[Samba] [SAMBA] Problems with joining a second DC to AD

Rowland Penny rowlandpenny at googlemail.com
Thu May 21 11:06:50 MDT 2015 

On 21/05/15 17:41, Stephan Mattecka wrote:
> Hi Rowland and Louis,
>   
> I did try both of your suggestions, but nothing changed on DC2. I did check all the DNS-settings (resolv.conf and hosts), so that I don't think that this is the reason for the error-messages.
>   
> I did set the loglevel to 5 and will try to find the differences between both machines. These are just virtual machines to test the building of a AD-Domain before using it in real life.
>   
> Regards
> Stephan
>   
>   
>   
>
> Gesendet: Donnerstag, 21. Mai 2015 um 10:39 Uhr
> Von: "L.P.H. van Belle" <belle at bazuin.nl>
> An: "samba at lists.samba.org" <samba at lists.samba.org>
> Betreff: Re: [Samba] [SAMBA] Problems with joining a second DC to AD
> Hai,
>
> I hope, your domain is not .lan ( reserved name for mDNS )
> can be used, but can give problemens.
>
> in smb.conf
> change :
> interfaces = lo, eth0
> to
> interfaces = lo, IP_of_eth0
>
> and make sure your /etc/hosts and /etc/resolv.conf on DC2 are correct.
> make sure you have in /etc/resolv.conf on DC2.
> search example.lan
> nameserver IP_OF_DC1
>
>
>
> and try again.
>
> Greetz,
>
> Louis
>
>
>
>> -----Oorspronkelijk bericht-----
>> Van: ste-fun_s at gmx.de [mailto:samba-bounces at lists.samba.org]
>> Namens Stephan Mattecka
>> Verzonden: donderdag 21 mei 2015 9:18
>> Aan: samba at lists.samba.org
>> Onderwerp: [Samba] [SAMBA] Problems with joining a second DC to AD
>>
>> Hello,
>>   
>> I try to setup an AD-Domain with the help of Sernet-Samba
>> packages. Currently I'm using Scientific Linux (SL) 6.6 and
>> Sernet-Samba 4.1.17 packages. I tried the procedure two times
>> with fresh minimal SL installations.
>>   
>> I could successfully install a AD-Domain-Controller.
>> Now I tried to add a second DC to this AD-Domain and followed
>> carefully the instructions at the samba wiki.
>> I could also join the second DC to my domain, but when I try to run
>>   
>> samba-tool ntacl sysvolreset
>>   
>> on the 2nd DC I get the following error messages:
>>   
>>
>> open: error=2 (No such file or directory)
>> ERROR(runtime): uncaught exception - (-1073741823,
>> 'Undetermined error')
>>    File
>> "/usr/lib64/python2.6/site-packages/samba/netcmd/__init__.py",
>> line 175, in _run
>>      return self.run(*args, **kwargs)
>>    File
>> "/usr/lib64/python2.6/site-packages/samba/netcmd/ntacl.py",
>> line 218, in run
>>      lp, use_ntvfs=use_ntvfs)
>>    File
>> "/usr/lib64/python2.6/site-packages/samba/provision/__init__.py
>> ", line 1612, in setsysvolacl
>>      set_gpos_acl(sysvol, dnsdomain, domainsid, domaindn,
>> samdb, lp, use_ntvfs, passdb=s4_passdb)
>>    File
>> "/usr/lib64/python2.6/site-packages/samba/provision/__init__.py
>> ", line 1505, in set_gpos_acl
>>      use_ntvfs=use_ntvfs, skip_invalid_chown=True,
>> passdb=passdb, service=SYSVOL_SERVICE)
>>    File "/usr/lib64/python2.6/site-packages/samba/ntacls.py",
>> line 154, in setntacl
>>      smbd.set_nt_acl(file, security.SECINFO_OWNER |
>> security.SECINFO_GROUP | security.SECINFO_DACL |
>> security.SECINFO_SACL, sd, service=service)
>>   
>> My smb.conf on DC1:
>>   
>>
>> # Global parameters
>> [global]
>>          workgroup = EXAMPLE
>>          realm = EXAMPLE.LAN
>>          netbios name = DC1
>>          interfaces = lo, eth0
>>          bind interfaces only = Yes
>>          server role = active directory domain controller
>>          idmap_ldb:use rfc2307 = yes
>> [netlogon]
>>          path = /var/lib/samba/sysvol/pentracor.lan/scripts
>>          read only = No
>> [sysvol]
>>          path = /var/lib/samba/sysvol
>>          read only = No
>>   
>> smb.conf ond DC2:
>>   
>>
>> # Global parameters
>> [global]
>>          workgroup = EXAMPLE
>>          realm = example.lan
>>          netbios name = DC2
>>          interfaces = lo, eth1
>>          bind interfaces only = Yes
>>          server role = active directory domain controller
>> [netlogon]
>>          path = /var/lib/samba/sysvol/example.lan/scripts
>>          read only = No
>> [sysvol
>>          path = /var/lib/samba/sysvol
>>          read only = No
>>   
>> I did turn off iptables and SELinux on both machines for
>> testing purposes. The folder /var/lib/samba/sysvol exists on
>> DC2. On DC1 I can run the sysvolreset command without any problems.
>>   
>> Hopefully someone has an idea what might be wrong here.
>>   
>> Regards
>> Stephan Mattecka
>> --
>> To unsubscribe from this list go to the following URL and read the
>> instructions: https://lists.samba.org/mailman/options/samba
>>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba[https://lists.samba.org/mailman/options/samba]

OK, try commenting out the interfaces lines, restart samba on both 
machines and see how you go on.

I do not know if you are trying in anyway to sync sysvol between the 2 
DCs, if you are this could give you a problem, as idmap.ldb is different 
between the DCs, the workaround is to copy idmap.ldb from the first DC 
to the second and run sysvolreset, but this is where we came in :-D

Can you post the command you used to provision the first DC and the 
command you used to join the second DC to the first.

Rowland

More information about the samba mailing list