[Samba] Problem after upgrading to 4.9

Wed Dec 12 13:15:47 UTC 2018

Well, really weird for me. I've interruped the inteactive samba, run again
with systemd, and now it works.... hehehe, don't now why.... happy, but I
don't know why now it works again....

El mié., 12 dic. 2018 a las 10:07, Sergio Belkin (<sebelk at gmail.com>)
escribió:

> Thanks Louis;
>
>
> /etc/krb5.conf
>
> [libdefaults]
>         default_realm = EXAMPLE.COM
>         dns_lookup_realm = false
>         dns_lookup_kdc = true
>
>
> /etc/resolv.conf
>
> search example.com
> nameserver 192.168.50.40
>
> /etc/hosts
>
>
> 127.0.0.1       localhost samba4.example.com
> 192.168.50.40   samba4.example.com  samba4 ldap.example.com
>
>
> Output off:
> samba-tool dbcheck --cross-ncs
>
> NOTE: old (due to rename or delete) DN string component for
> lastKnownParent in object
> DC=@\0ADEL:d86ef51e-83a5-4a8d-b224-e7a559c47094,CN=Deleted
> Objects,DC=DomainDnsZones,DC=EXAMPLE,DC=com -
> DC=pepino.cuac,CN=MicrosoftDNS,DC=DomainDnsZones,DC=EXAMPLE,DC=com
> Not fixing old string component
> NOTE: old (due to rename or delete) DN string component for
> lastKnownParent in object
> DC=www.pepino.cuac\0ADEL:d3bc33d0-6d4d-4345-a7fe-96a19550b293,CN=Deleted
> Objects,DC=DomainDnsZones,DC=EXAMPLE,DC=com -
> DC=pepino.cuac,CN=MicrosoftDNS,DC=DomainDnsZones,DC=EXAMPLE,DC=com
>
> Not fixing old string component
> Checked 3626 objects (0 errors)
>
> Something interesting: if I run samba -i outside systemd workf fine...
> weird, I see that systemd run:
> ExecStart=/usr/sbin/samba --foreground --no-process-group $SAMBAOPTIONS
>
>
> Thanks in advance!
>
> El mié., 12 dic. 2018 a las 9:46, L.P.H. van Belle via samba (<
> samba at lists.samba.org>) escribió:
>
>> Hai,
>>
>> Can you post
>> /etc/krb5.conf
>> /etc/resolv.conf
>> /etc/hosts
>>
>> Output off:
>> samba-tool dbcheck --cross-ncs
>>
>> And last question, are there any DC removed from the domain.
>>
>>
>> 50abc2a4-574d-40b3-9d66-ee4fd5fba076/0x00000005,localaddress=>
>> 192.168.50.40]
>> My guess here the UUID is a removed DC.
>>
>> You samba config looks fine to me.
>>
>> Greetz,
>>
>> Louis
>>
>>
>>
>> > -----Oorspronkelijk bericht-----
>> > Van: samba [mailto:samba-bounces at lists.samba.org] Namens
>> > Sergio Belkin via samba
>> > Verzonden: woensdag 12 december 2018 13:25
>> > Aan: samba at lists.samba.org
>> > Onderwerp: [Samba] Problem after upgrading to 4.9
>> >
>> > Hi, I use the Van Bell repo, I've upgraded from samba 4.7 to
>> > samba 4.9 but
>> > now it fails, these are the errors:
>> >
>> > dic 12 09:14:49 samba4 samba[4881]: task[dnsupdate][4881]: [2018/12/12
>> > 09:14:49.372290,  0]
>> > ../lib/util/util_runcmd.c:327(samba_runcmd_io_handler)
>> > dic 12 09:14:49 samba4 samba[4881]: task[dnsupdate][4881]:
>> > /usr/sbin/samba_dnsupdate: Failed to bind to uuid
>> > 50abc2a4-574d-40b3-9d66-ee4fd5fba076 for
>> > ncacn_ip_tcp:192.168.50.40[49152,sign,abstract_syntax=50abc2a4
>> -574d-40b3-9d66-ee4fd5fba076/0x00000005,localaddress=> 192.168.50.40]
>> > NT_STATUS_LOGON_FAILURE
>> > dic 12 09:14:49 samba4 samba[4881]: task[dnsupdate][4881]: [2018/12/12
>> > 09:14:49.372338,  0]
>> > ../lib/util/util_runcmd.c:327(samba_runcmd_io_handler)
>> > dic 12 09:14:49 samba4 samba[4881]: task[dnsupdate][4881]:
>> > /usr/sbin/samba_dnsupdate: ERROR: Connecting to DNS RPC server
>> > 192.168.50.40 failed with (3221225581, 'The attempted logon
>> > is invalid.
>> > This is either due to a bad username or authentication information.')
>> > dic 12 09:14:49 samba4 samba[4881]: task[dnsupdate][4881]: [2018/12/12
>> > 09:14:49.381318,  0]
>> > ../lib/util/util_runcmd.c:327(samba_runcmd_io_handler)
>> > dic 12 09:14:49 samba4 samba[4881]: task[dnsupdate][4881]:
>> > /usr/sbin/samba_dnsupdate: Failed to bind to uuid
>> > 50abc2a4-574d-40b3-9d66-ee4fd5fba076 for
>> > ncacn_ip_tcp:192.168.50.40[49152,sign,abstract_syntax=50abc2a4
>> -574d-40b3-9d66-ee4fd5fba076/0x00000005,localaddress=> 192.168.50.40]
>> > NT_STATUS_LOGON_FAILURE
>> > dic 12 09:14:49 samba4 samba[4881]: task[dnsupdate][4881]: [2018/12/12
>> > 09:14:49.381385,  0]
>> > ../lib/util/util_runcmd.c:327(samba_runcmd_io_handler)
>> >
>> > I've no modified the smb.conf which is:
>> >
>> > [global]
>> >         dns forwarder = 8.8.8.8
>> >         netbios name = SAMBA4
>> >         realm = EXAMPLE.COM
>> >     interfaces = lo eth0
>> >         server role = active directory domain controller
>> >         workgroup = EXAMPLE
>> >         idmap_ldb:use rfc2307 = yes
>> >         # Audit settings
>> >     full_audit:prefix = %u|%I|%m|%S
>> >     full_audit:failure = connect
>> >     full_audit:success =  mkdir rmdir read pread write pwrite
>> > rename unlink
>> >     full_audit:facility = local5
>> >     full_audit:priority = notice
>> >         # TLS settings
>> >         tls enabled = yes
>> >         tls certfile = tls/ldap.example-aid.com/fullchain.pem
>> >         tls keyfile = tls/ldap.example-aid.com/privkey.pem
>> >         tls cafile =
>> >         #log auth
>> >         log level = 1 auth_audit:3 auth_json_audit:3
>> > [netlogon]
>> >         path = /var/lib/samba/sysvol/example-aid.com/scripts
>> >         read only = No
>> > [sysvol]
>> >         path = /var/lib/samba/sysvol
>> >         read only = No
>> > [lab]
>> >        path = /srv/samba/lab
>> >        read only = no
>> >            vfs objects = full_audit
>> >
>> > I cannot even 'to kinit', I get:
>> > kinit: krb5_get_init_creds: unable to reach any KDC in realm
>> > EXAMPLE.COM
>> >
>> > Please could you help me?
>> >
>> > Thanks in advance...
>> >
>> >
>> >
>> >
>> >
>> >
>> >
>> > Thanks in advance
>> > --
>> > --
>> > Sergio Belkin
>> > LPIC-2 Certified - http://www.lpi.org
>> > --
>> > To unsubscribe from this list go to the following URL and read the
>> > instructions:  https://lists.samba.org/mailman/options/samba
>> >
>>
>>
>> --
>> To unsubscribe from this list go to the following URL and read the
>> instructions:  https://lists.samba.org/mailman/options/samba
>
>
>
> --
> --
> Sergio Belkin
> LPIC-2 Certified - http://www.lpi.org
>

-- 
--
Sergio Belkin
LPIC-2 Certified - http://www.lpi.org