[Samba] Problems joining station in domain

Marcio Demetrio Bacci marciobacci at gmail.com
Wed Aug 28 16:17:31 UTC 2019 

Hi,

>What i hoped it to try to "upgrade"  you internal DNS to bind9_dlz
>And with doing that, avoid this bug.
My production DCs use DNS Internal, so can I join a new DC using Bin9_dlz
without problems?

Regards,

Márcio Bacci

Em qua, 28 de ago de 2019 às 12:14, L.P.H. van Belle via samba <
samba at lists.samba.org> escreveu:

> Hai Marcio,
>
>
> ________________________________
>
>         Van: Marcio Demetrio Bacci [mailto:marciobacci at gmail.com]
>         Verzonden: woensdag 28 augustus 2019 15:57
>         Aan: L.P.H. van Belle; sambalist
>         Onderwerp: Re: [Samba] Problems joining station in domain
>
>
>         Hi,
>
>         >What is in /etc/ldap/ldap.conf
>         >Does it have : TLS_REQCERT allow ?
>         >If not add it.
>         Do I add this to all DC's?
>
> Yes, but as Andrew did say, we could/should use an other setting these
> days.
> He confirmed its still a bug in the DNS partitioning.
> What i hoped it to try to "upgrade"  you internal DNS to bind9_dlz
> And with doing that, avoid this bug.
>
> I suggest you read:
> Then we are left with the 2 possible workarounds as mentions in the list
> before.
> See: https://www.spinics.net/lists/samba/msg158588.html
> Adjust the code of samba a bit.
>
> Dennis pointed out, and option to upgrade/create partitions on w2k3 before
> the joins.
> Found here: https://lists.samba.org/archive/samba/2019-July/224515.html
> But as far i know that server is gone.
>
>
>         >You installed a new server, why did you not choose debian buster
> but installed debian stretch?
>         Because our Debian distribution is customized and packaged
> according to the institution's security rules. I depend on making this
> distribution available in Debian 10.
>
> Well ok, i can only respect this.
> Then i strongly suggeset you also read the subject on the list :
> TLS_REQCERT and Samba AD DC
> Because if you have security rules, then this should not be an option, and
> you should have your own CA running.
>
>
> Sso far, (office is closing), untill tomorrow.
>
>
> Greetz,
>
> Louis
>
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
>

More information about the samba mailing list