[Samba] Problem after upgrading to 4.9

Sergio Belkin sebelk at gmail.com
Wed Dec 12 13:07:57 UTC 2018 

Thanks Louis;


/etc/krb5.conf

[libdefaults]
        default_realm = EXAMPLE.COM
        dns_lookup_realm = false
        dns_lookup_kdc = true


/etc/resolv.conf

search example.com
nameserver 192.168.50.40

/etc/hosts


127.0.0.1       localhost samba4.example.com
192.168.50.40   samba4.example.com  samba4 ldap.example.com


Output off:
samba-tool dbcheck --cross-ncs

NOTE: old (due to rename or delete) DN string component for lastKnownParent
in object DC=@\0ADEL:d86ef51e-83a5-4a8d-b224-e7a559c47094,CN=Deleted
Objects,DC=DomainDnsZones,DC=EXAMPLE,DC=com -
DC=pepino.cuac,CN=MicrosoftDNS,DC=DomainDnsZones,DC=EXAMPLE,DC=com
Not fixing old string component
NOTE: old (due to rename or delete) DN string component for lastKnownParent
in object
DC=www.pepino.cuac\0ADEL:d3bc33d0-6d4d-4345-a7fe-96a19550b293,CN=Deleted
Objects,DC=DomainDnsZones,DC=EXAMPLE,DC=com -
DC=pepino.cuac,CN=MicrosoftDNS,DC=DomainDnsZones,DC=EXAMPLE,DC=com

Not fixing old string component
Checked 3626 objects (0 errors)

Something interesting: if I run samba -i outside systemd workf fine...
weird, I see that systemd run:
ExecStart=/usr/sbin/samba --foreground --no-process-group $SAMBAOPTIONS


Thanks in advance!

El mié., 12 dic. 2018 a las 9:46, L.P.H. van Belle via samba (<
samba at lists.samba.org>) escribió:

> Hai,
>
> Can you post
> /etc/krb5.conf
> /etc/resolv.conf
> /etc/hosts
>
> Output off:
> samba-tool dbcheck --cross-ncs
>
> And last question, are there any DC removed from the domain.
>
>
> 50abc2a4-574d-40b3-9d66-ee4fd5fba076/0x00000005,localaddress=>
> 192.168.50.40]
> My guess here the UUID is a removed DC.
>
> You samba config looks fine to me.
>
> Greetz,
>
> Louis
>
>
>
> > -----Oorspronkelijk bericht-----
> > Van: samba [mailto:samba-bounces at lists.samba.org] Namens
> > Sergio Belkin via samba
> > Verzonden: woensdag 12 december 2018 13:25
> > Aan: samba at lists.samba.org
> > Onderwerp: [Samba] Problem after upgrading to 4.9
> >
> > Hi, I use the Van Bell repo, I've upgraded from samba 4.7 to
> > samba 4.9 but
> > now it fails, these are the errors:
> >
> > dic 12 09:14:49 samba4 samba[4881]: task[dnsupdate][4881]: [2018/12/12
> > 09:14:49.372290,  0]
> > ../lib/util/util_runcmd.c:327(samba_runcmd_io_handler)
> > dic 12 09:14:49 samba4 samba[4881]: task[dnsupdate][4881]:
> > /usr/sbin/samba_dnsupdate: Failed to bind to uuid
> > 50abc2a4-574d-40b3-9d66-ee4fd5fba076 for
> > ncacn_ip_tcp:192.168.50.40[49152,sign,abstract_syntax=50abc2a4
> -574d-40b3-9d66-ee4fd5fba076/0x00000005,localaddress=> 192.168.50.40]
> > NT_STATUS_LOGON_FAILURE
> > dic 12 09:14:49 samba4 samba[4881]: task[dnsupdate][4881]: [2018/12/12
> > 09:14:49.372338,  0]
> > ../lib/util/util_runcmd.c:327(samba_runcmd_io_handler)
> > dic 12 09:14:49 samba4 samba[4881]: task[dnsupdate][4881]:
> > /usr/sbin/samba_dnsupdate: ERROR: Connecting to DNS RPC server
> > 192.168.50.40 failed with (3221225581, 'The attempted logon
> > is invalid.
> > This is either due to a bad username or authentication information.')
> > dic 12 09:14:49 samba4 samba[4881]: task[dnsupdate][4881]: [2018/12/12
> > 09:14:49.381318,  0]
> > ../lib/util/util_runcmd.c:327(samba_runcmd_io_handler)
> > dic 12 09:14:49 samba4 samba[4881]: task[dnsupdate][4881]:
> > /usr/sbin/samba_dnsupdate: Failed to bind to uuid
> > 50abc2a4-574d-40b3-9d66-ee4fd5fba076 for
> > ncacn_ip_tcp:192.168.50.40[49152,sign,abstract_syntax=50abc2a4
> -574d-40b3-9d66-ee4fd5fba076/0x00000005,localaddress=> 192.168.50.40]
> > NT_STATUS_LOGON_FAILURE
> > dic 12 09:14:49 samba4 samba[4881]: task[dnsupdate][4881]: [2018/12/12
> > 09:14:49.381385,  0]
> > ../lib/util/util_runcmd.c:327(samba_runcmd_io_handler)
> >
> > I've no modified the smb.conf which is:
> >
> > [global]
> >         dns forwarder = 8.8.8.8
> >         netbios name = SAMBA4
> >         realm = EXAMPLE.COM
> >     interfaces = lo eth0
> >         server role = active directory domain controller
> >         workgroup = EXAMPLE
> >         idmap_ldb:use rfc2307 = yes
> >         # Audit settings
> >     full_audit:prefix = %u|%I|%m|%S
> >     full_audit:failure = connect
> >     full_audit:success =  mkdir rmdir read pread write pwrite
> > rename unlink
> >     full_audit:facility = local5
> >     full_audit:priority = notice
> >         # TLS settings
> >         tls enabled = yes
> >         tls certfile = tls/ldap.example-aid.com/fullchain.pem
> >         tls keyfile = tls/ldap.example-aid.com/privkey.pem
> >         tls cafile =
> >         #log auth
> >         log level = 1 auth_audit:3 auth_json_audit:3
> > [netlogon]
> >         path = /var/lib/samba/sysvol/example-aid.com/scripts
> >         read only = No
> > [sysvol]
> >         path = /var/lib/samba/sysvol
> >         read only = No
> > [lab]
> >        path = /srv/samba/lab
> >        read only = no
> >            vfs objects = full_audit
> >
> > I cannot even 'to kinit', I get:
> > kinit: krb5_get_init_creds: unable to reach any KDC in realm
> > EXAMPLE.COM
> >
> > Please could you help me?
> >
> > Thanks in advance...
> >
> >
> >
> >
> >
> >
> >
> > Thanks in advance
> > --
> > --
> > Sergio Belkin
> > LPIC-2 Certified - http://www.lpi.org
> > --
> > To unsubscribe from this list go to the following URL and read the
> > instructions:  https://lists.samba.org/mailman/options/samba
> >
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba



-- 
--
Sergio Belkin
LPIC-2 Certified - http://www.lpi.org

More information about the samba mailing list