[Samba] [SAMBA] Problems with joining a second DC to AD

Stephan Mattecka ste-fun_s at gmx.de
Thu May 21 10:41:58 MDT 2015 

Hi Rowland and Louis,
 
I did try both of your suggestions, but nothing changed on DC2. I did check all the DNS-settings (resolv.conf and hosts), so that I don't think that this is the reason for the error-messages.
 
I did set the loglevel to 5 and will try to find the differences between both machines. These are just virtual machines to test the building of a AD-Domain before using it in real life.
 
Regards
Stephan
 
 
 

Gesendet: Donnerstag, 21. Mai 2015 um 10:39 Uhr
Von: "L.P.H. van Belle" <belle at bazuin.nl>
An: "samba at lists.samba.org" <samba at lists.samba.org>
Betreff: Re: [Samba] [SAMBA] Problems with joining a second DC to AD
Hai,

I hope, your domain is not .lan ( reserved name for mDNS )
can be used, but can give problemens.

in smb.conf
change :
interfaces = lo, eth0
to
interfaces = lo, IP_of_eth0

and make sure your /etc/hosts and /etc/resolv.conf on DC2 are correct.
make sure you have in /etc/resolv.conf on DC2.
search example.lan
nameserver IP_OF_DC1



and try again.

Greetz,

Louis



>-----Oorspronkelijk bericht-----
>Van: ste-fun_s at gmx.de [mailto:samba-bounces at lists.samba.org]
>Namens Stephan Mattecka
>Verzonden: donderdag 21 mei 2015 9:18
>Aan: samba at lists.samba.org
>Onderwerp: [Samba] [SAMBA] Problems with joining a second DC to AD
>
>Hello,
> 
>I try to setup an AD-Domain with the help of Sernet-Samba
>packages. Currently I'm using Scientific Linux (SL) 6.6 and
>Sernet-Samba 4.1.17 packages. I tried the procedure two times
>with fresh minimal SL installations.
> 
>I could successfully install a AD-Domain-Controller.
>Now I tried to add a second DC to this AD-Domain and followed
>carefully the instructions at the samba wiki.
>I could also join the second DC to my domain, but when I try to run
> 
>samba-tool ntacl sysvolreset
> 
>on the 2nd DC I get the following error messages:
> 
>
>open: error=2 (No such file or directory)
>ERROR(runtime): uncaught exception - (-1073741823,
>'Undetermined error')
>  File
>"/usr/lib64/python2.6/site-packages/samba/netcmd/__init__.py",
>line 175, in _run
>    return self.run(*args, **kwargs)
>  File
>"/usr/lib64/python2.6/site-packages/samba/netcmd/ntacl.py",
>line 218, in run
>    lp, use_ntvfs=use_ntvfs)
>  File
>"/usr/lib64/python2.6/site-packages/samba/provision/__init__.py
>", line 1612, in setsysvolacl
>    set_gpos_acl(sysvol, dnsdomain, domainsid, domaindn,
>samdb, lp, use_ntvfs, passdb=s4_passdb)
>  File
>"/usr/lib64/python2.6/site-packages/samba/provision/__init__.py
>", line 1505, in set_gpos_acl
>    use_ntvfs=use_ntvfs, skip_invalid_chown=True,
>passdb=passdb, service=SYSVOL_SERVICE)
>  File "/usr/lib64/python2.6/site-packages/samba/ntacls.py",
>line 154, in setntacl
>    smbd.set_nt_acl(file, security.SECINFO_OWNER |
>security.SECINFO_GROUP | security.SECINFO_DACL |
>security.SECINFO_SACL, sd, service=service)
> 
>My smb.conf on DC1:
> 
>
># Global parameters
>[global]
>        workgroup = EXAMPLE
>        realm = EXAMPLE.LAN
>        netbios name = DC1
>        interfaces = lo, eth0
>        bind interfaces only = Yes
>        server role = active directory domain controller
>        idmap_ldb:use rfc2307 = yes
>[netlogon]
>        path = /var/lib/samba/sysvol/pentracor.lan/scripts
>        read only = No
>[sysvol]
>        path = /var/lib/samba/sysvol
>        read only = No
> 
>smb.conf ond DC2:
> 
>
># Global parameters
>[global]
>        workgroup = EXAMPLE
>        realm = example.lan
>        netbios name = DC2
>        interfaces = lo, eth1
>        bind interfaces only = Yes
>        server role = active directory domain controller
>[netlogon]
>        path = /var/lib/samba/sysvol/example.lan/scripts
>        read only = No
>[sysvol
>        path = /var/lib/samba/sysvol
>        read only = No
> 
>I did turn off iptables and SELinux on both machines for
>testing purposes. The folder /var/lib/samba/sysvol exists on
>DC2. On DC1 I can run the sysvolreset command without any problems.
> 
>Hopefully someone has an idea what might be wrong here.
> 
>Regards
>Stephan Mattecka
>--
>To unsubscribe from this list go to the following URL and read the
>instructions: https://lists.samba.org/mailman/options/samba
>

--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba[https://lists.samba.org/mailman/options/samba]

More information about the samba mailing list