[Samba] Samba as an AD server problem
Rowland Penny
rpenny at samba.org
Wed Feb 7 12:23:13 UTC 2024
On Wed, 7 Feb 2024 12:06:52 +0000
Roberto Greiner via samba <samba at lists.samba.org> wrote:
> Hi,
>
> I'm having a problem with my samba install, more specifically to use
> it as one of my AD servers.
>
> To setup the server, I used a fresh Debian 12, and followed
> https://wiki.samba.org/index.php/Joining_a_Samba_DC_to_an_Existing_Active_Directory,
> using BIND9_DLZ as the DNS backend.
>
> I did manage to make everything work and the tests indicated in the
> page itself work fine. But, to make sure everything was working, I
> made a quick serch and found that it would be interesting to test the
> setup from my windows server.
>
> First (in a windows cli), 'Repadmin /replsummary' indicated
> everything as ok.
>
> Then 'dcdiag /s:ad2' (where ad2 is the Debian/Samba server) also gave
> me an all Ok result.
>
> Finally, I ran 'dcdiag /Test:DNS /e /v', and here the Samba server
> failed.
>
> At the end of the command, it returned me the following(AD and WSUS
> are my current Windows AD's):
What are the Windows Servers ?
What is their functional level ?
> Summary of DNS test results:
>
> Auth Basc Forw Del Dyn
> RReg Ext
> _________________________________________________________________
> Domain: xxx.xxx.xxx.xxx WSUS PASS WARN PASS
> FAIL PASS PASS n/a ad2 PASS FAIL n/a n/a
> n/a n/a n/a AD PASS WARN PASS FAIL PASS
> WARN n/a
>
> ......................... xxx.xxxxx.xxxx.xxx failed test DNS
> Test omitted by user request: LocatorCheck
> Test omitted by user request: Intersite
>
>
> In more detail, the server failed the DNS tests (dcdiag output):
>
> Test omitted by user request: VerifyReplicas
>
> Starting test: DNS
>
> Starting test: DNS
>
> DNS Tests are running and not hung. Please wait
> a few minutes...
>
> Starting test: DNS
> See DNS test in enterprise tests section
> for results ......................... AD2 failed test DNS
> See DNS test in enterprise tests section for results
> ......................... AD passed test DNS
> See DNS test in enterprise tests section for results
> ......................... WSUS passed test DNS
>
>
> Then at the authentication tests part, dcdiag accused a failure again:
>
> TEST: Authentication (Auth)
> Authentication test: Successfully completed
>
> TEST: Basic (Basc)
> Error: No WMI connectivity
Not surprising the 'W' in 'WMI' stands for 'Windows', I do not think
that it works on Linux.
> [Error details: 0x800706ba (Type: HRESULT -
> Facility: Win32, Description: The RPC server is unavailabl e.) -
> Connection to WMI server failed] No host records (A or AAAA) were
> found for this DC
>
> The 'No host records' did puzzle me, as 'ad2' does appear when I open
> the windows DNS manager, and running DNS queries against ad2 does
> work fine. The two windows servers did complete this test. To make
> sure it wasn't a connectivity problem, I ran all tests on ad2 with
> iptables disabled.
>
> Any idea of where I should look to make samba pass those tests, or if
> it even is necessary/important for it to pass?
>
> Thank you,
>
> Roberto
>
> PS:
> system details:
> OS Debian 12
> 1 GB RAM
> 9 GB Disk
> Xen-Citrix virtualization
> samba version: 2:4.17.12+dfsg-0+deb12u1 (installed via packet manager)
If you use Samba from backports, you will get 4.19.4
To be honest, providing everything else is working (replication, dns,
etc), I wouldn't worry about it.
Rowland
More information about the samba
mailing list