[Samba] Replication problems bdc to pdc
L.P.H. van Belle
belle at bazuin.nl
Wed Dec 13 12:31:48 UTC 2017
Hai,
For both servers: /etc/hosts
127.0.0.1 localhost localhost.localdomain
Or
127.0.0.1 localhost
+ the dc's as shown now, thats ok, normaly only the DC itself, but it does not hurt if you add both dc's in there.
If you need users/groups on the DC's
/etc/nsswitch.conf
passwd: compat winbind
group: compat winbind
For example you want to login with a "AD users" in the server with ssh.
Change the resolving ordere here to.
hosts: files dns mdns4_minimal [NOTFOUND=return]
Or remove avahi-* completeley, then check if this is gone : mdns4_minimal [NOTFOUND=return]
Bind DNS is used and you did set :
tkey-gssapi-keytab "/var/lib/samba/private/dns.keytab";
But your forgot.
/etc/bind/named.conf.local
// adding the dlopen ( Bind DLZ ) module for samba.
include "/var/lib/samba/private/named.conf";
After these changes, first reboot the DC with FSMO roles then the second DC.
And check you replication again.
Greetz,
Louis
> -----Oorspronkelijk bericht-----
> Van: samba [mailto:samba-bounces at lists.samba.org] Namens
> Ji??í Knotek via samba
> Verzonden: woensdag 13 december 2017 13:09
> Aan: samba at lists.samba.org
> Onderwerp: Re: [Samba] Replication problems bdc to pdc
>
> Hallo Louis,
>
> I am sorry. I forgot to login as a root, I hurried.
>
>
> 10.44.1.10 is gateway on destination site, there is not available.
>
>
> "Primary" Active Directory Domain Controler:
> --------------------------------------------------------------
> -----------------------------------------------
>
> root at ry11citdc:~# bash /home/pi/Ry11/samba-setup-checkup.sh
> Check hostnames : Ok
> Checking detected host ipnumbers from resolv.conf and default gateway
> Ping gateway ip : 10.44.1.1 : Error
> Warning, no ping to gateway, this might be firewalled.
> check you internet connection, AD DNS might need it.
> ping nameserver1: 10.44.1.10 : Ok
> ping nameserver2: 10.44.1.9 : Ok
> Check ping google dns : 8.8.8.8 : Error
> Warning, no ping to internet dns 8.8.8.8, this might be firewalled.
> Check you internet connection, AD DNS might need it.
> Checking file owner..
> -rw-r--r-- pi pi /etc/samba/smb.conf
> Checking file owner..
> -rw-r--r-- pi pi /etc/samba/lmhosts
> Checking file owner..
> Missing file /etc/samba/smbpasswd
> drwxr-xr-x root root /usr/bin
> drwxr-xr-x root root /var/cache/samba
> drwxr-xr-x root root /usr/lib/arm-linux-gnueabihf
> drwxr-xr-x root root /var/run/samba
> drwxr-x--- root adm /var/log/samba
> drwxr-xr-x root root /usr/lib/arm-linux-gnueabihf/samba
> drwxr-xr-x root root /var/run/samba
> drwxr-xr-x root root /var/lib/samba/private
> drwxr-xr-x root root /usr/sbin
> drwxr-xr-x root root /var/lib/samba
> DCS ry11citdc.ry11cit.lan
> DC1 ry11citdc.ry11cit.lan
> DC2
> Samba AD DC info: = detected (command and where to look)
> This server hostname = ry11citdc (hostname -s and /etc/hosts
> and DNS server)
> This server FQDN (hostname) = ry11citdc.ry11cit.lan
> (hostname -f and
> /etc/hosts and DNS server)
> This server primary dnsdomain = ry11cit.lan (hostname -d and
> /etc/resolv.conf and DNS server)
> This server IP address(ses) = 10.44.1.10 Only one
> interface detected
> (hostname -i (-I) and /etc/networking/interfaces and DNS server
> The DC with FSMO roles = RY11CITDC (samba-tool fsmo show)
> The DC (with FSMO) Site name = Default-First-Site-Name
> (samba-tool fsmo
> show)
> The Default Naming Context = DC=ry11cit,DC=lan (samba-tool
> fsmo show)
> The Kerberos REALM name used = RY11CIT.LAN (kinit and
> /etc/krb5.conf
> and resolving)
> The Ipadres of DC ry11citdc.ry11cit.lan = 10.44.1.10
> SAMBA_SERVER_ROLE: active directory domain controller
> SAMBA_SERVER_SERVICES: s3fs, rpc, nbt, wrepl, ldap, cldap,
> kdc, drepl,
> winbindd, ntp_signd, kcc, dnsupdate
> SAMBA_DCERPC_ENDPOINT_SERVERS: epmapper, wkssvc, rpcecho, samr,
> netlogon, lsarpc, drsuapi, dssetup, unixinfo, browser, eventlog6,
> backupkey, dnsserver
>
>
> file samba-debug-info.txt:---------------------------------
>
> Collected config --- 2017-12-13-13:02 -----------
>
> Hostname: ry11citdc
> DNS Domain: ry11cit.lan
> FQDN: ry11citdc.ry11cit.lan
> ipaddress: 10.44.1.10
>
> -----------
> Samba is running as an AD DC
> Checking file: /etc/os-release
> PRETTY_NAME="Raspbian GNU/Linux 9 (stretch)"
> NAME="Raspbian GNU/Linux"
> VERSION_ID="9"
> VERSION="9 (stretch)"
> ID=raspbian
> ID_LIKE=debian
> HOME_URL="http://www.raspbian.org/"
> SUPPORT_URL="http://www.raspbian.org/RaspbianForums"
> BUG_REPORT_URL="http://www.raspbian.org/RaspbianBugs"
>
> -----------
>
> Warning, /etc/devuan_version does not exist
>
> -----------
> running command : ip a
> 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN
> group default qlen 1
> link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
> inet 127.0.0.1/8 scope host lo
> 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast
> state UP group default qlen 1000
> link/ether b8:27:eb:69:ac:e4 brd ff:ff:ff:ff:ff:ff
> inet 10.44.1.10/16 brd 10.44.255.255 scope global eth0
> -----------
> Checking file: /etc/hosts
> 127.0.0.1 localhost.localdomain localhost
> 10.44.1.10 ry11citdc.ry11cit.lan ry11citdc
> 10.44.1.9 ry11citsdc.ry11cit.lan ry11citsdc
>
> -----------
> Checking file: /etc/krb5.conf
> [libdefaults]
> default_realm = RY11CIT.LAN
> dns_lookup_realm = false
> dns_lookup_kdc = true
>
> -----------
> Checking file: /etc/nsswitch.conf
> # /etc/nsswitch.conf
> #
> # Example configuration of GNU Name Service Switch functionality.
> # If you have the `glibc-doc-reference' and `info' packages
> installed, try:
> # `info libc "Name Service Switch"' for information about this file.
>
> passwd: compat
> group: compat
> shadow: compat
> gshadow: files
>
> hosts: files mdns4_minimal [NOTFOUND=return] dns
> networks: files
>
> protocols: db files
> services: db files
> ethers: db files
> rpc: db files
>
> netgroup: nis
>
> -----------
> Checking file: /etc/samba/smb.conf
> # Global parameters
> [global]
> netbios name = RY11CITDC
> realm = RY11CIT.LAN
> server services = -dns
> workgroup = RY11CIT
> server role = active directory domain controller
>
> [netlogon]
> path = /var/lib/samba/sysvol/ry11cit.lan/scripts
> read only = No
>
> [sysvol]
> path = /var/lib/samba/sysvol
> read only = No
>
> -----------
> No username map detected.
>
> -----------
> Detected bind DLZ enabled..
> Checking file: /etc/bind/named.conf
> // This is the primary configuration file for the BIND DNS
> server named.
> //
> // Please read /usr/share/doc/bind9/README.Debian.gz for
> information on the
> // structure of BIND configuration files in Debian, *BEFORE*
> you customize
> // this configuration file.
> //
> // If you are just adding zones, please do that in
> /etc/bind/named.conf.local
>
> include "/etc/bind/named.conf.options";
> include "/etc/bind/named.conf.local";
> include "/etc/bind/named.conf.default-zones";
> include "/var/lib/samba/private/named.conf";
>
> -----------
> Checking file: /etc/bind/named.conf.options
> options {
> directory "/var/cache/bind";
>
> // If there is a firewall between you and nameservers you want
> // to talk to, you may need to fix the firewall to allow multiple
> // ports to talk. See http://www.kb.cert.org/vuls/id/800113
>
> // If your ISP provided one or more IP addresses for stable
> // nameservers, you probably want to use them as forwarders.
> // Uncomment the following block, and insert the
> addresses replacing
> // the all-0's placeholder.
>
> // forwarders {
> // 0.0.0.0;
> // };
>
> //============================================================
> ============
> // If BIND logs error messages about the root key being expired,
> // you will need to update your keys. See
> https://www.isc.org/bind-keys
> //============================================================
> ============
> dnssec-validation auto;
>
> auth-nxdomain no; # conform to RFC1035
> listen-on-v6 { none; };
> tkey-gssapi-keytab "/var/lib/samba/private/dns.keytab";
> };
>
>
> -----------
> Checking file: /etc/bind/named.conf.local
> //
> // Do any local configuration here
> //
>
> // Consider adding the 1918 zones here, if they are not used in your
> // organization
> //include "/etc/bind/zones.rfc1918";
>
>
> -----------
> Checking file: /etc/bind/named.conf.default-zones
> // prime the server with knowledge of the root servers
> zone "." {
> type hint;
> file "/etc/bind/db.root";
> };
>
> // be authoritative for the localhost forward and reverse
> zones, and for
> // broadcast zones as per RFC 1912
>
> zone "localhost" {
> type master;
> file "/etc/bind/db.local";
> };
>
> zone "127.in-addr.arpa" {
> type master;
> file "/etc/bind/db.127";
> };
>
> zone "0.in-addr.arpa" {
> type master;
> file "/etc/bind/db.0";
> };
>
> zone "255.in-addr.arpa" {
> type master;
> file "/etc/bind/db.255";
> };
>
>
>
> -----------
>
> Installed packages, running: dpkg -l | egrep
> "samba|winbind|krb5|smb|acl|xattr"
> ii acl 2.2.52-3 armhf Access control list
> utilities
> ii krb5-config 2.6 all
> Configuration
> files for Kerberos Version 5
> ii krb5-user 1.15-1+deb9u1 armhf basic
> programs
> to authenticate using MIT Kerberos
> ii libacl1:armhf 2.2.52-3 armhf Access
> control list shared library
> ii libgssapi-krb5-2:armhf 1.15-1+deb9u1 armhf
> MIT
> Kerberos runtime libraries - krb5 GSS-API Mechanism
> ii libkrb5-3:armhf 1.15-1+deb9u1 armhf MIT
> Kerberos runtime libraries
> ii libkrb5support0:armhf 1.15-1+deb9u1 armhf
> MIT
> Kerberos runtime libraries - Support library
> ii libsmbclient:armhf 2:4.5.12+dfsg-2+deb9u1 armhf
> shared
> library for communication with SMB/CIFS servers
> ii libwbclient0:armhf 2:4.5.12+dfsg-2+deb9u1 armhf
> Samba
> winbind client library
> ii python-samba 2:4.5.12+dfsg-2+deb9u1 armhf Python
> bindings for Samba
> ii samba 2:4.5.12+dfsg-2+deb9u1 armhf SMB/CIFS file,
> print, and login server for Unix
> ii samba-common 2:4.5.12+dfsg-2+deb9u1 all
> common files
> used by both the Samba server and client
> ii samba-common-bin 2:4.5.12+dfsg-2+deb9u1 armhf Samba
> common files used by both the server and the client
> ii samba-dsdb-modules 2:4.5.12+dfsg-2+deb9u1 armhf
> Samba
> Directory Services Database
> ii samba-libs:armhf 2:4.5.12+dfsg-2+deb9u1 armhf Samba
> core libraries
> ii samba-vfs-modules 2:4.5.12+dfsg-2+deb9u1 armhf Samba
> Virtual FileSystem plugins
> ii smbclient 2:4.5.12+dfsg-2+deb9u1 armhf command-line
> SMB/CIFS clients for Unix
> ii winbind 2:4.5.12+dfsg-2+deb9u1 armhf service
> to resolve
> user and group information from Windows NT servers
> -----------
>
>
>
>
> "Backup / Standby" Active Directory Domain Controler:
> --------------------------------------------------------------
> -----------------------------------------------
>
> root at ry11citsdc:~# bash /home/pi/Ry11/samba-setup-checkup.sh
> Check hostnames : Ok
> Checking detected host ipnumbers from resolv.conf and default gateway
> Ping gateway ip : 10.44.1.1 : Error
> Warning, no ping to gateway, this might be firewalled.
> check you internet connection, AD DNS might need it.
> ping nameserver1: 10.44.1.9 : Ok
> ping nameserver2: 10.44.1.10 : Ok
> Check ping google dns : 8.8.8.8 : Error
> Warning, no ping to internet dns 8.8.8.8, this might be firewalled.
> Check you internet connection, AD DNS might need it.
> Checking file owner..
> -rw-r--r-- pi pi /etc/samba/smb.conf
> Checking file owner..
> -rw-r--r-- pi pi /etc/samba/lmhosts
> Checking file owner..
> Missing file /etc/samba/smbpasswd
> drwxr-xr-x root root /usr/bin
> drwxr-xr-x root root /var/cache/samba
> drwxr-xr-x root root /usr/lib/arm-linux-gnueabihf
> drwxr-xr-x root root /var/run/samba
> drwxr-x--- root adm /var/log/samba
> drwxr-xr-x root root /usr/lib/arm-linux-gnueabihf/samba
> drwxr-xr-x root root /var/run/samba
> drwxr-xr-x root root /var/lib/samba/private
> drwxr-xr-x root root /usr/sbin
> drwxr-xr-x root root /var/lib/samba
> DCS ry11citsdc.ry11cit.lan
> ry11citdc.ry11cit.lan
> DC1 ry11citsdc.ry11cit.lan
> DC2 ry11citdc.ry11cit.lan
> Samba AD DC info: = detected (command and where to look)
> This server hostname = ry11citsdc (hostname -s and
> /etc/hosts
> and DNS server)
> This server FQDN (hostname) = ry11citsdc.ry11cit.lan
> (hostname -f and
> /etc/hosts and DNS server)
> This server primary dnsdomain = ry11cit.lan (hostname -d and
> /etc/resolv.conf and DNS server)
> This server IP address(ses) = 10.44.1.9 Only one interface
> detected
> (hostname -i (-I) and /etc/networking/interfaces and DNS server
> The DC with FSMO roles = RY11CITDC (samba-tool fsmo show)
> The DC (with FSMO) Site name = Default-First-Site-Name
> (samba-tool fsmo
> show)
> The Default Naming Context = DC=ry11cit,DC=lan (samba-tool
> fsmo show)
> The Kerberos REALM name used = RY11CIT.LAN (kinit and
> /etc/krb5.conf
> and resolving)
> The Ipadres of DC ry11citsdc.ry11cit.lan = 10.44.1.9
> The Ipadres of DC ry11citdc.ry11cit.lan = 10.44.1.10
> SAMBA_SERVER_ROLE: active directory domain controller
> SAMBA_SERVER_SERVICES: s3fs, rpc, nbt, wrepl, ldap, cldap,
> kdc, drepl,
> winbindd, ntp_signd, kcc, dnsupdate
> SAMBA_DCERPC_ENDPOINT_SERVERS: epmapper, wkssvc, rpcecho, samr,
> netlogon, lsarpc, drsuapi, dssetup, unixinfo, browser, eventlog6,
> backupkey, dnsserver
> root at ry11citsdc:~#
>
>
> file samba-debug-info.txt:---------------------------------
>
> Collected config --- 2017-12-13-12:45 -----------
>
> Hostname: ry11citsdc
> DNS Domain: ry11cit.lan
> FQDN: ry11citsdc.ry11cit.lan
> ipaddress: 10.44.1.9
>
> -----------
> Samba is running as an AD DC
> Checking file: /etc/os-release
> PRETTY_NAME="Raspbian GNU/Linux 9 (stretch)"
> NAME="Raspbian GNU/Linux"
> VERSION_ID="9"
> VERSION="9 (stretch)"
> ID=raspbian
> ID_LIKE=debian
> HOME_URL="http://www.raspbian.org/"
> SUPPORT_URL="http://www.raspbian.org/RaspbianForums"
> BUG_REPORT_URL="http://www.raspbian.org/RaspbianBugs"
>
> -----------
>
> Warning, /etc/devuan_version does not exist
>
> -----------
> running command : ip a
> 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN
> group default qlen 1
> link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
> inet 127.0.0.1/8 scope host lo
> 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast
> state UP group default qlen 1000
> link/ether b8:27:eb:9d:64:eb brd ff:ff:ff:ff:ff:ff
> inet 10.44.1.9/16 brd 10.44.255.255 scope global eth0
> 3: wlan0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc
> pfifo_fast
> state DOWN group default qlen 1000
> link/ether b8:27:eb:c8:31:be brd ff:ff:ff:ff:ff:ff
> -----------
> Checking file: /etc/hosts
> 127.0.0.1 localhost.localdomain localhost
> 10.44.1.10 ry11citdc.ry11cit.lan ry11citdc
> 10.44.1.9 ry11citsdc.ry11cit.lan ry11citsdc
>
> -----------
> Checking file: /etc/krb5.conf
> [libdefaults]
> default_realm = RY11CIT.LAN
> dns_lookup_realm = false
> dns_lookup_kdc = true
>
> -----------
> Checking file: /etc/nsswitch.conf
> # /etc/nsswitch.conf
> #
> # Example configuration of GNU Name Service Switch functionality.
> # If you have the `glibc-doc-reference' and `info' packages
> installed, try:
> # `info libc "Name Service Switch"' for information about this file.
>
> passwd: compat
> group: compat
> shadow: compat
> gshadow: files
>
> hosts: files mdns4_minimal [NOTFOUND=return] dns
> networks: files
>
> protocols: db files
> services: db files
> ethers: db files
> rpc: db files
>
> netgroup: nis
>
> -----------
> Checking file: /etc/samba/smb.conf
> # Global parameters
> [global]
> netbios name = RY11CITSDC
> realm = RY11CIT.LAN
> server services = -dns
> workgroup = RY11CIT
> server role = active directory domain controller
>
> [netlogon]
> path = /var/lib/samba/sysvol/ry11cit.lan/scripts
> read only = No
>
> [sysvol]
> path = /var/lib/samba/sysvol
> read only = No
>
> -----------
> No username map detected.
>
> -----------
> Detected bind DLZ enabled..
> Checking file: /etc/bind/named.conf
> // This is the primary configuration file for the BIND DNS
> server named.
> //
> // Please read /usr/share/doc/bind9/README.Debian.gz for
> information on the
> // structure of BIND configuration files in Debian, *BEFORE*
> you customize
> // this configuration file.
> //
> // If you are just adding zones, please do that in
> /etc/bind/named.conf.local
>
> include "/etc/bind/named.conf.options";
> include "/etc/bind/named.conf.local";
> include "/etc/bind/named.conf.default-zones";
> include "/var/lib/samba/private/named.conf";
>
> -----------
> Checking file: /etc/bind/named.conf.options
> options {
> directory "/var/cache/bind";
>
> // If there is a firewall between you and nameservers you want
> // to talk to, you may need to fix the firewall to allow multiple
> // ports to talk. See http://www.kb.cert.org/vuls/id/800113
>
> // If your ISP provided one or more IP addresses for stable
> // nameservers, you probably want to use them as forwarders.
> // Uncomment the following block, and insert the
> addresses replacing
> // the all-0's placeholder.
>
> // forwarders {
> // 0.0.0.0;
> // };
>
> //============================================================
> ============
> // If BIND logs error messages about the root key being expired,
> // you will need to update your keys. See
> https://www.isc.org/bind-keys
> //============================================================
> ============
> dnssec-validation auto;
>
> auth-nxdomain no; # conform to RFC1035
> listen-on-v6 { none; };
> tkey-gssapi-keytab "/var/lib/samba/private/dns.keytab";
> };
>
>
> -----------
> Checking file: /etc/bind/named.conf.local
> //
> // Do any local configuration here
> //
>
> // Consider adding the 1918 zones here, if they are not used in your
> // organization
> //include "/etc/bind/zones.rfc1918";
>
>
> -----------
> Checking file: /etc/bind/named.conf.default-zones
> // prime the server with knowledge of the root servers
> zone "." {
> type hint;
> file "/etc/bind/db.root";
> };
>
> // be authoritative for the localhost forward and reverse
> zones, and for
> // broadcast zones as per RFC 1912
>
> zone "localhost" {
> type master;
> file "/etc/bind/db.local";
> };
>
> zone "127.in-addr.arpa" {
> type master;
> file "/etc/bind/db.127";
> };
>
> zone "0.in-addr.arpa" {
> type master;
> file "/etc/bind/db.0";
> };
>
> zone "255.in-addr.arpa" {
> type master;
> file "/etc/bind/db.255";
> };
>
>
>
> -----------
>
> Installed packages, running: dpkg -l | egrep
> "samba|winbind|krb5|smb|acl|xattr"
> ii acl 2.2.52-3 armhf Access control list
> utilities
> ii krb5-config 2.6 all
> Configuration
> files for Kerberos Version 5
> ii krb5-user 1.15-1+deb9u1 armhf basic
> programs
> to authenticate using MIT Kerberos
> ii libacl1:armhf 2.2.52-3 armhf Access
> control list shared library
> ii libgssapi-krb5-2:armhf 1.15-1+deb9u1 armhf
> MIT
> Kerberos runtime libraries - krb5 GSS-API Mechanism
> ii libkrb5-3:armhf 1.15-1+deb9u1 armhf MIT
> Kerberos runtime libraries
> ii libkrb5support0:armhf 1.15-1+deb9u1 armhf
> MIT
> Kerberos runtime libraries - Support library
> ii libsmbclient:armhf 2:4.5.12+dfsg-2+deb9u1 armhf
> shared
> library for communication with SMB/CIFS servers
> ii libwbclient0:armhf 2:4.5.12+dfsg-2+deb9u1 armhf
> Samba
> winbind client library
> ii python-samba 2:4.5.12+dfsg-2+deb9u1 armhf Python
> bindings for Samba
> ii samba 2:4.5.12+dfsg-2+deb9u1 armhf SMB/CIFS file,
> print, and login server for Unix
> ii samba-common 2:4.5.12+dfsg-2+deb9u1 all
> common files
> used by both the Samba server and client
> ii samba-common-bin 2:4.5.12+dfsg-2+deb9u1 armhf Samba
> common files used by both the server and the client
> ii samba-dsdb-modules 2:4.5.12+dfsg-2+deb9u1 armhf
> Samba
> Directory Services Database
> ii samba-libs:armhf 2:4.5.12+dfsg-2+deb9u1 armhf Samba
> core libraries
> ii samba-vfs-modules 2:4.5.12+dfsg-2+deb9u1 armhf Samba
> Virtual FileSystem plugins
> ii smbclient 2:4.5.12+dfsg-2+deb9u1 armhf command-line
> SMB/CIFS clients for Unix
> ii winbind 2:4.5.12+dfsg-2+deb9u1 armhf service
> to resolve
> user and group information from Windows NT servers
> -----------
>
>
> On 13. 12. 2017 12:05, L.P.H. van Belle via samba wrote:
> > Hai,
> >
> > Both script where missing "run as root".
> > I've update the github versions.
> >
> > Can you run that these again, but as root or with sudo.
> > And post the content again.
> >
> >
> > Greetz,
> >
> > Louis
> >
> >
> >> -----Oorspronkelijk bericht-----
> >> Van: samba [mailto:samba-bounces at lists.samba.org] Namens
> >> Ji??í Knotek via samba
> >> Verzonden: woensdag 13 december 2017 11:36
> >> Aan: samba at lists.samba.org
> >> Onderwerp: Re: [Samba] Replication problems bdc to pdc
> >>
> >> Hallo Louis,
> >>
> >> thanks for the response.
> >>
> >> Yes, change on ry11citsdc, now hostname -d works correctly.
> >> Somewhere I
> >> saw the opposite entry. Thanks for the repair.
> Samba-setup-checkup.sh
> >> follows:----------------------------------------------------
> >>
>
> ....
>
> >> Thanks Jiri Knotek
> >>
> >>
> >> On 13. 12. 2017 10:52, L.P.H. van Belle via samba wrote:
> >>> Ow and..
> >>>
> >>> Your hosts files are incorrect.
> >>> Layout should be :
> >>> ip hostname.fqdn hostname
> >>>
> >>> So this should be :
> >>>> 10.44.1.10 ry11citdc.ry11cit.lan ry11citdc
> >>>> 10.44.1.9 ry11citsdc.ry11cit.lan ry11citsdc
> >>> Reboot both servers after the change.
> >>>
> >>>
> >>> Greetz,
> >>>
> >>> Louis
> >>>
> >>>
> >>>> -----Oorspronkelijk bericht-----
> >>>> Van: samba [mailto:samba-bounces at lists.samba.org] Namens
> >>>> L.P.H. van Belle via samba
> >>>> Verzonden: woensdag 13 december 2017 10:41
> >>>> Aan: samba at lists.samba.org
> >>>> CC: Ji??í Knotek
> >>>> Onderwerp: Re: [Samba] Replication problems bdc to pdc
> >>>>
> >>>> Great you use my script :-)
> >>>> Now we know something is wrong, run this one.
> >>>>
> >>>> https://raw.githubusercontent.com/thctlo/samba4/master/samba-c
> >>> ollect-debug-info.sh
> >>>> And post the content to the list, that helps a lot.
> >>>>
> >>>> Greetz,
> >>>>
> >>>> Louis
> >>>>
> >>>>
> >>>>
> >>>>> -----Oorspronkelijk bericht-----
> >>>>> Van: samba [mailto:samba-bounces at lists.samba.org] Namens
> >>>>> Ji??í Knotek via samba
> >>>>> Verzonden: woensdag 13 december 2017 10:14
> >>>>> Aan: samba at lists.samba.org
> >>>>> Onderwerp: Re: [Samba] Replication problems bdc to pdc
> >>>>>
> >>>>> Hello Rowland,
> >>>>>
> >>>>> thank you for advice. I reconfigure both AC-DCs again
> >>>>> with new data
> >>>>> and send updated data. Unfortunately, the result is the same.
> >>>>> I'm also
> >>>>> sending a listing from
> >>>>>
> >>>>> samba-setup-checkup.sh.
> >>>>>
> >>>>> * Linux: Raspbian, debian stretch lite
> >>>>> * Samba version 4.5.12-Debian
> >>>>> * DNS: BIND9_DLZ 9.10.x
> >>>>> * Installed packages: ntp ntpdate samba smbclient winbind
> >>>> libcups2
> >>>>> samba-common cups ldb-tools bind9 bind9utils dnsutils krb5-user
> >>>>>
> >>>>> *root at ry11citdc:/home/pi/Ry11# samba-tool drs replicate
> ry11citsdc
> >>>>> ry11citdc dc=ry11cit,dc=lan*
> >>>>> Replicate from ry11citdc to ry11citsdc was successful.
> >>>>>
> >>>>> *root at ry11citdc:/home/pi/Ry11# samba-tool drs replicate
> ry11citdc
> >>>>> ry11citsdc dc=ry11cit,dc=lan*
> >>>>> ERROR(<class 'samba.drs_utils.drsException'>):
> >>>> DsReplicaSync failed -
> >>>>> drsException: DsReplicaSync failed (2, 'WERR_BADFILE')
> >>>>> File
> >>>> "/usr/lib/python2.7/dist-packages/samba/netcmd/drs.py", line
> >>>>> 368, in run
> >>>>> drs_utils.sendDsReplicaSync(server_bind,
> server_bind_handle,
> >>>>> source_dsa_guid, NC, req_options)
> >>>>> File
> >>>>> "/usr/lib/python2.7/dist-packages/samba/drs_utils.py", line 83,
> >>>>> in sendDsReplicaSync
> >>>>> raise drsException("DsReplicaSync failed %s" % estr)
> >>>>>
> >>>>>
> >>>>> *root at ry11citdc:/home/pi/Ry11# bash samba-setup-checkup.sh*
> >>>>> Check hostnames : Mismatch in hostname definitions
> >>>>> please check :
> >>>>> HOST_NAME_SHORT: ry11citdc
> >>>>> HOST_NAME_DOMAIN:
> >>>>> HOST_NAME_FQDN: ry11citdc
> >>>>> HOST_IP1: 10.44.1.10
> >>>>> HOST_IP2: Only one interface detected
> >>>>> HOST_GATEWAY: 10.44.1.1
> >>>>> HOST_PRIMARY_INTERFACE: 10.44.1.1
> >>>>> eth0
> >>>>> HOST_RESOLV_DOMAIN: domain ry11cit.lan
> >>>>> HOST_RESOLV_SEARCH: search ry11cit.lan
> >>>>> HOST_RESOLV_NAMESERV1: 10.44.1.10
> >>>>> HOST_RESOLV_NAMESERV2: 10.44.1.9
> >>>>> HOST_RESOLV_NAMESERV3:
> >>>>> Possible error detected in /etc/hosts, mismatch FQDN and
> >>>> detected IP
> >>>>> 10.44.1.10 for the host.
> >>>>> expected was : 10.44.1.10 ry11citdc ry11citdc
> >>>>> Checking detected host ipnumbers from resolv.conf and
> >>>> default gateway
> >>>>> Ping gateway ip : 10.44.1.1 : Error
> >>>>> ping nameserver1: 10.44.1.10 : Ok
> >>>>> ping nameserver2: 10.44.1.9 : Ok
> >>>>> Check ping google dns : 8.8.8.8 : Error
> >>>>> Checking file owner..
> >>>>> -rw-r--r-- pi pi /etc/samba/smb.conf
> >>>>> Checking file owner..
> >>>>> -rw-r--r-- pi pi /etc/samba/lmhosts
> >>>>> Checking file owner..
> >>>>> Missing file /etc/samba/smbpasswd
> >>>>> drwxr-xr-x root root /usr/bin
> >>>>> drwxr-xr-x root root /var/cache/samba
> >>>>> drwxr-xr-x root root /usr/lib/arm-linux-gnueabihf
> >>>>> drwxr-xr-x root root /var/run/samba
> >>>>> drwxr-x--- root adm /var/log/samba
> >>>>> drwxr-xr-x root root /usr/lib/arm-linux-gnueabihf/samba
> >>>>> drwxr-xr-x root root /var/run/samba
> >>>>> drwxr-xr-x root root /var/lib/samba/private
> >>>>> drwxr-xr-x root root /usr/sbin
> >>>>> drwxr-xr-x root root /var/lib/samba
> >>>>> DCS 2(SERVFAIL
> >>>>> DC1 2(SERVFAIL
> >>>>> DC2
> >>>>> ERROR: Invalid IP address '2(SERVFAIL'!
> >>>>> Samba AD DC info: = detected (command and
> >>>> where to look)
> >>>>> This server hostname = ry11citdc (hostname -s and
> >>>> /etc/hosts
> >>>>> and DNS server)
> >>>>> This server FQDN (hostname) = ry11citdc (hostname -f and
> >>>> /etc/hosts
> >>>>> and DNS server)
> >>>>> This server primary dnsdomain = (hostname -d and
> >>>>> /etc/resolv.conf and
> >>>>> DNS server)
> >>>>> This server IP address(ses) = 10.44.1.10 Only one
> >>>>> interface detected
> >>>>> (hostname -i (-I) and /etc/networking/interfaces and DNS server
> >>>>> The DC with FSMO roles = RY11CITDC (samba-tool fsmo show)
> >>>>> The DC (with FSMO) Site name = Default-First-Site-Name
> >>>>> (samba-tool fsmo
> >>>>> show)
> >>>>> The Default Naming Context = DC=ry11cit,DC=lan (samba-tool
> >>>>> fsmo show)
> >>>>> The Kerberos REALM name used = RY11CIT.LAN (kinit and
> >>>>> /etc/krb5.conf
> >>>>> and resolving)
> >>>>> The Ipadres of DC 2(SERVFAIL = 2(SERVFAIL)
> >>>>> SAMBA_SERVER_ROLE: active directory domain controller
> >>>>> SAMBA_SERVER_SERVICES: s3fs, rpc, nbt, wrepl, ldap, cldap,
> >>>>> kdc, drepl,
> >>>>> winbindd, ntp_signd, kcc, dnsupdate
> >>>>> SAMBA_DCERPC_ENDPOINT_SERVERS: epmapper, wkssvc, rpcecho, samr,
> >>>>> netlogon, lsarpc, drsuapi, dssetup, unixinfo, browser,
> eventlog6,
> >>>>> backupkey, dnsserver
> >>>>>
> >>>>>
> >>>>> *I did not come to the way the hostname -d command would
> >> return the
> >>>>> domain name. How can I do that? In addition, there are
> >>>> host, lmhost,
> >>>>> resolv.conf, and so on**
> >>>>> *
> >>>>>
> >>>>> Please help, I don 't know the advice.
> >>>>>
> >>>>> System integrator Ji??í Knotek
> >>>>>
> >>>>>
> >>>>> "Primary" Active Directory Domain
> >>>>> Controler:----------------------------------------------------
> >>>>> -----------------------------------------------
> >>>>>
> >>>>> --------------------------------------------------------------
> >>>>> --------------------------------------------------------------
> >>>>> -------------------------
> >>>>>
> >>>>>
> >>>>> hostname:-----------------
> >>>>> ry11citdc.ry11cit.lan
> >>>>>
> >>>>> hosts:---------------
> >>>>> 127.0.0.1 localhost localhost.localdomain
> >>>>> 10.44.1.10 ry11citdc ry11citdc.ry11cit.lan
> >>>>> 10.44.1.9 ry11citsdc ry11citsdc.ry11cit.lan
> >>>>>
> >>>>> resolv.conf.head:-------------------
> >>>>> domain ry11cit.lan
> >>>>> search ry11cit.lan
> >>>>>
> >>>>> systemctl.conf"--------------------
> >>>>> net.ipv4.ip_forward=1
> >>>>> net.ipv6.conf.all.disable_ipv6=1
> >>>>>
> >>>>>
> >>>>>
> >>>>> krb5.conf:------------
> >>>>>
> >>>>> [libdefaults]
> >>>>> default_realm = RY11CIT.LAN
> >>>>> dns_lookup_realm = false
> >>>>> dns_lookup_kdc = true
> >>>>>
> >>>>> named.conf:------------------------
> >>>>>
> >>>>> include "/etc/bind/named.conf.options";
> >>>>> include "/etc/bind/named.conf.local";
> >>>>> include "/etc/bind/named.conf.default-zones";
> >>>>> include "/var/lib/samba/private/named.conf";
> >>>>>
> >>>>> named.conf.options:-----------------------
> >>>>>
> >>>>> options {
> >>>>> directory "/var/cache/bind";
> >>>>>
> >>>>> dnssec-validation auto;
> >>>>>
> >>>>> auth-nxdomain no; # conform to RFC1035
> >>>>> listen-on-v6 { none; };
> >>>>> tkey-gssapi-keytab "/var/lib/samba/private/dns.keytab";
> >>>>> };
> >>>>>
> >>>>> lmhost:--------------------------
> >>>>> 127.0.0.1 localhost
> >>>>> 10.44.1.10 ry11citdc
> >>>>> 10.44.1.9 ry11citsdc
> >>>>>
> >>>>> smb.conf:------------------------------
> >>>>>
> >>>>> # Global parameters
> >>>>> [global]
> >>>>> netbios name = RY11CITDC
> >>>>> realm = RY11CIT.LAN
> >>>>> server services = -dns
> >>>>> workgroup = RY11CIT
> >>>>> server role = active directory domain controller
> >>>>>
> >>>>> [netlogon]
> >>>>> path = /var/lib/samba/sysvol/ry11cit.lan/scripts
> >>>>> read only = No
> >>>>>
> >>>>> [sysvol]
> >>>>> path = /var/lib/samba/sysvol
> >>>>> read only = No
> >>>>>
> >>>>> Samba Provision---------------:
> >>>>>
> >>>>> samba-tool domain provision --realm=RY11CIT.LAN
> >>>> --domain=RY11CIT
> >>>>> --server-role=dc --dns-backend=BIND9_DLZ --adminpass='.....'
> >>>>>
> >>>>> "Backup / Standby" Active Directory Domain
> >>>>> Controler:----------------------------------------------------
> >>>>> -----------------------------------------------
> >>>>>
> >>>>>
> >>>>> --------------------------------------------------------------
> >>>>> --------------------------------------------------------------
> >>>>> -------------------------
> >>>>>
> >>>>>
> >>>>> hostname:-----------------
> >>>>> ry11citsdc.ry11cit.lan
> >>>>>
> >>>>> hosts:---------------
> >>>>> 127.0.0.1 localhost localhost.localdomain
> >>>>> 10.44.1.10 ry11citdc ry11citdc.ry11cit.lan
> >>>>> 10.44.1.9 ry11citsdc ry11citsdc.ry11cit.lan
> >>>>>
> >>>>> resolv.conf.head:-------------------
> >>>>> domain ry11cit.lan
> >>>>> search ry11cit.lan
> >>>>>
> >>>>> systemctl.conf"--------------------
> >>>>> net.ipv4.ip_forward=1
> >>>>> net.ipv6.conf.all.disable_ipv6=1
> >>>>>
> >>>>>
> >>>>>
> >>>>> krb5.conf:------------
> >>>>>
> >>>>> [libdefaults]
> >>>>> default_realm = RY11CIT.LAN
> >>>>> dns_lookup_realm = false
> >>>>> dns_lookup_kdc = true
> >>>>>
> >>>>> named.conf:------------------------
> >>>>>
> >>>>> include "/etc/bind/named.conf.options";
> >>>>> include "/etc/bind/named.conf.local";
> >>>>> include "/etc/bind/named.conf.default-zones";
> >>>>> include "/var/lib/samba/private/named.conf";
> >>>>>
> >>>>> named.conf.options:-----------------------
> >>>>>
> >>>>> options {
> >>>>> directory "/var/cache/bind";
> >>>>>
> >>>>> dnssec-validation auto;
> >>>>>
> >>>>> auth-nxdomain no; # conform to RFC1035
> >>>>> listen-on-v6 { none; };
> >>>>> tkey-gssapi-keytab "/var/lib/samba/private/dns.keytab";
> >>>>> };
> >>>>>
> >>>>> lmhost:--------------------------
> >>>>> 127.0.0.1 localhost
> >>>>> 10.44.1.10 ry11citdc
> >>>>> 10.44.1.9 ry11citsdc
> >>>>>
> >>>>> smb.conf:------------------------------
> >>>>>
> >>>>> # Global parameters
> >>>>> [global]
> >>>>> netbios name = RY11CITSDC
> >>>>> realm = RY11CIT.LAN
> >>>>> server services = -dns
> >>>>> workgroup = RY11CIT
> >>>>> server role = active directory domain controller
> >>>>>
> >>>>> [netlogon]
> >>>>> path = /var/lib/samba/sysvol/ry11cit.lan/scripts
> >>>>> read only = No
> >>>>>
> >>>>> [sysvol]
> >>>>> path = /var/lib/samba/sysvol
> >>>>> read only = No
> >>>>>
> >>>>> Samba join---------------:
> >>>>>
> >>>>> samba-tool domain join RY11CIT DC -Uadministrator
> >>>>> --realm=RY11CIT.LAN --dns-backend=BIND9_DLZ --adminpass='.....'
> >>>>>
> >>>>>
> >>>>> Thanks Jiri Knotek
> >>>>>
> >>>>>
> >>>>> --
> >>>>> To unsubscribe from this list go to the following URL
> and read the
> >>>>> instructions: https://lists.samba.org/mailman/options/samba
> >>>>>
> >>>>>
> >>>> --
> >>>> To unsubscribe from this list go to the following URL
> and read the
> >>>> instructions: https://lists.samba.org/mailman/options/samba
> >>>>
> >>>>
> >> --
> >>
> >> *Ing. Ji??í Knotek*
> >> programátor
> >>
> >> *GEMA s.r.o. Automatizace technologických proces??*
> >>
> >> Doubravice 13, Pardubice 19, 53353
> >> Tel: +420604570127
> >> E-mail: jiri.knotek at gemapce.cz <mailto:jiri.knotek at gemapce.cz>
> >> Web:www.gemapce.cz <http://www.gemapce.cz/>
> >>
> >>
> >> --
> >> To unsubscribe from this list go to the following URL and read the
> >> instructions: https://lists.samba.org/mailman/options/samba
> >>
> >>
> >
>
> --
>
> *Ing. Ji??í Knotek*
> programátor
>
> *GEMA s.r.o. Automatizace technologických proces??*
>
> Doubravice 13, Pardubice 19, 53353
> Tel: +420604570127
> E-mail: jiri.knotek at gemapce.cz <mailto:jiri.knotek at gemapce.cz>
> Web:www.gemapce.cz <http://www.gemapce.cz/>
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
>
>
More information about the samba
mailing list