[Samba] Replication problems bdc to pdc
L.P.H. van Belle
belle at bazuin.nl
Wed Dec 13 11:05:16 UTC 2017
Hai,
Both script where missing "run as root".
I've update the github versions.
Can you run that these again, but as root or with sudo.
And post the content again.
Greetz,
Louis
> -----Oorspronkelijk bericht-----
> Van: samba [mailto:samba-bounces at lists.samba.org] Namens
> Ji??í Knotek via samba
> Verzonden: woensdag 13 december 2017 11:36
> Aan: samba at lists.samba.org
> Onderwerp: Re: [Samba] Replication problems bdc to pdc
>
> Hallo Louis,
>
> thanks for the response.
>
> Yes, change on ry11citsdc, now hostname -d works correctly.
> Somewhere I
> saw the opposite entry. Thanks for the repair. Samba-setup-checkup.sh
> follows:----------------------------------------------------
>
> pi at ry11citsdc:~ $ bash /home/pi/Ry11/samba-setup-checkup.sh
> Check hostnames : Ok
> Checking detected host ipnumbers from resolv.conf and default gateway
> Ping gateway ip : 10.44.1.1 : Error
> ping nameserver1: 10.44.1.9 : Ok
> ping nameserver2: 10.44.1.10 : Ok
> Check ping google dns : 8.8.8.8 : Error
> Checking file owner..
> -rw-r--r-- pi pi /etc/samba/smb.conf
> Checking file owner..
> -rw-r--r-- pi pi /etc/samba/lmhosts
> Checking file owner..
> Missing file /etc/samba/smbpasswd
> drwxr-xr-x root root /usr/bin
> drwxr-xr-x root root /var/cache/samba
> drwxr-xr-x root root /usr/lib/arm-linux-gnueabihf
> drwxr-xr-x root root /var/run/samba
> drwxr-x--- root adm /var/log/samba
> drwxr-xr-x root root /usr/lib/arm-linux-gnueabihf/samba
> drwxr-xr-x root root /var/run/samba
> drwxr-xr-x root root /var/lib/samba/private
> drwxr-xr-x root root /usr/sbin
> drwxr-xr-x root root /var/lib/samba
> ltdb: tdb(/var/lib/samba/private/sam.ldb): tdb_open_ex: could
> not open
> file /var/lib/samba/private/sam.ldb: Permission denied
>
> Unable to open tdb '/var/lib/samba/private/sam.ldb': Permission denied
> Failed to connect to 'tdb:///var/lib/samba/private/sam.ldb'
> with backend
> 'tdb': Unable to open tdb '/var/lib/samba/private/sam.ldb':
> Permission
> denied
> ERROR(ldb): uncaught exception - Unable to open tdb
> '/var/lib/samba/private/sam.ldb': Permission denied
> File "/usr/lib/python2.7/dist-packages/samba/netcmd/__init__.py",
> line 176, in _run
> return self.run(*args, **kwargs)
> File "/usr/lib/python2.7/dist-packages/samba/netcmd/fsmo.py", line
> 438, in run
> credentials=creds, lp=lp)
> File "/usr/lib/python2.7/dist-packages/samba/samdb.py",
> line 57, in
> __init__
> options=options)
> File "/usr/lib/python2.7/dist-packages/samba/__init__.py",
> line 115,
> in __init__
> self.connect(url, flags, options)
> File "/usr/lib/python2.7/dist-packages/samba/samdb.py",
> line 72, in
> connect
> options=options)
> ltdb: tdb(/var/lib/samba/private/sam.ldb): tdb_open_ex: could
> not open
> file /var/lib/samba/private/sam.ldb: Permission denied
>
> Unable to open tdb '/var/lib/samba/private/sam.ldb': Permission denied
> Failed to connect to 'tdb:///var/lib/samba/private/sam.ldb'
> with backend
> 'tdb': Unable to open tdb '/var/lib/samba/private/sam.ldb':
> Permission
> denied
> ERROR(ldb): uncaught exception - Unable to open tdb
> '/var/lib/samba/private/sam.ldb': Permission denied
> File "/usr/lib/python2.7/dist-packages/samba/netcmd/__init__.py",
> line 176, in _run
> return self.run(*args, **kwargs)
> File "/usr/lib/python2.7/dist-packages/samba/netcmd/fsmo.py", line
> 438, in run
> credentials=creds, lp=lp)
> File "/usr/lib/python2.7/dist-packages/samba/samdb.py",
> line 57, in
> __init__
> options=options)
> File "/usr/lib/python2.7/dist-packages/samba/__init__.py",
> line 115,
> in __init__
> self.connect(url, flags, options)
> File "/usr/lib/python2.7/dist-packages/samba/samdb.py",
> line 72, in
> connect
> options=options)
> ltdb: tdb(/var/lib/samba/private/sam.ldb): tdb_open_ex: could
> not open
> file /var/lib/samba/private/sam.ldb: Permission denied
>
> Unable to open tdb '/var/lib/samba/private/sam.ldb': Permission denied
> Failed to connect to 'tdb:///var/lib/samba/private/sam.ldb'
> with backend
> 'tdb': Unable to open tdb '/var/lib/samba/private/sam.ldb':
> Permission
> denied
> ERROR(ldb): uncaught exception - Unable to open tdb
> '/var/lib/samba/private/sam.ldb': Permission denied
> File "/usr/lib/python2.7/dist-packages/samba/netcmd/__init__.py",
> line 176, in _run
> return self.run(*args, **kwargs)
> File "/usr/lib/python2.7/dist-packages/samba/netcmd/fsmo.py", line
> 438, in run
> credentials=creds, lp=lp)
> File "/usr/lib/python2.7/dist-packages/samba/samdb.py",
> line 57, in
> __init__
> options=options)
> File "/usr/lib/python2.7/dist-packages/samba/__init__.py",
> line 115,
> in __init__
> self.connect(url, flags, options)
> File "/usr/lib/python2.7/dist-packages/samba/samdb.py",
> line 72, in
> connect
> options=options)
> DCS ry11citsdc.ry11cit.lan
> ry11citdc.ry11cit.lan
> DC1 ry11citsdc.ry11cit.lan
> DC2 ry11citdc.ry11cit.lan
> Samba AD DC info: = detected (command and where to look)
> This server hostname = ry11citsdc (hostname -s and
> /etc/hosts
> and DNS server)
> This server FQDN (hostname) = ry11citsdc.ry11cit.lan
> (hostname -f and
> /etc/hosts and DNS server)
> This server primary dnsdomain = ry11cit.lan (hostname -d and
> /etc/resolv.conf and DNS server)
> This server IP address(ses) = 10.44.1.9 Only one interface
> detected
> (hostname -i (-I) and /etc/networking/interfaces and DNS server
> The DC with FSMO roles = (samba-tool fsmo show)
> The DC (with FSMO) Site name = (samba-tool fsmo show)
> The Default Naming Context = (samba-tool fsmo show)
> The Kerberos REALM name used = RY11CIT.LAN (kinit and
> /etc/krb5.conf
> and resolving)
> The Ipadres of DC ry11citsdc.ry11cit.lan = 10.44.1.9
> The Ipadres of DC ry11citdc.ry11cit.lan = 10.44.1.10
> SAMBA_SERVER_ROLE: active directory domain controller
> SAMBA_SERVER_SERVICES: s3fs, rpc, nbt, wrepl, ldap, cldap,
> kdc, drepl,
> winbindd, ntp_signd, kcc, dnsupdate
> SAMBA_DCERPC_ENDPOINT_SERVERS: epmapper, wkssvc, rpcecho, samr,
> netlogon, lsarpc, drsuapi, dssetup, unixinfo, browser, eventlog6,
> backupkey, dnsserver
>
>
> file
> samba-debug-info.txt:-----------------------------------------
> ----------------------------------------------------
>
> an error occurred while running:
>
> pi at ry11citsdc:~ $ bash /home/pi/Ry11/samba-collect-debug-info.sh
> Please wait, collecting debug info.
> ERROR(runtime): uncaught exception - (-1073741606, 'Configuration
> information could not be read from the domain controller,
> either because
> the machine is unavailable or access has been
> d enied.')
> File "/usr/lib/python2.7/dist-packages/samba/netcmd/__init__.py",
> line 176, in _run
> return self.run(*args, **kwargs)
> File "/usr/lib/python2.7/dist-packages/samba/netcmd/dns.py", line
> 812, in run
> self.creds = credopts.get_credentials(self.lp)
> File "/usr/lib/python2.7/dist-packages/samba/getopt.py",
> line 212, in
> get_credentials
> self.creds.set_machine_account(lp)
> The debug info about your system can be found in this file:
> /tmp/samba-debug-info.txt
>
>
> Collected config --- 2017-12-13-11:27 -----------
>
> Hostname: ry11citsdc
> DNS Domain: ry11cit.lan
> FQDN: ry11citsdc.ry11cit.lan
> ipaddress: 10.44.1.9
>
> -----------
> Samba is running as an AD DC
> Checking file: /etc/os-release
> PRETTY_NAME="Raspbian GNU/Linux 9 (stretch)"
> NAME="Raspbian GNU/Linux"
> VERSION_ID="9"
> VERSION="9 (stretch)"
> ID=raspbian
> ID_LIKE=debian
> HOME_URL="http://www.raspbian.org/"
> SUPPORT_URL="http://www.raspbian.org/RaspbianForums"
> BUG_REPORT_URL="http://www.raspbian.org/RaspbianBugs"
>
> -----------
>
> Warning, /etc/devuan_version does not exist
>
> -----------
> running command : ip a
> 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN
> group default qlen 1
> link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
> inet 127.0.0.1/8 scope host lo
> 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast
> state UP group default qlen 1000
> link/ether b8:27:eb:9d:64:eb brd ff:ff:ff:ff:ff:ff
> inet 10.44.1.9/16 brd 10.44.255.255 scope global eth0
> 3: wlan0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc
> pfifo_fast
> state DOWN group default qlen 1000
> link/ether b8:27:eb:c8:31:be brd ff:ff:ff:ff:ff:ff
> -----------
> Checking file: /etc/hosts
> 127.0.0.1 localhost.localdomain localhost
> 10.44.1.10 ry11citdc.ry11cit.lan ry11citdc
> 10.44.1.9 ry11citsdc.ry11cit.lan ry11citsdc
>
> -----------
> Checking file: /etc/krb5.conf
> [libdefaults]
> default_realm = RY11CIT.LAN
> dns_lookup_realm = false
> dns_lookup_kdc = true
>
> -----------
> Checking file: /etc/nsswitch.conf
> # /etc/nsswitch.conf
> #
> # Example configuration of GNU Name Service Switch functionality.
> # If you have the `glibc-doc-reference' and `info' packages
> installed, try:
> # `info libc "Name Service Switch"' for information about this file.
>
> passwd: compat
> group: compat
> shadow: compat
> gshadow: files
>
> hosts: files mdns4_minimal [NOTFOUND=return] dns
> networks: files
>
> protocols: db files
> services: db files
> ethers: db files
> rpc: db files
>
> netgroup: nis
>
> -----------
> Checking file: /etc/samba/smb.conf
> # Global parameters
> [global]
> netbios name = RY11CITSDC
> realm = RY11CIT.LAN
> server services = -dns
> workgroup = RY11CIT
> server role = active directory domain controller
>
> [netlogon]
> path = /var/lib/samba/sysvol/ry11cit.lan/scripts
> read only = No
>
> [sysvol]
> path = /var/lib/samba/sysvol
> read only = No
>
> -----------
> No username map detected.
>
> -----------
> Detected bind DLZ enabled..
> Checking file: /etc/bind/named.conf
> // This is the primary configuration file for the BIND DNS
> server named.
> //
> // Please read /usr/share/doc/bind9/README.Debian.gz for
> information on the
> // structure of BIND configuration files in Debian, *BEFORE*
> you customize
> // this configuration file.
> //
> // If you are just adding zones, please do that in
> /etc/bind/named.conf.local
>
> include "/etc/bind/named.conf.options";
> include "/etc/bind/named.conf.local";
> include "/etc/bind/named.conf.default-zones";
> include "/var/lib/samba/private/named.conf";
>
> -----------
> Checking file: /etc/bind/named.conf.options
> options {
> directory "/var/cache/bind";
>
> // If there is a firewall between you and nameservers you want
> // to talk to, you may need to fix the firewall to allow multiple
> // ports to talk. See http://www.kb.cert.org/vuls/id/800113
>
> // If your ISP provided one or more IP addresses for stable
> // nameservers, you probably want to use them as forwarders.
> // Uncomment the following block, and insert the
> addresses replacing
> // the all-0's placeholder.
>
> // forwarders {
> // 0.0.0.0;
> // };
>
> //============================================================
> ============
> // If BIND logs error messages about the root key being expired,
> // you will need to update your keys. See
> https://www.isc.org/bind-keys
> //============================================================
> ============
> dnssec-validation auto;
>
> auth-nxdomain no; # conform to RFC1035
> listen-on-v6 { none; };
> tkey-gssapi-keytab "/var/lib/samba/private/dns.keytab";
> };
>
>
> -----------
> Checking file: /etc/bind/named.conf.local
> //
> // Do any local configuration here
> //
>
> // Consider adding the 1918 zones here, if they are not used in your
> // organization
> //include "/etc/bind/zones.rfc1918";
>
>
> -----------
> Checking file: /etc/bind/named.conf.default-zones
> // prime the server with knowledge of the root servers
> zone "." {
> type hint;
> file "/etc/bind/db.root";
> };
>
> // be authoritative for the localhost forward and reverse
> zones, and for
> // broadcast zones as per RFC 1912
>
> zone "localhost" {
> type master;
> file "/etc/bind/db.local";
> };
>
> zone "127.in-addr.arpa" {
> type master;
> file "/etc/bind/db.127";
> };
>
> zone "0.in-addr.arpa" {
> type master;
> file "/etc/bind/db.0";
> };
>
> zone "255.in-addr.arpa" {
> type master;
> file "/etc/bind/db.255";
> };
>
>
>
> -----------
>
> Installed packages, running: dpkg -l | egrep
> "samba|winbind|krb5|smb|acl|xattr"
> ii acl 2.2.52-3 armhf Access control list
> utilities
> ii krb5-config 2.6 all
> Configuration
> files for Kerberos Version 5
> ii krb5-user 1.15-1+deb9u1 armhf basic
> programs
> to authenticate using MIT Kerberos
> ii libacl1:armhf 2.2.52-3 armhf Access
> control list shared library
> ii libgssapi-krb5-2:armhf 1.15-1+deb9u1 armhf
> MIT
> Kerberos runtime libraries - krb5 GSS-API Mechanism
> ii libkrb5-3:armhf 1.15-1+deb9u1 armhf MIT
> Kerberos runtime libraries
> ii libkrb5support0:armhf 1.15-1+deb9u1 armhf
> MIT
> Kerberos runtime libraries - Support library
> ii libsmbclient:armhf 2:4.5.12+dfsg-2+deb9u1 armhf
> shared
> library for communication with SMB/CIFS servers
> ii libwbclient0:armhf 2:4.5.12+dfsg-2+deb9u1 armhf
> Samba
> winbind client library
> ii python-samba 2:4.5.12+dfsg-2+deb9u1 armhf Python
> bindings for Samba
> ii samba 2:4.5.12+dfsg-2+deb9u1 armhf SMB/CIFS file,
> print, and login server for Unix
> ii samba-common 2:4.5.12+dfsg-2+deb9u1 all
> common files
> used by both the Samba server and client
> ii samba-common-bin 2:4.5.12+dfsg-2+deb9u1 armhf Samba
> common files used by both the server and the client
> ii samba-dsdb-modules 2:4.5.12+dfsg-2+deb9u1 armhf
> Samba
> Directory Services Database
> ii samba-libs:armhf 2:4.5.12+dfsg-2+deb9u1 armhf Samba
> core libraries
> ii samba-vfs-modules 2:4.5.12+dfsg-2+deb9u1 armhf Samba
> Virtual FileSystem plugins
> ii smbclient 2:4.5.12+dfsg-2+deb9u1 armhf command-line
> SMB/CIFS clients for Unix
> ii winbind 2:4.5.12+dfsg-2+deb9u1 armhf service
> to resolve
> user and group information from Windows NT servers
> -----------
>
> Thanks Jiri Knotek
>
>
> On 13. 12. 2017 10:52, L.P.H. van Belle via samba wrote:
> > Ow and..
> >
> > Your hosts files are incorrect.
> > Layout should be :
> > ip hostname.fqdn hostname
> >
> > So this should be :
> >> 10.44.1.10 ry11citdc.ry11cit.lan ry11citdc
> >> 10.44.1.9 ry11citsdc.ry11cit.lan ry11citsdc
> > Reboot both servers after the change.
> >
> >
> > Greetz,
> >
> > Louis
> >
> >
> >> -----Oorspronkelijk bericht-----
> >> Van: samba [mailto:samba-bounces at lists.samba.org] Namens
> >> L.P.H. van Belle via samba
> >> Verzonden: woensdag 13 december 2017 10:41
> >> Aan: samba at lists.samba.org
> >> CC: Ji??í Knotek
> >> Onderwerp: Re: [Samba] Replication problems bdc to pdc
> >>
> >> Great you use my script :-)
> >> Now we know something is wrong, run this one.
> >>
> >> https://raw.githubusercontent.com/thctlo/samba4/master/samba-c
> > ollect-debug-info.sh
> >> And post the content to the list, that helps a lot.
> >>
> >> Greetz,
> >>
> >> Louis
> >>
> >>
> >>
> >>> -----Oorspronkelijk bericht-----
> >>> Van: samba [mailto:samba-bounces at lists.samba.org] Namens
> >>> Ji??í Knotek via samba
> >>> Verzonden: woensdag 13 december 2017 10:14
> >>> Aan: samba at lists.samba.org
> >>> Onderwerp: Re: [Samba] Replication problems bdc to pdc
> >>>
> >>> Hello Rowland,
> >>>
> >>> thank you for advice. I reconfigure both AC-DCs again
> >>> with new data
> >>> and send updated data. Unfortunately, the result is the same.
> >>> I'm also
> >>> sending a listing from
> >>>
> >>> samba-setup-checkup.sh.
> >>>
> >>> * Linux: Raspbian, debian stretch lite
> >>> * Samba version 4.5.12-Debian
> >>> * DNS: BIND9_DLZ 9.10.x
> >>> * Installed packages: ntp ntpdate samba smbclient winbind
> >> libcups2
> >>> samba-common cups ldb-tools bind9 bind9utils dnsutils krb5-user
> >>>
> >>> *root at ry11citdc:/home/pi/Ry11# samba-tool drs replicate ry11citsdc
> >>> ry11citdc dc=ry11cit,dc=lan*
> >>> Replicate from ry11citdc to ry11citsdc was successful.
> >>>
> >>> *root at ry11citdc:/home/pi/Ry11# samba-tool drs replicate ry11citdc
> >>> ry11citsdc dc=ry11cit,dc=lan*
> >>> ERROR(<class 'samba.drs_utils.drsException'>):
> >> DsReplicaSync failed -
> >>> drsException: DsReplicaSync failed (2, 'WERR_BADFILE')
> >>> File
> >> "/usr/lib/python2.7/dist-packages/samba/netcmd/drs.py", line
> >>> 368, in run
> >>> drs_utils.sendDsReplicaSync(server_bind, server_bind_handle,
> >>> source_dsa_guid, NC, req_options)
> >>> File
> >>> "/usr/lib/python2.7/dist-packages/samba/drs_utils.py", line 83,
> >>> in sendDsReplicaSync
> >>> raise drsException("DsReplicaSync failed %s" % estr)
> >>>
> >>>
> >>> *root at ry11citdc:/home/pi/Ry11# bash samba-setup-checkup.sh*
> >>> Check hostnames : Mismatch in hostname definitions
> >>> please check :
> >>> HOST_NAME_SHORT: ry11citdc
> >>> HOST_NAME_DOMAIN:
> >>> HOST_NAME_FQDN: ry11citdc
> >>> HOST_IP1: 10.44.1.10
> >>> HOST_IP2: Only one interface detected
> >>> HOST_GATEWAY: 10.44.1.1
> >>> HOST_PRIMARY_INTERFACE: 10.44.1.1
> >>> eth0
> >>> HOST_RESOLV_DOMAIN: domain ry11cit.lan
> >>> HOST_RESOLV_SEARCH: search ry11cit.lan
> >>> HOST_RESOLV_NAMESERV1: 10.44.1.10
> >>> HOST_RESOLV_NAMESERV2: 10.44.1.9
> >>> HOST_RESOLV_NAMESERV3:
> >>> Possible error detected in /etc/hosts, mismatch FQDN and
> >> detected IP
> >>> 10.44.1.10 for the host.
> >>> expected was : 10.44.1.10 ry11citdc ry11citdc
> >>> Checking detected host ipnumbers from resolv.conf and
> >> default gateway
> >>> Ping gateway ip : 10.44.1.1 : Error
> >>> ping nameserver1: 10.44.1.10 : Ok
> >>> ping nameserver2: 10.44.1.9 : Ok
> >>> Check ping google dns : 8.8.8.8 : Error
> >>> Checking file owner..
> >>> -rw-r--r-- pi pi /etc/samba/smb.conf
> >>> Checking file owner..
> >>> -rw-r--r-- pi pi /etc/samba/lmhosts
> >>> Checking file owner..
> >>> Missing file /etc/samba/smbpasswd
> >>> drwxr-xr-x root root /usr/bin
> >>> drwxr-xr-x root root /var/cache/samba
> >>> drwxr-xr-x root root /usr/lib/arm-linux-gnueabihf
> >>> drwxr-xr-x root root /var/run/samba
> >>> drwxr-x--- root adm /var/log/samba
> >>> drwxr-xr-x root root /usr/lib/arm-linux-gnueabihf/samba
> >>> drwxr-xr-x root root /var/run/samba
> >>> drwxr-xr-x root root /var/lib/samba/private
> >>> drwxr-xr-x root root /usr/sbin
> >>> drwxr-xr-x root root /var/lib/samba
> >>> DCS 2(SERVFAIL
> >>> DC1 2(SERVFAIL
> >>> DC2
> >>> ERROR: Invalid IP address '2(SERVFAIL'!
> >>> Samba AD DC info: = detected (command and
> >> where to look)
> >>> This server hostname = ry11citdc (hostname -s and
> >> /etc/hosts
> >>> and DNS server)
> >>> This server FQDN (hostname) = ry11citdc (hostname -f and
> >> /etc/hosts
> >>> and DNS server)
> >>> This server primary dnsdomain = (hostname -d and
> >>> /etc/resolv.conf and
> >>> DNS server)
> >>> This server IP address(ses) = 10.44.1.10 Only one
> >>> interface detected
> >>> (hostname -i (-I) and /etc/networking/interfaces and DNS server
> >>> The DC with FSMO roles = RY11CITDC (samba-tool fsmo show)
> >>> The DC (with FSMO) Site name = Default-First-Site-Name
> >>> (samba-tool fsmo
> >>> show)
> >>> The Default Naming Context = DC=ry11cit,DC=lan (samba-tool
> >>> fsmo show)
> >>> The Kerberos REALM name used = RY11CIT.LAN (kinit and
> >>> /etc/krb5.conf
> >>> and resolving)
> >>> The Ipadres of DC 2(SERVFAIL = 2(SERVFAIL)
> >>> SAMBA_SERVER_ROLE: active directory domain controller
> >>> SAMBA_SERVER_SERVICES: s3fs, rpc, nbt, wrepl, ldap, cldap,
> >>> kdc, drepl,
> >>> winbindd, ntp_signd, kcc, dnsupdate
> >>> SAMBA_DCERPC_ENDPOINT_SERVERS: epmapper, wkssvc, rpcecho, samr,
> >>> netlogon, lsarpc, drsuapi, dssetup, unixinfo, browser, eventlog6,
> >>> backupkey, dnsserver
> >>>
> >>>
> >>> *I did not come to the way the hostname -d command would
> return the
> >>> domain name. How can I do that? In addition, there are
> >> host, lmhost,
> >>> resolv.conf, and so on**
> >>> *
> >>>
> >>> Please help, I don 't know the advice.
> >>>
> >>> System integrator Ji??í Knotek
> >>>
> >>>
> >>> "Primary" Active Directory Domain
> >>> Controler:----------------------------------------------------
> >>> -----------------------------------------------
> >>>
> >>> --------------------------------------------------------------
> >>> --------------------------------------------------------------
> >>> -------------------------
> >>>
> >>>
> >>> hostname:-----------------
> >>> ry11citdc.ry11cit.lan
> >>>
> >>> hosts:---------------
> >>> 127.0.0.1 localhost localhost.localdomain
> >>> 10.44.1.10 ry11citdc ry11citdc.ry11cit.lan
> >>> 10.44.1.9 ry11citsdc ry11citsdc.ry11cit.lan
> >>>
> >>> resolv.conf.head:-------------------
> >>> domain ry11cit.lan
> >>> search ry11cit.lan
> >>>
> >>> systemctl.conf"--------------------
> >>> net.ipv4.ip_forward=1
> >>> net.ipv6.conf.all.disable_ipv6=1
> >>>
> >>>
> >>>
> >>> krb5.conf:------------
> >>>
> >>> [libdefaults]
> >>> default_realm = RY11CIT.LAN
> >>> dns_lookup_realm = false
> >>> dns_lookup_kdc = true
> >>>
> >>> named.conf:------------------------
> >>>
> >>> include "/etc/bind/named.conf.options";
> >>> include "/etc/bind/named.conf.local";
> >>> include "/etc/bind/named.conf.default-zones";
> >>> include "/var/lib/samba/private/named.conf";
> >>>
> >>> named.conf.options:-----------------------
> >>>
> >>> options {
> >>> directory "/var/cache/bind";
> >>>
> >>> dnssec-validation auto;
> >>>
> >>> auth-nxdomain no; # conform to RFC1035
> >>> listen-on-v6 { none; };
> >>> tkey-gssapi-keytab "/var/lib/samba/private/dns.keytab";
> >>> };
> >>>
> >>> lmhost:--------------------------
> >>> 127.0.0.1 localhost
> >>> 10.44.1.10 ry11citdc
> >>> 10.44.1.9 ry11citsdc
> >>>
> >>> smb.conf:------------------------------
> >>>
> >>> # Global parameters
> >>> [global]
> >>> netbios name = RY11CITDC
> >>> realm = RY11CIT.LAN
> >>> server services = -dns
> >>> workgroup = RY11CIT
> >>> server role = active directory domain controller
> >>>
> >>> [netlogon]
> >>> path = /var/lib/samba/sysvol/ry11cit.lan/scripts
> >>> read only = No
> >>>
> >>> [sysvol]
> >>> path = /var/lib/samba/sysvol
> >>> read only = No
> >>>
> >>> Samba Provision---------------:
> >>>
> >>> samba-tool domain provision --realm=RY11CIT.LAN
> >> --domain=RY11CIT
> >>> --server-role=dc --dns-backend=BIND9_DLZ --adminpass='.....'
> >>>
> >>> "Backup / Standby" Active Directory Domain
> >>> Controler:----------------------------------------------------
> >>> -----------------------------------------------
> >>>
> >>>
> >>> --------------------------------------------------------------
> >>> --------------------------------------------------------------
> >>> -------------------------
> >>>
> >>>
> >>> hostname:-----------------
> >>> ry11citsdc.ry11cit.lan
> >>>
> >>> hosts:---------------
> >>> 127.0.0.1 localhost localhost.localdomain
> >>> 10.44.1.10 ry11citdc ry11citdc.ry11cit.lan
> >>> 10.44.1.9 ry11citsdc ry11citsdc.ry11cit.lan
> >>>
> >>> resolv.conf.head:-------------------
> >>> domain ry11cit.lan
> >>> search ry11cit.lan
> >>>
> >>> systemctl.conf"--------------------
> >>> net.ipv4.ip_forward=1
> >>> net.ipv6.conf.all.disable_ipv6=1
> >>>
> >>>
> >>>
> >>> krb5.conf:------------
> >>>
> >>> [libdefaults]
> >>> default_realm = RY11CIT.LAN
> >>> dns_lookup_realm = false
> >>> dns_lookup_kdc = true
> >>>
> >>> named.conf:------------------------
> >>>
> >>> include "/etc/bind/named.conf.options";
> >>> include "/etc/bind/named.conf.local";
> >>> include "/etc/bind/named.conf.default-zones";
> >>> include "/var/lib/samba/private/named.conf";
> >>>
> >>> named.conf.options:-----------------------
> >>>
> >>> options {
> >>> directory "/var/cache/bind";
> >>>
> >>> dnssec-validation auto;
> >>>
> >>> auth-nxdomain no; # conform to RFC1035
> >>> listen-on-v6 { none; };
> >>> tkey-gssapi-keytab "/var/lib/samba/private/dns.keytab";
> >>> };
> >>>
> >>> lmhost:--------------------------
> >>> 127.0.0.1 localhost
> >>> 10.44.1.10 ry11citdc
> >>> 10.44.1.9 ry11citsdc
> >>>
> >>> smb.conf:------------------------------
> >>>
> >>> # Global parameters
> >>> [global]
> >>> netbios name = RY11CITSDC
> >>> realm = RY11CIT.LAN
> >>> server services = -dns
> >>> workgroup = RY11CIT
> >>> server role = active directory domain controller
> >>>
> >>> [netlogon]
> >>> path = /var/lib/samba/sysvol/ry11cit.lan/scripts
> >>> read only = No
> >>>
> >>> [sysvol]
> >>> path = /var/lib/samba/sysvol
> >>> read only = No
> >>>
> >>> Samba join---------------:
> >>>
> >>> samba-tool domain join RY11CIT DC -Uadministrator
> >>> --realm=RY11CIT.LAN --dns-backend=BIND9_DLZ --adminpass='.....'
> >>>
> >>>
> >>> Thanks Jiri Knotek
> >>>
> >>>
> >>> --
> >>> To unsubscribe from this list go to the following URL and read the
> >>> instructions: https://lists.samba.org/mailman/options/samba
> >>>
> >>>
> >>
> >> --
> >> To unsubscribe from this list go to the following URL and read the
> >> instructions: https://lists.samba.org/mailman/options/samba
> >>
> >>
> >
>
> --
>
> *Ing. Ji??í Knotek*
> programátor
>
> *GEMA s.r.o. Automatizace technologických proces??*
>
> Doubravice 13, Pardubice 19, 53353
> Tel: +420604570127
> E-mail: jiri.knotek at gemapce.cz <mailto:jiri.knotek at gemapce.cz>
> Web:www.gemapce.cz <http://www.gemapce.cz/>
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
>
>
More information about the samba
mailing list