[Samba] Doman join issues

L.P.H. van Belle belle at bazuin.nl
Mon May 6 12:26:55 UTC 2019 

Hai Praveen, 

Why are you installing the needed build set to build samba while your installing packages. 
Thats an overkill in packages. 

All you need is this for AD DC with bind9_DLZ and time service:
apt install samba winbind  ntp bind9 binutils ldb-tools krb5-user libnss-winbind libpam-winbind

If this is the base for a new AD-DC setup/network, then i say format it. ( yes sorry.. ) 

Start over. 

Now, read : https://github.com/thctlo/samba4/blob/master/full-howto-Ubuntu18.04-samba-AD_DC.txt 
That works and is well tested. 

And if you hit an error, mail the list, i'll have a look at it. 


Greetz, 

Louis


> -----Oorspronkelijk bericht-----
> Van: samba [mailto:samba-bounces at lists.samba.org] Namens 
> Praveen Ghimire via samba
> Verzonden: maandag 6 mei 2019 13:12
> Aan: 'Rowland Penny'
> CC: samba at lists.samba.org
> Onderwerp: Re: [Samba] Doman join issues
> 
> Hi Rowland,
> 
> Sorry about the confusion. It is Ubuntu 18.04 with Samba 4.7.6
> 
> I have a script that installs the following
> 
> apt-get install -y acl attr autoconf bind9utils bison 
> build-essential \
>   debhelper dnsutils docbook-xml docbook-xsl flex gdb libjansson-dev \
>   libacl1-dev libaio-dev libarchive-dev libattr1-dev 
> libblkid-dev libbsd-dev \
>   libcap-dev libcups2-dev libgnutls28-dev libjson-perl \
>   libldap2-dev libncurses5-dev libpam0g-dev libparse-yapp-perl \
>   libpopt-dev libreadline-dev nettle-dev perl perl-modules 
> pkg-config \
>   python-all-dev python-crypto python-dbg python-dev 
> python-dnspython \
>   python3-dnspython python-markdown python3-markdown \
>   python3-dev xsltproc zlib1g-dev liblmdb-dev lmdb-utils 
> libnss-winbind
> apt-get install -y krb5-user
> apt-get install -y python-gpgme python3-gpgme
> 
> I found that the python-gpgme and pythom3-gpgme gave error 
> about dependencies. Apart from I am just installing samba, 
> samba-common and bind9
> 
> The current production server (non-AD) is running Ubuntu 
> 16.04 (Samba 4.3.11). Our plan is to run up a new Ubuntu 
> 18.04 server ,transfer the config.  Then let the server run 
> for a few days to make sure everything works fine 
> pre-migration. Then migrate to AD
> 
> I have been testing the above in an Ubuntu 18.04 environment. 
> It seems to work i.e. joining machines to domain, accessing 
> shares etc. I then run the classicupgrade. The issues I've 
> highlighted is post the classicupgrade.
> 
> To classicupgrade, I followed the document about the upgrade. 
> Basically check duplicate RIDs, remove well know group etc. 
> Then run the following
> https://wiki.samba.org/index.php/Migrating_a_Samba_NT4_Domain_
to_Samba_AD_(Classic_Upgrade)
> 
> 
> samba-tool domain classicupgrade 
> --dbdir=/var/lib/samba.PDC/dbdir ....... choosing BIND_DLZ
> 
> I've stopped UFW and disabled apparmor
> 
> 
> Regards,
> Praveen Ghimire
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> -----Original Message-----
> From: samba [mailto:samba-bounces at lists.samba.org] On Behalf 
> Of Rowland Penny via samba
> Sent: Monday, 6 May 2019 8:26 PM
> To: samba at lists.samba.org
> Subject: Re: [Samba] Doman join issues
> 
> On Mon, 6 May 2019 09:47:44 +0000
> Praveen Ghimire via samba <samba at lists.samba.org> wrote:
> 
> > Hi Louis,
> > 
> > Thank you for that.
> > 
> > I don’t have a /var/lib/samba/bind-dns/dns/ , only have 
> > /var/lib/samba/private/dns.
> > 
> > Apparmor is now stopped and masked. I had masked the smbd and nmbd 
> > post the migration, have masked the winbind now.
> > 
> > Have edited samba and bind as per your suggestion, changed the 
> > named.conf.options and krb5.conf
> > 
> > Rebooted the server post the changes and tried to join a windows 7 
> > machine again, same message in the logs. I used my account this time
> > 
> > I suspect an issue here, especially the last line. This is from the
> > log.192.168.14.153 (samba log)
> > 
> > Adding homes service for user 'LIN\pghimire' using home directory:
> > '/home/LIN/pghimire' get_auth_event_server: Failed to find 
> > 'auth_event' registered on the message bus to send JSON 
> authentication 
> > events to: NT_STATUS_OBJECT_NAME_NOT_FOUND [2019/05/06 
> > 09:39:15.172941, 2] 
> > ../source3/modules/vfs_acl_xattr.c:236(connect_acl_xattr)
> > connect_acl_xattr: setting 'inherit acls = true' 'dos 
> filemode = true' 
> > and 'force unknown acl user = true' for service IPC$
> > [2019/05/06 09:39:15.174415,
> > 4] ../source3/smbd/sec_ctx.c:320(set_sec_ctx_internal) 
> setting sec ctx 
> > (1153, 100) - sec_ctx_stack_ndx = 0 [2019/05/06 09:39:15.174700, 0] 
> > ../source3/lib/util.c:815(smb_panic_s3) PANIC (pid 351):
> > sys_setgroups failed
> > 
> > 
> 
> You originally posted you are using Ubuntu 18.04, was this a typo:
> 
> Samba Version 4.6.7
> 
> Should it have been 4.7.6 ?
> 
> You shouldn't be getting a panic, is anything getting in the way ?
> I would stop Aparmor and any firewall, double check you have 
> all the required packages installed.
> You mentioned that you started this as a migration, but from what ?
> Did you run the classicupgrade tool and if so how ?
> Did you provision a new domain and if so how ?
> Did you do something else ??
> 
> Rowland
> 
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
> 
> ______________________________________________________________________
> This email has been scanned by the Symantec Email 
> Security.cloud service.
> For more information please visit 
> http://www.symanteccloud.com 
> ______________________________________________________________________
> -- 
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
> 
>

More information about the samba mailing list