[Samba] debian 10: errors with my server samba-ad

nathalie ramat nathalie.ramat at univ-littoral.fr
Mon May 13 09:19:11 UTC 2019 

Hello,

Sorry for my english and for this very long email.


I want to create samba-ad server with the package debian buster.
I have follow the url :

https://github.com/thctlo/samba4/blob/master/howtos/stretch-base-2.0-samba-minimal-ad.txt  



I have generated mon samba ad with the following command :

samba-tool domain provision --use-rfc2307 --interactive
Realm [LENZSPITZE2.CALAIS.FR]:
Domain [LENZSPITZE2]:
Server Role (dc, member, standalone) [dc]:  dc
DNS backend (SAMBA_INTERNAL, BIND9_FLATFILE, BIND9_DLZ, NONE) [SAMBA_INTERNAL]:  BIND9_DLZ
Administrator password:
Retype password:
Looking up IPv4 addresses
Looking up IPv6 addresses
No IPv6 address will be assigned
Setting up secrets.ldb
Setting up the registry
Setting up the privileges database
Setting up idmap db
Setting up SAM db
Setting up sam.ldb partitions and settings
Setting up sam.ldb rootDSE
Pre-loading the Samba 4 and AD schema
*Unable to determine the DomainSID, can not enforce uniqueness 
constraint on local domainSIDs*

Adding DomainDN: DC=lenzspitze2,DC=calais,DC=fr
Adding configuration container
Setting up sam.ldb schema
Setting up sam.ldb configuration data
Setting up display specifiers
Modifying display specifiers and extended rights
Adding users container
Modifying users container
Adding computers container
Modifying computers container
Setting up sam.ldb data
Setting up well known security principals
Setting up sam.ldb users and groups
Setting up self join
Adding DNS accounts
Creating CN=MicrosoftDNS,CN=System,DC=lenzspitze2,DC=calais,DC=fr
Creating DomainDnsZones and ForestDnsZones partitions
Populating DomainDnsZones and ForestDnsZones partitions
BIND version unknown, please modify /var/lib/samba/bind-dns/named.conf manually.
See /var/lib/samba/bind-dns/named.conf for an example configuration include file for BIND
and /var/lib/samba/bind-dns/named.txt for further documentation required for secure DNS updates
Setting up sam.ldb rootDSE marking as synchronized
Fixing provision GUIDs
A Kerberos configuration suitable for Samba AD has been generated at /var/lib/samba/private/krb5.conf
Merge the contents of this file with your system krb5.conf or replace it with this one. Do not create a symlink!
Setting up fake yp server settings
Once the above files are installed, your Samba AD server will be ready to use
Server Role:           active directory domain controller
Hostname:              debiantest
NetBIOS Domain:        LENZSPITZE2
DNS Domain:            lenzspitze2.calais.fr
DOMAIN SID:            S-1-5-21-114952022-3178926164-3586775662


I don't understand why I have

*Unable to determine the DomainSID, can not enforce uniqueness 
constraint on local domainSIDs *but the provision was generated correctly apparently**and give me SID  for my domain.
**when I execute /usr/sbin/samba -i I have the following errors

samba version 4.9.5-Debian started.
Copyright Andrew Tridgell and the Samba Team 1992-2018
binary_smbd_main: samba: using 'standard' process model
/usr/sbin/smbd: smbd version 4.9.5-Debian started.
/usr/sbin/smbd: Copyright Andrew Tridgell and the Samba Team 1992-2018
/usr/sbin/smbd: INFO: Profiling support unavailable in this build.
/usr/sbin/winbindd: winbindd version 4.9.5-Debian started.
/usr/sbin/winbindd: Copyright Andrew Tridgell and the Samba Team 1992-2018
/usr/sbin/winbindd: initialize_winbindd_cache: clearing cache and re-creating with version number 2
/usr/sbin/winbindd: daemon_ready: STATUS=daemon 'winbindd' finished starting up and ready to serve connections
../source4/dsdb/dns/dns_update.c:330: Failed DNS update - with error code 4
/usr/sbin/smbd: daemon_ready: STATUS=daemon 'smbd' finished starting up and ready to serve connections
/usr/sbin/smbd: Failed to fetch record!
/usr/sbin/smbd: send_all_fn: messaging_send_buf to 8012 failed: NT_STATUS_OBJECT_NAME_NOT_FOUND
/usr/sbin/smbd: send_all_fn: messaging_send_buf to 3141 failed: NT_STATUS_OBJECT_NAME_NOT_FOUND
/usr/sbin/smbd: send_all_fn: messaging_send_buf to 8019 failed: NT_STATUS_OBJECT_NAME_NOT_FOUND
/usr/sbin/smbd: send_all_fn: messaging_send_buf to 7840 failed: NT_STATUS_OBJECT_NAME_NOT_FOUND
/usr/sbin/smbd: send_all_fn: messaging_send_buf to 3181 failed: NT_STATUS_OBJECT_NAME_NOT_FOUND
/usr/sbin/smbd: send_all_fn: messaging_send_buf to 7872 failed: NT_STATUS_OBJECT_NAME_NOT_FOUND
/usr/sbin/smbd: send_all_fn: messaging_send_buf to 7843 failed: NT_STATUS_OBJECT_NAME_NOT_FOUND
/usr/sbin/smbd: send_all_fn: messaging_send_buf to 8020 failed: NT_STATUS_OBJECT_NAME_NOT_FOUND
/usr/sbin/smbd: send_all_fn: messaging_send_buf to 7850 failed: NT_STATUS_OBJECT_NAME_NOT_FOUND
/usr/sbin/smbd: send_all_fn: messaging_send_buf to 5986 failed: NT_STATUS_OBJECT_NAME_NOT_FOUND
/usr/sbin/smbd: send_all_fn: messaging_send_buf to 7896 failed: NT_STATUS_OBJECT_NAME_NOT_FOUND
/usr/sbin/smbd: send_all_fn: messaging_send_buf to 5984 failed: NT_STATUS_OBJECT_NAME_NOT_FOUND
/usr/sbin/smbd: send_all_fn: messaging_send_buf to 3128 failed: NT_STATUS_OBJECT_NAME_NOT_FOUND
/usr/sbin/smbd: send_all_fn: messaging_send_buf to 8033 failed: NT_STATUS_OBJECT_NAME_NOT_FOUND
/usr/sbin/smbd: send_all_fn: messaging_send_buf to 3173 failed: NT_STATUS_OBJECT_NAME_NOT_FOUND
/usr/sbin/smbd: send_all_fn: messaging_send_buf to 3189 failed: NT_STATUS_OBJECT_NAME_NOT_FOUND
/usr/sbin/smbd: send_all_fn: messaging_send_buf to 7879 failed: NT_STATUS_OBJECT_NAME_NOT_FOUND
/usr/sbin/smbd: send_all_fn: messaging_send_buf to 7837 failed: NT_STATUS_OBJECT_NAME_NOT_FOUND
/usr/sbin/smbd: send_all_fn: messaging_send_buf to 5989 failed: NT_STATUS_OBJECT_NAME_NOT_FOUND
/usr/sbin/smbd: send_all_fn: messaging_send_buf to 5982 failed: NT_STATUS_OBJECT_NAME_NOT_FOUND
/usr/sbin/smbd: send_all_fn: messaging_send_buf to 3190 failed: NT_STATUS_OBJECT_NAME_NOT_FOUND
/usr/sbin/smbd: send_all_fn: messaging_send_buf to 7849 failed: NT_STATUS_OBJECT_NAME_NOT_FOUND
/usr/sbin/smbd: send_all_fn: messaging_send_buf to 3107 failed: NT_STATUS_OBJECT_NAME_NOT_FOUND
/usr/sbin/smbd: send_all_fn: messaging_send_buf to 8006 failed: NT_STATUS_OBJECT_NAME_NOT_FOUND
/usr/sbin/smbd: send_all_fn: messaging_send_buf to 3139 failed: NT_STATUS_OBJECT_NAME_NOT_FOUND
/usr/sbin/smbd: send_all_fn: messaging_send_buf to 3094 failed: NT_STATUS_OBJECT_NAME_NOT_FOUND
/usr/sbin/smbd: send_all_fn: messaging_send_buf to 3140 failed: NT_STATUS_OBJECT_NAME_NOT_FOUND
/usr/sbin/smbd: send_all_fn: messaging_send_buf to 8034 failed: NT_STATUS_OBJECT_NAME_NOT_FOUND
/usr/sbin/smbd: send_all_fn: messaging_send_buf to 8032 failed: NT_STATUS_OBJECT_NAME_NOT_FOUND
Doing a full scan on DC=ForestDnsZones,DC=lenzspitze2,DC=calais,DC=fr and looking for deleted objects
Doing a full scan on DC=DomainDnsZones,DC=lenzspitze2,DC=calais,DC=fr and looking for deleted objects
Doing a full scan on CN=Configuration,DC=lenzspitze2,DC=calais,DC=fr and looking for deleted objects
Doing a full scan on DC=lenzspitze2,DC=calais,DC=fr and looking for deleted objects
**
Perharps ,the daemon smbd can't acces a .tdb file ? because of my first mistabke ? a file has not been created ?

*/usr/sbin/smbd: Failed to fetch record! /usr/sbin/smbd: send_all_fn: 
messaging_send_buf to 8012 failed: NT_STATUS_OBJECT_NAME_NOT_FOUND*

  
But when  i execute the command getent passwd administrator
I get a good response

LENZSPITZE2\administrator:*:0:100::/home/LENZSPITZE2/administrator:/bin/bash


I give my  smb.conf generated by the provision :

# Global parameters
[global]
	netbios name = DEBIANTEST
	realm = LENZSPITZE2.CALAIS.FR
	server role = active directory domain controller
	server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc, drepl, winbindd, ntp_signd, kcc, dnsupdate
	workgroup = LENZSPITZE2
	idmap_ldb:use rfc2307 = yes
	log level = 1
	log file = /var/log/samba/log.%m
	max log size = 1000
	template shell = /bin/bash
	
	
	
[netlogon]
	path = /var/lib/samba/sysvol/lenzspitze2.calais.fr/scripts
	read only = No

[sysvol]
	path = /var/lib/samba/sysvol
	read only = No



When  i execute  nslookup debiantest.lenzspitze2.calais.fr  I get get this response

Server:		192.168.22.37
Address:	192.168.22.37#53

Name:	debiantest.lenzspitze2.calais.fr
Address: 192.168.22.37

I think my dns work.


When I run   smbclient -L localhost -U administrator
Enter LENZSPITZE2\administrator's password:

	Sharename       Type      Comment
	---------       ----      -------
	netlogon        Disk
	sysvol          Disk
	IPC$            IPC       IPC Service (Samba 4.9.5-Debian)
Reconnecting with SMB1 for workgroup listing.

	Server               Comment
	---------            -------

	Workgroup            Master
	---------            -------


I don't have any information for my server.

I think I have more errors on my configuration - but I can not find the errors .
Can you help me to find and understand my errors.


Thank you for your help


-- 
Nathalie RAMAT-LECLERCQ

Service Informatique

Universite du Littoral-Côte d'Opale
SCoSI - Service Commun du Système d'Information
Pôle Systèmes et réseaux

Centre de Gestion Universitaire de Calais
50 rue ferdinand Buisson
C.S 80699
62228 CALAIS CEDEX

More information about the samba mailing list