[Samba] Problems joining station in domain

L.P.H. van Belle belle at bazuin.nl
Wed Aug 28 15:13:19 UTC 2019

Hai Marcio, 


	Van: Marcio Demetrio Bacci [mailto:marciobacci at gmail.com] 
	Verzonden: woensdag 28 augustus 2019 15:57
	Aan: L.P.H. van Belle; sambalist
	Onderwerp: Re: [Samba] Problems joining station in domain
	>What is in /etc/ldap/ldap.conf
	>Does it have : TLS_REQCERT allow ? 
	>If not add it. 
	Do I add this to all DC's? 
Yes, but as Andrew did say, we could/should use an other setting these days. 
He confirmed its still a bug in the DNS partitioning. 
What i hoped it to try to "upgrade"  you internal DNS to bind9_dlz 
And with doing that, avoid this bug. 

I suggest you read:
Then we are left with the 2 possible workarounds as mentions in the list before. 
See: https://www.spinics.net/lists/samba/msg158588.html
Adjust the code of samba a bit. 

Dennis pointed out, and option to upgrade/create partitions on w2k3 before the joins. 
Found here: https://lists.samba.org/archive/samba/2019-July/224515.html
But as far i know that server is gone. 

	>You installed a new server, why did you not choose debian buster but installed debian stretch? 
	Because our Debian distribution is customized and packaged according to the institution's security rules. I depend on making this distribution available in Debian 10. 

Well ok, i can only respect this. 
Then i strongly suggeset you also read the subject on the list : TLS_REQCERT and Samba AD DC 
Because if you have security rules, then this should not be an option, and you should have your own CA running. 

Sso far, (office is closing), untill tomorrow. 



More information about the samba mailing list