[Samba] Wrong interface on AD Provisioning
Marc Muehlfeld
mmuehlfeld at samba.org
Mon Dec 28 20:26:12 UTC 2015
Hello Rowland,
Am 28.12.2015 um 10:57 schrieb Rowland penny:
> Hi Marc, if, as you say, you need to remove everything before
> reprovisioning, why are there these lines in the provisioning code
> (/samba/provision/__init__.py):
>
> def provision(logger, session_info, smbconf=None,
>
> """Provision samba4
>
> :note: caution, this wipes all existing data!
> """
My current DC smb.conf:
# grep "interfaces" /etc/samba/smb.conf
interfaces = lo eth0
bind interfaces only = yes
# ls -l /etc/samba/smb.conf
-rw-r--r-- 1 root root 947 13. Okt 2014 /etc/samba/smb.conf
Then I'm re-provision without removing the smb.conf, but using the 2nd
interface (eth1) instead of eth0:
# samba-tool domain provision --option="interfaces=lo eth1"
--option="bind interfaces only=yes" --use-rfc2307 --use-xattrs=yes
--interactive
The smb.conf stayed unchanged (same timestamp):
# grep "interfaces" /etc/samba/smb.conf
interfaces = lo eth0
bind interfaces only = yes
# ls -l /etc/samba/smb.conf
-rw-r--r-- 1 root root 947 13. Okt 2014 /etc/samba/smb.conf
If you remove the smb.conf file instead before the re-provisioning,
you'll find the interface options given to samba-tool in that file:
# grep "interfaces" /etc/samba/smb.conf
interfaces = lo eth1
bind interfaces only = Yes
BTW: If you use a different realm on the second provisioning, samba-tool
will fail:
# samba-tool domain provision --option="interfaces=lo eth1"
--option="bind interfaces only=yes" --use-rfc2307 --use-xattrs=yes
--interactive
Realm [SAMDOM.EXAMPLE.COM]: DEMO.MARC-MUEHLFELD.DE
Domain [DEMO]:
Server Role (dc, member, standalone) [dc]:
DNS backend (SAMBA_INTERNAL, BIND9_FLATFILE, BIND9_DLZ, NONE)
[SAMBA_INTERNAL]:
DNS forwarder IP address (write 'none' to disable forwarding) [10.99.0.1]:
Administrator password:
Retype password:
ERROR(<class 'samba.provision.ProvisioningError'>): Provision failed -
ProvisioningError: guess_names: 'realm=SAMDOM.EXAMPLE.COM' in
/etc/samba//smb.conf must match chosen realm 'DEMO.MARC-MUEHLFELD.DE'!
Please remove the smb.conf file and let provision generate it
File
"/usr/local/samba/lib64/python2.7/site-packages/samba/netcmd/domain.py",
line 442, in run
nosync=ldap_backend_nosync, ldap_dryrun_mode=ldap_dryrun_mode)
File
"/usr/local/samba/lib64/python2.7/site-packages/samba/provision/__init__.py",
line 2025, in provision
sitename=sitename, rootdn=rootdn, domain_names_forced=(samdb_fill ==
FILL_DRS))
File
"/usr/local/samba/lib64/python2.7/site-packages/samba/provision/__init__.py",
line 609, in guess_names
raise ProvisioningError("guess_names: 'realm=%s' in %s must match
chosen realm '%s'! Please remove the smb.conf file and let provision
generate it" % (lp.get("realm").upper(), lp.configfile, realm))
If the code should replace the smb.conf, then might be a bug. Can you
please create a bug report, if this is the case?
> And:
>
> def setup_samdb_partitions(samdb_path, logger, lp, session_info,
>
> """Setup the partitions for the SAM database.
>
> Alternatively, provision() may call this, and then populate the
> database.
>
> :note: This will wipe the Sam Database!
>
> :note: This function always removes the local SAM LDB file. The erase
> parameter controls whether to erase the existing data, which
> may not be stored locally but in LDAP.
It wipes the SAM database, but other files and databases are kept. After
the re-provisioning you will find several (database) files in
/usr/local/samba/var/ and /usr/local/samba/private/, that have
timestamps before the provisioning:
Re-provisioning finished: Mo 28. Dez 21:08:27 CET 2015
Create a reference file with a timestamp before that time:
# touch --date='21:00' /tmp/ref
Find files older than the reference file:
# find /usr/local/samba/private/ -type f ! -newer /tmp/ref -exec ls -la
'{}' ';'
-rw-r--r-- 1 root root 989 2. Sep 2014
/usr/local/samba/private/tls/cert.pem
-rw-r--r-- 1 root root 989 2. Sep 2014 /usr/local/samba/private/tls/ca.pem
-rw------- 1 root root 887 2. Sep 2014
/usr/local/samba/private/tls/key.pem
-rw-------. 1 root root 1286144 2. Sep 2014
/usr/local/samba/private/share.ldb
-rw------- 1 root root 696 2. Sep 2014
/usr/local/samba/private/randseed.tdb
-rw------- 1 root root 696 28. Dez 20:54
/usr/local/samba/private/schannel_store.tdb
-r--r--r-- 1 root root 300 2. Sep 2014
/usr/local/samba/private/named.conf.update
-rw------- 1 root root 1566 9. Sep 2014
/usr/local/samba/private/dns_update_cache
-rw------- 1 root root 696 28. Dez 20:54
/usr/local/samba/private/netlogon_creds_cli.tdb
# find /usr/local/samba/var/ -type f ! -newer /tmp/ref -exec ls -la '{}' ';'
-rwxrwx---+ 1 3000005 3000005 1240 9. Sep 2014
/usr/local/samba/var/locks/sysvol/samdom.example.com/Policies/{31B2F340-016D-11D2-945F-00C04FB984F9}/MACHINE/Registry.pol
-rw------- 1 root root 528384 2. Sep 2014
/usr/local/samba/var/locks/registry.tdb
-rw------- 1 root root 421888 2. Sep 2014
/usr/local/samba/var/locks/share_info.tdb
-rw------- 1 root root 421888 2. Sep 2014
/usr/local/samba/var/locks/account_policy.tdb
-rw------- 1 root root 32768 28. Dez 20:57
/usr/local/samba/var/locks/winbindd_cache.tdb
-rw-r--r-- 1 root root 20 9. Sep 19:12 /usr/local/samba/var/cache/lck/909
-rw------- 1 root root 696 9. Sep 20:01
/usr/local/samba/var/cache/netsamlogon_cache.tdb
-rw------- 1 root root 696 17. Jan 2015
/usr/local/samba/var/lock/messages.tdb
-rw------- 1 root root 16384 28. Dez 20:54
/usr/local/samba/var/lock/smbXsrv_version_global.tdb
-rw------- 1 root root 696 28. Dez 20:54
/usr/local/samba/var/lock/smbXsrv_session_global.tdb
-rw------- 1 root root 696 28. Dez 20:54
/usr/local/samba/var/lock/smbXsrv_tcon_global.tdb
-rw-r--r-- 1 root root 40200 28. Dez 20:54
/usr/local/samba/var/lock/brlock.tdb
-rw-r--r-- 1 root root 40200 28. Dez 20:54
/usr/local/samba/var/lock/locking.tdb
-rw-r--r-- 1 root root 696 9. Sep 19:12
/usr/local/samba/var/lock/notify.tdb
-rw-r--r-- 1 root root 696 9. Sep 19:12
/usr/local/samba/var/lock/notify_index.tdb
-rw-r--r-- 1 root root 8192 28. Dez 20:54
/usr/local/samba/var/lock/serverid.tdb
-rw------- 1 root root 696 28. Dez 20:54
/usr/local/samba/var/lock/smbXsrv_open_global.tdb
-rw-r--r-- 1 root root 696 28. Dez 20:54
/usr/local/samba/var/lock/printer_list.tdb
-rw------- 1 root root 696 8. Dez 18:55
/usr/local/samba/var/lock/dbwrap_watchers.tdb
-rw-r--r-- 1 root root 696 28. Dez 20:54
/usr/local/samba/var/lock/leases.tdb
-rw-rw---- 1 root root 8192 8. Dez 17:54
/usr/local/samba/var/lock/msg/names.tdb
-rw-r--r-- 1 root root 2 9. Sep 20:01 /usr/local/samba/var/lock/msg/21621
-rw-r--r-- 1 root root 20 9. Sep 20:01 /usr/local/samba/var/lock/msg/21619
-rw-r--r-- 1 root root 20 9. Sep 20:01 /usr/local/samba/var/lock/msg/21625
-rw-r--r-- 1 root root 2 9. Sep 20:01 /usr/local/samba/var/lock/msg/21624
-rw-r--r-- 1 root root 2 9. Sep 20:01 /usr/local/samba/var/lock/msg/21628
-rw-r--r-- 1 root root 2 9. Sep 20:01 /usr/local/samba/var/lock/msg/21629
-rw-r--r-- 1 root root 20 8. Dez 17:31 /usr/local/samba/var/lock/msg/915
-rw-r--r-- 1 root root 2 8. Dez 17:31 /usr/local/samba/var/lock/msg/922
-rw-r--r-- 1 root root 20 8. Dez 17:31 /usr/local/samba/var/lock/msg/923
-rw-r--r-- 1 root root 2 8. Dez 17:31 /usr/local/samba/var/lock/msg/926
-rw-r--r-- 1 root root 2 8. Dez 17:31 /usr/local/samba/var/lock/msg/927
-rw-r--r-- 1 root root 2 8. Dez 17:41 /usr/local/samba/var/lock/msg/912
-rw-r--r-- 1 root root 20 8. Dez 17:41 /usr/local/samba/var/lock/msg/913
-rw-r--r-- 1 root root 20 8. Dez 17:41 /usr/local/samba/var/lock/msg/918
-rw-r--r-- 1 root root 2 8. Dez 17:41 /usr/local/samba/var/lock/msg/917
-rw-r--r-- 1 root root 2 8. Dez 18:33
/usr/local/samba/var/lock/msg.lock/21082
-rw-r--r-- 1 root root 20 8. Dez 18:33
/usr/local/samba/var/lock/msg.lock/21083
-rw-r--r-- 1 root root 20 8. Dez 18:33
/usr/local/samba/var/lock/msg.lock/21087
-rw-r--r-- 1 root root 2 8. Dez 18:33
/usr/local/samba/var/lock/msg.lock/21086
-rw-r--r-- 1 root root 2 8. Dez 18:45
/usr/local/samba/var/lock/msg.lock/22099
-rw-r--r-- 1 root root 2 28. Dez 20:54
/usr/local/samba/var/lock/msg.lock/909
-rw-r--r-- 1 root root 20 28. Dez 20:54
/usr/local/samba/var/lock/msg.lock/910
-rw-r--r-- 1 root root 2 28. Dez 20:54
/usr/local/samba/var/lock/msg.lock/918
-rw-r--r-- 1 root root 20 28. Dez 20:54
/usr/local/samba/var/lock/msg.lock/919
-rw-r--r-- 1 root root 2 28. Dez 20:54
/usr/local/samba/var/lock/msg.lock/922
-rw-r--r-- 1 root root 2 28. Dez 20:54
/usr/local/samba/var/lock/msg.lock/923
-rw-r--r-- 1 root root 4 28. Dez 20:54 /usr/local/samba/var/run/samba.pid
-rw-r--r-- 1 root root 4 28. Dez 20:54 /usr/local/samba/var/run/winbindd.pid
-rw-r--r-- 1 root root 4 28. Dez 20:54 /usr/local/samba/var/run/smbd.pid
Sure, some of the database are cleaned up on startup, but some won't,
like registry.tdb. This might also be a bug, if the code says something
different.
That's why I would always remove the smb.conf and all database folders
content, when I start over.
Regards,
Marc
PS: Done on my 4.3.2 DC.
More information about the samba
mailing list