[Samba] Please help with Samba AD DC after restore from backup

Sun May 26 17:53:27 UTC 2019

On 26/05/2019 18:28, Viktor Trojanovic via samba wrote:
> Small update: I added "lo" to the interfaces in smb.conf, now smbclient
> works also on localhost. But both the other problems remain as described
> for now.
>
> On Sun, 26 May 2019 at 19:17, Viktor Trojanovic <viktor at troja.ch> wrote:
>
>> I just did a restore of a backed up Samba DC and as feared, I'm running
>> into issues that have kept me for hours on this already.
>>
>> Everything seems fine at first sight. The daemon (samba-ad-dc, 4.10, on
>> Ubuntu Bionic) starts properly and without error messages in any log, even
>> with increased level 3. Most of the typical testing and troubleshooting
>> commands give the correct output.
>>
>> Specifically, all the host commands mentioned in the wiki work, so
>> (internal) DNS seems to work fine. kinit and klist work, too, so I guess
>> Kerberos is set up correctly. What doesn't seem to work fully, however, is
>> the file server.
>>
>> I can run
>>
>> smbclient -L DC1 -U%
>>
>> just fine. But when I switch DC1 for localhost, I get an error message.
>>
>> Connection to localhost failed (Error NT_STATUS_CONNECTION_REFUSED)
>>
>> I'm not sure if it matters, but no matter if I choose localhost or DC1, it
>> also says "Unable to initialize messaging context". I couldn't find a clear
>> reference as to what this means.
>>
>> What I further noticed is that I cannot seem to access "DC1" from other
>> stations. I can ping the address 192.168.1.1, but running "nslookup DC1"
>> gives an error
>>
>> ** server can't find dc1: SERVFAIL
>>
>> It seems to me as if most of the DC is working fine but one element is
>> screwed up. Hopefully someone can guide me in the right direction to solve
>> this.
>>
>> /etc/samba/smb.conf
>> [global]
>> workgroup = SAMDOM
>> realm = SAMDOM.EXAMPLE.COM
>> netbios name = DC1
>> server role = active directory domain controller
>> dns forwarder = 8.8.8.8
>> idmap_ldb:use rfc2307 = yes
>> interfaces = eth0
>> bind interfaces only = Yes
>> tls enabled = no
>>          log level = 3
>>
>> [netlogon]
>> path = /var/lib/samba/sysvol/samdom.example.com/scripts
>> read only = No
>> acl_xattr:ignore system acls = yes
>>
>> [sysvol]
>> path = /var/lib/samba/sysvol
>> read only = No
>> acl_xattr:ignore system acls = yes
>>
>> /etc/hosts
>> 127.0.0.1 localhost
>> 192.168.1.1 dc1.samdom.example.com dc1
>>
>> /etc/hostname
>> DC1
>>
>> /etc/resolv.conf
>> nameserver 192.168.1.1
>> search samdom.example.com
>>
>>
>>
Everything looks okay, just a few thoughts/comments

You get 'Unable to initialize messaging context' if you are not root 
when running smbclient.

Is the time on the DC correct ?

Why do you have 'tls enabled = no' ?

I know you have restored Samba from a backup, but what about the OS, is 
everything exactly the same as before you needed to restore ?

Have you checked if the dns server is actually running on port 53 and if 
something is, that it is the DC and not something else ?

Rowland