[Samba] Totally missing the mark here

Rowland Penny rowlandpenny at googlemail.com
Tue May 27 07:19:26 MDT 2014 

On 27/05/14 14:01, Steve Campbell wrote:
>
> On 5/27/2014 7:53 AM, Rowland Penny wrote:
>> On 27/05/14 12:36, Steve Campbell wrote:
>>>
>>> On 5/23/2014 4:45 PM, Rowland Penny wrote:
>>>> On 23/05/14 21:01, Steve Campbell wrote:
>>>>> Thanks Greg,
>>>>>
>>>>> That's the link I was following. I got down to the line for 
>>>>> testing connectivity:
>>>>>
>>>>> /usr/local/samba/bin/smbclient -L localhost -U%
>>>>>
>>>>> And I received an error, (I've been glaring at the screen all day 
>>>>> and can't remember the message, but it's the first thing done 
>>>>> other than starting samba, so I figure it's a botched job).
>>>>
>>>> Without knowing what the error message said, nobody is going to be 
>>>> able to help you ;-)
>>>>
>>>>>
>>>>> The smb.conf file seems awful short as well. There's other 
>>>>> readings out there with lots more to it, so I may follow those for 
>>>>> a while and see if I don't get further lost.
>>>>>
>>>>
>>>> The standard smb.conf on a Samba 4 AD DC is pretty short, please do 
>>>> not just add anything to it without fully understanding what is 
>>>> going to happen if you do.
>>>>
>>>> If in doubt, please ask any questions.
>>>>
>>>> Rowland
>>>>
>>>>> You all have a happy holiday if you're in the parts of the world 
>>>>> that celebrates.
>>>>>
>>>>> Thanks all.
>>>>>
>>>>> steve
>>>>> On 5/23/2014 3:38 PM, Gregory Sloop wrote:
>>>>>> I haven't been following the list carefully, but have you 
>>>>>> followed the Samba wiki?
>>>>>>
>>>>>> http://wiki.samba.org/index.php/Samba_AD_DC_HOWTO
>>>>>>
>>>>>> This should get you setup with an AD quite quickly.
>>>>>> I'm not sure about the sernet packages - I've seen _some_ 
>>>>>> problems in the past, but perhaps those reports are not valid any 
>>>>>> more. Frankly, compiling your own isn't half hard. [And since 
>>>>>> there aren't any good [read: current] distro supported packages 
>>>>>> you end up having to do "manual" updates anyway - so compiling is 
>>>>>> a little more hard than just installing a package, but also tends 
>>>>>> to help remove any potential problems/compatibility issues that 
>>>>>> often crop up from a package
>>>>>>
>>>>>> [But that's all mainly an aside. Start with the Wiki and go from 
>>>>>> there. If it doesn't work be specific with your questions etc.]
>>>>>>
>>>>>> -Greg
>>>>>>
>>>>>>
>>>>>> SC> I have to say I probably shouldn't have read that version 3 
>>>>>> samba book,
>>>>>> SC> but I did, so I'm thoroughly confused about what I should be 
>>>>>> doing to
>>>>>> SC> get this server configured properly.
>>>>>>
>>>>>> SC> I have installed the Sernet rpms on this server. For now, I'm 
>>>>>> going to
>>>>>> SC> run the AD on the same server as the file shares.
>>>>>>
>>>>>> SC> Using the wiki as a guide, I've followed the provisioning but 
>>>>>> the first
>>>>>> SC> tests don't seem to succeed.
>>>>>>
>>>>>> SC> Am I doing this backwards? Should I first make this server a 
>>>>>> normal
>>>>>> SC> Samba file server that will allow users to mount shares 
>>>>>> manually before
>>>>>> SC> proceeding on to AD stuff. I'm not seeing how I can have any 
>>>>>> valid users
>>>>>> SC> or anything following the wiki. It's like it should be 
>>>>>> Chapter 44
>>>>>> SC> instead of the first prolog.
>>>>>>
>>>>>> SC> This is really humbling.
>>>>>>
>>>>>> SC> I could use some pointers in how to bring a new server up to an
>>>>>> SC> AD/DC+fileserver.
>>>>>>
>>>>>> SC> Thanks for any help. For now, I'll dig in and read as much as 
>>>>>> I can.
>>>>>>
>>>>>> SC> steve campbell 
>>>
>>> It was late Friday, and the problem had just drained me. I was 
>>> mostly wondering about my procedure more that what was wrong. 
>>> Anyway....
>>>
>>> Here's the command and resultant error:
>>>
>>> smbclient -L localhost -U%
>>> Connection to localhost failed (Error NT_STATUS_CONNECTION_REFUSED)
>>
>> This is what I get on my test domain:
>>
>> Domain=[DOMAIN] OS=[Unix] Server=[Samba 4.1.6-Ubuntu]
>>
>>     Sharename       Type      Comment
>>     ---------       ----      -------
>>     IPC$            IPC       IPC Service (Samba 4.1.6-Ubuntu)
>>     share_b         Disk
>>     home            Disk
>>     testshare       Disk
>>     sysvol          Disk
>>     netlogon        Disk
>> Domain=[DOMAIN] OS=[Unix] Server=[Samba 4.1.6-Ubuntu]
>>
>>     Server               Comment
>>     ---------            -------
>>
>>     Workgroup            Master
>>     ---------            -------
>>     WORKGROUP
>>
>>
>>>
>>> Here's what I'm running currently:
>>>
>>> samba --version
>>> Version 4.1.7-SerNet-RedHat-8.el6
>>>
>>> The first error in the logs showing failure:
>>>
>>>   Failed to find object DC=cn,DC=cnpapers,DC=net for attribute 
>>> fsmoRoleOwner - Cannot find attribute fsmoRoleOwner of 
>>> DC=cn,DC=cnpapers,DC=net to calculate reference dn
>>>
>>> And on and on in the logs:
>>>
>>>  task_server_terminate: [dreplsrv: Failed to load partitions: 
>>> WERR_DS_DRA_INTERNAL_ERROR
>>>
>>> task_server_terminate: [Cannot start Winbind (domain controller): 
>>> Failed to find record for CN in /var/lib/samba/private/secrets.ldb: 
>>> No such object: (null): Have you provisioned the CN domain?]
>>>
>>>  task_server_terminate: [kdc: hdb_samba4_create_kdc (setup KDC 
>>> database) failed]
>>
>> What was your provision command ? and when you say that you have 
>> followed the wiki, what page(s) in particular ?
>>
>> Rowland
>>
>>>
>>> This is why I'm questioning my procedure, and using the wiki 
>>> instructions. It appears there is tons I'm not seeing that needs to 
>>> be done.
>>>
>>> Thanks for all the patience. More reading for now.
>>>
>>> steve campbell
>>>
>>>
>>>
>>
> I am using this page:
> https://wiki.samba.org/index.php/Samba_AD_DC_HOWTO
>
> I am using this command to provision:
>
> /usr/local/samba/bin/samba-tool domain provision --use-rfc2307 
> --interactive

You are starting to confuse me now ;-)
I thought that you were using the sernet packages, but from the above 
command it would seem that you have compiled samba4 yourself.

I personally always pass all the info at once i.e.
samba-tool domain provision --realm=example.com --domain=EXAMPLE 
--adminpass=P4ssw0rd* --use-rfc2307 --server-role='dc'

Your realm is usually the same as your DNS domain name and the domain 
should be the first part of your realm but in UPPERCASE ;-)

NOTE TO MARC:
This really should be in the wiki, not just telling people to do it 
interactively, especially if you are not going to show the questions 
that will be asked. Would you like me to re-write that section and send 
it to you ?

>
> I'm using the old version 3 book to make sure I understand the 
> questions that "--interactive" asks, in particular, the ones about the 
> domain.
>
Please take that copy of 'using Samba' and get rid of it ;-) Just refer 
to the wiki and ask questions here.

> I'm fairly certain that those domain questions might be the biggest 
> part of the problem.
>

Could be.

More information about the samba mailing list