[Samba] Erros in Samba 4 DC

L.P.H. van Belle belle at bazuin.nl
Fri Aug 23 11:14:46 UTC 2019


I'll give you the hint
 
FQDN: samba4-dc1.empresa.com.br 
ipaddress: 192.168.1.20
 
FQDN: samba4-dc2.empresa.com.br 
ipaddress: 192.168.1.22
 
 
DC1 .
Kerberos SRV _kerberos._tcp.empresa.com.br record verified ok, sample output:
Server:         192.168.1.20
Address:        192.168.1.20#53

_kerberos._tcp.empresa.com.br service = 0 100 88 samba4-dc1.gabcmt.eb.mil.br.    <<<< 
_kerberos._tcp.empresa.com.br service = 0 100 88 samba4-dc2.empresa.com.br.
 
/etc/hosts
192.168.1.20     samba4-dc1.empresa.com.br samba4-dc1

 
DC2.
Address:        192.168.1.20#53

_kerberos._tcp.empresa.com.br service = 0 100 88 samba4-dc1.gabcmt.eb.mil.br.  <<<<<
_kerberos._tcp.empresa.com.br service = 0 100 88 samba4-dc2.empresa.com.br. 
 
       Checking file: /etc/hosts

192.168.1.22     samba4-dc2.empresa.com.br samba4-dc2
192.168.1.20     samba4-dc1.empresa.com.br samba4-dc1
 
so as far i can tell/see you need to fix some things in your resolving because where is DC1 (samba4-dc1.empresa.com.br)
it looks like its registered under the name samba4-dc1.gabcmt.eb.mil.br? 
 
Can you colaberate more on this/check this. (samba4-dc1.gabcmt.eb.mil.br?)

and change your host files to this layout. : etc/hosts
127.0.0.1       localhost
192.168.1.20     samba4-dc1.empresa.com.br samba4-dc1

# The following lines are desirable for IPv6 capable hosts
::1     localhost ip6-localhost ip6-loopback
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters



 
Greetz, 
 
Louis
 
 



________________________________

	Van: Marcio Demetrio Bacci [mailto:marciobacci at gmail.com] 
	Verzonden: vrijdag 23 augustus 2019 12:52
	Aan: Rowland penny; L.P.H. van Belle
	CC: sambalist
	Onderwerp: Re: [Samba] Erros in Samba 4 DC
	
	
	Hi, 

	Now I installed acl package in DC 2. 

	Follows the result of the scripts executed on both DCs:

	DC 1
	
	Collected config  --- 2019-08-23-07:36 -----------
	
	Hostname: samba4-dc1
	DNS Domain: empresa.com.br
	FQDN: samba4-dc1.empresa.com.br
	ipaddress: 192.168.1.20
	
	-----------
	
	Kerberos SRV _kerberos._tcp.empresa.com.br record verified ok, sample output:
	Server:         192.168.1.20
	Address:        192.168.1.20#53
	
	_kerberos._tcp.empresa.com.br service = 0 100 88 samba4-dc1.gabcmt.eb.mil.br.
	_kerberos._tcp.empresa.com.br service = 0 100 88 samba4-dc2.empresa.com.br.
	Samba is running as an AD DC
	
	-----------
	       Checking file: /etc/os-release
	
	PRETTY_NAME="Debian GNU/Linux 9 (stretch)"
	NAME="Debian GNU/Linux"
	VERSION_ID="9"
	VERSION="9 (stretch)"
	ID=debian
	HOME_URL="https://www.debian.org/"
	SUPPORT_URL="https://www.debian.org/support"
	BUG_REPORT_URL="https://bugs.debian.org/"
	
	-----------
	
	
	This computer is running Debian 9.9 x86_64
	
	-----------
	running command : ip a
	1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group defaul                                                                                                                     t qlen 1
	    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
	    inet MailScanner warning: numerical links are often malicious: 127.0.0.1/8 <http://127.0.0.1/8>  scope host lo
	    inet6 ::1/128 scope host
	2: ens2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP gr                                                                                                                     oup default qlen 1000
	    link/ether 52:54:00:00:01:20 brd ff:ff:ff:ff:ff:ff
	    inet MailScanner warning: numerical links are often malicious: 192.168.1.20/16 <http://192.168.1.20/16>  brd 192.168.255.255 scope global ens2
	    inet6 fe80::5054:ff:fe00:120/64 scope link
	
	-----------
	       Checking file: /etc/hosts
	
	192.168.1.20     samba4-dc1.empresa.com.br  samba4-dc1
	
	-----------
	
	       Checking file: /etc/resolv.conf
	
	#domain empresa.com.br
	search empresa.com.br
	nameserver 192.168.1.20
	
	-----------
	
	       Checking file: /etc/krb5.conf
	
	[libdefaults]
	    dns_lookup_realm = false
	    dns_lookup_kdc = true
	    default_realm = EMPRESA.COM.BR
	
	-----------
	
	       Checking file: /etc/nsswitch.conf
	
	# /etc/nsswitch.conf
	#
	# Example configuration of GNU Name Service Switch functionality.
	# If you have the `glibc-doc-reference' and `info' packages installed, try:
	# `info libc "Name Service Switch"' for information about this file.
	
	passwd:         compat
	group:          compat
	shadow:         compat
	gshadow:        files
	
	hosts:          files dns
	networks:       files
	
	protocols:      db files
	services:       db files
	ethers:         db files
	rpc:            db files
	
	netgroup:       nis
	
	-----------
	
	       Checking file: /etc/samba/smb.conf
	
	# Global parameters
	[global]
	        netbios name = SAMBA4-DC1
	        realm = EMPRESA.COM.BR
	        workgroup = EMPRESA
	        server role = active directory domain controller
	        dns forwarder = 192.168.1.1 192.168.1.2
	        dns update command = /usr/sbin/samba_dnsupdate --use-samba-tool
	        ldap server require strong auth = no
	
	[netlogon]
	        path = /var/lib/samba/sysvol/empresa.com.br/scripts
	        read only = No
	
	[sysvol]
	        path = /var/lib/samba/sysvol
	        read only = No
	
	-----------
	
	BIND_DLZ not detected in smb.conf
	
	-----------
	
	Installed packages:
	ii  acl                              2.2.52-3+b1                    amd64                                                                                                                             Access control list utilities
	ii  attr                             1:2.4.47-2+b2                  amd64                                                                                                                             Utilities for manipulating filesystem extended attributes
	ii  krb5-config                      2.6                            all                                                                                                                               Configuration files for Kerberos Version 5
	ii  krb5-locales                     1.15-1+deb9u1                  all                                                                                                                               internationalization support for MIT Kerberos
	ii  krb5-user                        1.15-1+deb9u1                  amd64                                                                                                                             basic programs to authenticate using MIT Kerberos
	ii  libacl1:amd64                    2.2.52-3+b1                    amd64                                                                                                                             Access control list shared library
	ii  libacl1-dev                      2.2.52-3+b1                    amd64                                                                                                                             Access control list static libraries and headers
	ii  libattr1:amd64                   1:2.4.47-2+b2                  amd64                                                                                                                             Extended attribute shared library
	ii  libattr1-dev:amd64               1:2.4.47-2+b2                  amd64                                                                                                                             Extended attribute static libraries and headers
	ii  libgssapi-krb5-2:amd64           1.15-1+deb9u1                  amd64                                                                                                                             MIT Kerberos runtime libraries - krb5 GSS-API Mechanism
	ii  libkrb5-3:amd64                  1.15-1+deb9u1                  amd64                                                                                                                             MIT Kerberos runtime libraries
	ii  libkrb5support0:amd64            1.15-1+deb9u1                  amd64                                                                                                                             MIT Kerberos runtime libraries - Support library
	ii  libnss-winbind:amd64             2:4.5.16+dfsg-1+deb9u2         amd64                                                                                                                             Samba nameservice integration plugins
	ii  libpam-krb5:amd64                4.7-4                          amd64                                                                                                                             PAM module for MIT Kerberos
	ii  libpam-winbind:amd64             2:4.5.16+dfsg-1+deb9u2         amd64                                                                                                                             Windows domain authentication integration plugin
	ii  libwbclient0:amd64               2:4.5.16+dfsg-1+deb9u2         amd64                                                                                                                             Samba winbind client library
	ii  python-samba                     2:4.5.16+dfsg-1+deb9u2         amd64                                                                                                                             Python bindings for Samba
	ii  samba                            2:4.5.16+dfsg-1+deb9u2         amd64                                                                                                                             SMB/CIFS file, print, and login server for Unix
	ii  samba-common                     2:4.5.16+dfsg-1+deb9u2         all                                                                                                                               common files used by both the Samba server and client
	ii  samba-common-bin                 2:4.5.16+dfsg-1+deb9u2         amd64                                                                                                                             Samba common files used by both the server and the client
	ii  samba-dsdb-modules               2:4.5.16+dfsg-1+deb9u2         amd64                                                                                                                             Samba Directory Services Database
	ii  samba-libs:amd64                 2:4.5.16+dfsg-1+deb9u2         amd64                                                                                                                             Samba core libraries
	ii  samba-vfs-modules                2:4.5.16+dfsg-1+deb9u2         amd64                                                                                                                             Samba Virtual FileSystem plugins
	ii  winbind                          2:4.5.16+dfsg-1+deb9u2         amd64                                                                                                                             service to resolve user and group information from Windows NT servers
	
	-----------
	root at samba4-dc1:~#
	
	
	
	################################################################################
	
	DC 2
	Please wait, collecting debug info.
	
	Password for Administrator at EMPRESA.COM.BR:
	grep: : Arquivo ou diretório não encontrado
	Load smb config files from /etc/samba/smb.conf
	rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384)
	Processing section "[netlogon]"
	Processing section "[sysvol]"
	Loaded services file OK.
	Server role: ROLE_ACTIVE_DIRECTORY_DC
	
	The debug info about your system can be found in this file: /tmp/samba-debug-inf                                                                                                                     o.txt
	Please check this and if required, sanitise it.
	Then copy & paste it into an  email to the samba list
	Do not attach it to the email, the Samba mailing list strips attachments.
	root at samba4-dc2:~# cat /tmp/samba-debug-info.txt
	Collected config  --- 2019-08-23-07:33 -----------
	
	Hostname: samba4-dc2
	DNS Domain: empresa.com.br
	FQDN: samba4-dc2.empresa.com.br
	ipaddress: 192.168.1.22
	
	-----------
	
	Kerberos SRV _kerberos._tcp.empresa.com.br record verified ok, sample output:
	Server:         192.168.1.20
	Address:        192.168.1.20#53
	
	_kerberos._tcp.empresa.com.br service = 0 100 88 samba4-dc1.gabcmt.eb.mil.br.
	_kerberos._tcp.empresa.com.br service = 0 100 88 samba4-dc2.empresa.com.br.
	You are running Samba as DC, but nmbd is also running
	This is not allowed, please stop 'nmbd' from running
	       Checking file: /etc/os-release
	
	PRETTY_NAME="Debian GNU/Linux 9 (stretch)"
	NAME="Debian GNU/Linux"
	VERSION_ID="9"
	VERSION="9 (stretch)"
	ID=debian
	HOME_URL="https://www.debian.org/"
	SUPPORT_URL="https://www.debian.org/support"
	BUG_REPORT_URL="https://bugs.debian.org/"
	
	-----------
	
	
	This computer is running Debian 9.9 x86_64
	
	-----------
	running command : ip a
	1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group defaul                                                                                                                     t qlen 1
	    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
	    inet MailScanner warning: numerical links are often malicious: 127.0.0.1/8 <http://127.0.0.1/8>  scope host lo
	    inet6 ::1/128 scope host
	2: ens2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP gr                                                                                                                     oup default qlen 1000
	    link/ether 52:54:00:00:01:22 brd ff:ff:ff:ff:ff:ff
	    inet MailScanner warning: numerical links are often malicious: 192.168.1.22/16 <http://192.168.1.22/16>  brd 192.168.255.255 scope global ens2
	    inet6 fe80::5054:ff:fe00:122/64 scope link
	
	-----------
	       Checking file: /etc/hosts
	
	192.168.1.22     samba4-dc2.empresa.com.br   samba4-dc2
	192.168.1.20     samba4-dc1.empresa.com.br samba4-dc1
	
	-----------
	
	       Checking file: /etc/resolv.conf
	
	#domain empresa.com.br
	search empresa.com.br
	#nameserver 10.133.84.135
	nameserver 192.168.1.20
	nameserver 192.168.1.22
	
	-----------
	
	       Checking file: /etc/krb5.conf
	
	[libdefaults]
	    dns_lookup_realm = false
	    dns_lookup_kdc = true
	    default_realm =EMPRESA.COM.BR
	
	-----------
	
	       Checking file: /etc/nsswitch.conf
	
	# /etc/nsswitch.conf
	#
	# Example configuration of GNU Name Service Switch functionality.
	# If you have the `glibc-doc-reference' and `info' packages installed, try:
	# `info libc "Name Service Switch"' for information about this file.
	
	passwd:         compat
	group:          compat
	shadow:         compat
	gshadow:        files
	
	hosts:          files dns
	networks:       files
	
	protocols:      db files
	services:       db files
	ethers:         db files
	rpc:            db files
	
	netgroup:       nis
	
	-----------
	
	    Warning,  does not exist
	
	-----------
	
	
	Installed packages:
	ii  acl                             2.2.52-3+b1                    amd64                                                                                                                             Access control list utilities
	ii  attr                            1:2.4.47-2+b2                  amd64                                                                                                                             Utilities for manipulating filesystem extended attributes
	ii  krb5-config                     2.6                            all                                                                                                                               Configuration files for Kerberos Version 5
	ii  krb5-locales                    1.15-1+deb9u1                  all                                                                                                                               internationalization support for MIT Kerberos
	ii  krb5-user                       1.15-1+deb9u1                  amd64                                                                                                                             basic programs to authenticate using MIT Kerberos
	ii  libacl1:amd64                   2.2.52-3+b1                    amd64                                                                                                                             Access control list shared library
	ii  libattr1:amd64                  1:2.4.47-2+b2                  amd64                                                                                                                             Extended attribute shared library
	ii  libgssapi-krb5-2:amd64          1.15-1+deb9u1                  amd64                                                                                                                             MIT Kerberos runtime libraries - krb5 GSS-API Mechanism
	ii  libkrb5-3:amd64                 1.15-1+deb9u1                  amd64                                                                                                                             MIT Kerberos runtime libraries
	ii  libkrb5support0:amd64           1.15-1+deb9u1                  amd64                                                                                                                             MIT Kerberos runtime libraries - Support library
	ii  libwbclient0:amd64              2:4.5.16+dfsg-1+deb9u2         amd64                                                                                                                             Samba winbind client library
	ii  python-samba                    2:4.5.16+dfsg-1+deb9u2         amd64                                                                                                                             Python bindings for Samba
	ii  samba                           2:4.5.16+dfsg-1+deb9u2         amd64                                                                                                                             SMB/CIFS file, print, and login server for Unix
	ii  samba-common                    2:4.5.16+dfsg-1+deb9u2         all                                                                                                                               common files used by both the Samba server and client
	ii  samba-common-bin                2:4.5.16+dfsg-1+deb9u2         amd64                                                                                                                             Samba common files used by both the server and the client
	ii  samba-dsdb-modules              2:4.5.16+dfsg-1+deb9u2         amd64                                                                                                                             Samba Directory Services Database
	ii  samba-libs:amd64                2:4.5.16+dfsg-1+deb9u2         amd64                                                                                                                             Samba core libraries
	ii  samba-vfs-modules               2:4.5.16+dfsg-1+deb9u2         amd64                                                                                                                             Samba Virtual FileSystem plugins
	ii  winbind                         2:4.5.16+dfsg-1+deb9u2         amd64                                                                                                                             service to resolve user and group information from Windows NT servers
	
	-----------
	

	Regards,

	Márcio Bacci

	Em sex, 23 de ago de 2019 às 04:41, Rowland penny via samba <samba at lists.samba.org> escreveu:
	

		On 23/08/2019 00:11, Marcio Demetrio Bacci wrote:
		> Hi,
		>
		> >Are you using Bind9, if so, post your named.conf files (the ones from
		> /etc/bind)
		> No, I'm using DNS Internal.
		>
		>
		> >Is winbind installed ?
		> No, because the Samba tutorial said that for DC it was not necessary.
		
		Which Samba tutorial ?
		
		Please install it.
		
		Rowland
		
		
		
		-- 
		To unsubscribe from this list go to the following URL and read the
		instructions:  https://lists.samba.org/mailman/options/samba
		





More information about the samba mailing list