[Samba] Provisioning new AD Domain Controller

Mark Foley mfoley at novatec-inc.com
Thu Jan 18 19:05:37 UTC 2024 

On Thu Jan 18 00:51:16 2024 Mark Foley via samba <samba at lists.samba.org> wrote:
>
> Because of issues described in thread "Joining Windows 10 Domain Member to Samba
> AD/DC", I'm trying to re-provision my DC with the curren/old domain name
> mail.hprs.local instead of the newer, more correct dc1.hprs.locl.
>
> I've followed the steps in 
>
> https://wiki.samba.org/index.php/Setting_up_Samba_as_an_Active_Directory_Domain_Controller
>
> regarding "Only Applicable if Samba was Previously Installed". For the directory
> list:
>
> # smbd -b | egrep "LOCKDIR|STATEDIR|CACHEDIR|PRIVATE_DIR"
>    LOCKDIR: /var/cache/samba
>    STATEDIR: /var/lib/samba
>    CACHEDIR: /var/cache/samba
>    PRIVATE_DIR: /var/lib/samba/private
>
> I did 'rm -r /var/cache/samba* /var/lib/samba/*'. I then did the provision step
> again:
>
> samba-tool domain provision --use-rfc2307 --realm=HPRS.LOCAL --domain=HPRS \
>   --server-role=dc --dns-backend=SAMBA_INTERNAL --option=interfaces="lo eth0" \
>   --option="bind interfaces only=yes" --adminpass=pw
>
> However, when I got to the 'samba-tool dns zonelist' step, I got:
>
> Password for [administrator at HPRS.LOCL]:
>
> Notice that it is asking for the supposedly purged realm HPRS.LOCL. There must
> be more that needs to be removed other than just those egrep'ed directories.
>
> /etc/hosts is:
>
> 127.0.0.1               localhost
> 192.168.1.60             mail.hprs.local mail
>
> /etc/HOSTNAME is:
>
> mail.hprs.local
>
> The generated smb.conf is:
>
> # Global parameters
> [global]
>         bind interfaces only = Yes
>         dns forwarder = 192.168.1.1
>         interfaces = lo eth0
>         netbios name = MAIL
>         realm = HPRS.LOCAL
>         server role = active directory domain controller
>         workgroup = HPRS
>         idmap_ldb:use rfc2307 = yes
>
> [sysvol]
>         path = /var/lib/samba/sysvol
>         read only = No
>
> [netlogon]
>         path = /var/lib/samba/sysvol/hprs.local/scripts
>         read only = No
>
>
> There are no other .tdb or .ldb files on the drive.
>
> Where is this old realm name lurking, why is it associated with the
> Administrator and how do I purge it and any remaining such vestigal
> references without scratch-installing Linux?
>
> Thanks --Mark

After again removing all .tdb and .ldb files, and grepping the whole /etc
directory for any files containing hprs.locl -- and not finding any -- and
reprovisioning again, I still get:

# samba-tool dns zonelist mail
Password for [administrator at HPRS.LOCL]:

So the previous domain name is still lurking somewhere, but not findable or
killable by me.

As no one has replied to this question, I'm going to go ahead and wipe the drive
and reinsall Linux from scratch. That should eliminate any references to
HPRS.LOCL.

--Mark

More information about the samba mailing list