[Samba] debian wheezy with backports samba domain join FAIL ( BUG! )

Rowland Penny rowlandpenny at googlemail.com
Mon Sep 29 09:20:10 MDT 2014 

On 29/09/14 15:38, L.P.H. van Belle wrote:
> Hai Rowland,
>
> This was a new domain setup, so it can be possible that an old domain works ok.
>
> I even did a manual install and i tested my scripts and same result, totaly 4 installs all failed.
> Then 1 install with the sernet script, all ok in one time.
>
> try it with a new domain and the 4.1.11 samba backports.
> If you manage to get the second server joined without a problem then im eating my shoes..

Hi Louis, I think your shoes are safe ;-)

I intially used version 4.1.9 from backports on both of the DC's and 
then when 4.1.11 came out I upgrade via apt-get. What I was trying to 
get at was, it worked for me with 4.1.9 and doesn't for you with 4.1.11, 
so the problem must be whatever changed between the two.

>
> My setup was like the sernet scripts setup.
> I just changed the packages to the debian backports packages.
>
> I installed the backports with : apt-get install -t wheezy-backports samba samba-vfs-modules attr acl -y
I installed:
samba attr krb5-config krb5-user ntp bind9 bind9utils dnsutils winbind 
libpam-winbind libpam-krb5 libnss-winbind libsmbclient smbclient

>
> resolv.conf settings
> search internal.domain.tld
> nameserver ip_of_first_dc
>
> and a correct hosts.
> kerberos all checked ok for the firest server.
> kerberos checked ok for the second server but this part :
>
> echo "Testing : dns entries"
> if [ -z "`host -t SRV _ldap._tcp.internal.domain.tld. | grep 'not found'`" ]; then
>      echo "testing of : host -t SRV _ldap._tcp.internal.domain.tld. : ok"
>      TEST1=0
> else
>      echo "testing of : host -t SRV _ldap._tcp.internal.domain.tld. : FAILED"
>      TEST1=1
> fi
> if [ -z "`host -t SRV _kerberos._udp.internal.domain.tld. | grep "not found" `" ]; then
>      echo "testing of : host -t SRV _kerberos._udp.internal.domain.tld. : ok"
>      TEST2=0
> else
>      echo "testing of : host -t SRV _kerberos._udp.internal.domain.tld. : FAILED"
>      TEST2=1
> fi
> if [ -z "`host -t A ${SETHOSTNAME}.internal.domain.tld. | grep "not found" `" ]; then
>      echo "testing of : host -t A ${SETHOSTNAME}.internal.domain.tld. : ok"
>      TEST3=0
> else
>      echo "testing of : host -t A ${SETHOSTNAME}.internal.domain.tld. : FAILED"
>      echo "trying to fix it now: "
>      samba-tool dns add ${SETHOSTNAME}.${SETDNSDOMAIN} internal.domain.tld HOSTNAME A ${IPDC2}
> fi
>
> all errors.
>
> the last line :     samba-tool dns add ${SETHOSTNAME}.${SETDNSDOMAIN} ${SETDNSDOMAIN} ${SETHOSTNAME} A ${SETIPDC2}
> did say i added the dns record, but it wasnt added.
> i rechecked all dns entries and there was missing a lot.
>
> But dont put to much time in it. i'll hope this is fixed in 4.1.12, but it isnt yet in backports.

Yes it does seem to be taking sometime for the next version, but hey, 
this is debian ;-)

Rowland

> Greetz,
>
> Louis
>
>
>
>> -----Oorspronkelijk bericht-----
>> Van: rowlandpenny at googlemail.com
>> [mailto:samba-bounces at lists.samba.org] Namens Rowland Penny
>> Verzonden: maandag 29 september 2014 16:17
>> Aan: samba at lists.samba.org
>> Onderwerp: Re: [Samba] debian wheezy with backports samba
>> domain join FAIL ( BUG! )
>>
>> On 29/09/14 14:55, L.P.H. van Belle wrote:
>>> Hai,
>>>    
>>> After some testing i can confirm there is a bug in the
>> debian backports samba. ( 4.1.11 the latest in backports )
>>>    
>>> The first server setups up ok without any problem.
>>> When you want to join the second server, it says its al
>> succesfull but dont be fooled... its not!
>>>    
>>> non of the needed dns entries are created.  ( samba-tool drs
>> showrepl ) gives WERR_BADFILE
>>> No hostname, aka :  no alias in _msdcs.internal.domain.tld
>> no SRV records and no CNAME records,
>>> is found in the first AD server (bind9 dns was used)
>>>    
>>> I redid my steps with a sernet-samba installation and then
>> everything is created as it should.
>>>    
>>> You have been warned!
>>>    
>>> Greetz,
>>>    
>>> Louis
>>>    
>> Hi Louis, if you are sure the problem exists and it wasn't just a
>> one-off problem, then it should be easy to track down. I created a new
>> domain with wheezy & samba from backports, but the samba
>> version at that
>> time was 4.1.9 and I have since upgraded to 4.1.11. I joined a
>> second DC
>> when I created the domain and everything worked ok then and is still
>> working ok now.
>>
>> Rowland
>>
>> -- 
>> To unsubscribe from this list go to the following URL and read the
>> instructions:  https://lists.samba.org/mailman/options/samba
>>
>>

More information about the samba mailing list