[Samba] Replication problems bdc to pdc
Jiří Knotek
jiri.knotek at gemapce.cz
Wed Dec 13 10:35:54 UTC 2017
Hallo Louis,
thanks for the response.
Yes, change on ry11citsdc, now hostname -d works correctly. Somewhere I
saw the opposite entry. Thanks for the repair. Samba-setup-checkup.sh
follows:----------------------------------------------------
pi at ry11citsdc:~ $ bash /home/pi/Ry11/samba-setup-checkup.sh
Check hostnames : Ok
Checking detected host ipnumbers from resolv.conf and default gateway
Ping gateway ip : 10.44.1.1 : Error
ping nameserver1: 10.44.1.9 : Ok
ping nameserver2: 10.44.1.10 : Ok
Check ping google dns : 8.8.8.8 : Error
Checking file owner..
-rw-r--r-- pi pi /etc/samba/smb.conf
Checking file owner..
-rw-r--r-- pi pi /etc/samba/lmhosts
Checking file owner..
Missing file /etc/samba/smbpasswd
drwxr-xr-x root root /usr/bin
drwxr-xr-x root root /var/cache/samba
drwxr-xr-x root root /usr/lib/arm-linux-gnueabihf
drwxr-xr-x root root /var/run/samba
drwxr-x--- root adm /var/log/samba
drwxr-xr-x root root /usr/lib/arm-linux-gnueabihf/samba
drwxr-xr-x root root /var/run/samba
drwxr-xr-x root root /var/lib/samba/private
drwxr-xr-x root root /usr/sbin
drwxr-xr-x root root /var/lib/samba
ltdb: tdb(/var/lib/samba/private/sam.ldb): tdb_open_ex: could not open
file /var/lib/samba/private/sam.ldb: Permission denied
Unable to open tdb '/var/lib/samba/private/sam.ldb': Permission denied
Failed to connect to 'tdb:///var/lib/samba/private/sam.ldb' with backend
'tdb': Unable to open tdb '/var/lib/samba/private/sam.ldb': Permission
denied
ERROR(ldb): uncaught exception - Unable to open tdb
'/var/lib/samba/private/sam.ldb': Permission denied
File "/usr/lib/python2.7/dist-packages/samba/netcmd/__init__.py",
line 176, in _run
return self.run(*args, **kwargs)
File "/usr/lib/python2.7/dist-packages/samba/netcmd/fsmo.py", line
438, in run
credentials=creds, lp=lp)
File "/usr/lib/python2.7/dist-packages/samba/samdb.py", line 57, in
__init__
options=options)
File "/usr/lib/python2.7/dist-packages/samba/__init__.py", line 115,
in __init__
self.connect(url, flags, options)
File "/usr/lib/python2.7/dist-packages/samba/samdb.py", line 72, in
connect
options=options)
ltdb: tdb(/var/lib/samba/private/sam.ldb): tdb_open_ex: could not open
file /var/lib/samba/private/sam.ldb: Permission denied
Unable to open tdb '/var/lib/samba/private/sam.ldb': Permission denied
Failed to connect to 'tdb:///var/lib/samba/private/sam.ldb' with backend
'tdb': Unable to open tdb '/var/lib/samba/private/sam.ldb': Permission
denied
ERROR(ldb): uncaught exception - Unable to open tdb
'/var/lib/samba/private/sam.ldb': Permission denied
File "/usr/lib/python2.7/dist-packages/samba/netcmd/__init__.py",
line 176, in _run
return self.run(*args, **kwargs)
File "/usr/lib/python2.7/dist-packages/samba/netcmd/fsmo.py", line
438, in run
credentials=creds, lp=lp)
File "/usr/lib/python2.7/dist-packages/samba/samdb.py", line 57, in
__init__
options=options)
File "/usr/lib/python2.7/dist-packages/samba/__init__.py", line 115,
in __init__
self.connect(url, flags, options)
File "/usr/lib/python2.7/dist-packages/samba/samdb.py", line 72, in
connect
options=options)
ltdb: tdb(/var/lib/samba/private/sam.ldb): tdb_open_ex: could not open
file /var/lib/samba/private/sam.ldb: Permission denied
Unable to open tdb '/var/lib/samba/private/sam.ldb': Permission denied
Failed to connect to 'tdb:///var/lib/samba/private/sam.ldb' with backend
'tdb': Unable to open tdb '/var/lib/samba/private/sam.ldb': Permission
denied
ERROR(ldb): uncaught exception - Unable to open tdb
'/var/lib/samba/private/sam.ldb': Permission denied
File "/usr/lib/python2.7/dist-packages/samba/netcmd/__init__.py",
line 176, in _run
return self.run(*args, **kwargs)
File "/usr/lib/python2.7/dist-packages/samba/netcmd/fsmo.py", line
438, in run
credentials=creds, lp=lp)
File "/usr/lib/python2.7/dist-packages/samba/samdb.py", line 57, in
__init__
options=options)
File "/usr/lib/python2.7/dist-packages/samba/__init__.py", line 115,
in __init__
self.connect(url, flags, options)
File "/usr/lib/python2.7/dist-packages/samba/samdb.py", line 72, in
connect
options=options)
DCS ry11citsdc.ry11cit.lan
ry11citdc.ry11cit.lan
DC1 ry11citsdc.ry11cit.lan
DC2 ry11citdc.ry11cit.lan
Samba AD DC info: = detected (command and where to look)
This server hostname = ry11citsdc (hostname -s and /etc/hosts
and DNS server)
This server FQDN (hostname) = ry11citsdc.ry11cit.lan (hostname -f and
/etc/hosts and DNS server)
This server primary dnsdomain = ry11cit.lan (hostname -d and
/etc/resolv.conf and DNS server)
This server IP address(ses) = 10.44.1.9 Only one interface detected
(hostname -i (-I) and /etc/networking/interfaces and DNS server
The DC with FSMO roles = (samba-tool fsmo show)
The DC (with FSMO) Site name = (samba-tool fsmo show)
The Default Naming Context = (samba-tool fsmo show)
The Kerberos REALM name used = RY11CIT.LAN (kinit and /etc/krb5.conf
and resolving)
The Ipadres of DC ry11citsdc.ry11cit.lan = 10.44.1.9
The Ipadres of DC ry11citdc.ry11cit.lan = 10.44.1.10
SAMBA_SERVER_ROLE: active directory domain controller
SAMBA_SERVER_SERVICES: s3fs, rpc, nbt, wrepl, ldap, cldap, kdc, drepl,
winbindd, ntp_signd, kcc, dnsupdate
SAMBA_DCERPC_ENDPOINT_SERVERS: epmapper, wkssvc, rpcecho, samr,
netlogon, lsarpc, drsuapi, dssetup, unixinfo, browser, eventlog6,
backupkey, dnsserver
file
samba-debug-info.txt:---------------------------------------------------------------------------------------------
an error occurred while running:
pi at ry11citsdc:~ $ bash /home/pi/Ry11/samba-collect-debug-info.sh
Please wait, collecting debug info.
ERROR(runtime): uncaught exception - (-1073741606, 'Configuration
information could not be read from the domain controller, either because
the machine is unavailable or access has been
d enied.')
File "/usr/lib/python2.7/dist-packages/samba/netcmd/__init__.py",
line 176, in _run
return self.run(*args, **kwargs)
File "/usr/lib/python2.7/dist-packages/samba/netcmd/dns.py", line
812, in run
self.creds = credopts.get_credentials(self.lp)
File "/usr/lib/python2.7/dist-packages/samba/getopt.py", line 212, in
get_credentials
self.creds.set_machine_account(lp)
The debug info about your system can be found in this file:
/tmp/samba-debug-info.txt
Collected config --- 2017-12-13-11:27 -----------
Hostname: ry11citsdc
DNS Domain: ry11cit.lan
FQDN: ry11citsdc.ry11cit.lan
ipaddress: 10.44.1.9
-----------
Samba is running as an AD DC
Checking file: /etc/os-release
PRETTY_NAME="Raspbian GNU/Linux 9 (stretch)"
NAME="Raspbian GNU/Linux"
VERSION_ID="9"
VERSION="9 (stretch)"
ID=raspbian
ID_LIKE=debian
HOME_URL="http://www.raspbian.org/"
SUPPORT_URL="http://www.raspbian.org/RaspbianForums"
BUG_REPORT_URL="http://www.raspbian.org/RaspbianBugs"
-----------
Warning, /etc/devuan_version does not exist
-----------
running command : ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN
group default qlen 1
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast
state UP group default qlen 1000
link/ether b8:27:eb:9d:64:eb brd ff:ff:ff:ff:ff:ff
inet 10.44.1.9/16 brd 10.44.255.255 scope global eth0
3: wlan0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast
state DOWN group default qlen 1000
link/ether b8:27:eb:c8:31:be brd ff:ff:ff:ff:ff:ff
-----------
Checking file: /etc/hosts
127.0.0.1 localhost.localdomain localhost
10.44.1.10 ry11citdc.ry11cit.lan ry11citdc
10.44.1.9 ry11citsdc.ry11cit.lan ry11citsdc
-----------
Checking file: /etc/krb5.conf
[libdefaults]
default_realm = RY11CIT.LAN
dns_lookup_realm = false
dns_lookup_kdc = true
-----------
Checking file: /etc/nsswitch.conf
# /etc/nsswitch.conf
#
# Example configuration of GNU Name Service Switch functionality.
# If you have the `glibc-doc-reference' and `info' packages installed, try:
# `info libc "Name Service Switch"' for information about this file.
passwd: compat
group: compat
shadow: compat
gshadow: files
hosts: files mdns4_minimal [NOTFOUND=return] dns
networks: files
protocols: db files
services: db files
ethers: db files
rpc: db files
netgroup: nis
-----------
Checking file: /etc/samba/smb.conf
# Global parameters
[global]
netbios name = RY11CITSDC
realm = RY11CIT.LAN
server services = -dns
workgroup = RY11CIT
server role = active directory domain controller
[netlogon]
path = /var/lib/samba/sysvol/ry11cit.lan/scripts
read only = No
[sysvol]
path = /var/lib/samba/sysvol
read only = No
-----------
No username map detected.
-----------
Detected bind DLZ enabled..
Checking file: /etc/bind/named.conf
// This is the primary configuration file for the BIND DNS server named.
//
// Please read /usr/share/doc/bind9/README.Debian.gz for information on the
// structure of BIND configuration files in Debian, *BEFORE* you customize
// this configuration file.
//
// If you are just adding zones, please do that in
/etc/bind/named.conf.local
include "/etc/bind/named.conf.options";
include "/etc/bind/named.conf.local";
include "/etc/bind/named.conf.default-zones";
include "/var/lib/samba/private/named.conf";
-----------
Checking file: /etc/bind/named.conf.options
options {
directory "/var/cache/bind";
// If there is a firewall between you and nameservers you want
// to talk to, you may need to fix the firewall to allow multiple
// ports to talk. See http://www.kb.cert.org/vuls/id/800113
// If your ISP provided one or more IP addresses for stable
// nameservers, you probably want to use them as forwarders.
// Uncomment the following block, and insert the addresses replacing
// the all-0's placeholder.
// forwarders {
// 0.0.0.0;
// };
//========================================================================
// If BIND logs error messages about the root key being expired,
// you will need to update your keys. See
https://www.isc.org/bind-keys
//========================================================================
dnssec-validation auto;
auth-nxdomain no; # conform to RFC1035
listen-on-v6 { none; };
tkey-gssapi-keytab "/var/lib/samba/private/dns.keytab";
};
-----------
Checking file: /etc/bind/named.conf.local
//
// Do any local configuration here
//
// Consider adding the 1918 zones here, if they are not used in your
// organization
//include "/etc/bind/zones.rfc1918";
-----------
Checking file: /etc/bind/named.conf.default-zones
// prime the server with knowledge of the root servers
zone "." {
type hint;
file "/etc/bind/db.root";
};
// be authoritative for the localhost forward and reverse zones, and for
// broadcast zones as per RFC 1912
zone "localhost" {
type master;
file "/etc/bind/db.local";
};
zone "127.in-addr.arpa" {
type master;
file "/etc/bind/db.127";
};
zone "0.in-addr.arpa" {
type master;
file "/etc/bind/db.0";
};
zone "255.in-addr.arpa" {
type master;
file "/etc/bind/db.255";
};
-----------
Installed packages, running: dpkg -l | egrep
"samba|winbind|krb5|smb|acl|xattr"
ii acl 2.2.52-3 armhf Access control list
utilities
ii krb5-config 2.6 all Configuration
files for Kerberos Version 5
ii krb5-user 1.15-1+deb9u1 armhf basic programs
to authenticate using MIT Kerberos
ii libacl1:armhf 2.2.52-3 armhf Access
control list shared library
ii libgssapi-krb5-2:armhf 1.15-1+deb9u1 armhf MIT
Kerberos runtime libraries - krb5 GSS-API Mechanism
ii libkrb5-3:armhf 1.15-1+deb9u1 armhf MIT
Kerberos runtime libraries
ii libkrb5support0:armhf 1.15-1+deb9u1 armhf MIT
Kerberos runtime libraries - Support library
ii libsmbclient:armhf 2:4.5.12+dfsg-2+deb9u1 armhf shared
library for communication with SMB/CIFS servers
ii libwbclient0:armhf 2:4.5.12+dfsg-2+deb9u1 armhf Samba
winbind client library
ii python-samba 2:4.5.12+dfsg-2+deb9u1 armhf Python
bindings for Samba
ii samba 2:4.5.12+dfsg-2+deb9u1 armhf SMB/CIFS file,
print, and login server for Unix
ii samba-common 2:4.5.12+dfsg-2+deb9u1 all common files
used by both the Samba server and client
ii samba-common-bin 2:4.5.12+dfsg-2+deb9u1 armhf Samba
common files used by both the server and the client
ii samba-dsdb-modules 2:4.5.12+dfsg-2+deb9u1 armhf Samba
Directory Services Database
ii samba-libs:armhf 2:4.5.12+dfsg-2+deb9u1 armhf Samba
core libraries
ii samba-vfs-modules 2:4.5.12+dfsg-2+deb9u1 armhf Samba
Virtual FileSystem plugins
ii smbclient 2:4.5.12+dfsg-2+deb9u1 armhf command-line
SMB/CIFS clients for Unix
ii winbind 2:4.5.12+dfsg-2+deb9u1 armhf service to resolve
user and group information from Windows NT servers
-----------
Thanks Jiri Knotek
On 13. 12. 2017 10:52, L.P.H. van Belle via samba wrote:
> Ow and..
>
> Your hosts files are incorrect.
> Layout should be :
> ip hostname.fqdn hostname
>
> So this should be :
>> 10.44.1.10 ry11citdc.ry11cit.lan ry11citdc
>> 10.44.1.9 ry11citsdc.ry11cit.lan ry11citsdc
> Reboot both servers after the change.
>
>
> Greetz,
>
> Louis
>
>
>> -----Oorspronkelijk bericht-----
>> Van: samba [mailto:samba-bounces at lists.samba.org] Namens
>> L.P.H. van Belle via samba
>> Verzonden: woensdag 13 december 2017 10:41
>> Aan: samba at lists.samba.org
>> CC: Ji??í Knotek
>> Onderwerp: Re: [Samba] Replication problems bdc to pdc
>>
>> Great you use my script :-)
>> Now we know something is wrong, run this one.
>>
>> https://raw.githubusercontent.com/thctlo/samba4/master/samba-c
> ollect-debug-info.sh
>> And post the content to the list, that helps a lot.
>>
>> Greetz,
>>
>> Louis
>>
>>
>>
>>> -----Oorspronkelijk bericht-----
>>> Van: samba [mailto:samba-bounces at lists.samba.org] Namens
>>> Ji??í Knotek via samba
>>> Verzonden: woensdag 13 december 2017 10:14
>>> Aan: samba at lists.samba.org
>>> Onderwerp: Re: [Samba] Replication problems bdc to pdc
>>>
>>> Hello Rowland,
>>>
>>> thank you for advice. I reconfigure both AC-DCs again
>>> with new data
>>> and send updated data. Unfortunately, the result is the same.
>>> I'm also
>>> sending a listing from
>>>
>>> samba-setup-checkup.sh.
>>>
>>> * Linux: Raspbian, debian stretch lite
>>> * Samba version 4.5.12-Debian
>>> * DNS: BIND9_DLZ 9.10.x
>>> * Installed packages: ntp ntpdate samba smbclient winbind
>> libcups2
>>> samba-common cups ldb-tools bind9 bind9utils dnsutils krb5-user
>>>
>>> *root at ry11citdc:/home/pi/Ry11# samba-tool drs replicate ry11citsdc
>>> ry11citdc dc=ry11cit,dc=lan*
>>> Replicate from ry11citdc to ry11citsdc was successful.
>>>
>>> *root at ry11citdc:/home/pi/Ry11# samba-tool drs replicate ry11citdc
>>> ry11citsdc dc=ry11cit,dc=lan*
>>> ERROR(<class 'samba.drs_utils.drsException'>):
>> DsReplicaSync failed -
>>> drsException: DsReplicaSync failed (2, 'WERR_BADFILE')
>>> File
>> "/usr/lib/python2.7/dist-packages/samba/netcmd/drs.py", line
>>> 368, in run
>>> drs_utils.sendDsReplicaSync(server_bind, server_bind_handle,
>>> source_dsa_guid, NC, req_options)
>>> File
>>> "/usr/lib/python2.7/dist-packages/samba/drs_utils.py", line 83,
>>> in sendDsReplicaSync
>>> raise drsException("DsReplicaSync failed %s" % estr)
>>>
>>>
>>> *root at ry11citdc:/home/pi/Ry11# bash samba-setup-checkup.sh*
>>> Check hostnames : Mismatch in hostname definitions
>>> please check :
>>> HOST_NAME_SHORT: ry11citdc
>>> HOST_NAME_DOMAIN:
>>> HOST_NAME_FQDN: ry11citdc
>>> HOST_IP1: 10.44.1.10
>>> HOST_IP2: Only one interface detected
>>> HOST_GATEWAY: 10.44.1.1
>>> HOST_PRIMARY_INTERFACE: 10.44.1.1
>>> eth0
>>> HOST_RESOLV_DOMAIN: domain ry11cit.lan
>>> HOST_RESOLV_SEARCH: search ry11cit.lan
>>> HOST_RESOLV_NAMESERV1: 10.44.1.10
>>> HOST_RESOLV_NAMESERV2: 10.44.1.9
>>> HOST_RESOLV_NAMESERV3:
>>> Possible error detected in /etc/hosts, mismatch FQDN and
>> detected IP
>>> 10.44.1.10 for the host.
>>> expected was : 10.44.1.10 ry11citdc ry11citdc
>>> Checking detected host ipnumbers from resolv.conf and
>> default gateway
>>> Ping gateway ip : 10.44.1.1 : Error
>>> ping nameserver1: 10.44.1.10 : Ok
>>> ping nameserver2: 10.44.1.9 : Ok
>>> Check ping google dns : 8.8.8.8 : Error
>>> Checking file owner..
>>> -rw-r--r-- pi pi /etc/samba/smb.conf
>>> Checking file owner..
>>> -rw-r--r-- pi pi /etc/samba/lmhosts
>>> Checking file owner..
>>> Missing file /etc/samba/smbpasswd
>>> drwxr-xr-x root root /usr/bin
>>> drwxr-xr-x root root /var/cache/samba
>>> drwxr-xr-x root root /usr/lib/arm-linux-gnueabihf
>>> drwxr-xr-x root root /var/run/samba
>>> drwxr-x--- root adm /var/log/samba
>>> drwxr-xr-x root root /usr/lib/arm-linux-gnueabihf/samba
>>> drwxr-xr-x root root /var/run/samba
>>> drwxr-xr-x root root /var/lib/samba/private
>>> drwxr-xr-x root root /usr/sbin
>>> drwxr-xr-x root root /var/lib/samba
>>> DCS 2(SERVFAIL
>>> DC1 2(SERVFAIL
>>> DC2
>>> ERROR: Invalid IP address '2(SERVFAIL'!
>>> Samba AD DC info: = detected (command and
>> where to look)
>>> This server hostname = ry11citdc (hostname -s and
>> /etc/hosts
>>> and DNS server)
>>> This server FQDN (hostname) = ry11citdc (hostname -f and
>> /etc/hosts
>>> and DNS server)
>>> This server primary dnsdomain = (hostname -d and
>>> /etc/resolv.conf and
>>> DNS server)
>>> This server IP address(ses) = 10.44.1.10 Only one
>>> interface detected
>>> (hostname -i (-I) and /etc/networking/interfaces and DNS server
>>> The DC with FSMO roles = RY11CITDC (samba-tool fsmo show)
>>> The DC (with FSMO) Site name = Default-First-Site-Name
>>> (samba-tool fsmo
>>> show)
>>> The Default Naming Context = DC=ry11cit,DC=lan (samba-tool
>>> fsmo show)
>>> The Kerberos REALM name used = RY11CIT.LAN (kinit and
>>> /etc/krb5.conf
>>> and resolving)
>>> The Ipadres of DC 2(SERVFAIL = 2(SERVFAIL)
>>> SAMBA_SERVER_ROLE: active directory domain controller
>>> SAMBA_SERVER_SERVICES: s3fs, rpc, nbt, wrepl, ldap, cldap,
>>> kdc, drepl,
>>> winbindd, ntp_signd, kcc, dnsupdate
>>> SAMBA_DCERPC_ENDPOINT_SERVERS: epmapper, wkssvc, rpcecho, samr,
>>> netlogon, lsarpc, drsuapi, dssetup, unixinfo, browser, eventlog6,
>>> backupkey, dnsserver
>>>
>>>
>>> *I did not come to the way the hostname -d command would return the
>>> domain name. How can I do that? In addition, there are
>> host, lmhost,
>>> resolv.conf, and so on**
>>> *
>>>
>>> Please help, I don 't know the advice.
>>>
>>> System integrator Ji??í Knotek
>>>
>>>
>>> "Primary" Active Directory Domain
>>> Controler:----------------------------------------------------
>>> -----------------------------------------------
>>>
>>> --------------------------------------------------------------
>>> --------------------------------------------------------------
>>> -------------------------
>>>
>>>
>>> hostname:-----------------
>>> ry11citdc.ry11cit.lan
>>>
>>> hosts:---------------
>>> 127.0.0.1 localhost localhost.localdomain
>>> 10.44.1.10 ry11citdc ry11citdc.ry11cit.lan
>>> 10.44.1.9 ry11citsdc ry11citsdc.ry11cit.lan
>>>
>>> resolv.conf.head:-------------------
>>> domain ry11cit.lan
>>> search ry11cit.lan
>>>
>>> systemctl.conf"--------------------
>>> net.ipv4.ip_forward=1
>>> net.ipv6.conf.all.disable_ipv6=1
>>>
>>>
>>>
>>> krb5.conf:------------
>>>
>>> [libdefaults]
>>> default_realm = RY11CIT.LAN
>>> dns_lookup_realm = false
>>> dns_lookup_kdc = true
>>>
>>> named.conf:------------------------
>>>
>>> include "/etc/bind/named.conf.options";
>>> include "/etc/bind/named.conf.local";
>>> include "/etc/bind/named.conf.default-zones";
>>> include "/var/lib/samba/private/named.conf";
>>>
>>> named.conf.options:-----------------------
>>>
>>> options {
>>> directory "/var/cache/bind";
>>>
>>> dnssec-validation auto;
>>>
>>> auth-nxdomain no; # conform to RFC1035
>>> listen-on-v6 { none; };
>>> tkey-gssapi-keytab "/var/lib/samba/private/dns.keytab";
>>> };
>>>
>>> lmhost:--------------------------
>>> 127.0.0.1 localhost
>>> 10.44.1.10 ry11citdc
>>> 10.44.1.9 ry11citsdc
>>>
>>> smb.conf:------------------------------
>>>
>>> # Global parameters
>>> [global]
>>> netbios name = RY11CITDC
>>> realm = RY11CIT.LAN
>>> server services = -dns
>>> workgroup = RY11CIT
>>> server role = active directory domain controller
>>>
>>> [netlogon]
>>> path = /var/lib/samba/sysvol/ry11cit.lan/scripts
>>> read only = No
>>>
>>> [sysvol]
>>> path = /var/lib/samba/sysvol
>>> read only = No
>>>
>>> Samba Provision---------------:
>>>
>>> samba-tool domain provision --realm=RY11CIT.LAN
>> --domain=RY11CIT
>>> --server-role=dc --dns-backend=BIND9_DLZ --adminpass='.....'
>>>
>>> "Backup / Standby" Active Directory Domain
>>> Controler:----------------------------------------------------
>>> -----------------------------------------------
>>>
>>>
>>> --------------------------------------------------------------
>>> --------------------------------------------------------------
>>> -------------------------
>>>
>>>
>>> hostname:-----------------
>>> ry11citsdc.ry11cit.lan
>>>
>>> hosts:---------------
>>> 127.0.0.1 localhost localhost.localdomain
>>> 10.44.1.10 ry11citdc ry11citdc.ry11cit.lan
>>> 10.44.1.9 ry11citsdc ry11citsdc.ry11cit.lan
>>>
>>> resolv.conf.head:-------------------
>>> domain ry11cit.lan
>>> search ry11cit.lan
>>>
>>> systemctl.conf"--------------------
>>> net.ipv4.ip_forward=1
>>> net.ipv6.conf.all.disable_ipv6=1
>>>
>>>
>>>
>>> krb5.conf:------------
>>>
>>> [libdefaults]
>>> default_realm = RY11CIT.LAN
>>> dns_lookup_realm = false
>>> dns_lookup_kdc = true
>>>
>>> named.conf:------------------------
>>>
>>> include "/etc/bind/named.conf.options";
>>> include "/etc/bind/named.conf.local";
>>> include "/etc/bind/named.conf.default-zones";
>>> include "/var/lib/samba/private/named.conf";
>>>
>>> named.conf.options:-----------------------
>>>
>>> options {
>>> directory "/var/cache/bind";
>>>
>>> dnssec-validation auto;
>>>
>>> auth-nxdomain no; # conform to RFC1035
>>> listen-on-v6 { none; };
>>> tkey-gssapi-keytab "/var/lib/samba/private/dns.keytab";
>>> };
>>>
>>> lmhost:--------------------------
>>> 127.0.0.1 localhost
>>> 10.44.1.10 ry11citdc
>>> 10.44.1.9 ry11citsdc
>>>
>>> smb.conf:------------------------------
>>>
>>> # Global parameters
>>> [global]
>>> netbios name = RY11CITSDC
>>> realm = RY11CIT.LAN
>>> server services = -dns
>>> workgroup = RY11CIT
>>> server role = active directory domain controller
>>>
>>> [netlogon]
>>> path = /var/lib/samba/sysvol/ry11cit.lan/scripts
>>> read only = No
>>>
>>> [sysvol]
>>> path = /var/lib/samba/sysvol
>>> read only = No
>>>
>>> Samba join---------------:
>>>
>>> samba-tool domain join RY11CIT DC -Uadministrator
>>> --realm=RY11CIT.LAN --dns-backend=BIND9_DLZ --adminpass='.....'
>>>
>>>
>>> Thanks Jiri Knotek
>>>
>>>
>>> --
>>> To unsubscribe from this list go to the following URL and read the
>>> instructions: https://lists.samba.org/mailman/options/samba
>>>
>>>
>>
>> --
>> To unsubscribe from this list go to the following URL and read the
>> instructions: https://lists.samba.org/mailman/options/samba
>>
>>
>
--
*Ing. Jiří Knotek*
programátor
*GEMA s.r.o. Automatizace technologických procesů*
Doubravice 13, Pardubice 19, 53353
Tel: +420604570127
E-mail: jiri.knotek at gemapce.cz <mailto:jiri.knotek at gemapce.cz>
Web:www.gemapce.cz <http://www.gemapce.cz/>
More information about the samba
mailing list