Web lists-archives.com

Re: [Samba] DsReplicaSync failed - WERR_LOGON_FAILURE // Failed to bind to uuid for ncacn_ip_tcp - NT_STATUS_LOGON_FAILURE




On Sat, 6 Apr 2019 19:08:30 +0200
Martin Krämer <mk.maddin@xxxxxxxxx> wrote:

> hm... to be truth there were already multiple times I tough of having
> a more up-to-date version would be greate...
> Maybe I can try with my test servers first (I would start with
> http://downloads.van-belle.nl/samba4/Upgrade-info.txt here I think )
> - but first I think have to check how to get rid of sssd ( I do not
> want to build on my own)

It all depends on how you use your Samba machines. If you use your DC's
just for authentication and never log in as a domain user and never
store anything in shares (except sysvol & netlogon) then you do not
need to use sssd or anything else. It is only when you use a DC as
fileserver that you may need something like sssd. 

> Thanks for this - I tried "samba_dnsupdate" in following ways.
> All of them run through without any error telling me "No DNS updates
> needed" at the end
> 
> samba_dnsupdate --verbose
> samba_dnsupdate --verbose --rpc-server-ip=location-000001.domain.de
> samba_dnsupdate --verbose --rpc-server-ip=location-000002.domain.de
> 
> afterwards unfortunately there is still no change to the error :/

Try comparing the databases on the DC's, see 'samba-tool ldapcmp
--help' for more info.

You could also try replicating from the good DC to the other, see
'samba-tool drs replicate --help' for more info

There is also 'samba-tool dbcheck'

Finally, is something like a firewall getting in the way.

> 
> hm...this is how I currently use sssd & sudo:
> https://linux.die.net/man/5/sssd-sudo
> I think with sudo-ldap you refere to the following:
> https://www.sudo.ws/man/1.8.17/sudoers.ldap.man.html ?
> As of today my sudo rules are "linked" to the ou of the device and
> based on the  "ldap_sudo_search_base" config from sudo-sssd devices
> apply one the one matching for them.
> (nearly the same way as group policy linking in windows works)
> I think in case of switching I need to work with
> "SUDOERS_SEARCH_FILTER" or "SUDOERS_BASE" option... maybe I will
> check.

>From memory, sudo-ldap works in much the same way as sssd, the only
real difference is the lack of a cache, but, from my experience, this
would be the last thing on your mind if something has gone wrong and
you cannot login as a sudo user from ldap.

> 
> Louis once guided me to:
> https://github.com/thctlo/samba4/tree/master/howtos Are these how-to
> compliant to what you mention about samba support & winbind?

Apart from referring to older versions of Samba, they should still be
valid.

Rowland

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba