[Samba] net ads info: failed to get server's current time

Mon Oct 26 14:13:17 UTC 2015

I had to add "-v" to testparm to get the default services line:
 echo "\n" | samba-tool testparm -v | grep "server service"


2015-10-26 15:03 GMT+01:00 L.P.H. van Belle <belle at bazuin.nl>:

> Run : echo "\n" | samba-tool testparm | grep "server service"
>
> What do you see now...
>
> > -----Oorspronkelijk bericht-----
> > Van: samba [mailto:samba-bounces at lists.samba.org] Namens mathias
> dufresne
> > Verzonden: maandag 26 oktober 2015 14:56
> > Aan: sambalist
> > Onderwerp: Re: [Samba] net ads info: failed to get server's current time
> >
> > I have no "server services" line in my smb.conf and "net ads info" is
> > working well using DC running Samba 4.3.1 on Centos 7.
> >
> > Did you tried without "server services" line?
> >
> > Cheers,
> >
> > mathias
> >
> > 2015-10-22 23:53 GMT+02:00 Rowland Penny <rowlandpenny241155 at gmail.com>:
> >
> > > On 22/10/15 22:33, Guy-Laurent Subri wrote:
> > >
> > >> On Thu, Oct 22, 2015 at 10:13:01PM +0100, Rowland Penny wrote:
> > >>
> > >>> On 22/10/15 21:51, Guy-Laurent Subri wrote:
> > >>>
> > >>>> On Wed, Oct 21, 2015 at 07:06:33PM +0100, Rowland Penny wrote:
> > >>>>
> > >>>>> On 21/10/15 18:35, Guy-Laurent Subri wrote:
> > >>>>>
> > >>>>>> Hi all,
> > >>>>>> We're having issues with Samba at work. I've searched a bit and
> the
> > >>>>>> only
> > >>>>>> thing that have caught my eye is this: when I run the 'net ads
> > info'
> > >>>>>> command on our DC --we have a Debian on which samba4 is installed
> > and
> > >>>>>> configured as a AD DC-- I have the message "Failed to get server's
> > >>>>>> current time!", and "Server time: Thu, 01 Jan 1970 01:00:00 CET".
> > >>>>>>
> > >>>>>
> > >>>>> It works for me on a Debian 4.1.17 DC, so you may have something
> > >>>>> mis-configured, have you altered the smb.conf in any way ?
> > >>>>>
> > >>>>
> > >>>> I don't think the modifications I did to smb.conf are relevant
> enough
> > to
> > >>>> cause problem, but here's our smb.conf, just in case:
> > >>>>
> > >>>> # Global parameters
> > >>>> [global]
> > >>>>    workgroup = TRS-CH
> > >>>>    realm = TRS-CH.COM
> > >>>>    netbios name = PDC
> > >>>>    server role = active directory domain controller
> > >>>>    server services = +s3fs, +rpc, +nbt, +wrepl, +ldap, +cldap, +kdc,
> > >>>> +drepl,
> > >>>>                        +winbind, +ntp_signd, +kcc, +dnsupdate
> > >>>> [netlogon]
> > >>>>   path = /var/lib/samba/sysvol/trs-ch.com/scripts
> > >>>>   read only = No
> > >>>>
> > >>>> [sysvol]
> > >>>>   path = /var/lib/samba/sysvol
> > >>>>   read only = No
> > >>>>
> > >>>> do you have ntp installed and configured correctly ?
> > >>>>>
> > >>>> Yes, I have it installed and everything works fine.
> > >>>>
> > >>>> I also already tested the DNS by running the commands described
> here:
> > >>>>
> > >>>>
> >
> https://wiki.samba.org/index.php/Setup_a_Samba_Active_Directory_Domain_Con
> > troller
> > >>>>
> > >>>> Everything is reachable.
> > >>>>
> > >>>> I tested kerberos by doing:
> > >>>> 'kinit administrator at TRS-CH.COM'
> > >>>> It showed up when I did 'klist'.
> > >>>>
> > >>>> Do you need more information ?
> > >>>>
> > >>>> Thanks !
> > >>>> Cheers,
> > >>>> Guy-Laurent Subri
> > >>>>
> > >>>
> > >>> Are you running with Bind9 ?
> > >>>
> > >>> I think you need to remove all the '+' signs you have added to the
> > >>> 'server services' line, you normally only use the '+' sign to add a
> > >>> service to the line, I think you may still be using the un-shown
> 'dns'
> > >>> option.
> > >>> I would also recommend that you use the new separate 'winbindd'
> > instead
> > >>> of the 'winbind' that you are using. I think that before long the old
> > >>> 'winbind' built into the samba daemon is going to disappear, so you
> > >>> might as well get used to it now.
> > >>>
> > >> Yes, I'm running Bind9.
> > >> If I either remove the + sings or change 'windbind' to 'windbindd' I
> > >> cannot contact the server again. (The result of the command 'net ads
> > >> info' is : no logon servers, didn't find the ldap server).
> > >>
> > >> Cheers,
> > >> Guy-Laurent Subri
> > >>
> > >
> > > OK, I have just joined a new DC to my domain and I am using Bind9 and
> > this
> > > is what I have in smb.conf:
> > >
> > > server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc, drepl,
> > > winbindd, ntp_signd, kcc, dnsupdate
> > >
> > > Note the lack of '+' signs
> > >
> > > This is with Samba 4.3.1
> > >
> > > I have also checked and 'net ads info' works as well, so if yours isn't
> > > working, then something else is wrong, can you post your ntp.conf and
> > bind9
> > > conf files, also your /etc/resolv.conf & /etc/krb5.conf
> > >
> > >
> > > Rowland
> > >
> > >
> > >
> > > --
> > > To unsubscribe from this list go to the following URL and read the
> > > instructions:  https://lists.samba.org/mailman/options/samba
> > >
> > --
> > To unsubscribe from this list go to the following URL and read the
> > instructions:  https://lists.samba.org/mailman/options/samba
>
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
>