[Samba] Replication problems bdc to pdc
Jiří Knotek
jiri.knotek at gemapce.cz
Wed Dec 13 14:49:41 UTC 2017
Hello Rowland,
A small change has been made and replication works in both directions:
dhcpcd.conf requires both dns servers in reverse order.
RY11CITDC, /etc/dhcpcd.conf
--------------------------------------------------------------
.....
interface eth0
static ip_address=10.44.1.10/16
static routers=10.44.1.1
static domain_name_servers=10.44.1.9 10.44.1.10
RY11CITDC, /etc/dhcpcd.conf
--------------------------------------------------------------
......
interface eth0
static ip_address=10.44.1.9/16
static routers=10.44.1.1
static domain_name_servers=10.44.1.10 10.44.1.9
I hope this is the right solution and not just a happy mistake. Thank
you very much for explaining the basic configuration, I was in the
confusion.
Thanks Jiri Knotek
Hello Rowland,
See inline comments:
If I did not make a mistake somewhere, it's even worse. Additionally, replication does not work ry11citdc to ry11citsdc executed from ry11citdc:
---------------------------------------------------------------------------------------------------------------
root at ry11citdc:~# samba-tool drs replicate ry11citsdc ry11citdc dc=ry11cit,dc=lan
ERROR(<class 'samba.drs_utils.drsException'>): DRS connection to ry11citsdc failed - drsException: DRS connection to ry11citsdc failed: (-1073741643, '{Device Timeout} The specified I/O operation on %hs was not completed before the time-out period expired.')
File "/usr/lib/python2.7/dist-packages/samba/netcmd/drs.py", line 41, in drsuapi_connect
(ctx.drsuapi, ctx.drsuapi_handle, ctx.bind_supported_extensions) = drs_utils.drsuapi_connect(ctx.server, ctx.lp, ctx.creds)
File "/usr/lib/python2.7/dist-packages/samba/drs_utils.py", line 54, in drsuapi_connect
raise drsException("DRS connection to %s failed: %s" % (server, e))
----------------------------------------------------------------------------------------------------------------
root at ry11citdc:~# bash /home/pi/Ry11/samba-setup-checkup.sh
/home/pi/Ry11/samba-setup-checkup.sh: line 134: HOST_: command not found
Check hostnames : Ok
Checking detected host ipnumbers from resolv.conf and default gateway
Ping gateway ip : 10.44.1.1 : Error
Warning, no ping to gateway, this might be firewalled.
check you internet connection, AD DNS might need it.
ping nameserver1: 10.44.1.10 : Ok
Check ping google dns : 8.8.8.8 : Error
Warning, no ping to internet dns 8.8.8.8, this might be firewalled.
Check you internet connection, AD DNS might need it.
Checking file owner..
-rw-r--r-- pi pi /etc/samba/smb.conf
Checking file owner..
Missing file /etc/samba/lmhosts
Checking file owner..
Missing file /etc/samba/smbpasswd
drwxr-xr-x root root /usr/bin
drwxr-xr-x root root /var/cache/samba
drwxr-xr-x root root /usr/lib/arm-linux-gnueabihf
drwxr-xr-x root root /var/run/samba
drwxr-x--- root adm /var/log/samba
drwxr-xr-x root root /usr/lib/arm-linux-gnueabihf/samba
drwxr-xr-x root root /var/run/samba
drwxr-xr-x root root /var/lib/samba/private
drwxr-xr-x root root /usr/sbin
drwxr-xr-x root root /var/lib/samba
DCS ry11citdc.ry11cit.lan
DC1 ry11citdc.ry11cit.lan
DC2
Samba AD DC info: = detected (command and where to look)
This server hostname = ry11citdc (hostname -s and /etc/hosts and DNS server)
This server FQDN (hostname) = ry11citdc.ry11cit.lan (hostname -f and /etc/hosts and DNS server)
This server primary dnsdomain = ry11cit.lan (hostname -d and /etc/resolv.conf and DNS server)
This server IP address(ses) = 10.44.1.10 Only one interface detected (hostname -i (-I) and /etc/networking/interfaces and DNS server
The DC with FSMO roles = RY11CITDC (samba-tool fsmo show)
The DC (with FSMO) Site name = Default-First-Site-Name (samba-tool fsmo show)
The Default Naming Context = DC=ry11cit,DC=lan (samba-tool fsmo show)
The Kerberos REALM name used = RY11CIT.LAN (kinit and /etc/krb5.conf and resolving)
The Ipadres of DC ry11citdc.ry11cit.lan = 10.44.1.10
SAMBA_SERVER_ROLE: active directory domain controller
SAMBA_SERVER_SERVICES: s3fs, rpc, nbt, wrepl, ldap, cldap, kdc, drepl, winbindd, ntp_signd, kcc, dnsupdate
SAMBA_DCERPC_ENDPOINT_SERVERS: epmapper, wkssvc, rpcecho, samr, netlogon, lsarpc, drsuapi, dssetup, unixinfo, browser, eventlog6, backupkey, dnsserver
----------------------------------------------------------------------------------------------------------------------
Collected config --- 2017-12-13-15:16 -----------
Hostname: ry11citdc
DNS Domain: ry11cit.lan
FQDN: ry11citdc.ry11cit.lan
ipaddress: 10.44.1.10
-----------
Samba is running as an AD DC
Checking file: /etc/os-release
PRETTY_NAME="Raspbian GNU/Linux 9 (stretch)"
NAME="Raspbian GNU/Linux"
VERSION_ID="9"
VERSION="9 (stretch)"
ID=raspbian
ID_LIKE=debian
HOME_URL="http://www.raspbian.org/"
SUPPORT_URL="http://www.raspbian.org/RaspbianForums"
BUG_REPORT_URL="http://www.raspbian.org/RaspbianBugs"
-----------
Warning, /etc/devuan_version does not exist
-----------
running command : ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether b8:27:eb:69:ac:e4 brd ff:ff:ff:ff:ff:ff
inet 10.44.1.10/16 brd 10.44.255.255 scope global eth0
-----------
Checking file: /etc/hosts
127.0.0.1 localhost
10.44.1.10 ry11citdc.ry11cit.lan ry11citdc
-----------
Checking file: /etc/krb5.conf
[libdefaults]
default_realm = RY11CIT.LAN
dns_lookup_realm = false
dns_lookup_kdc = true
-----------
Checking file: /etc/nsswitch.conf
# /etc/nsswitch.conf
#
# Example configuration of GNU Name Service Switch functionality.
# If you have the `glibc-doc-reference' and `info' packages installed, try:
# `info libc "Name Service Switch"' for information about this file.
passwd: compat winbind
group: compat winbind
shadow: compat
gshadow: files
hosts: files dns mdns4_minimal [NOTFOUND=return]
networks: files
protocols: db files
services: db files
ethers: db files
rpc: db files
netgroup: nis
-----------
Checking file: /etc/samba/smb.conf
# Global parameters
[global]
netbios name = RY11CITDC
realm = RY11CIT.LAN
server services = -dns
workgroup = RY11CIT
server role = active directory domain controller
[netlogon]
path = /var/lib/samba/sysvol/ry11cit.lan/scripts
read only = No
[sysvol]
path = /var/lib/samba/sysvol
read only = No
-----------
No username map detected.
-----------
Detected bind DLZ enabled..
Checking file: /etc/bind/named.conf
// This is the primary configuration file for the BIND DNS server named.
//
// Please read /usr/share/doc/bind9/README.Debian.gz for information on the
// structure of BIND configuration files in Debian, *BEFORE* you customize
// this configuration file.
//
// If you are just adding zones, please do that in /etc/bind/named.conf.local
include "/etc/bind/named.conf.options";
include "/etc/bind/named.conf.local";
include "/etc/bind/named.conf.default-zones";
include "/var/lib/samba/private/named.conf";
-----------
Checking file: /etc/bind/named.conf.options
options {
directory "/var/cache/bind";
// If there is a firewall between you and nameservers you want
// to talk to, you may need to fix the firewall to allow multiple
// ports to talk. Seehttp://www.kb.cert.org/vuls/id/800113
// If your ISP provided one or more IP addresses for stable
// nameservers, you probably want to use them as forwarders.
// Uncomment the following block, and insert the addresses replacing
// the all-0's placeholder.
// forwarders {
// 0.0.0.0;
// };
//========================================================================
// If BIND logs error messages about the root key being expired,
// you will need to update your keys. Seehttps://www.isc.org/bind-keys
//========================================================================
dnssec-validation auto;
auth-nxdomain no; # conform to RFC1035
listen-on-v6 { none; };
tkey-gssapi-keytab "/var/lib/samba/private/dns.keytab";
};
-----------
Checking file: /etc/bind/named.conf.local
//
// Do any local configuration here
//
// Consider adding the 1918 zones here, if they are not used in your
// organization
//include "/etc/bind/zones.rfc1918";
-----------
Checking file: /etc/bind/named.conf.default-zones
// prime the server with knowledge of the root servers
zone "." {
type hint;
file "/etc/bind/db.root";
};
// be authoritative for the localhost forward and reverse zones, and for
// broadcast zones as per RFC 1912
zone "localhost" {
type master;
file "/etc/bind/db.local";
};
zone "127.in-addr.arpa" {
type master;
file "/etc/bind/db.127";
};
zone "0.in-addr.arpa" {
type master;
file "/etc/bind/db.0";
};
zone "255.in-addr.arpa" {
type master;
file "/etc/bind/db.255";
};
-----------
Installed packages, running: dpkg -l | egrep "samba|winbind|krb5|smb|acl|xattr"
ii acl 2.2.52-3 armhf Access control list utilities
ii krb5-config 2.6 all Configuration files for Kerberos Version 5
ii krb5-user 1.15-1+deb9u1 armhf basic programs to authenticate using MIT Kerberos
ii libacl1:armhf 2.2.52-3 armhf Access control list shared library
ii libgssapi-krb5-2:armhf 1.15-1+deb9u1 armhf MIT Kerberos runtime libraries - krb5 GSS-API Mechanism
ii libkrb5-3:armhf 1.15-1+deb9u1 armhf MIT Kerberos runtime libraries
ii libkrb5support0:armhf 1.15-1+deb9u1 armhf MIT Kerberos runtime libraries - Support library
ii libsmbclient:armhf 2:4.5.12+dfsg-2+deb9u1 armhf shared library for communication with SMB/CIFS servers
ii libwbclient0:armhf 2:4.5.12+dfsg-2+deb9u1 armhf Samba winbind client library
ii python-samba 2:4.5.12+dfsg-2+deb9u1 armhf Python bindings for Samba
ii samba 2:4.5.12+dfsg-2+deb9u1 armhf SMB/CIFS file, print, and login server for Unix
ii samba-common 2:4.5.12+dfsg-2+deb9u1 all common files used by both the Samba server and client
ii samba-common-bin 2:4.5.12+dfsg-2+deb9u1 armhf Samba common files used by both the server and the client
ii samba-dsdb-modules 2:4.5.12+dfsg-2+deb9u1 armhf Samba Directory Services Database
ii samba-libs:armhf 2:4.5.12+dfsg-2+deb9u1 armhf Samba core libraries
ii samba-vfs-modules 2:4.5.12+dfsg-2+deb9u1 armhf Samba Virtual FileSystem plugins
ii smbclient 2:4.5.12+dfsg-2+deb9u1 armhf command-line SMB/CIFS clients for Unix
ii winbind 2:4.5.12+dfsg-2+deb9u1 armhf service to resolve user and group information from Windows NT servers
-----------
RY11CITSDC:
---------------------------------------------------------------------------------------------------------------------
--------------------------------------------------------------------------------------------------------------------------
root at ry11citsdc:~# samba-tool drs replicate ry11citdc ry11citsdc dc=ry11cit,dc=lan
ERROR(<class 'samba.drs_utils.drsException'>): DsReplicaSync failed - drsException: DsReplicaSync failed (2, 'WERR_BADFILE')
File "/usr/lib/python2.7/dist-packages/samba/netcmd/drs.py", line 368, in run
drs_utils.sendDsReplicaSync(server_bind, server_bind_handle, source_dsa_guid, NC, req_options)
File "/usr/lib/python2.7/dist-packages/samba/drs_utils.py", line 83, in sendDsReplicaSync
raise drsException("DsReplicaSync failed %s" % estr)
-------------------------------------------------------------------------------------------------------------------
root at ry11citsdc:~# bash /home/pi/Ry11/samba-setup-checkup.sh
/home/pi/Ry11/samba-setup-checkup.sh: line 134: HOST_: command not found
Check hostnames : Ok
Checking detected host ipnumbers from resolv.conf and default gateway
Ping gateway ip : 10.44.1.1 : Error
Warning, no ping to gateway, this might be firewalled.
check you internet connection, AD DNS might need it.
ping nameserver1: 10.44.1.9 : Ok
Check ping google dns : 8.8.8.8 : Error
Warning, no ping to internet dns 8.8.8.8, this might be firewalled.
Check you internet connection, AD DNS might need it.
Checking file owner..
-rw-r--r-- pi pi /etc/samba/smb.conf
Checking file owner..
Missing file /etc/samba/lmhosts
Checking file owner..
Missing file /etc/samba/smbpasswd
drwxr-xr-x root root /usr/bin
drwxr-xr-x root root /var/cache/samba
drwxr-xr-x root root /usr/lib/arm-linux-gnueabihf
drwxr-xr-x root root /var/run/samba
drwxr-x--- root adm /var/log/samba
drwxr-xr-x root root /usr/lib/arm-linux-gnueabihf/samba
drwxr-xr-x root root /var/run/samba
drwxr-xr-x root root /var/lib/samba/private
drwxr-xr-x root root /usr/sbin
drwxr-xr-x root root /var/lib/samba
DCS ry11citsdc.ry11cit.lan
ry11citdc.ry11cit.lan
DC1 ry11citsdc.ry11cit.lan
DC2 ry11citdc.ry11cit.lan
Samba AD DC info: = detected (command and where to look)
This server hostname = ry11citsdc (hostname -s and /etc/hosts and DNS server)
This server FQDN (hostname) = ry11citsdc.ry11cit.lan (hostname -f and /etc/hosts and DNS server)
This server primary dnsdomain = ry11cit.lan (hostname -d and /etc/resolv.conf and DNS server)
This server IP address(ses) = 10.44.1.9 Only one interface detected (hostname -i (-I) and /etc/networking/interfaces and DNS server
The DC with FSMO roles = RY11CITDC (samba-tool fsmo show)
The DC (with FSMO) Site name = Default-First-Site-Name (samba-tool fsmo show)
The Default Naming Context = DC=ry11cit,DC=lan (samba-tool fsmo show)
The Kerberos REALM name used = RY11CIT.LAN (kinit and /etc/krb5.conf and resolving)
The Ipadres of DC ry11citsdc.ry11cit.lan = 10.44.1.9
The Ipadres of DC ry11citdc.ry11cit.lan = 10.44.1.10
SAMBA_SERVER_ROLE: active directory domain controller
SAMBA_SERVER_SERVICES: s3fs, rpc, nbt, wrepl, ldap, cldap, kdc, drepl, winbindd, ntp_signd, kcc, dnsupdate
SAMBA_DCERPC_ENDPOINT_SERVERS: epmapper, wkssvc, rpcecho, samr, netlogon, lsarpc, drsuapi, dssetup, unixinfo, browser, eventlog6, backupkey, dnsserver
-----------------------------------------------------------------------------------------------------------------------
Collected config --- 2017-12-13-15:22 -----------
Hostname: ry11citsdc
DNS Domain: ry11cit.lan
FQDN: ry11citsdc.ry11cit.lan
ipaddress: 10.44.1.9
-----------
Samba is running as an AD DC
Checking file: /etc/os-release
PRETTY_NAME="Raspbian GNU/Linux 9 (stretch)"
NAME="Raspbian GNU/Linux"
VERSION_ID="9"
VERSION="9 (stretch)"
ID=raspbian
ID_LIKE=debian
HOME_URL="http://www.raspbian.org/"
SUPPORT_URL="http://www.raspbian.org/RaspbianForums"
BUG_REPORT_URL="http://www.raspbian.org/RaspbianBugs"
-----------
Warning, /etc/devuan_version does not exist
-----------
running command : ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether b8:27:eb:9d:64:eb brd ff:ff:ff:ff:ff:ff
inet 10.44.1.9/16 brd 10.44.255.255 scope global eth0
3: wlan0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast state DOWN group default qlen 1000
link/ether b8:27:eb:c8:31:be brd ff:ff:ff:ff:ff:ff
-----------
Checking file: /etc/hosts
127.0.0.1 localhost
10.44.1.9 ry11citsdc.ry11cit.lan ry11citsdc
-----------
Checking file: /etc/krb5.conf
[libdefaults]
default_realm = RY11CIT.LAN
dns_lookup_realm = false
dns_lookup_kdc = true
-----------
Checking file: /etc/nsswitch.conf
# /etc/nsswitch.conf
#
# Example configuration of GNU Name Service Switch functionality.
# If you have the `glibc-doc-reference' and `info' packages installed, try:
# `info libc "Name Service Switch"' for information about this file.
passwd: compat winbind
group: compat winbind
shadow: compat
gshadow: files
hosts: files dns mdns4_minimal [NOTFOUND=return]
networks: files
protocols: db files
services: db files
ethers: db files
rpc: db files
netgroup: nis
-----------
Checking file: /etc/samba/smb.conf
# Global parameters
[global]
netbios name = RY11CITSDC
realm = RY11CIT.LAN
server services = -dns
workgroup = RY11CIT
server role = active directory domain controller
[netlogon]
path = /var/lib/samba/sysvol/ry11cit.lan/scripts
read only = No
[sysvol]
path = /var/lib/samba/sysvol
read only = No
-----------
No username map detected.
-----------
Detected bind DLZ enabled..
Checking file: /etc/bind/named.conf
// This is the primary configuration file for the BIND DNS server named.
//
// Please read /usr/share/doc/bind9/README.Debian.gz for information on the
// structure of BIND configuration files in Debian, *BEFORE* you customize
// this configuration file.
//
// If you are just adding zones, please do that in /etc/bind/named.conf.local
include "/etc/bind/named.conf.options";
include "/etc/bind/named.conf.local";
include "/etc/bind/named.conf.default-zones";
include "/var/lib/samba/private/named.conf";
-----------
Checking file: /etc/bind/named.conf.options
options {
directory "/var/cache/bind";
// If there is a firewall between you and nameservers you want
// to talk to, you may need to fix the firewall to allow multiple
// ports to talk. Seehttp://www.kb.cert.org/vuls/id/800113
// If your ISP provided one or more IP addresses for stable
// nameservers, you probably want to use them as forwarders.
// Uncomment the following block, and insert the addresses replacing
// the all-0's placeholder.
// forwarders {
// 0.0.0.0;
// };
//========================================================================
// If BIND logs error messages about the root key being expired,
// you will need to update your keys. Seehttps://www.isc.org/bind-keys
//========================================================================
dnssec-validation auto;
auth-nxdomain no; # conform to RFC1035
listen-on-v6 { none; };
tkey-gssapi-keytab "/var/lib/samba/private/dns.keytab";
};
-----------
Checking file: /etc/bind/named.conf.local
//
// Do any local configuration here
//
// Consider adding the 1918 zones here, if they are not used in your
// organization
//include "/etc/bind/zones.rfc1918";
-----------
Checking file: /etc/bind/named.conf.default-zones
// prime the server with knowledge of the root servers
zone "." {
type hint;
file "/etc/bind/db.root";
};
// be authoritative for the localhost forward and reverse zones, and for
// broadcast zones as per RFC 1912
zone "localhost" {
type master;
file "/etc/bind/db.local";
};
zone "127.in-addr.arpa" {
type master;
file "/etc/bind/db.127";
};
zone "0.in-addr.arpa" {
type master;
file "/etc/bind/db.0";
};
zone "255.in-addr.arpa" {
type master;
file "/etc/bind/db.255";
};
-----------
Installed packages, running: dpkg -l | egrep "samba|winbind|krb5|smb|acl|xattr"
ii acl 2.2.52-3 armhf Access control list utilities
ii krb5-config 2.6 all Configuration files for Kerberos Version 5
ii krb5-user 1.15-1+deb9u1 armhf basic programs to authenticate using MIT Kerberos
ii libacl1:armhf 2.2.52-3 armhf Access control list shared library
ii libgssapi-krb5-2:armhf 1.15-1+deb9u1 armhf MIT Kerberos runtime libraries - krb5 GSS-API Mechanism
ii libkrb5-3:armhf 1.15-1+deb9u1 armhf MIT Kerberos runtime libraries
ii libkrb5support0:armhf 1.15-1+deb9u1 armhf MIT Kerberos runtime libraries - Support library
ii libsmbclient:armhf 2:4.5.12+dfsg-2+deb9u1 armhf shared library for communication with SMB/CIFS servers
ii libwbclient0:armhf 2:4.5.12+dfsg-2+deb9u1 armhf Samba winbind client library
ii python-samba 2:4.5.12+dfsg-2+deb9u1 armhf Python bindings for Samba
ii samba 2:4.5.12+dfsg-2+deb9u1 armhf SMB/CIFS file, print, and login server for Unix
ii samba-common 2:4.5.12+dfsg-2+deb9u1 all common files used by both the Samba server and client
ii samba-common-bin 2:4.5.12+dfsg-2+deb9u1 armhf Samba common files used by both the server and the client
ii samba-dsdb-modules 2:4.5.12+dfsg-2+deb9u1 armhf Samba Directory Services Database
ii samba-libs:armhf 2:4.5.12+dfsg-2+deb9u1 armhf Samba core libraries
ii samba-vfs-modules 2:4.5.12+dfsg-2+deb9u1 armhf Samba Virtual FileSystem plugins
ii smbclient 2:4.5.12+dfsg-2+deb9u1 armhf command-line SMB/CIFS clients for Unix
ii winbind 2:4.5.12+dfsg-2+deb9u1 armhf service to resolve user and group information from Windows NT servers
-----------
On 13. 12. 2017 11:00, Rowland Penny via samba wrote:
> See inline comments:
>
> On Wed, 13 Dec 2017 10:13:52 +0100
> Jiří Knotek via samba<samba at lists.samba.org> wrote:
>
>> Hello Rowland,
>>
>> thank you for advice. I reconfigure both AC-DCs again with new
>> data and send updated data. Unfortunately, the result is the same.
>> I'm also sending a listing from
>>
>> samba-setup-checkup.sh.
>>
>> * Linux: Raspbian, debian stretch lite
>> * Samba version 4.5.12-Debian
>> * DNS: BIND9_DLZ 9.10.x
>> * Installed packages: ntp ntpdate samba smbclient winbind libcups2
>> samba-common cups ldb-tools bind9 bind9utils dnsutils krb5-user
>>
>> *root at ry11citdc:/home/pi/Ry11# samba-tool drs replicate ry11citsdc
>> ry11citdc dc=ry11cit,dc=lan*
>> Replicate from ry11citdc to ry11citsdc was successful.
>>
>> *root at ry11citdc:/home/pi/Ry11# samba-tool drs replicate ry11citdc
>> ry11citsdc dc=ry11cit,dc=lan*
>> ERROR(<class 'samba.drs_utils.drsException'>): DsReplicaSync failed -
>> drsException: DsReplicaSync failed (2, 'WERR_BADFILE')
>> File "/usr/lib/python2.7/dist-packages/samba/netcmd/drs.py", line
>> 368, in run
>> drs_utils.sendDsReplicaSync(server_bind, server_bind_handle,
>> source_dsa_guid, NC, req_options)
>> File "/usr/lib/python2.7/dist-packages/samba/drs_utils.py", line
>> 83, in sendDsReplicaSync
>> raise drsException("DsReplicaSync failed %s" % estr)
>>
>>
>> *root at ry11citdc:/home/pi/Ry11# bash samba-setup-checkup.sh*
>> Check hostnames : Mismatch in hostname definitions
>> please check :
>> HOST_NAME_SHORT: ry11citdc
>> HOST_NAME_DOMAIN:
>> HOST_NAME_FQDN: ry11citdc
>> HOST_IP1: 10.44.1.10
>> HOST_IP2: Only one interface detected
>> HOST_GATEWAY: 10.44.1.1
>> HOST_PRIMARY_INTERFACE: 10.44.1.1
>> eth0
>> HOST_RESOLV_DOMAIN: domain ry11cit.lan
>> HOST_RESOLV_SEARCH: search ry11cit.lan
>> HOST_RESOLV_NAMESERV1: 10.44.1.10
>> HOST_RESOLV_NAMESERV2: 10.44.1.9
>> HOST_RESOLV_NAMESERV3:
>> Possible error detected in /etc/hosts, mismatch FQDN and detected IP
>> 10.44.1.10 for the host.
>> expected was : 10.44.1.10 ry11citdc ry11citdc
>> Checking detected host ipnumbers from resolv.conf and default gateway
>> Ping gateway ip : 10.44.1.1 : Error
>> ping nameserver1: 10.44.1.10 : Ok
>> ping nameserver2: 10.44.1.9 : Ok
>> Check ping google dns : 8.8.8.8 : Error
>> Checking file owner..
>> -rw-r--r-- pi pi /etc/samba/smb.conf
>> Checking file owner..
>> -rw-r--r-- pi pi /etc/samba/lmhosts
>> Checking file owner..
>> Missing file /etc/samba/smbpasswd
>> drwxr-xr-x root root /usr/bin
>> drwxr-xr-x root root /var/cache/samba
>> drwxr-xr-x root root /usr/lib/arm-linux-gnueabihf
>> drwxr-xr-x root root /var/run/samba
>> drwxr-x--- root adm /var/log/samba
>> drwxr-xr-x root root /usr/lib/arm-linux-gnueabihf/samba
>> drwxr-xr-x root root /var/run/samba
>> drwxr-xr-x root root /var/lib/samba/private
>> drwxr-xr-x root root /usr/sbin
>> drwxr-xr-x root root /var/lib/samba
>> DCS 2(SERVFAIL
>> DC1 2(SERVFAIL
>> DC2
>> ERROR: Invalid IP address '2(SERVFAIL'!
>> Samba AD DC info: = detected (command and where to look)
>> This server hostname = ry11citdc (hostname -s and /etc/hosts
>> and DNS server)
>> This server FQDN (hostname) = ry11citdc (hostname -f and /etc/hosts
>> and DNS server)
>> This server primary dnsdomain = (hostname -d and /etc/resolv.conf
>> and DNS server)
>> This server IP address(ses) = 10.44.1.10 Only one interface
>> detected (hostname -i (-I) and /etc/networking/interfaces and DNS
>> server The DC with FSMO roles = RY11CITDC (samba-tool fsmo
>> show) The DC (with FSMO) Site name = Default-First-Site-Name
>> (samba-tool fsmo show)
>> The Default Naming Context = DC=ry11cit,DC=lan (samba-tool fsmo
>> show) The Kerberos REALM name used = RY11CIT.LAN (kinit
>> and /etc/krb5.conf and resolving)
>> The Ipadres of DC 2(SERVFAIL = 2(SERVFAIL)
>> SAMBA_SERVER_ROLE: active directory domain controller
>> SAMBA_SERVER_SERVICES: s3fs, rpc, nbt, wrepl, ldap, cldap, kdc,
>> drepl, winbindd, ntp_signd, kcc, dnsupdate
>> SAMBA_DCERPC_ENDPOINT_SERVERS: epmapper, wkssvc, rpcecho, samr,
>> netlogon, lsarpc, drsuapi, dssetup, unixinfo, browser, eventlog6,
>> backupkey, dnsserver
>>
>>
>> *I did not come to the way the hostname -d command would return the
>> domain name. How can I do that? In addition, there are host, lmhost,
>> resolv.conf, and so on**
>> *
>>
>> Please help, I don 't know the advice.
>>
>> System integrator Jiří Knotek
>>
>>
>> "Primary" Active Directory Domain
>> Controler:---------------------------------------------------------------------------------------------------
>>
>> -----------------------------------------------------------------------------------------------------------------------------------------------------
>>
>>
>> hostname:-----------------
>> ry11citdc.ry11cit.lan
> This should be just the short hostname
> In this case 'ry11citdc'
somewhere I've seen this, but of course I'll fix it
>> hosts:---------------
>> 127.0.0.1 localhost localhost.localdomain
>> 10.44.1.10 ry11citdc ry11citdc.ry11cit.lan
>> 10.44.1.9 ry11citsdc ry11citsdc.ry11cit.lan
> This should be:
>
> 127.0.0.1 localhost
> 10.44.1.10 ry11citdc.ry11cit.lan ry11citdc
OK
>> resolv.conf.head:-------------------
>> domain ry11cit.lan
>> search ry11cit.lan
> What is 'resolv.conf.head' ?
> Do you have the resolvconf package installed ?
> if so, remove it and the create an /etc/resolv.conf file with this
> content:
>
> search ry11cit.lan
> nameserver 10.44.1.10
resolv.conf.head is for manual records to withstand restart.
resolv.conf is compiled by the program resolvconf , nameserver is from
dhcpcd.conf, see the generated file resolv.conf:
# Generated by resolvconf
domain ry11cit.lan
search ry11cit.lan
nameserver 10.44.1.10
nameserver 10.44.1.9
OK, i will change
>> systemctl.conf"--------------------
>> net.ipv4.ip_forward=1
>> net.ipv6.conf.all.disable_ipv6=1
>>
>>
>>
>> krb5.conf:------------
>>
>> [libdefaults]
>> default_realm = RY11CIT.LAN
>> dns_lookup_realm = false
>> dns_lookup_kdc = true
>>
>> named.conf:------------------------
>>
>> include "/etc/bind/named.conf.options";
>> include "/etc/bind/named.conf.local";
>> include "/etc/bind/named.conf.default-zones";
>> include "/var/lib/samba/private/named.conf";
>>
>> named.conf.options:-----------------------
>>
>> options {
>> directory "/var/cache/bind";
>>
>> dnssec-validation auto;
>>
>> auth-nxdomain no; # conform to RFC1035
>> listen-on-v6 { none; };
>> tkey-gssapi-keytab "/var/lib/samba/private/dns.keytab";
>> };
>>
>> lmhost:--------------------------
>> 127.0.0.1 localhost
>> 10.44.1.10 ry11citdc
>> 10.44.1.9 ry11citsdc
>>
> not required
I placed it for warning v samba-setup-checkup.sh
>> smb.conf:------------------------------
>>
>> # Global parameters
>> [global]
>> netbios name = RY11CITDC
>> realm = RY11CIT.LAN
>> server services = -dns
>> workgroup = RY11CIT
>> server role = active directory domain controller
>>
>> [netlogon]
>> path = /var/lib/samba/sysvol/ry11cit.lan/scripts
>> read only = No
>>
>> [sysvol]
>> path = /var/lib/samba/sysvol
>> read only = No
>>
>> Samba Provision---------------:
>>
>> samba-tool domain provision --realm=RY11CIT.LAN --domain=RY11CIT
>> --server-role=dc --dns-backend=BIND9_DLZ --adminpass='.....'
>>
>> "Backup / Standby" Active Directory Domain
>> Controler:---------------------------------------------------------------------------------------------------
>>
>>
>> -----------------------------------------------------------------------------------------------------------------------------------------------------
>>
>>
>> hostname:-----------------
>> ry11citsdc.ry11cit.lan
> should be just 'ry11citsdc'
OK
>> hosts:---------------
>> 127.0.0.1 localhost localhost.localdomain
>> 10.44.1.10 ry11citdc ry11citdc.ry11cit.lan
>> 10.44.1.9 ry11citsdc ry11citsdc.ry11cit.lan
> should be:
>
> 127.0.0.1 localhost
> 10.44.1.9 ry11citsdc.ry11cit.lan ry11citsdc
OK
>> resolv.conf.head:-------------------
>> domain ry11cit.lan
>> search ry11cit.lan
>>
> /etc/resolv.conf should be:
>
> search ry11cit.lan
> nameserver 10.44.1.9
>
>> systemctl.conf"--------------------
>> net.ipv4.ip_forward=1
>> net.ipv6.conf.all.disable_ipv6=1
>>
>>
>>
>> krb5.conf:------------
>>
>> [libdefaults]
>> default_realm = RY11CIT.LAN
>> dns_lookup_realm = false
>> dns_lookup_kdc = true
>>
>> named.conf:------------------------
>>
>> include "/etc/bind/named.conf.options";
>> include "/etc/bind/named.conf.local";
>> include "/etc/bind/named.conf.default-zones";
>> include "/var/lib/samba/private/named.conf";
>>
>> named.conf.options:-----------------------
>>
>> options {
>> directory "/var/cache/bind";
>>
>> dnssec-validation auto;
>>
>> auth-nxdomain no; # conform to RFC1035
>> listen-on-v6 { none; };
>> tkey-gssapi-keytab "/var/lib/samba/private/dns.keytab";
>> };
>>
>> lmhost:--------------------------
>> 127.0.0.1 localhost
>> 10.44.1.10 ry11citdc
>> 10.44.1.9 ry11citsdc
>>
> Not required
>
>> smb.conf:------------------------------
>>
>> # Global parameters
>> [global]
>> netbios name = RY11CITSDC
>> realm = RY11CIT.LAN
>> server services = -dns
>> workgroup = RY11CIT
>> server role = active directory domain controller
>>
>> [netlogon]
>> path = /var/lib/samba/sysvol/ry11cit.lan/scripts
>> read only = No
>>
>> [sysvol]
>> path = /var/lib/samba/sysvol
>> read only = No
>>
>> Samba join---------------:
>>
>> samba-tool domain join RY11CIT DC -Uadministrator
>> --realm=RY11CIT.LAN --dns-backend=BIND9_DLZ --adminpass='.....'
>>
> You haven't provisioned with '--use-rfc2307'
> I suggest you go and read this:
> https://wiki.samba.org/index.php/Setting_up_RFC2307_in_AD
That might be useful, I will try later. But without this I can manage
domain users by windows tools.
> Rowland
>
>
Thanks Jiri Knotek
--
*Ing. Jiří Knotek*
programátor
*GEMA s.r.o. Automatizace technologických procesů*
Doubravice 13, Pardubice 19, 53353
Tel: +420604570127
E-mail: jiri.knotek at gemapce.cz <mailto:jiri.knotek at gemapce.cz>
Web:www.gemapce.cz <http://www.gemapce.cz/>
More information about the samba
mailing list