicaSync
> raise drsException("DsReplicaSync failed %s" % estr)
>
>
>
> HELP !! I'm now stuck. I've not seen "WERR_DS_DRA_ACCESS_DENIED"
> before, and I don't know how to fix it.
>
> I don't know if running the domain join again is a good idea, or if
> that will break more stuff....
>
> --
>
> Cheers,
> David Minard.
> Ph: 0247 360 155
> Fax: 0247 360 770
>
> School of Computing, Engineering, and Mathematics
> Building Y - Penrith Campus (Kingswood)
> Locked bag 1797
> Penrith South DC
> NSW 1797
>
> [Sometimes waking up just isn't worth the insult of the day to come.]
>
>
> --
> This message has been scanned for viruses and
> dangerous content by MailScanner, and is
> believed to be clean.
>
>
>
>
>
> ---------- Forwarded message ----------
> From: David Minard <david at scem.uws.edu.au>
> To: samba at lists.samba.org
> Cc:
> Date: Thu, 01 Oct 2015 14:22:27 +1000
> Subject: [Samba] Replication Failing - NT_STATUS_IO_TIMEOUT
> G'day Rowland,
>
> On 29/09/15 15:30, David Minard wrote:
>>
>>> I'm working on a brand new set of Samba DCs, as our University changed
>>> it's domain name, so we thought we'd start from scratch. Working on 4.2.3
>>> at the moment.
>>>
>>> I finally got the new DC to join, but I had to wait until things got
>>> quiet (midnight-ish).
>>>
>>>
>>> Getting confused now, you originally posted this:
>>
>> I'm trying to commission another DC (number 5) in our production set up,
>> as we've opened up a new site. All DCs are samba-4.0.25 self compiled.
>> Yet now you say you are setting up a new domain, which is it ?
>> If you are setting up a new domain, I hope you are not doing this in
>> production.
>>
>
> Sorry for the confusion. I was just commenting to Marc that I am also
> running up a new set of samba servers, as he suggested moving to a
> supported version. I'm loathed to jump up from this version to the
> latest on the production system. Next, year, I hope the newer DCs I'm
> setting up with the new samba.domain will be in production, and the current
> production set will be retired.
>
> Our production version is 4.0.25, and this is the one with the problem
> described in this thread.
>
> I did end up getting samba4-05 to join, but even after a day or so, it
> did not have any of the domain users, groups, computers - just the standard
> stuff that comes with a new DC... Strange.
>
>
>> If you are setting up a new domain and self-compiling Samba, then you
>> might as well use the latest version, this should reduce your chances of
>> getting hit by a bug.
>>
>
> Working on that.
>
>
>> Rowland
>>
>>
> --
>
> Cheers,
> David Minard.
> Ph: 0247 360 155
> Fax: 0247 360 770
>
> School of Computing, Engineering, and Mathematics
> Building Y - Penrith Campus (Kingswood)
> Locked bag 1797
> Penrith South DC
> NSW 1797
>
> [Sometimes waking up just isn't worth the insult of the day to come.]
>
>
> --
> This message has been scanned for viruses and
> dangerous content by MailScanner, and is
> believed to be clean.
>
>
>
>
>
> ---------- Forwarded message ----------
> From: mathias dufresne <infractory at gmail.com>
> To: samba <samba at lists.samba.org>
> Cc:
> Date: Thu, 1 Oct 2015 10:02:28 +0200
> Subject: Re: [Samba] Fwd: net rpc lookup from group names that start with
> "-"
> Hi Rowland,
>
> I'm not good at betting :p
>
> I didn't meant to be rough answering that. My point was the same as for the
> difference between advising to run ./configure or ./configure --help: give
> users information for they deal with issue themselves. That's why I took
> time to explain these behaviours, with errors as shown below.
>
> Now if it works it's because Samba is well developed, or they - and we,
> users - are lucky. Most commands don't take backslash in account:
>
> $ echo toto > -h
> $ cat -h
> cat : option invalide -- 'h'
> $ cat \-h
> cat : option invalide -- 'h'
> $ cat '\-h'
> cat: \-h: No such file or directory
> $ cat "\-h"
> cat: \-h: No such file or directory
> $ cat -- -h
> toto
>
> Anyway all that shows I was wrong: "\-h" is not interpreted by the shell
> and the command receives \-h as file name, which is not what I expected.
> I'm growing old perhaps, I don't take enough time to test, too much trust
> into my experience, which is always a bad thing.
>
> Sorry to have been rude, have a nice day ;)
>
> Cheers,
>
> mathias
>
> 2015-09-30 18:04 GMT+02:00 Rowland Penny <rowlandpenny241155 at gmail.com>:
>
> > On 30/09/15 15:59, mathias dufresne wrote:
> >
> >> I bet that won't work.
> >> net rpc ..... "\-dash group" -> the shell look into quotes and interpret
> >> things inside quotes. Because of double quotes. So the shell will
> >> interpret
> >> \- and send only the dash to the command.
> >>
> >> net rpc ..... '\-dash group' -> the shell do not interpret things inside
> >> the quotes, because simple quotes. The shell will send [\-dash group] to
> >> the command.
> >>
> >> This is the same as:
> >> net rpc ..... "\\-dash group" -> shell interpret \\, transform it into \
> >> and send \- to the command.
> >>
> >> But the point is command is waiting for switches after dashes (-a -o...
> >> anything to tell the command how to react). The standard to tell
> commands
> >> there is no more switches is double dashes "--". And that double dashes
> >> must be surrounded by spaces to be one word and be correctly interpreted
> >> by
> >> the command.
> >>
> >>
> > Hi Mathias, This got my interest and after I thought 'why would you be
> > daft enough to start any object name with a dash', I wondered if it was
> > possible to do what the OP wanted.
> > I tried to create a group called '-dashtest' and I was able to create it
> > (after a couple of attempts). I then added a user to the group, I had to
> > resort to ldbedit to do this.
> > I then tried the command the OP posted and it didn't work (as expected),
> > so I tried adding the forwardslash, not really expecting it to work, but
> it
> > did.
> >
> > Rowland
> >
> >
> >
> > Rowland
> >
> > --
> > To unsubscribe from this list go to the following URL and read the
> > instructions: https://lists.samba.org/mailman/options/samba
> >
>
>
>
> ---------- Forwarded message ----------
> From: Rowland Penny <rowlandpenny241155 at gmail.com>
> To: samba at lists.samba.org
> Cc:
> Date: Thu, 01 Oct 2015 09:14:15 +0100
> Subject: Re: [Samba] Fwd: net rpc lookup from group names that start with
> "-"
> On 01/10/15 09:02, mathias dufresne wrote:
>
>> Hi Rowland,
>>
>> I'm not good at betting :p
>>
>> I didn't meant to be rough answering that. My point was the same as for
>> the
>> difference between advising to run ./configure or ./configure --help: give
>> users information for they deal with issue themselves. That's why I took
>> time to explain these behaviours, with errors as shown below.
>>
>> Now if it works it's because Samba is well developed, or they - and we,
>> users - are lucky. Most commands don't take backslash in account:
>>
>> $ echo toto > -h
>> $ cat -h
>> cat : option invalide -- 'h'
>> $ cat \-h
>> cat : option invalide -- 'h'
>> $ cat '\-h'
>> cat: \-h: No such file or directory
>> $ cat "\-h"
>> cat: \-h: No such file or directory
>> $ cat -- -h
>> toto
>>
>> Anyway all that shows I was wrong: "\-h" is not interpreted by the shell
>> and the command receives \-h as file name, which is not what I expected.
>> I'm growing old perhaps, I don't take enough time to test, too much trust
>> into my experience, which is always a bad thing.
>>
>> Sorry to have been rude, have a nice day ;)
>>
>> Cheers,
>>
>> mathias
>>
>> 2015-09-30 18:04 GMT+02:00 Rowland Penny <rowlandpenny241155 at gmail.com>:
>>
>> On 30/09/15 15:59, mathias dufresne wrote:
>>>
>>> I bet that won't work.
>>>> net rpc ..... "\-dash group" -> the shell look into quotes and interpret
>>>> things inside quotes. Because of double quotes. So the shell will
>>>> interpret
>>>> \- and send only the dash to the command.
>>>>
>>>> net rpc ..... '\-dash group' -> the shell do not interpret things inside
>>>> the quotes, because simple quotes. The shell will send [\-dash group] to
>>>> the command.
>>>>
>>>> This is the same as:
>>>> net rpc ..... "\\-dash group" -> shell interpret \\, transform it into \
>>>> and send \- to the command.
>>>>
>>>> But the point is command is waiting for switches after dashes (-a -o...
>>>> anything to tell the command how to react). The standard to tell
>>>> commands
>>>> there is no more switches is double dashes "--". And that double dashes
>>>> must be surrounded by spaces to be one word and be correctly interpreted
>>>> by
>>>> the command.
>>>>
>>>>
>>>> Hi Mathias, This got my interest and after I thought 'why would you be
>>> daft enough to start any object name with a dash', I wondered if it was
>>> possible to do what the OP wanted.
>>> I tried to create a group called '-dashtest' and I was able to create it
>>> (after a couple of attempts). I then added a user to the group, I had to
>>> resort to ldbedit to do this.
>>> I then tried the command the OP posted and it didn't work (as expected),
>>> so I tried adding the forwardslash, not really expecting it to work, but
>>> it
>>> did.
>>>
>>> Rowland
>>>
>>>
>>>
>>> Rowland
>>>
>>> --
>>> To unsubscribe from this list go to the following URL and read the
>>> instructions: https://lists.samba.org/mailman/options/samba
>>>
>>>
> Hi, no I didn't take what you said as rude, after all, I was surprised it
> worked =-O
>
> It just shouldn't work, but does, well it did for me, having said that,
> the correct cure is for the OP to stop being stupid and to remove the '-'
> from all and any object names.
>
> Rowland
>
>
>
>
>
> ---------- Forwarded message ----------
> From: Stefan Kania <stefan at kania-online.de>
> To: samba at lists.samba.org
> Cc:
> Date: Thu, 1 Oct 2015 09:59:35 +0200
> Subject: [Samba] DDNS and internal_DNS Server
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Hello everyone,
>
> I'm looking for a Howto to uses the intenal DNS of Samba 4 together
> with isc-dhcp to create a DDNS.
>
>
> Stefan
>
>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG/MacGPG2 v2.0.16 (Darwin)
>
> iEYEARECAAYFAlYM5+cACgkQ2JOGcNAHDTay7wCfawxH+CpMOvjSkChvcMtZ7Lfz
> Z+MAoOUXm6bP5CKuLPEDZqccKu42UAF5
> =WM+d
> -----END PGP SIGNATURE-----
>
>
>
>
> ---------- Forwarded message ----------
> From: Lulzim KELMENI <lkelmeni at mairie-saint-ouen.fr>
> To: <samba at lists.samba.org>
> Cc:
> Date: Thu, 01 Oct 2015 10:08:20 +0200
> Subject: [Samba] authentication problems sernet-samba
>
>
> Hello,
>
> We have installed samba4 under Ubuntu 14.04.3 LTS.
>
> >
> root at server:~# samba -V
> > Version
> 4.2.3-SerNet-Ubuntu-7.trusty
>
> Sometimes, we have authentication
> problems.
>
> The only thing we found in log file, when it happend, is
> this :
>
> > [2015/09/28 17:27:06.750675, 3]
> ../source4/smbd/process_single.c:114(single_terminate)
> >
> single_terminate: reason[imessaging_init() failed]
> > [2015/09/28
> 17:27:06.792429, 3]
> ../source4/smbd/service_stream.c:66(stream_terminate_connection)
> >
> Terminating connection - 'imessaging_init() failed'
> > [2015/09/28
> 17:27:06.792568, 3]
> ../source4/smbd/process_single.c:114(single_terminate)
> >
> single_terminate: reason[imessaging_init() failed]
> > [2015/09/28
> 17:27:06.856406, 3]
> ../source4/smbd/service_stream.c:66(stream_terminate_connection)
> >
> Terminating connection - 'imessaging_init() failed'
> > [2015/09/28
> 17:27:06.856444, 3]
> ../source4/smbd/process_single.c:114(single_terminate)
> >
> single_terminate: reason[imessaging_init() failed]
> > [2015/09/28
> 17:27:06.908112, 3]
> ../source4/smbd/service_stream.c:66(stream_terminate_connection)
> >
> Terminating connection - 'imessaging_init() failed'
> > [2015/09/28
> 17:27:06.908157, 3]
> ../source4/smbd/process_single.c:114(single_terminate)
> >
> single_terminate: reason[imessaging_init() failed]
> > [2015/09/28
> 17:27:06.965531, 3]
> ../source4/smbd/service_stream.c:66(stream_terminate_connection)
> >
> Terminating connection - 'imessaging_init() failed'
> > [2015/09/28
> 17:27:06.965580, 3]
> ../source4/smbd/process_single.c:114(single_terminate)
> >
> single_terminate: reason[imessaging_init() failed]
> > [2015/09/28
> 17:27:07.027471, 3]
> ../source4/smbd/service_stream.c:66(stream_terminate_connection)
> >
> Terminating connection - 'imessaging_init() failed'
> > [2015/09/28
> 17:27:07.027564, 3]
> ../source4/smbd/process_single.c:114(single_terminate)
> >
> single_terminate: reason[imessaging_init() failed]
> > [2015/09/28
> 17:27:07.151542, 3]
> ../source4/smbd/service_stream.c:66(stream_terminate_connection)
> >
> Terminating connection - 'imessaging_init() failed'
> > [2015/09/28
> 17:27:07.151599, 3]
> ../source4/smbd/process_single.c:114(single_terminate)
> >
> single_terminate: reason[imessaging_init() failed]
> > [2015/09/28
> 17:27:07.153809, 3]
> ../source4/smbd/service_stream.c:66(stream_terminate_connection)
> >
> Terminating connection - 'imessaging_init() failed'
> > [2015/09/28
> 17:27:07.153875, 3]
> ../source4/smbd/process_single.c:114(single_terminate)
> >
> single_terminate: reason[imessaging_init() failed]
> > [2015/09/28
> 17:27:07.155195, 3]
> ../source4/smbd/service_stream.c:66(stream_terminate_connection)
> >
> Terminating connection - 'imessaging_init() failed'
> > [2015/09/28
> 17:27:07.155233, 3]
> ../source4/smbd/process_single.c:114(single_terminate)
> >
> single_terminate: reason[imessaging_init() failed]
> > [2015/09/28
> 17:27:07.263779, 3]
> ../source4/smbd/service_stream.c:66(stream_terminate_connection)
> >
> Terminating connection - 'imessaging_init() failed'
> > [2015/09/28
> 17:27:07.263830, 3]
> ../source4/smbd/process_single.c:114(single_terminate)
> >
> single_terminate: reason[imessaging_init() failed]
>
> Here is the smb.conf
> :
>
> # G
>
> > EST.LOCAL
> > netbios name = SERVER
> > server role = active
> directory domain controller
> > dns forwarder = xxx.xxx.xxx.xxx (IP adress
> of forwarder)
> > idmap_ldb:use rfc2307 = yes
> > log level = 3
> > max log
> size = 100000
> >
> > [netlogon]
> > path =
> /var/lib/samba/sysvol/oxygen.local/scripts
> > read only = No
> >
> >
> [sysvol]
> > path = /var/lib/samba/sysvol
> > read only = No
> >
> > Any help
> would be appreciated
> >
> > Thank yo !,
> im Direction des Systèmes
> d'Information Service Systèmes, Réseaux, Bases de données Mairie de
> Saint-Ouen
>
>
> ---------- Forwarded message ----------
> From: Rowland Penny <rowlandpenny241155 at gmail.com>
> To: samba at lists.samba.org
> Cc:
> Date: Thu, 01 Oct 2015 09:26:12 +0100
> Subject: Re: [Samba] Replication Failing - NT_STATUS_IO_TIMEOUT
> On 01/10/15 05:22, David Minard wrote:
>
>> G'day Rowland,
>>
>> On 29/09/15 15:30, David Minard wrote:
>>>
>>>> I'm working on a brand new set of Samba DCs, as our University changed
>>>> it's domain name, so we thought we'd start from scratch. Working on 4.2.3
>>>> at the moment.
>>>>
>>>> I finally got the new DC to join, but I had to wait until things got
>>>> quiet (midnight-ish).
>>>>
>>>>
>>>> Getting confused now, you originally posted this:
>>>
>>> I'm trying to commission another DC (number 5) in our production set up,
>>> as we've opened up a new site. All DCs are samba-4.0.25 self compiled.
>>> Yet now you say you are setting up a new domain, which is it ?
>>> If you are setting up a new domain, I hope you are not doing this in
>>> production.
>>>
>>
>> Sorry for the confusion. I was just commenting to Marc that I am
>> also running up a new set of samba servers, as he suggested moving to a
>> supported version. I'm loathed to jump up from this version to the
>> latest on the production system. Next, year, I hope the newer DCs I'm
>> setting up with the new samba.domain will be in production, and the current
>> production set will be retired.
>>
>> Our production version is 4.0.25, and this is the one with the
>> problem described in this thread.
>>
>> I did end up getting samba4-05 to join, but even after a day or so,
>> it did not have any of the domain users, groups, computers - just the
>> standard stuff that comes with a new DC... Strange.
>>
>>
>>> If you are setting up a new domain and self-compiling Samba, then you
>>> might as well use the latest version, this should reduce your chances of
>>> getting hit by a bug.
>>>
>>
>> Working on that.
>>
>>
>>> Rowland
>>>
>>>
>>
> I seem to remember that there was a problem with dns records and
> tombstones, have you tried searching for deleted dns records?
>
> Rowland
>
>
>
>
> ---------- Forwarded message ----------
> From: Rowland Penny <rowlandpenny241155 at gmail.com>
> To: samba at lists.samba.org
> Cc:
> Date: Thu, 01 Oct 2015 09:28:28 +0100
> Subject: Re: [Samba] DDNS and internal_DNS Server
> On 01/10/15 08:59, Stefan Kania wrote:
>
>> -----BEGIN PGP SIGNED MESSAGE-----
>> Hash: SHA1
>>
>> Hello everyone,
>>
>> I'm looking for a Howto to uses the intenal DNS of Samba 4 together
>> with isc-dhcp to create a DDNS.
>>
>>
>>
> Hi, have a look here:
>
>
> http://blog.michael.kuron-germany.de/2011/02/isc-dhcpd-dynamic-dns-updates-against-secure-microsoft-dns/
>
> Rowland
>
>
>
>
>
> ---------- Forwarded message ----------
> From: Rowland Penny <rowlandpenny241155 at gmail.com>
> To: samba at lists.samba.org
> Cc:
> Date: Thu, 01 Oct 2015 09:39:41 +0100
> Subject: Re: [Samba] authentication problems sernet-samba
> On 01/10/15 09:08, Lulzim KELMENI wrote:
>
>>
>> Hello,
>>
>> We have installed samba4 under Ubuntu 14.04.3 LTS.
>>
>> root at server:~# samba -V
>>
>>> Version
>>>
>> 4.2.3-SerNet-Ubuntu-7.trusty
>>
>> Sometimes, we have authentication
>> problems.
>>
>> The only thing we found in log file, when it happend, is
>> this :
>>
>> [2015/09/28 17:27:06.750675, 3]
>>>
>> ../source4/smbd/process_single.c:114(single_terminate)
>> single_terminate: reason[imessaging_init() failed]
>>
>>> [2015/09/28
>>>
>> 17:27:06.792429, 3]
>> ../source4/smbd/service_stream.c:66(stream_terminate_connection)
>> Terminating connection - 'imessaging_init() failed'
>>
>>> [2015/09/28
>>>
>> 17:27:06.792568, 3]
>> ../source4/smbd/process_single.c:114(single_terminate)
>> single_terminate: reason[imessaging_init() failed]
>>
>>> [2015/09/28
>>>
>> 17:27:06.856406, 3]
>> ../source4/smbd/service_stream.c:66(stream_terminate_connection)
>> Terminating connection - 'imessaging_init() failed'
>>
>>> [2015/09/28
>>>
>> 17:27:06.856444, 3]
>> ../source4/smbd/process_single.c:114(single_terminate)
>> single_terminate: reason[imessaging_init() failed]
>>
>>> [2015/09/28
>>>
>> 17:27:06.908112, 3]
>> ../source4/smbd/service_stream.c:66(stream_terminate_connection)
>> Terminating connection - 'imessaging_init() failed'
>>
>>> [2015/09/28
>>>
>> 17:27:06.908157, 3]
>> ../source4/smbd/process_single.c:114(single_terminate)
>> single_terminate: reason[imessaging_init() failed]
>>
>>> [2015/09/28
>>>
>> 17:27:06.965531, 3]
>> ../source4/smbd/service_stream.c:66(stream_terminate_connection)
>> Terminating connection - 'imessaging_init() failed'
>>
>>> [2015/09/28
>>>
>> 17:27:06.965580, 3]
>> ../source4/smbd/process_single.c:114(single_terminate)
>> single_terminate: reason[imessaging_init() failed]
>>
>>> [2015/09/28
>>>
>> 17:27:07.027471, 3]
>> ../source4/smbd/service_stream.c:66(stream_terminate_connection)
>> Terminating connection - 'imessaging_init() failed'
>>
>>> [2015/09/28
>>>
>> 17:27:07.027564, 3]
>> ../source4/smbd/process_single.c:114(single_terminate)
>> single_terminate: reason[imessaging_init() failed]
>>
>>> [2015/09/28
>>>
>> 17:27:07.151542, 3]
>> ../source4/smbd/service_stream.c:66(stream_terminate_connection)
>> Terminating connection - 'imessaging_init() failed'
>>
>>> [2015/09/28
>>>
>> 17:27:07.151599, 3]
>> ../source4/smbd/process_single.c:114(single_terminate)
>> single_terminate: reason[imessaging_init() failed]
>>
>>> [2015/09/28
>>>
>> 17:27:07.153809, 3]
>> ../source4/smbd/service_stream.c:66(stream_terminate_connection)
>> Terminating connection - 'imessaging_init() failed'
>>
>>> [2015/09/28
>>>
>> 17:27:07.153875, 3]
>> ../source4/smbd/process_single.c:114(single_terminate)
>> single_terminate: reason[imessaging_init() failed]
>>
>>> [2015/09/28
>>>
>> 17:27:07.155195, 3]
>> ../source4/smbd/service_stream.c:66(stream_terminate_connection)
>> Terminating connection - 'imessaging_init() failed'
>>
>>> [2015/09/28
>>>
>> 17:27:07.155233, 3]
>> ../source4/smbd/process_single.c:114(single_terminate)
>> single_terminate: reason[imessaging_init() failed]
>>
>>> [2015/09/28
>>>
>> 17:27:07.263779, 3]
>> ../source4/smbd/service_stream.c:66(stream_terminate_connection)
>> Terminating connection - 'imessaging_init() failed'
>>
>>> [2015/09/28
>>>
>> 17:27:07.263830, 3]
>> ../source4/smbd/process_single.c:114(single_terminate)
>> single_terminate: reason[imessaging_init() failed]
>>
>> Here is the smb.conf
>> :
>>
>> # G
>>
>> EST.LOCAL
>>> netbios name = SERVER
>>> server role = active
>>>
>> directory domain controller
>>
>>> dns forwarder = xxx.xxx.xxx.xxx (IP adress
>>>
>> of forwarder)
>>
>>> idmap_ldb:use rfc2307 = yes
>>> log level = 3
>>> max log
>>>
>> size = 100000
>>
>>> [netlogon]
>>> path =
>>>
>> /var/lib/samba/sysvol/oxygen.local/scripts
>>
>>> read only = No
>>>
>>>
>>> [sysvol]
>>
>>> path = /var/lib/samba/sysvol
>>> read only = No
>>>
>>> Any help
>>>
>> would be appreciated
>>
>>> Thank yo !,
>>>
>>
> What do you mean 'authentication problems' ?
> Authenticating from what and how?
> Is there any pattern?
>
> Rowland
>
>
>
>
>
> ---------- Forwarded message ----------
> From: mourik jan heupink <heupink at merit.unu.edu>
> To: samba at lists.samba.org
> Cc:
> Date: Thu, 1 Oct 2015 13:41:33 +0200
> Subject: [Samba] ntlm_password_check: LM password, NT MD4 password in LM
> field and LMv2 failed for user username
> Hi,
>
> We're seeing these messages for some users in our DC logs. Google tells me
> that lanman hashed passwords are less strong, and should not be used
> anymore.
>
> Solutions on the internet are to enable ntlm auth and
> client ntlmv2 auth in smb.conf.
>
> But I guess this will weaken the security of our network, and it smells as
> if these users are perhaps using older windows versions, and we should
> simply tell them to upgrade? Or is there a way to stop windows xp (i
> guess...) from using lanman auth?
>
> Any ideas or suggestions how to proceed?
>
> MJ
>
>
>
> _______________________________________________
> samba mailing list
> samba at lists.samba.org
> https://lists.samba.org/mailman/listinfo/samba
>
>
More information about the samba
mailing list