[Samba] Samba as an AD server problem

Roberto Greiner roberto.greiner at fundunesp.org.br
Wed Feb 7 12:06:52 UTC 2024 

Hi,

I'm having a problem with my samba install, more specifically to use it as one of my AD servers.

To setup the server, I used a fresh Debian 12, and followed https://wiki.samba.org/index.php/Joining_a_Samba_DC_to_an_Existing_Active_Directory, using BIND9_DLZ as the DNS backend.

I did manage to make everything work and the tests indicated in the page itself work fine. But, to make sure everything was working, I made a quick serch and found that it would be interesting to test the setup from my windows server.

First (in a windows cli), 'Repadmin /replsummary' indicated everything as ok.

Then 'dcdiag /s:ad2' (where ad2 is the Debian/Samba server) also gave me an all Ok result.

Finally, I ran 'dcdiag /Test:DNS /e /v', and here the Samba server failed.

At the end of the command, it returned me the following(AD and WSUS are my current Windows AD's):
         Summary of DNS test results:

                                            Auth Basc Forw Del  Dyn  RReg Ext
            _________________________________________________________________
            Domain: xxx.xxx.xxx.xxx
               WSUS                         PASS WARN PASS FAIL PASS PASS n/a
               ad2                          PASS FAIL n/a  n/a  n/a  n/a  n/a
               AD                           PASS WARN PASS FAIL PASS WARN n/a

         ......................... xxx.xxxxx.xxxx.xxx failed test DNS
      Test omitted by user request: LocatorCheck
      Test omitted by user request: Intersite


In more detail, the server failed the DNS tests (dcdiag output):

      Test omitted by user request: VerifyReplicas

            Starting test: DNS

                  Starting test: DNS

                     DNS Tests are running and not hung. Please wait a few minutes...

                        Starting test: DNS
                           See DNS test in enterprise tests section for results
                           ......................... AD2 failed test DNS
                  See DNS test in enterprise tests section for results
                  ......................... AD passed test DNS
         See DNS test in enterprise tests section for results
         ......................... WSUS passed test DNS


Then at the authentication tests part, dcdiag accused a failure again:

               TEST: Authentication (Auth)
                  Authentication test: Successfully completed

               TEST: Basic (Basc)
                  Error: No WMI connectivity
                  [Error details: 0x800706ba (Type: HRESULT - Facility: Win32, Description: The RPC server is unavailabl
e.) - Connection to WMI server failed]
                  No host records (A or AAAA) were found for this DC

The 'No host records' did puzzle me, as 'ad2' does appear when I open the windows DNS manager, and running DNS queries against ad2 does work fine. The two windows servers did complete this test. To make sure it wasn't a connectivity problem, I ran all tests on ad2 with iptables disabled.

Any idea of where I should look to make samba pass those tests, or if it even is necessary/important for it to pass?

Thank you,

Roberto

PS:
system details:
OS Debian 12
1 GB RAM
9 GB Disk
Xen-Citrix virtualization
samba version: 2:4.17.12+dfsg-0+deb12u1 (installed via packet manager)

More information about the samba mailing list