[Samba] Wrong interface on AD Provisioning

Marc Muehlfeld mmuehlfeld at samba.org
Mon Dec 28 20:26:12 UTC 2015


Hello Rowland,


Am 28.12.2015 um 10:57 schrieb Rowland penny:
> Hi Marc, if, as you say, you need to remove everything before
> reprovisioning, why are there these lines in the provisioning code
> (/samba/provision/__init__.py):
> 
>  def provision(logger, session_info, smbconf=None,
> 
>     """Provision samba4
> 
>     :note: caution, this wipes all existing data!
>     """


My current DC smb.conf:
# grep "interfaces" /etc/samba/smb.conf
	interfaces = lo eth0
	bind interfaces only = yes

# ls -l /etc/samba/smb.conf
-rw-r--r-- 1 root root 947 13. Okt 2014  /etc/samba/smb.conf


Then I'm re-provision without removing the smb.conf, but using the 2nd
interface (eth1) instead of eth0:
# samba-tool domain provision --option="interfaces=lo eth1"
--option="bind interfaces only=yes" --use-rfc2307 --use-xattrs=yes
--interactive


The smb.conf stayed unchanged (same timestamp):
# grep "interfaces" /etc/samba/smb.conf
	interfaces = lo eth0
	bind interfaces only = yes

# ls -l /etc/samba/smb.conf
-rw-r--r-- 1 root root 947 13. Okt 2014  /etc/samba/smb.conf


If you remove the smb.conf file instead before the re-provisioning,
you'll find the interface options given to samba-tool in that file:

# grep "interfaces" /etc/samba/smb.conf
	interfaces = lo eth1
	bind interfaces only = Yes


BTW: If you use a different realm on the second provisioning, samba-tool
will fail:
# samba-tool domain provision --option="interfaces=lo eth1"
--option="bind interfaces only=yes" --use-rfc2307 --use-xattrs=yes
--interactive
Realm [SAMDOM.EXAMPLE.COM]: DEMO.MARC-MUEHLFELD.DE
 Domain [DEMO]:
 Server Role (dc, member, standalone) [dc]:
 DNS backend (SAMBA_INTERNAL, BIND9_FLATFILE, BIND9_DLZ, NONE)
[SAMBA_INTERNAL]:
 DNS forwarder IP address (write 'none' to disable forwarding) [10.99.0.1]:
Administrator password:
Retype password:
ERROR(<class 'samba.provision.ProvisioningError'>): Provision failed -
ProvisioningError: guess_names: 'realm=SAMDOM.EXAMPLE.COM' in
/etc/samba//smb.conf must match chosen realm 'DEMO.MARC-MUEHLFELD.DE'!
Please remove the smb.conf file and let provision generate it
  File
"/usr/local/samba/lib64/python2.7/site-packages/samba/netcmd/domain.py",
line 442, in run
    nosync=ldap_backend_nosync, ldap_dryrun_mode=ldap_dryrun_mode)
  File
"/usr/local/samba/lib64/python2.7/site-packages/samba/provision/__init__.py",
line 2025, in provision
    sitename=sitename, rootdn=rootdn, domain_names_forced=(samdb_fill ==
FILL_DRS))
  File
"/usr/local/samba/lib64/python2.7/site-packages/samba/provision/__init__.py",
line 609, in guess_names
    raise ProvisioningError("guess_names: 'realm=%s' in %s must match
chosen realm '%s'!  Please remove the smb.conf file and let provision
generate it" % (lp.get("realm").upper(), lp.configfile, realm))


If the code should replace the smb.conf, then might be a bug. Can you
please create a bug report, if this is the case?






> And:
> 
> def setup_samdb_partitions(samdb_path, logger, lp, session_info,
> 
>     """Setup the partitions for the SAM database.
> 
>     Alternatively, provision() may call this, and then populate the
> database.
> 
>     :note: This will wipe the Sam Database!
> 
>     :note: This function always removes the local SAM LDB file. The erase
>         parameter controls whether to erase the existing data, which
>         may not be stored locally but in LDAP.


It wipes the SAM database, but other files and databases are kept. After
the re-provisioning you will find several (database) files in
/usr/local/samba/var/ and /usr/local/samba/private/, that have
timestamps before the provisioning:

Re-provisioning finished: Mo 28. Dez 21:08:27 CET 2015

Create a reference file with a timestamp before that time:
# touch --date='21:00' /tmp/ref

Find files older than the reference file:
# find /usr/local/samba/private/ -type f ! -newer /tmp/ref -exec ls -la
'{}' ';'
-rw-r--r-- 1 root root 989  2. Sep 2014
/usr/local/samba/private/tls/cert.pem
-rw-r--r-- 1 root root 989  2. Sep 2014  /usr/local/samba/private/tls/ca.pem
-rw------- 1 root root 887  2. Sep 2014
/usr/local/samba/private/tls/key.pem
-rw-------. 1 root root 1286144  2. Sep 2014
/usr/local/samba/private/share.ldb
-rw------- 1 root root 696  2. Sep 2014
/usr/local/samba/private/randseed.tdb
-rw------- 1 root root 696 28. Dez 20:54
/usr/local/samba/private/schannel_store.tdb
-r--r--r-- 1 root root 300  2. Sep 2014
/usr/local/samba/private/named.conf.update
-rw------- 1 root root 1566  9. Sep 2014
/usr/local/samba/private/dns_update_cache
-rw------- 1 root root 696 28. Dez 20:54
/usr/local/samba/private/netlogon_creds_cli.tdb


# find /usr/local/samba/var/ -type f ! -newer /tmp/ref -exec ls -la '{}' ';'
-rwxrwx---+ 1 3000005 3000005 1240  9. Sep 2014
/usr/local/samba/var/locks/sysvol/samdom.example.com/Policies/{31B2F340-016D-11D2-945F-00C04FB984F9}/MACHINE/Registry.pol
-rw------- 1 root root 528384  2. Sep 2014
/usr/local/samba/var/locks/registry.tdb
-rw------- 1 root root 421888  2. Sep 2014
/usr/local/samba/var/locks/share_info.tdb
-rw------- 1 root root 421888  2. Sep 2014
/usr/local/samba/var/locks/account_policy.tdb
-rw------- 1 root root 32768 28. Dez 20:57
/usr/local/samba/var/locks/winbindd_cache.tdb
-rw-r--r-- 1 root root 20  9. Sep 19:12 /usr/local/samba/var/cache/lck/909
-rw------- 1 root root 696  9. Sep 20:01
/usr/local/samba/var/cache/netsamlogon_cache.tdb
-rw------- 1 root root 696 17. Jan 2015
/usr/local/samba/var/lock/messages.tdb
-rw------- 1 root root 16384 28. Dez 20:54
/usr/local/samba/var/lock/smbXsrv_version_global.tdb
-rw------- 1 root root 696 28. Dez 20:54
/usr/local/samba/var/lock/smbXsrv_session_global.tdb
-rw------- 1 root root 696 28. Dez 20:54
/usr/local/samba/var/lock/smbXsrv_tcon_global.tdb
-rw-r--r-- 1 root root 40200 28. Dez 20:54
/usr/local/samba/var/lock/brlock.tdb
-rw-r--r-- 1 root root 40200 28. Dez 20:54
/usr/local/samba/var/lock/locking.tdb
-rw-r--r-- 1 root root 696  9. Sep 19:12
/usr/local/samba/var/lock/notify.tdb
-rw-r--r-- 1 root root 696  9. Sep 19:12
/usr/local/samba/var/lock/notify_index.tdb
-rw-r--r-- 1 root root 8192 28. Dez 20:54
/usr/local/samba/var/lock/serverid.tdb
-rw------- 1 root root 696 28. Dez 20:54
/usr/local/samba/var/lock/smbXsrv_open_global.tdb
-rw-r--r-- 1 root root 696 28. Dez 20:54
/usr/local/samba/var/lock/printer_list.tdb
-rw------- 1 root root 696  8. Dez 18:55
/usr/local/samba/var/lock/dbwrap_watchers.tdb
-rw-r--r-- 1 root root 696 28. Dez 20:54
/usr/local/samba/var/lock/leases.tdb
-rw-rw---- 1 root root 8192  8. Dez 17:54
/usr/local/samba/var/lock/msg/names.tdb
-rw-r--r-- 1 root root 2  9. Sep 20:01 /usr/local/samba/var/lock/msg/21621
-rw-r--r-- 1 root root 20  9. Sep 20:01 /usr/local/samba/var/lock/msg/21619
-rw-r--r-- 1 root root 20  9. Sep 20:01 /usr/local/samba/var/lock/msg/21625
-rw-r--r-- 1 root root 2  9. Sep 20:01 /usr/local/samba/var/lock/msg/21624
-rw-r--r-- 1 root root 2  9. Sep 20:01 /usr/local/samba/var/lock/msg/21628
-rw-r--r-- 1 root root 2  9. Sep 20:01 /usr/local/samba/var/lock/msg/21629
-rw-r--r-- 1 root root 20  8. Dez 17:31 /usr/local/samba/var/lock/msg/915
-rw-r--r-- 1 root root 2  8. Dez 17:31 /usr/local/samba/var/lock/msg/922
-rw-r--r-- 1 root root 20  8. Dez 17:31 /usr/local/samba/var/lock/msg/923
-rw-r--r-- 1 root root 2  8. Dez 17:31 /usr/local/samba/var/lock/msg/926
-rw-r--r-- 1 root root 2  8. Dez 17:31 /usr/local/samba/var/lock/msg/927
-rw-r--r-- 1 root root 2  8. Dez 17:41 /usr/local/samba/var/lock/msg/912
-rw-r--r-- 1 root root 20  8. Dez 17:41 /usr/local/samba/var/lock/msg/913
-rw-r--r-- 1 root root 20  8. Dez 17:41 /usr/local/samba/var/lock/msg/918
-rw-r--r-- 1 root root 2  8. Dez 17:41 /usr/local/samba/var/lock/msg/917
-rw-r--r-- 1 root root 2  8. Dez 18:33
/usr/local/samba/var/lock/msg.lock/21082
-rw-r--r-- 1 root root 20  8. Dez 18:33
/usr/local/samba/var/lock/msg.lock/21083
-rw-r--r-- 1 root root 20  8. Dez 18:33
/usr/local/samba/var/lock/msg.lock/21087
-rw-r--r-- 1 root root 2  8. Dez 18:33
/usr/local/samba/var/lock/msg.lock/21086
-rw-r--r-- 1 root root 2  8. Dez 18:45
/usr/local/samba/var/lock/msg.lock/22099
-rw-r--r-- 1 root root 2 28. Dez 20:54
/usr/local/samba/var/lock/msg.lock/909
-rw-r--r-- 1 root root 20 28. Dez 20:54
/usr/local/samba/var/lock/msg.lock/910
-rw-r--r-- 1 root root 2 28. Dez 20:54
/usr/local/samba/var/lock/msg.lock/918
-rw-r--r-- 1 root root 20 28. Dez 20:54
/usr/local/samba/var/lock/msg.lock/919
-rw-r--r-- 1 root root 2 28. Dez 20:54
/usr/local/samba/var/lock/msg.lock/922
-rw-r--r-- 1 root root 2 28. Dez 20:54
/usr/local/samba/var/lock/msg.lock/923
-rw-r--r-- 1 root root 4 28. Dez 20:54 /usr/local/samba/var/run/samba.pid
-rw-r--r-- 1 root root 4 28. Dez 20:54 /usr/local/samba/var/run/winbindd.pid
-rw-r--r-- 1 root root 4 28. Dez 20:54 /usr/local/samba/var/run/smbd.pid



Sure, some of the database are cleaned up on startup, but some won't,
like registry.tdb. This might also be a bug, if the code says something
different.


That's why I would always remove the smb.conf and all database folders
content, when I start over.



Regards,
Marc



PS: Done on my 4.3.2 DC.



More information about the samba mailing list