How to get DRS working in Samba4
Weiss, Benjamin
Benjamin.Weiss at osbi.ok.gov
Fri Dec 4 12:36:15 MST 2009
I’ve been trying to get replication working on Samba4 for a couple of
weeks, with no success. I’ve tried the latest rsync’s, and the Alpha9.
I’m running on 64-bit Ubuntu 9.10 server, fully patched.
I’ve tried to replicate the procedure as set forth by Tridge here:
http://lists.samba.org/archive/samba-technical/2009-September/066753.htm
l
My test network is 172.16.1.0, gateway 172.16.1.1, netmask
255.255.255.0. In that post he has two virtual interfaces, which I
couldn’t work right, so I am using two physical interfaces. Eth0 is
172.16.1.5, eth1 is 172.16.1.6.
I prefer to do everything from the command line, including making
changes to configuration files, when possible. This lets me post what
I’ve done to either documentation or to help forums such as this. ;) So
below I have all of the steps I’ve taken to attempt to make this work.
The first instance seems to come up just fine the first time, but when I
then try the vampire the first time from the second instance, I get :
libnet_BecomeDC() failed - NT code 0xc00020ee
Vampire of domain failed: NT code 0xc00020ee
return code = -1
Then I stop the first instance to see what’s going on. If I start it
again, I start getting errors about :
dreplsrv_notify_schedule(5) scheduled for: Thu Dec 3 14:27:45 2009 CST
dns child failed to find name
'2e4b0881-0548-4a23-a7de-fab3e24088ca._msdcs.local.osbi.ok.gov' of type
A
dreplsrv_op_pull_source(WERR_BADFILE/NT_STATUS_NO_SUCH_DEVICE)
failures[1]
Mapped to DCERPC endpoint 135
If I then try to do the vampire again from the second instance, I get:
Vampire of domain failed: Connection to SAMR pipe of PDC for
local.osbi.ok.gov failed: Connection to DC failed: NT_STATUS_IO_TIMEOUT
return code = -1
I’m not sure what you guys need me to post, or the appropriate way to
grab debugging logs, nor the appropriate way to post them here. So,
below is my set of commands. If other files would help, I’d be happy to
post them. Hopefully somebody can help me!
sudo sh -c "echo 'HISTSIZE=10000' >> /etc/profile"
sudo apt-get update
sudo apt-get -y upgrade
sudo apt-get -y install ufw
sudo ufw allow ssh/tcp
sudo ufw enable
sudo ufw status numbered
sudo apt-get -y install attr autoconf gcc \
python python-dev bind9 dnsutils \
libattr1-dev libblkid-dev libgnutls-dev \
libreadline5-dev dhcp3-server
sudo mv /etc/fstab /etc/fstab.000
sudo sh -c "sed -e 's/errors=remount-ro/user_xattr,errors=remount-ro/' \
< /etc/fstab.000 > /etc/fstab"
sudo reboot
wget http://samba.org/samba/ftp/samba4/samba-4.0.0alpha9.tar.gz
tar -zxvf samba-4.0.0alpha9.tar.gz
cd samba-4.0.0alpha9/source4/
./autogen.sh
./configure.developer --prefix=$HOME/prefix.s4
make > $HOME/samba4-make.log 2>&1
make install
sudo ./setup/provision --realm=local.osbi.ok.gov \
--domain=OSBI --host-name=sm-dc-fsc01 \
--host-ip=172.16.1.5 --adminpass=HelloSamba \
--server-role="domain controller"
sudo ufw allow 53
sudo ufw allow 88
sudo ufw allow 445/tcp
sudo ufw allow 1024/tcp
sudo ufw allow 1025/tcp
sudo ufw allow 1026/tcp
sudo ufw allow 3268/tcp
sudo ufw allow 389
sudo ufw allow 135/tcp
sudo ufw allow 137/udp
sudo ufw allow 138/udp
sudo ufw allow 139/tcp
sudo ufw allow 464
sudo ufw status numbered
sudo cp $HOME/prefix.s4/private/local.osbi.ok.gov.zone /etc/bind
sudo mv /etc/bind/named.conf.options /etc/bind/named.conf.options.000
sudo sh -c "sed -e '/listen-on-v6/ aforwarders { 192.168.1.5; };' \
-e '/listen-on-v6/ aallow-recursion { 172.16.0.0/16; };'
\
-e '/listen-on-v6/ atkey-gssapi-credential
\"DNS/local.osbi.ok.gov\";' \
-e '/listen-on-v6/ atkey-domain \"LOCAL.OSBI.OK.GOV\";'
\
< /etc/bind/named.conf.options.000 >
/etc/bind/named.conf.options"
sudo sh -c "echo 'export KRB5_KTNAME=\"/etc/krb5.keytab\"' >>
/etc/default/bind9"
sudo cp $HOME/prefix.s4/private/dns.keytab /etc/krb5.keytab
sudo chgrp bind /etc/krb5.keytab
sudo chmod g+r /etc/krb5.keytab
sudo cp $HOME/prefix.s4/private/krb5.conf /etc/krb5.conf
sudo cp /etc/bind/named.conf.local /etc/bind.named.conf.local.000
sudo sh -c "echo 'zone \"local.osbi.ok.gov.\" IN {' >>
/etc/bind/named.conf.local"
sudo sh -c "echo ' type master;' >> /etc/bind/named.conf.local"
sudo sh -c "echo ' file \"/etc/bind/local.osbi.ok.gov.zone\";' >>
/etc/bind/named.conf.local"
sudo sh -c "echo ' update-policy {' >> /etc/bind/named.conf.local"
sudo sh -c "echo ' grant LOCAL.OSBI.OK.GOV ms-self * A AAAA;' >>
/etc/bind/named.conf.local"
sudo sh -c "echo ' };' >> /etc/bind/named.conf.local"
sudo sh -c "echo '};' >> /etc/bind/named.conf.local"
sudo sh -c "echo '' >> /etc/bind/named.conf.local"
sudo mv /etc/apparmor.d/usr.sbin.named
/etc/apparmor.d/usr.sbin.named.000
sudo sh -c "sed -e '/\/etc\/bind\/krb5.keytab kr,/ a /var/tmp/ rw,' \
< /etc/apparmor.d/usr.sbin.named.000 >>
/etc/apparmor.d/usr.sbin.named"
sudo aa-complain /etc/apparmor.d/usr.sbin.named
sudo service bind9 start
host -t SRV _ldap._tcp.local.osbi.ok.gov localhost
sudo mv $HOME/prefix.s4/etc/smb.conf $HOME/prefix.s4/etc/smb.conf.000
sudo sh -c "sed -e '/netlogon/ iinterfaces = 172.16.1.5' \
-e '/netlogon/ ibind interfaces only = yes' \
-e '/netlogon/ idreplsrv:periodic_interval = 10' \
-e '/netlogon/ idreplsrv:periodic_startup_interval = 5'
\
< $HOME/prefix.s4/etc/smb.conf.000 >
$HOME/prefix.s4/etc/smb.conf"
sudo sbin/samba -i -M single -d4 -s etc/smb.conf
sudo ufw disable
sudo sbin/samba -i -M single -d4 -s etc/smb.conf
mkdir $HOME/prefix.s4.2
cd $HOME/prefix.s4.2
mkdir -p private etc var var/lib var/run var/locks var/ncalrpc
sudo sh -c "sed -e 's/172.16.1.5/172.16.1.6/' \
-e '/netlogon/ incalrpc dir =
$HOME/prefix.s4.2/var/ncalrpc' \
-e '/netlogon/ iprivate dir = $HOME/prefix.s4.2/private'
\
-e '/netlogon/ iswat directory =
$HOME/prefix.s4.2/share/swat' \
-e '/netlogon/ ilock dir = $HOME/prefix.s4.2/var/locks'
\
-e '/netlogon/ ipid directory =
$HOME/prefix.s4.2/var/run' \
-e '/netlogon/ iwinbindd socket directory =
$HOME/prefix.s4.2/var/run/winbindd' \
-e '/netlogon/ iwinbindd privileged socket directory =
$HOME/prefix.s4.2/var/lib/winbindd_privileged' \
-e '/netlogon/ intp signd socket directory =
$HOME/prefix.s4.2/var/run/ntp_signd' \
< $HOME/prefix.s4/etc/smb.conf >
$HOME/prefix.s4.2/etc/smb.conf"
More information about the samba-technical
mailing list