[Samba] Erros in Samba 4 DC
L.P.H. van Belle
belle at bazuin.nl
Fri Aug 23 11:14:46 UTC 2019
I'll give you the hint
FQDN: samba4-dc1.empresa.com.br
ipaddress: 192.168.1.20
FQDN: samba4-dc2.empresa.com.br
ipaddress: 192.168.1.22
DC1 .
Kerberos SRV _kerberos._tcp.empresa.com.br record verified ok, sample output:
Server: 192.168.1.20
Address: 192.168.1.20#53
_kerberos._tcp.empresa.com.br service = 0 100 88 samba4-dc1.gabcmt.eb.mil.br. <<<<
_kerberos._tcp.empresa.com.br service = 0 100 88 samba4-dc2.empresa.com.br.
/etc/hosts
192.168.1.20 samba4-dc1.empresa.com.br samba4-dc1
DC2.
Address: 192.168.1.20#53
_kerberos._tcp.empresa.com.br service = 0 100 88 samba4-dc1.gabcmt.eb.mil.br. <<<<<
_kerberos._tcp.empresa.com.br service = 0 100 88 samba4-dc2.empresa.com.br.
Checking file: /etc/hosts
192.168.1.22 samba4-dc2.empresa.com.br samba4-dc2
192.168.1.20 samba4-dc1.empresa.com.br samba4-dc1
so as far i can tell/see you need to fix some things in your resolving because where is DC1 (samba4-dc1.empresa.com.br)
it looks like its registered under the name samba4-dc1.gabcmt.eb.mil.br?
Can you colaberate more on this/check this. (samba4-dc1.gabcmt.eb.mil.br?)
and change your host files to this layout. : etc/hosts
127.0.0.1 localhost
192.168.1.20 samba4-dc1.empresa.com.br samba4-dc1
# The following lines are desirable for IPv6 capable hosts
::1 localhost ip6-localhost ip6-loopback
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters
Greetz,
Louis
________________________________
Van: Marcio Demetrio Bacci [mailto:marciobacci at gmail.com]
Verzonden: vrijdag 23 augustus 2019 12:52
Aan: Rowland penny; L.P.H. van Belle
CC: sambalist
Onderwerp: Re: [Samba] Erros in Samba 4 DC
Hi,
Now I installed acl package in DC 2.
Follows the result of the scripts executed on both DCs:
DC 1
Collected config --- 2019-08-23-07:36 -----------
Hostname: samba4-dc1
DNS Domain: empresa.com.br
FQDN: samba4-dc1.empresa.com.br
ipaddress: 192.168.1.20
-----------
Kerberos SRV _kerberos._tcp.empresa.com.br record verified ok, sample output:
Server: 192.168.1.20
Address: 192.168.1.20#53
_kerberos._tcp.empresa.com.br service = 0 100 88 samba4-dc1.gabcmt.eb.mil.br.
_kerberos._tcp.empresa.com.br service = 0 100 88 samba4-dc2.empresa.com.br.
Samba is running as an AD DC
-----------
Checking file: /etc/os-release
PRETTY_NAME="Debian GNU/Linux 9 (stretch)"
NAME="Debian GNU/Linux"
VERSION_ID="9"
VERSION="9 (stretch)"
ID=debian
HOME_URL="https://www.debian.org/"
SUPPORT_URL="https://www.debian.org/support"
BUG_REPORT_URL="https://bugs.debian.org/"
-----------
This computer is running Debian 9.9 x86_64
-----------
running command : ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group defaul t qlen 1
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet MailScanner warning: numerical links are often malicious: 127.0.0.1/8 <http://127.0.0.1/8> scope host lo
inet6 ::1/128 scope host
2: ens2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP gr oup default qlen 1000
link/ether 52:54:00:00:01:20 brd ff:ff:ff:ff:ff:ff
inet MailScanner warning: numerical links are often malicious: 192.168.1.20/16 <http://192.168.1.20/16> brd 192.168.255.255 scope global ens2
inet6 fe80::5054:ff:fe00:120/64 scope link
-----------
Checking file: /etc/hosts
192.168.1.20 samba4-dc1.empresa.com.br samba4-dc1
-----------
Checking file: /etc/resolv.conf
#domain empresa.com.br
search empresa.com.br
nameserver 192.168.1.20
-----------
Checking file: /etc/krb5.conf
[libdefaults]
dns_lookup_realm = false
dns_lookup_kdc = true
default_realm = EMPRESA.COM.BR
-----------
Checking file: /etc/nsswitch.conf
# /etc/nsswitch.conf
#
# Example configuration of GNU Name Service Switch functionality.
# If you have the `glibc-doc-reference' and `info' packages installed, try:
# `info libc "Name Service Switch"' for information about this file.
passwd: compat
group: compat
shadow: compat
gshadow: files
hosts: files dns
networks: files
protocols: db files
services: db files
ethers: db files
rpc: db files
netgroup: nis
-----------
Checking file: /etc/samba/smb.conf
# Global parameters
[global]
netbios name = SAMBA4-DC1
realm = EMPRESA.COM.BR
workgroup = EMPRESA
server role = active directory domain controller
dns forwarder = 192.168.1.1 192.168.1.2
dns update command = /usr/sbin/samba_dnsupdate --use-samba-tool
ldap server require strong auth = no
[netlogon]
path = /var/lib/samba/sysvol/empresa.com.br/scripts
read only = No
[sysvol]
path = /var/lib/samba/sysvol
read only = No
-----------
BIND_DLZ not detected in smb.conf
-----------
Installed packages:
ii acl 2.2.52-3+b1 amd64 Access control list utilities
ii attr 1:2.4.47-2+b2 amd64 Utilities for manipulating filesystem extended attributes
ii krb5-config 2.6 all Configuration files for Kerberos Version 5
ii krb5-locales 1.15-1+deb9u1 all internationalization support for MIT Kerberos
ii krb5-user 1.15-1+deb9u1 amd64 basic programs to authenticate using MIT Kerberos
ii libacl1:amd64 2.2.52-3+b1 amd64 Access control list shared library
ii libacl1-dev 2.2.52-3+b1 amd64 Access control list static libraries and headers
ii libattr1:amd64 1:2.4.47-2+b2 amd64 Extended attribute shared library
ii libattr1-dev:amd64 1:2.4.47-2+b2 amd64 Extended attribute static libraries and headers
ii libgssapi-krb5-2:amd64 1.15-1+deb9u1 amd64 MIT Kerberos runtime libraries - krb5 GSS-API Mechanism
ii libkrb5-3:amd64 1.15-1+deb9u1 amd64 MIT Kerberos runtime libraries
ii libkrb5support0:amd64 1.15-1+deb9u1 amd64 MIT Kerberos runtime libraries - Support library
ii libnss-winbind:amd64 2:4.5.16+dfsg-1+deb9u2 amd64 Samba nameservice integration plugins
ii libpam-krb5:amd64 4.7-4 amd64 PAM module for MIT Kerberos
ii libpam-winbind:amd64 2:4.5.16+dfsg-1+deb9u2 amd64 Windows domain authentication integration plugin
ii libwbclient0:amd64 2:4.5.16+dfsg-1+deb9u2 amd64 Samba winbind client library
ii python-samba 2:4.5.16+dfsg-1+deb9u2 amd64 Python bindings for Samba
ii samba 2:4.5.16+dfsg-1+deb9u2 amd64 SMB/CIFS file, print, and login server for Unix
ii samba-common 2:4.5.16+dfsg-1+deb9u2 all common files used by both the Samba server and client
ii samba-common-bin 2:4.5.16+dfsg-1+deb9u2 amd64 Samba common files used by both the server and the client
ii samba-dsdb-modules 2:4.5.16+dfsg-1+deb9u2 amd64 Samba Directory Services Database
ii samba-libs:amd64 2:4.5.16+dfsg-1+deb9u2 amd64 Samba core libraries
ii samba-vfs-modules 2:4.5.16+dfsg-1+deb9u2 amd64 Samba Virtual FileSystem plugins
ii winbind 2:4.5.16+dfsg-1+deb9u2 amd64 service to resolve user and group information from Windows NT servers
-----------
root at samba4-dc1:~#
################################################################################
DC 2
Please wait, collecting debug info.
Password for Administrator at EMPRESA.COM.BR:
grep: : Arquivo ou diretório não encontrado
Load smb config files from /etc/samba/smb.conf
rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384)
Processing section "[netlogon]"
Processing section "[sysvol]"
Loaded services file OK.
Server role: ROLE_ACTIVE_DIRECTORY_DC
The debug info about your system can be found in this file: /tmp/samba-debug-inf o.txt
Please check this and if required, sanitise it.
Then copy & paste it into an email to the samba list
Do not attach it to the email, the Samba mailing list strips attachments.
root at samba4-dc2:~# cat /tmp/samba-debug-info.txt
Collected config --- 2019-08-23-07:33 -----------
Hostname: samba4-dc2
DNS Domain: empresa.com.br
FQDN: samba4-dc2.empresa.com.br
ipaddress: 192.168.1.22
-----------
Kerberos SRV _kerberos._tcp.empresa.com.br record verified ok, sample output:
Server: 192.168.1.20
Address: 192.168.1.20#53
_kerberos._tcp.empresa.com.br service = 0 100 88 samba4-dc1.gabcmt.eb.mil.br.
_kerberos._tcp.empresa.com.br service = 0 100 88 samba4-dc2.empresa.com.br.
You are running Samba as DC, but nmbd is also running
This is not allowed, please stop 'nmbd' from running
Checking file: /etc/os-release
PRETTY_NAME="Debian GNU/Linux 9 (stretch)"
NAME="Debian GNU/Linux"
VERSION_ID="9"
VERSION="9 (stretch)"
ID=debian
HOME_URL="https://www.debian.org/"
SUPPORT_URL="https://www.debian.org/support"
BUG_REPORT_URL="https://bugs.debian.org/"
-----------
This computer is running Debian 9.9 x86_64
-----------
running command : ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group defaul t qlen 1
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet MailScanner warning: numerical links are often malicious: 127.0.0.1/8 <http://127.0.0.1/8> scope host lo
inet6 ::1/128 scope host
2: ens2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP gr oup default qlen 1000
link/ether 52:54:00:00:01:22 brd ff:ff:ff:ff:ff:ff
inet MailScanner warning: numerical links are often malicious: 192.168.1.22/16 <http://192.168.1.22/16> brd 192.168.255.255 scope global ens2
inet6 fe80::5054:ff:fe00:122/64 scope link
-----------
Checking file: /etc/hosts
192.168.1.22 samba4-dc2.empresa.com.br samba4-dc2
192.168.1.20 samba4-dc1.empresa.com.br samba4-dc1
-----------
Checking file: /etc/resolv.conf
#domain empresa.com.br
search empresa.com.br
#nameserver 10.133.84.135
nameserver 192.168.1.20
nameserver 192.168.1.22
-----------
Checking file: /etc/krb5.conf
[libdefaults]
dns_lookup_realm = false
dns_lookup_kdc = true
default_realm =EMPRESA.COM.BR
-----------
Checking file: /etc/nsswitch.conf
# /etc/nsswitch.conf
#
# Example configuration of GNU Name Service Switch functionality.
# If you have the `glibc-doc-reference' and `info' packages installed, try:
# `info libc "Name Service Switch"' for information about this file.
passwd: compat
group: compat
shadow: compat
gshadow: files
hosts: files dns
networks: files
protocols: db files
services: db files
ethers: db files
rpc: db files
netgroup: nis
-----------
Warning, does not exist
-----------
Installed packages:
ii acl 2.2.52-3+b1 amd64 Access control list utilities
ii attr 1:2.4.47-2+b2 amd64 Utilities for manipulating filesystem extended attributes
ii krb5-config 2.6 all Configuration files for Kerberos Version 5
ii krb5-locales 1.15-1+deb9u1 all internationalization support for MIT Kerberos
ii krb5-user 1.15-1+deb9u1 amd64 basic programs to authenticate using MIT Kerberos
ii libacl1:amd64 2.2.52-3+b1 amd64 Access control list shared library
ii libattr1:amd64 1:2.4.47-2+b2 amd64 Extended attribute shared library
ii libgssapi-krb5-2:amd64 1.15-1+deb9u1 amd64 MIT Kerberos runtime libraries - krb5 GSS-API Mechanism
ii libkrb5-3:amd64 1.15-1+deb9u1 amd64 MIT Kerberos runtime libraries
ii libkrb5support0:amd64 1.15-1+deb9u1 amd64 MIT Kerberos runtime libraries - Support library
ii libwbclient0:amd64 2:4.5.16+dfsg-1+deb9u2 amd64 Samba winbind client library
ii python-samba 2:4.5.16+dfsg-1+deb9u2 amd64 Python bindings for Samba
ii samba 2:4.5.16+dfsg-1+deb9u2 amd64 SMB/CIFS file, print, and login server for Unix
ii samba-common 2:4.5.16+dfsg-1+deb9u2 all common files used by both the Samba server and client
ii samba-common-bin 2:4.5.16+dfsg-1+deb9u2 amd64 Samba common files used by both the server and the client
ii samba-dsdb-modules 2:4.5.16+dfsg-1+deb9u2 amd64 Samba Directory Services Database
ii samba-libs:amd64 2:4.5.16+dfsg-1+deb9u2 amd64 Samba core libraries
ii samba-vfs-modules 2:4.5.16+dfsg-1+deb9u2 amd64 Samba Virtual FileSystem plugins
ii winbind 2:4.5.16+dfsg-1+deb9u2 amd64 service to resolve user and group information from Windows NT servers
-----------
Regards,
Márcio Bacci
Em sex, 23 de ago de 2019 às 04:41, Rowland penny via samba <samba at lists.samba.org> escreveu:
On 23/08/2019 00:11, Marcio Demetrio Bacci wrote:
> Hi,
>
> >Are you using Bind9, if so, post your named.conf files (the ones from
> /etc/bind)
> No, I'm using DNS Internal.
>
>
> >Is winbind installed ?
> No, because the Samba tutorial said that for DC it was not necessary.
Which Samba tutorial ?
Please install it.
Rowland
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
More information about the samba
mailing list