[Samba] Samba4 ClassicUpgrade post-migration issues

Rowland Penny rowlandpenny at googlemail.com
Wed Jun 18 15:42:18 MDT 2014 

On 18/06/14 22:30, Rowland Penny wrote:
> On 18/06/14 22:08, Benjamin Arntzen wrote:
>> Nothing that jumps out at me.
>>
>> My primary concern right now is that the internal DNS server returns 
>> %h.ad.digipen.edu instead of the real hostname. Even this fails:
>>
>> dpadmin at samba4-dev0:~$ ping samba4-dev0.ad.digipen.edu
>> ping: unknown host samba4-dev0.ad.digipen.edu
>>
>> ~ B
>>
>> On 06/18/2014 01:52 PM, Rowland Penny wrote:
>>> On 18/06/14 21:38, Benjamin Arntzen wrote:
>>>> Nothing :( It claims to have started successfully, but all my 
>>>> problems still persist.
>>>>
>>>> ~ B
>>>>
>>>> On 06/18/2014 12:47 PM, Rowland Penny wrote:
>>>>> On 18/06/14 20:14, Benjamin Arntzen wrote:
>>>>>> Done all suggestions, no change detected.
>>>>>>
>>>>>> And nope, no DNSmasq.
>>>>>>
>>>>>> On 06/18/2014 12:07 PM, Rowland Penny wrote:
>>>>>>> On 18/06/14 19:59, Benjamin Arntzen wrote:
>>>>>>>> Hi Rowland,
>>>>>>>>
>>>>>>>>
>>>>>>>> On 06/18/2014 11:49 AM, Rowland Penny wrote:
>>>>>>>>> On 18/06/14 19:28, Benjamin Arntzen wrote:
>>>>>>>>>> Hi there,
>>>>>>>>>>
>>>>>>>>>> I've successfully migrated an extremely large Samba3 domain 
>>>>>>>>>> to Samba4.
>>>>>>>>>> The platforms involved:
>>>>>>>>>> Samba files (/var/lib/samba) copied from a Debian 6-based 
>>>>>>>>>> Samba3 PDC with an LDAP backend
>>>>>>>>>> Debian 7 with Samba4 installed from backports, with slapd 
>>>>>>>>>> installed locally (and now disabled).
>>>>>>>>>>
>>>>>>>>>> However, a number of things appear to be wrong:
>>>>>>>>>>
>>>>>>>>>> dpadmin at samba4-dev0:~$ host -t SRV _ldap._tcp.ad.digipen.edu
>>>>>>>>>> _ldap._tcp.ad.digipen.edu has SRV record 0 100 389 
>>>>>>>>>> %h.ad.digipen.edu.
>>>>>>>>>>
>>>>>>>>>> dpadmin at samba4-dev0:~$ sudo service samba restart
>>>>>>>>>> [ ok ] Stopping NetBIOS name server: nmbd.
>>>>>>>>>> [ ok ] Stopping SMB/CIFS daemon: smbd.
>>>>>>>>>> [....] Stopping Samba AD DC daemon: sambastart-stop-daemon: 
>>>>>>>>>> *warning: failed to kill 10121: No such process*
>>>>>>>>>> . ok
>>>>>>>>>> [ ok ] Starting Samba AD DC daemon: samba.
>>>>>>>>>>
>>>>>>>>>> dpadmin at samba4-dev0:~$ kinit administrator at AD.DIGIPEN.EDU
>>>>>>>>>> kinit: Cannot contact any KDC for realm 'AD.DIGIPEN.EDU' 
>>>>>>>>>> while getting initial credentials
>>>>>>>>>>
>>>>>>>>>> This is the current contents of my /etc/samba/smb.conf:
>>>>>>>>>> ####SOF####
>>>>>>>>>> # Global parameters
>>>>>>>>>> [global]
>>>>>>>>>>         workgroup = DIGIPEN.EDU
>>>>>>>>>>         realm = ad.digipen.edu
>>>>>>>>>>         netbios name = %H
>>>>>>>>>>         server role = active directory domain controller
>>>>>>>>>>         idmap_ldb:use rfc2307 = yes
>>>>>>>>>>         # Only allow signed updates
>>>>>>>>>>         #allow dns updates = signed
>>>>>>>>>>
>>>>>>>>>>         # If recursive queries = yes is set, the following is 
>>>>>>>>>> also needed
>>>>>>>>>>         dns forwarder = 204.174.42.68
>>>>>>>>>>
>>>>>>>>>> [netlogon]
>>>>>>>>>>         path = /var/lib/samba/sysvol/ad.digipen.edu/scripts
>>>>>>>>>>         read only = No
>>>>>>>>>>
>>>>>>>>>> [sysvol]
>>>>>>>>>>         path = /var/lib/samba/sysvol
>>>>>>>>>>         read only = No
>>>>>>>>>>
>>>>>>>>>> ####EOF####
>>>>>>>>>>
>>>>>>>>>> How do I get Samba to start returning valid values for DNS?
>>>>>>>>>> ~ Benjamin
>>>>>>>>> Hi, what's in /etc/resolv.conf , /etc/krb5.conf , 
>>>>>>>>> /etc/hostname and /etc/hosts
>>>>>>>>>
>>>>>>>>> Rowland
>>>>>>>>>
>>>>>>>>
>>>>>>>> dpadmin at samba4-dev0:~$ cat /etc/resolv.conf
>>>>>>>> domain ad.digipen.edu
>>>>>>>> search ad.digipen.edu
>>>>>>>> nameserver 10.1.20.137
>>>>>>>> #nameserver 204.174.42.68
>>>>>>>> #nameserver 204.174.42.88
>>>>>>>
>>>>>>> I take it 10.1.20.137 is the ipaddress of the samba4 server, if 
>>>>>>> so, this is ok.
>>>>>>>
>>>>>>>> dpadmin at samba4-dev0:~$ cat /etc/krb5.conf
>>>>>>>> [libdefaults]
>>>>>>>>         default_realm = ad.digipen.edu
>>>>>>>>         dns_lookup_realm = false
>>>>>>>>         dns_lookup_kdc = true
>>>>>>>
>>>>>>> Change the lowercase 'ad.digipen.edu' to uppercase 'AD.DIGIPEN.EDU'
>>>>>>>
>>>>>>>> dpadmin at samba4-dev0:~$ cat /etc/hostname
>>>>>>>> samba4-dev0
>>>>>>>
>>>>>>> OK
>>>>>>>
>>>>>>>> dpadmin at samba4-dev0:~$ cat /etc/hosts
>>>>>>>> 127.0.0.1    localhost
>>>>>>>> 127.0.1.1    samba4-dev0.digipen.edu    samba4-dev0
>>>>>>>>
>>>>>>>> # The following lines are desirable for IPv6 capable hosts
>>>>>>>> ::1     localhost ip6-localhost ip6-loopback
>>>>>>>> ff02::1 ip6-allnodes
>>>>>>>> ff02::2 ip6-allrouters
>>>>>>>>
>>>>>>> This should be ok, but you could try changing 127.0.1.1 to 
>>>>>>> 10.1.20.137
>>>>>>>
>>>>>>> One last thought, dnsmasq isn't running in any form is it ?
>>>>>>>
>>>>>>> Rowland
>>>>>>>
>>>>>>>
>>>>>>
>>>>> ok, I totally missed this in your original post:
>>>>> sudo service samba restart
>>>>>
>>>>> try
>>>>> sudo service smbd stop
>>>>> sudo service nmbd stop
>>>>> sudo service samba-ad-dc start
>>>>>
>>>>> The last one is what starts the samba AD DC on my debian 7 server.
>>>>>
>>>>> Rowland
>>>>>
>>>>
>>> Is there anything in the logs ?
>>>
>>> Rowland
>>>
>>
> Just how did you do the upgrade and what is in smb.conf
>
> Rowland
>
>
OK, replying to myself, just after my last post, I remembered that the 
smb.conf was in the first post, so I had a look at it properly and found 
this:

         workgroup = DIGIPEN.EDU
         realm = ad.digipen.edu
         netbios name = %H

The workgroup shouldn't (as far as I am aware) have a dot in it, also 
how did the netbios name get set to '%H' ?

So I go back to the remaining question, how did you do the upgrade?

Rowland

More information about the samba mailing list