Web lists-archives.com

Re: [Samba] migrating NT-style domain SID-error




On Mon, 14 May 2018 21:41:04 +0200
Stefan Kania <stefan@xxxxxxxxxxxxxxx> wrote:

> Hi Rowland,
> 
> 
> Am 14.05.2018 um 21:20 schrieb Rowland Penny via samba:
> > On Mon, 14 May 2018 20:29:18 +0200
> > Stefan Kania <stefan@xxxxxxxxxxxxxxx> wrote:
> > 
> >> Lt's go for it :-)
> >>
> >> Am 14.05.2018 um 17:59 schrieb Rowland Penny via samba:
> >>> OK, lets start with the obvious things, can you post the contents
> >>> of: /etc/resolv.conf
> >> ------------
> >> nameserver 192.168.224.4
> >> search example.net
> >> ------------
> > 
> >> That's it :-) I hope we can find the problem.
> >>
> >> Stefan
> > 
> > The only thing I can comment on is, I would have expected more
> > in /etc/bind/named.conf.options, mine is:
> > 
> >  options {
> >         directory "/var/cache/bind";
> >         version "0.0.7";
> >         forwarders { 8.8.8.8; 8.8.4.4; };
> >         dnssec-validation no;
> >         auth-nxdomain yes;    # conform to RFC1035 =no
> >         listen-on-v6 { none; };
> >         listen-on port 53 { 192.168.0.6; 127.0.0.1; };
> >         notify no;
> >         empty-zones-enable no;
> >         allow-query { 192.168.0.0/24; 127.0.0.1/32; };
> >         allow-recursion {  192.168.0.0/24; 127.0.0.1/32; };
> >         tkey-gssapi-keytab "/var/lib/samba/private/dns.keytab";
> > };
> > 
> > Every thing else looks okay.
> > 
> I have the same, I put only the "not default" stuff in this posting.
> 
> > Have you checked if apparmor is running and possibly blocking things
> It's Debian and not Ubuntu, I now the bi*** of apparmor ;-)

Well, I had to mention it, some people swear by apparmor, I normally
just swear at it ;-)

> > Have you checked AD with samba-tool dbcheck
> Yes, everything is fine there.
> 
> That's my problem, everyting "looks" fine :-(.  But we MUST find a
> solution
> 

When you upgraded, did all the Samba etc packages upgrade ? do you
have any stuck packages ?
Have you considered using Louis's packages ? This will get you a much
newer version and may fix your problem.

Rowland
 


-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba