[Samba] Problems joining Samba 4 in the domain

Marcio Demetrio Bacci marciobacci at gmail.com
Mon Aug 12 18:42:37 UTC 2019 

Hi,

I have restarted, but it didn't solve the problem.

/etc/init.d/samba-ad-dc status
  samba-ad-dc.service - Samba AD Daemon
   Loaded: loaded (/lib/systemd/system/samba-ad-dc.service; enabled; vendor
preset: enabled)
   Active: active (running) since Mon 2019-08-12 15:32:18 -03; 9s ago
     Docs: man:samba(8)
           man:samba(7)
           man:smb.conf(5)
 Main PID: 575 (samba)
   Status: "smbd: ready to serve connections..."
    Tasks: 22 (limit: 4915)
   CGroup: /system.slice/samba-ad-dc.service
           ├─575 /usr/sbin/samba
           ├─634 /usr/sbin/samba
           ├─635 /usr/sbin/samba
           ├─636 /usr/sbin/samba
           ├─637 /usr/sbin/smbd -D --option=server role check:inhibit=yes
--foreground
           ├─638 /usr/sbin/samba
           ├─639 /usr/sbin/samba
           ├─640 /usr/sbin/samba
           ├─641 /usr/sbin/samba
           ├─642 /usr/sbin/samba
           ├─643 /usr/sbin/samba
           ├─644 /usr/sbin/samba
           ├─645 /usr/sbin/samba
           ├─646 /usr/sbin/samba
           ├─647 /usr/sbin/winbindd -D --option=server role
check:inhibit=yes --foreground
           ├─648 /usr/sbin/samba
           ├─653 /usr/sbin/winbindd -D --option=server role
check:inhibit=yes --foreground
           ├─654 /usr/sbin/smbd -D --option=server role check:inhibit=yes
--foreground
           ├─655 /usr/sbin/smbd -D --option=server role check:inhibit=yes
--foreground
           ├─658 /usr/sbin/winbindd -D --option=server role
check:inhibit=yes --foreground
           ├─659 /usr/sbin/winbindd -D --option=server role
check:inhibit=yes --foreground
           └─660 /usr/sbin/smbd -D --option=server role check:inhibit=yes
--foreground

ago 12 15:32:21 samba4-new-dc samba[646]: [2019/08/12 15:32:21.359025,  0]
../lib/util/util_runcmd.c:316(samba_runcmd_io_handler)
ago 12 15:32:21 samba4-new-dc samba[646]:   /usr/sbin/samba_dnsupdate:
NTLMSSP Sign/Seal - Initialising with flags:
ago 12 15:32:21 samba4-new-dc samba[646]: [2019/08/12 15:32:21.359054,  0]
../lib/util/util_runcmd.c:316(samba_runcmd_io_handler)
ago 12 15:32:21 samba4-new-dc samba[646]:   /usr/sbin/samba_dnsupdate: Got
NTLMSSP neg_flags=0x62088215
ago 12 15:32:21 samba4-new-dc samba[646]: [2019/08/12 15:32:21.362538,  0]
../lib/util/util_runcmd.c:316(samba_runcmd_io_handler)
ago 12 15:32:21 samba4-new-dc samba[646]:   /usr/sbin/samba_dnsupdate:
NTLMSSP Sign/Seal - Initialising with flags:
ago 12 15:32:21 samba4-new-dc samba[646]: [2019/08/12 15:32:21.362590,  0]
../lib/util/util_runcmd.c:316(samba_runcmd_io_handler)
ago 12 15:32:21 samba4-new-dc samba[646]:   /usr/sbin/samba_dnsupdate: Got
NTLMSSP neg_flags=0x62088215
ago 12 15:32:21 samba4-new-dc samba[646]: [2019/08/12 15:32:21.390860,  0]
../lib/util/util_runcmd.c:316(samba_runcmd_io_handler)
ago 12 15:32:21 samba4-new-dc samba[646]:   /usr/sbin/samba_dnsupdate:
ERROR: Record already exists


Follows my smb.conf:

cat /etc/samba/smb.conf
# Global parameters
[global]
netbios name = SAMBA4-NEW-DC
realm = EMPRESA.COM.BR
workgroup = EMPRESA
log level = 3
server role = active directory domain controller
    dns forwarder = 192.168.1.1 192.168.1.2
    dns update command = /usr/sbin/samba_dnsupdate --use-samba-tool

[netlogon]
path = /var/lib/samba/sysvol/empresa.com.br/scripts
read only = No

[sysvol]
path = /var/lib/samba/sysvol
read only = No


Regards,

Márcio Bacci

Em seg, 12 de ago de 2019 às 15:11, Rowland penny via samba <
samba at lists.samba.org> escreveu:

> On 12/08/2019 18:56, Marcio Demetrio Bacci wrote:
> > Hi,
> >
> > I have downgraded samba 4.7 (van-belle repository) to 4.5.16 from the
> > Debian 9 repository and was able to put it in the domain.
> >
> > root at samba4-new-dc:/etc/samba# samba -V
> > Version 4.5.16-Debian
> >
> > samba-tool domain join empresa.com.br <http://empresa.com.br> DC -k
> > yes -d 3 --server=samba4-dc1.empresa.com.br
> > <http://samba4-dc1.empresa.com.br>
> >
> >
> ####################################################################################
>
> >
> >
> > However, I verified that the DNS records msdcs.empresa.com.br
> > <http://msdcs.empresa.com.br> and empresa.com.br
> > <http://empresa.com.br> (ldap, kerberos, gc, tcp, udp) were not
> > updated with the information of the new DC.
>
> Try restarting Samba, this should force samba_dnsupdate to run and
> hopefully fill in the gaps, if all else fails, reboot.
>
> Rowland
>
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
>

More information about the samba mailing list