[Samba] Teo En Ming's Manual for Setting Up Samba 4.11.6 and CentOS 8.1 (1911) Linux Server QEMU/KVM Virtual Machine as an Active Directory Domain Controller (AD DC)
Turritopsis Dohrnii Teo En Ming
ceo at teo-en-ming-corp.com
Sat Feb 15 06:14:15 UTC 2020
Subject: Teo En Ming's Manual for Setting Up Samba 4.11.6 and CentOS 8.1 (1911) Linux Server QEMU/KVM Virtual Machine as an Active Directory Domain Controller (AD DC)
Subject: Teo En Ming's Manual for Setting Up Samba 4.11.6 and CentOS 8.1 (1911) Linux Server QEMU/KVM Virtual Machine as an Active Directory Domain Controller (AD DC)
PUBLISHED 15 FEB 2020 SATURDAY, SINGAPORE, SINGAPORE, SINGAPORE
This manual/guide is meant for small and medium businesses (SMB) which do not want to spend a lot of money on Windows Server 2016/2019 licensing.
REFERENCE GUIDE
===============
Guide: Setting up Samba as an Active Directory Domain Controller
Link: https://wiki.samba.org/index.php/Setting_up_Samba_as_an_Active_Directory_Domain_Controller
EXTREMELY DETAILED INSTRUCTIONS OF TEO EN MING'S MANUAL
=======================================================
Starting CentOS 8.1 (1911) Linux Server QEMU/KVM Virtual Machine on Ubuntu 18.04.3 LTS Desktop Host
===================================================================================================
Virtual Machine Manager (virt-manager) depends on libvirtd service.
$ sudo systemctl start libvirtd.service
Start the Virtual Machine Manager.
$ sudo virt-manager
Select the CentOS 8.1 QEMU/KVM virtual machine and click "Power on the virtual machine".
REFERENCE GUIDE
===============
Guide: ENABLING HOST-GUEST NETWORKING WITH KVM, MACVLAN AND MACVTAP
Link: https://www.furorteutonicus.eu/2013/08/04/enabling-host-guest-networking-with-kvm-macvlan-and-macvtap/
Still on the Ubuntu 18.04.3 LTS Desktop host.
$ nano /home/teo-en-ming/macvlan.sh
#!/bin/bash
# Adapted by Teo En Ming on 14 Feb 2020 Friday (Valentine's Day in Singapore).
# let host and guests talk to each other over macvlan
# configures a macvlan interface on the hypervisor
# run this on the hypervisor (e.g. in /etc/rc.local)
# made for IPv4; need modification for IPv6
# meant for a simple network setup with only eth0 or enp5s0 on the host,
# and a static (manual) ip config
# Original Author: Evert Mouw, 2013 (European Union)
#HWLINK=eth0
HWLINK=enp5s0
MACVLN=macvlan0
TESTHOST=www.google.com
# ------------
# wait for network availability
# ------------
# IPv4 pings only
while ! ping -4 -q -c 1 $TESTHOST > /dev/null
do
echo "$0: Cannot ping $TESTHOST, waiting another 5 secs..."
sleep 5
done
# ------------
# get network config
# ------------
IP=$(ip address show dev $HWLINK | grep "inet " | awk '{print $2}')
NETWORK=$(ip -o route | grep $HWLINK | grep -v default | grep -v 169 | awk '{print $1}')
GATEWAY=$(ip -o route | grep default | awk '{print $3}')
# ------------
# setting up $MACVLN interface
# ------------
ip link add link $HWLINK $MACVLN type macvlan mode bridge
ip address add $IP dev $MACVLN
ip link set dev $MACVLN up
# ------------
# routing table
# ------------
# empty routes
ip route flush dev $HWLINK
ip route flush dev $MACVLN
# add routes
ip route add $NETWORK dev $MACVLN metric 0
# add the default gateway
ip route add default via $GATEWAY
===END OF LINUX SHELL SCRIPT===
$ sudo chmod +x /home/teo-en-ming/macvlan.sh
$ sudo /home/teo-en-ming/macvlan.sh
192.168.1.122 is the IP address (DHCP auto configuration) of the CentOS 8.1 Linux Server.
ssh into the CentOS 8.1 Linux Server.
ssh teo-en-ming at 192.168.1.122
PREPARING THE INSTALLATION ON CENTOS 8.1 LINUX SERVER
=====================================================
Setting hostname of CentOS 8.1 Linux Server.
============================================
# hostnamectl set-hostname dc1
To see the hostname:
# hostnamectl
Output:
Static hostname: dc1
Icon name: computer-vm
Chassis: vm
Machine ID: 668fdf5de7214d56be0ef8b65f7166e9
Boot ID: 5691a1a2dacd41c4ab5871d25885e138
Virtualization: kvm
Operating System: CentOS Linux 8 (Core)
CPE OS Name: cpe:/o:centos:centos:8
Kernel: Linux 4.18.0-147.el8.x86_64
Architecture: x86-64
How to set static IP address 192.168.1.10 on CentOS 8.1 Linux Server
====================================================================
# cd /etc/sysconfig/network-scripts/
# nano ifcfg-ens3
TYPE="Ethernet"
PROXY_METHOD="none"
BROWSER_ONLY="no"
BOOTPROTO="static"
DEFROUTE="yes"
IPV4_FAILURE_FATAL="no"
IPV6INIT="yes"
IPV6_AUTOCONF="yes"
IPV6_DEFROUTE="yes"
IPV6_FAILURE_FATAL="no"
IPV6_ADDR_GEN_MODE="stable-privacy"
NAME="ens3"
UUID="8e179c97-1388-48ee-a8be-d173ee3ff40c"
DEVICE="ens3"
ONBOOT="yes"
IPADDR="192.168.1.10"
PREFIX="24"
GATEWAY="192.168.1.1"
DNS1="8.8.8.8" ===>>> (IF YOU USE THIS LINE, NETWORK MANAGER WILL ALWAYS OVERWRITE /etc/resolv.conf, which is undesirable)
# reboot
ssh into CentOS 8.1 Linux Server with static IP address 192.168.1.10.
$ ssh teo-en-ming at 192.168.1.10
Check if Samba processes are running:
# ps ax | egrep "samba|smbd|nmbd|winbindd"
# nano /etc/hosts
Contents of file:
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
192.168.1.10 dc1.teo-en-ming.corp dc1
Backup the original /etc/krb5.conf
# mv /etc/krb5.conf /etc/krb5.conf.bak
INSTALLING SAMBA 4.11.6 ON CENTOS 8.1 LINUX SERVER QEMU/KVM VIRTUAL MACHINE
===========================================================================
REFERENCE GUIDE
===============
Guide: Build Samba from Source
Link: https://wiki.samba.org/index.php/Build_Samba_from_Source
Installing package dependencies before building Samba on CentOS 8.1 Linux Server.
# yum -y install dnf-plugins-core
# yum config-manager --set-enabled PowerTools
# yum install docbook-style-xsl gcc gdb gnutls-devel gpgme-devel jansson-devel
# yum install keyutils-libs-devel krb5-workstation libacl-devel libaio-devel
# yum install libarchive-devel libattr-devel libblkid-devel libtasn1 libtasn1-tools
# yum install libxml2-devel libxslt openldap-devel pam-devel perl
# yum install perl-ExtUtils-MakeMaker perl-Parse-Yapp popt-devel python3-cryptography
# yum install python3-dns python3-gpg python36-devel readline-devel rpcgen systemd-devel
# yum install tar zlib-devel
Compulsory Packages NOT installed at the moment:
lmdb-devel
Download Samba current stable release 4.11.6.
# wget https://download.samba.org/pub/samba/stable/samba-4.11.6.tar.gz
# tar -zxf samba-4.11.6.tar.gz
# cd samba-4.11.6/
# ./configure
Output:
Samba AD DC and --enable-selftest requires lmdb 0.9.16 or later
# yum install https://dl.fedoraproject.org/pub/epel/epel-release-latest-8.noarch.rpm
# yum install lmdb-devel
Run ./configure again.
# ./configure
Output:
'configure' finished successfully (42.262s)
Make full use of all 4 cores on my AMD Ryzen 3 3200G processor.
# make -j 4
Output:
Waf: Leaving directory `/root/samba-4.11.6/bin/default'
'build' finished successfully (9m24.396s)
# make install
Output:
Waf: Leaving directory `/root/samba-4.11.6/bin/default'
'install' finished successfully (2m58.171s)
# nano /etc/profile
Append the following line:
export PATH=$PATH:/usr/local/samba/bin/:/usr/local/samba/sbin/
PROVISIONING A SAMBA ACTIVE DIRECTORY DOMAIN CONTROLLER
=======================================================
Provisioning Samba AD DC in Interactive Mode.
The original intention was to use SAMBA_INTERNAL DNS backend.
# samba-tool domain provision --use-rfc2307 --interactive
Output:
Realm [TEO-EN-MING.CORP]: TEO-EN-MING.CORP
Domain [TEO-EN-MING]: TEO-EN-MING
Server Role (dc, member, standalone) [dc]: dc
DNS backend (SAMBA_INTERNAL, BIND9_FLATFILE, BIND9_DLZ, NONE) [SAMBA_INTERNAL]: SAMBA_INTERNAL
DNS forwarder IP address (write 'none' to disable forwarding) [8.8.8.8]: 8.8.8.8
Administrator password:
Retype password:
INFO 2020-02-14 22:56:13,700 pid:2609 /usr/local/samba/lib64/python3.6/site-packages/samba/provision/__init__.py #2128: Looking up IPv4 addresses
WARNING 2020-02-14 22:56:13,702 pid:2609 /usr/local/samba/lib64/python3.6/site-packages/samba/provision/__init__.py #2134: More than one IPv4 address found. Using 192.168.1.10
INFO 2020-02-14 22:56:13,702 pid:2609 /usr/local/samba/lib64/python3.6/site-packages/samba/provision/__init__.py #2145: Looking up IPv6 addresses
WARNING 2020-02-14 22:56:13,702 pid:2609 /usr/local/samba/lib64/python3.6/site-packages/samba/provision/__init__.py #2150: More than one IPv6 address found. Using 2401:7400:c802:de67::14c2
INFO 2020-02-14 22:56:14,152 pid:2609 /usr/local/samba/lib64/python3.6/site-packages/samba/provision/__init__.py #2319: Setting up share.ldb
INFO 2020-02-14 22:56:14,595 pid:2609 /usr/local/samba/lib64/python3.6/site-packages/samba/provision/__init__.py #2323: Setting up secrets.ldb
INFO 2020-02-14 22:56:14,848 pid:2609 /usr/local/samba/lib64/python3.6/site-packages/samba/provision/__init__.py #2329: Setting up the registry
INFO 2020-02-14 22:56:16,031 pid:2609 /usr/local/samba/lib64/python3.6/site-packages/samba/provision/__init__.py #2332: Setting up the privileges database
INFO 2020-02-14 22:56:16,721 pid:2609 /usr/local/samba/lib64/python3.6/site-packages/samba/provision/__init__.py #2335: Setting up idmap db
INFO 2020-02-14 22:56:17,155 pid:2609 /usr/local/samba/lib64/python3.6/site-packages/samba/provision/__init__.py #2342: Setting up SAM db
INFO 2020-02-14 22:56:17,263 pid:2609 /usr/local/samba/lib64/python3.6/site-packages/samba/provision/__init__.py #898: Setting up sam.ldb partitions and settings
INFO 2020-02-14 22:56:17,266 pid:2609 /usr/local/samba/lib64/python3.6/site-packages/samba/provision/__init__.py #910: Setting up sam.ldb rootDSE
INFO 2020-02-14 22:56:17,331 pid:2609 /usr/local/samba/lib64/python3.6/site-packages/samba/provision/__init__.py #1339: Pre-loading the Samba 4 and AD schema
Unable to determine the DomainSID, can not enforce uniqueness constraint on local domainSIDs
INFO 2020-02-14 22:56:17,548 pid:2609 /usr/local/samba/lib64/python3.6/site-packages/samba/provision/__init__.py #1417: Adding DomainDN: DC=teo-en-ming,DC=corp
INFO 2020-02-14 22:56:17,646 pid:2609 /usr/local/samba/lib64/python3.6/site-packages/samba/provision/__init__.py #1449: Adding configuration container
INFO 2020-02-14 22:56:17,722 pid:2609 /usr/local/samba/lib64/python3.6/site-packages/samba/provision/__init__.py #1464: Setting up sam.ldb schema
INFO 2020-02-14 22:56:21,121 pid:2609 /usr/local/samba/lib64/python3.6/site-packages/samba/provision/__init__.py #1482: Setting up sam.ldb configuration data
INFO 2020-02-14 22:56:21,263 pid:2609 /usr/local/samba/lib64/python3.6/site-packages/samba/provision/__init__.py #1523: Setting up display specifiers
INFO 2020-02-14 22:56:23,502 pid:2609 /usr/local/samba/lib64/python3.6/site-packages/samba/provision/__init__.py #1531: Modifying display specifiers and extended rights
INFO 2020-02-14 22:56:23,543 pid:2609 /usr/local/samba/lib64/python3.6/site-packages/samba/provision/__init__.py #1538: Adding users container
INFO 2020-02-14 22:56:23,545 pid:2609 /usr/local/samba/lib64/python3.6/site-packages/samba/provision/__init__.py #1544: Modifying users container
INFO 2020-02-14 22:56:23,547 pid:2609 /usr/local/samba/lib64/python3.6/site-packages/samba/provision/__init__.py #1547: Adding computers container
INFO 2020-02-14 22:56:23,549 pid:2609 /usr/local/samba/lib64/python3.6/site-packages/samba/provision/__init__.py #1553: Modifying computers container
INFO 2020-02-14 22:56:23,550 pid:2609 /usr/local/samba/lib64/python3.6/site-packages/samba/provision/__init__.py #1557: Setting up sam.ldb data
INFO 2020-02-14 22:56:23,695 pid:2609 /usr/local/samba/lib64/python3.6/site-packages/samba/provision/__init__.py #1587: Setting up well known security principals
INFO 2020-02-14 22:56:23,760 pid:2609 /usr/local/samba/lib64/python3.6/site-packages/samba/provision/__init__.py #1601: Setting up sam.ldb users and groups
INFO 2020-02-14 22:56:24,075 pid:2609 /usr/local/samba/lib64/python3.6/site-packages/samba/provision/__init__.py #1609: Setting up self join
Repacking database from v1 to v2 format (first record CN=ms-DS-Replication-Notify-First-DSA-Delay,CN=Schema,CN=Configuration,DC=teo-en-ming,DC=corp)
Repack: re-packed 10000 records so far
Repacking database from v1 to v2 format (first record CN=interSiteTransport-Display,CN=405,CN=DisplaySpecifiers,CN=Configuration,DC=teo-en-ming,DC=corp)
Repacking database from v1 to v2 format (first record CN=6bcd567f-8314-11d6-977b-00c04f613221,CN=Operations,CN=DomainUpdates,CN=System,DC=teo-en-ming,DC=corp)
INFO 2020-02-14 22:56:27,001 pid:2609 /usr/local/samba/lib64/python3.6/site-packages/samba/provision/sambadns.py #1138: Adding DNS accounts
INFO 2020-02-14 22:56:27,377 pid:2609 /usr/local/samba/lib64/python3.6/site-packages/samba/provision/sambadns.py #1172: Creating CN=MicrosoftDNS,CN=System,DC=teo-en-ming,DC=corp
INFO 2020-02-14 22:56:27,401 pid:2609 /usr/local/samba/lib64/python3.6/site-packages/samba/provision/sambadns.py #1185: Creating DomainDnsZones and ForestDnsZones partitions
INFO 2020-02-14 22:56:27,620 pid:2609 /usr/local/samba/lib64/python3.6/site-packages/samba/provision/sambadns.py #1190: Populating DomainDnsZones and ForestDnsZones partitions
Repacking database from v1 to v2 format (first record DC=f.root-servers.net,DC=RootDNSServers,CN=MicrosoftDNS,DC=DomainDnsZones,DC=teo-en-ming,DC=corp)
Repacking database from v1 to v2 format (first record DC=_ldap._tcp.dc,DC=_msdcs.teo-en-ming.corp,CN=MicrosoftDNS,DC=ForestDnsZones,DC=teo-en-ming,DC=corp)
INFO 2020-02-14 22:56:28,660 pid:2609 /usr/local/samba/lib64/python3.6/site-packages/samba/provision/__init__.py #2032: Setting up sam.ldb rootDSE marking as synchronized
INFO 2020-02-14 22:56:28,734 pid:2609 /usr/local/samba/lib64/python3.6/site-packages/samba/provision/__init__.py #2037: Fixing provision GUIDs
INFO 2020-02-14 22:56:29,720 pid:2609 /usr/local/samba/lib64/python3.6/site-packages/samba/provision/__init__.py #2395: A Kerberos configuration suitable for Samba AD has been generated at /usr/local/samba/private/krb5.conf
INFO 2020-02-14 22:56:29,720 pid:2609 /usr/local/samba/lib64/python3.6/site-packages/samba/provision/__init__.py #2396: Merge the contents of this file with your system krb5.conf or replace it with this one. Do not create a symlink!
INFO 2020-02-14 22:56:30,078 pid:2609 /usr/local/samba/lib64/python3.6/site-packages/samba/provision/__init__.py #2102: Setting up fake yp server settings
INFO 2020-02-14 22:56:30,277 pid:2609 /usr/local/samba/lib64/python3.6/site-packages/samba/provision/__init__.py #491: Once the above files are installed, your Samba AD server will be ready to use
INFO 2020-02-14 22:56:30,277 pid:2609 /usr/local/samba/lib64/python3.6/site-packages/samba/provision/__init__.py #495: Server Role: active directory domain controller
INFO 2020-02-14 22:56:30,278 pid:2609 /usr/local/samba/lib64/python3.6/site-packages/samba/provision/__init__.py #496: Hostname: dc1
INFO 2020-02-14 22:56:30,278 pid:2609 /usr/local/samba/lib64/python3.6/site-packages/samba/provision/__init__.py #497: NetBIOS Domain: TEO-EN-MING
INFO 2020-02-14 22:56:30,278 pid:2609 /usr/local/samba/lib64/python3.6/site-packages/samba/provision/__init__.py #498: DNS Domain: teo-en-ming.corp
INFO 2020-02-14 22:56:30,278 pid:2609 /usr/local/samba/lib64/python3.6/site-packages/samba/provision/__init__.py #499: DOMAIN SID: S-1-5-21-3028196010-72872391-2123559056
Configuring the DNS Resolver. Network Manager will keep overwriting /etc/resolv.conf. This problem will be resolved later.
# nano /etc/resolv.conf
Contents of file:
search teo-en-ming.corp
nameserver 192.168.1.10
REFERENCE GUIDE
===============
Guide: Managing the Samba AD DC Service Using Systemd
Link: https://wiki.samba.org/index.php/Managing_the_Samba_AD_DC_Service_Using_Systemd
# systemctl mask smbd nmbd winbind
# systemctl disable smbd nmbd winbind
# nano /etc/systemd/system/samba-ad-dc.service
Contents of file:
[Unit]
Description=Samba Active Directory Domain Controller
After=network.target remote-fs.target nss-lookup.target
[Service]
Type=forking
ExecStart=/usr/local/samba/sbin/samba -D
PIDFile=/usr/local/samba/var/run/samba.pid
ExecReload=/bin/kill -HUP $MAINPID
[Install]
WantedBy=multi-user.target
# systemctl daemon-reload
# systemctl enable samba-ad-dc
# systemctl start samba-ad-dc
Output:
Job for samba-ad-dc.service failed because the control process exited with error code.
See "systemctl status samba-ad-dc.service" and "journalctl -xe" for details.
The SAMBA AD DC service cannot start because SELINUX is enabled on CentOS 8.1.
We will see later.
# systemctl status samba-ad-dc
Output:
● samba-ad-dc.service - Samba Active Directory Domain Controller
Loaded: loaded (/etc/systemd/system/samba-ad-dc.service; enabled; vendor preset: disabled)
Active: failed (Result: exit-code) since Sat 2020-02-15 08:39:58 +08; 46s ago
Process: 6967 ExecStart=/usr/local/samba/sbin/samba -D (code=exited, status=203/EXEC)
Main PID: 1595 (code=exited, status=203/EXEC)
Feb 15 08:39:58 dc1 systemd[1]: Starting Samba Active Directory Domain Controller...
Feb 15 08:39:58 dc1 systemd[1]: samba-ad-dc.service: Control process exited, code=exited status=203
Feb 15 08:39:58 dc1 systemd[1]: samba-ad-dc.service: Failed with result 'exit-code'.
Feb 15 08:39:58 dc1 systemd[1]: Failed to start Samba Active Directory Domain Controller.
SAMBA AD DC service cannot start because SELINUX is enabled on CentOS 8.1.
We will see later.
# reboot
Start Samba AD DC manually.
# samba -D
Create a reverse zone in Samba Internal DNS Backend.
# samba-tool dns zonecreate 192.168.1.10 1.168.192.in-addr.arpa -U administrator
Output:
Password for [TEO-EN-MING\administrator]:
Zone 1.168.192.in-addr.arpa created successfully
Configuring Kerberos
====================
cp /usr/local/samba/private/krb5.conf /etc/krb5.conf
Starting Samba AD DC Manually.
# samba -D
Verifying the File Server.
==========================
$ smbclient -L localhost -U%
Output:
Sharename Type Comment
--------- ---- -------
sysvol Disk
netlogon Disk
IPC$ IPC IPC Service (Samba 4.11.6)
SMB1 disabled -- no workgroup available
$ smbclient //localhost/netlogon -UAdministrator -c 'ls'
Output:
Enter TEO-EN-MING\Administrator's password:
. D 0 Fri Feb 14 22:56:17 2020
.. D 0 Fri Feb 14 22:56:24 2020
17811456 blocks of size 1024. 12025652 blocks available
Verifying DNS (Failed)
======================
# killall dnsmasq
$ host -t SRV _ldap._tcp.teo-en-ming.corp.
Output:
Host _ldap._tcp.teo-en-ming.corp. not found: 3(NXDOMAIN)
$ host -t SRV _kerberos._udp.teo-en-ming.corp.
Output:
Host _kerberos._udp.teo-en-ming.corp. not found: 3(NXDOMAIN)
$ host -t A dc1.teo-en-ming.corp.
Output:
Host dc1.teo-en-ming.corp. not found: 3(NXDOMAIN)
I am unable to find the above DNS records because Network Manager keeps overwriting /etc/resolv.conf
As a result, I am always looking up the WRONG DNS server.
Verifying Kerberos
==================
$ kinit administrator
Output:
kinit: Cannot find KDC for realm "TEO-EN-MING.CORP" while getting initial credentials
The above problem is also due to Network Manager keeps overwriting /etc/resolv.conf.
As a result, I am always looking up the WRONG DNS server.
TROUBLESHOOTING: DISABLE SELINUX ON CENTOS 8.1
==============================================
$ sestatus
Output:
SELinux status: enabled
SELinuxfs mount: /sys/fs/selinux
SELinux root directory: /etc/selinux
Loaded policy name: targeted
Current mode: enforcing
Mode from config file: enforcing
Policy MLS status: enabled
Policy deny_unknown status: allowed
Memory protection checking: actual (secure)
Max kernel policy version: 31
# nano /etc/sysconfig/selinux
Change from SELINUX=enforcing to SELINUX=disabled
# reboot
$ sestatus
SELinux status: disabled
After disabling SELINUX, now we can start Samba AD DC successfully.
# systemctl status samba-ad-dc
Output:
● samba-ad-dc.service - Samba Active Directory Domain Controller
Loaded: loaded (/etc/systemd/system/samba-ad-dc.service; enabled; vendor preset: disabled)
Active: active (running) since Sat 2020-02-15 08:50:22 +08; 1min 0s ago
Process: 1084 ExecStart=/usr/local/samba/sbin/samba -D (code=exited, status=0/SUCCESS)
Main PID: 1131 (samba)
Tasks: 44 (limit: 23972)
Memory: 261.8M
CGroup: /system.slice/samba-ad-dc.service
├─1131 /usr/local/samba/sbin/samba -D
├─1375 /usr/local/samba/sbin/samba -D
├─1376 /usr/local/samba/sbin/samba -D
├─1377 /usr/local/samba/sbin/samba -D
├─1379 /usr/local/samba/sbin/samba -D
├─1380 /usr/local/samba/sbin/samba -D
├─1387 /usr/local/samba/sbin/smbd -D --option=server role check:inhibit=yes --foreground
├─1389 /usr/local/samba/sbin/samba -D
├─1391 /usr/local/samba/sbin/samba -D
├─1392 /usr/local/samba/sbin/samba -D
├─1393 /usr/local/samba/sbin/samba -D
├─1396 /usr/local/samba/sbin/samba -D
├─1398 /usr/local/samba/sbin/samba -D
├─1399 /usr/local/samba/sbin/samba -D
├─1403 /usr/local/samba/sbin/samba -D
├─1404 /usr/local/samba/sbin/samba -D
├─1407 /usr/local/samba/sbin/samba -D
├─1408 /usr/local/samba/sbin/samba -D
├─1409 /usr/local/samba/sbin/samba -D
├─1411 /usr/local/samba/sbin/samba -D
├─1412 /usr/local/samba/sbin/samba -D
├─1413 /usr/local/samba/sbin/samba -D
├─1415 /usr/local/samba/sbin/samba -D
├─1416 /usr/local/samba/sbin/samba -D
├─1418 /usr/local/samba/sbin/samba -D
├─1419 /usr/local/samba/sbin/samba -D
├─1420 /usr/local/samba/sbin/samba -D
├─1422 /usr/local/samba/sbin/samba -D
├─1423 /usr/local/samba/sbin/samba -D
├─1424 /usr/local/samba/sbin/winbindd -D --option=server role check:inhibit=yes --foreground
├─1426 /usr/local/samba/sbin/samba -D
├─1427 /usr/local/samba/sbin/samba -D
├─1429 /usr/local/samba/sbin/samba -D
├─1464 /usr/local/samba/sbin/smbd -D --option=server role check:inhibit=yes --foreground
├─1465 /usr/local/samba/sbin/smbd -D --option=server role check:inhibit=yes --foreground
├─1469 /usr/local/samba/sbin/smbd -D --option=server role check:inhibit=yes --foreground
├─1490 /usr/local/samba/sbin/samba -D
├─1492 /usr/local/samba/sbin/samba -D
├─1493 /usr/local/samba/sbin/samba -D
├─1495 /usr/local/samba/sbin/samba -D
├─1496 /usr/local/samba/sbin/samba -D
├─1498 /usr/local/samba/sbin/samba -D
├─1499 /usr/local/samba/sbin/samba -D
└─1501 /usr/local/samba/sbin/samba -D
Feb 15 08:50:25 dc1 samba[1131]: [2020/02/15 08:50:25.778777, 0] ../../source4/smbd/process_prefork.c:512(prefork_child_pipe_handler)
Feb 15 08:50:25 dc1 samba[1131]: prefork_child_pipe_handler: Parent 1131, Child 1406 exited with status 0
Feb 15 08:50:27 dc1 smbd[1387]: [2020/02/15 08:50:27.634592, 0] ../../lib/util/become_daemon.c:136(daemon_ready)
Feb 15 08:50:27 dc1 smbd[1387]: daemon_ready: daemon 'smbd' finished starting up and ready to serve connections
Feb 15 08:50:27 dc1 winbindd[1424]: [2020/02/15 08:50:27.761081, 0] ../../source3/winbindd/winbindd_cache.c:3166(initialize_winbindd_cache)
Feb 15 08:50:27 dc1 winbindd[1424]: initialize_winbindd_cache: clearing cache and re-creating with version number 2
Feb 15 08:50:27 dc1 winbindd[1424]: [2020/02/15 08:50:27.770049, 0] ../../lib/util/become_daemon.c:136(daemon_ready)
Feb 15 08:50:27 dc1 winbindd[1424]: daemon_ready: daemon 'winbindd' finished starting up and ready to serve connections
Feb 15 08:50:27 dc1 samba[1426]: [2020/02/15 08:50:27.870385, 0] ../../lib/util/util_runcmd.c:352(samba_runcmd_io_handler)
Feb 15 08:50:27 dc1 samba[1426]: /usr/local/samba/sbin/samba_dnsupdate: WARNING: no network interfaces found
We need to kill dnsmasq so that Samba's internal DNS server can start.
# killall dnsmasq
# systemctl restart samba-ad-dc
# systemctl status samba-ad-dc
● samba-ad-dc.service - Samba Active Directory Domain Controller
Loaded: loaded (/etc/systemd/system/samba-ad-dc.service; enabled; vendor preset: disabled)
Active: active (running) since Sat 2020-02-15 08:53:28 +08; 21s ago
Process: 2512 ExecStart=/usr/local/samba/sbin/samba -D (code=exited, status=0/SUCCESS)
Main PID: 2514 (samba)
Tasks: 58 (limit: 23972)
Memory: 215.6M
CGroup: /system.slice/samba-ad-dc.service
├─2514 /usr/local/samba/sbin/samba -D
├─2516 /usr/local/samba/sbin/samba -D
├─2517 /usr/local/samba/sbin/samba -D
├─2518 /usr/local/samba/sbin/samba -D
├─2519 /usr/local/samba/sbin/samba -D
├─2520 /usr/local/samba/sbin/samba -D
├─2521 /usr/local/samba/sbin/samba -D
├─2522 /usr/local/samba/sbin/smbd -D --option=server role check:inhibit=yes --foreground
├─2523 /usr/local/samba/sbin/samba -D
├─2524 /usr/local/samba/sbin/samba -D
├─2525 /usr/local/samba/sbin/samba -D
├─2526 /usr/local/samba/sbin/samba -D
├─2527 /usr/local/samba/sbin/samba -D
├─2528 /usr/local/samba/sbin/samba -D
├─2529 /usr/local/samba/sbin/samba -D
├─2530 /usr/local/samba/sbin/samba -D
├─2531 /usr/local/samba/sbin/samba -D
├─2532 /usr/local/samba/sbin/samba -D
├─2533 /usr/local/samba/sbin/samba -D
├─2534 /usr/local/samba/sbin/samba -D
├─2535 /usr/local/samba/sbin/samba -D
├─2536 /usr/local/samba/sbin/samba -D
├─2537 /usr/local/samba/sbin/samba -D
├─2538 /usr/local/samba/sbin/samba -D
├─2539 /usr/local/samba/sbin/samba -D
├─2540 /usr/local/samba/sbin/samba -D
├─2541 /usr/local/samba/sbin/samba -D
├─2542 /usr/local/samba/sbin/samba -D
├─2543 /usr/local/samba/sbin/samba -D
├─2544 /usr/local/samba/sbin/samba -D
├─2545 /usr/local/samba/sbin/samba -D
├─2546 /usr/local/samba/sbin/samba -D
├─2547 /usr/local/samba/sbin/samba -D
├─2548 /usr/local/samba/sbin/samba -D
├─2549 /usr/local/samba/sbin/samba -D
├─2550 /usr/local/samba/sbin/samba -D
├─2551 /usr/local/samba/sbin/samba -D
├─2552 /usr/local/samba/sbin/samba -D
├─2553 /usr/local/samba/sbin/winbindd -D --option=server role check:inhibit=yes --foreground
├─2554 /usr/local/samba/sbin/samba -D
├─2555 /usr/local/samba/sbin/samba -D
├─2556 /usr/local/samba/sbin/samba -D
├─2557 /usr/local/samba/sbin/samba -D
├─2558 /usr/local/samba/sbin/samba -D
├─2559 /usr/local/samba/sbin/samba -D
├─2560 /usr/local/samba/sbin/samba -D
├─2562 /usr/local/samba/sbin/samba -D
├─2569 /usr/local/samba/sbin/smbd -D --option=server role check:inhibit=yes --foreground
├─2570 /usr/local/samba/sbin/smbd -D --option=server role check:inhibit=yes --foreground
├─2571 /usr/local/samba/sbin/smbd -D --option=server role check:inhibit=yes --foreground
├─2572 /usr/local/samba/sbin/samba -D
├─2573 /usr/local/samba/sbin/samba -D
├─2574 /usr/local/samba/sbin/samba -D
├─2575 /usr/local/samba/sbin/samba -D
├─2576 /usr/local/samba/sbin/samba -D
├─2577 /usr/local/samba/sbin/samba -D
├─2578 /usr/local/samba/sbin/samba -D
└─2579 /usr/local/samba/sbin/samba -D
Feb 15 08:53:38 dc1 samba[2556]: [2020/02/15 08:53:38.742774, 0] ../../lib/util/util_runcmd.c:352(samba_runcmd_io_handler)
Feb 15 08:53:38 dc1 samba[2556]: /usr/local/samba/sbin/samba_dnsupdate: File "/usr/local/samba/lib64/python3.6/site-packages/samba/netcmd/dns.py", line 945, in run
Feb 15 08:53:38 dc1 samba[2556]: [2020/02/15 08:53:38.742787, 0] ../../lib/util/util_runcmd.c:352(samba_runcmd_io_handler)
Feb 15 08:53:38 dc1 samba[2556]: /usr/local/samba/sbin/samba_dnsupdate: raise e
Feb 15 08:53:38 dc1 samba[2556]: [2020/02/15 08:53:38.742800, 0] ../../lib/util/util_runcmd.c:352(samba_runcmd_io_handler)
Feb 15 08:53:38 dc1 samba[2556]: /usr/local/samba/sbin/samba_dnsupdate: File "/usr/local/samba/lib64/python3.6/site-packages/samba/netcmd/dns.py", line 941, in run
Feb 15 08:53:38 dc1 samba[2556]: [2020/02/15 08:53:38.742813, 0] ../../lib/util/util_runcmd.c:352(samba_runcmd_io_handler)
Feb 15 08:53:38 dc1 samba[2556]: /usr/local/samba/sbin/samba_dnsupdate: 0, server, zone, name, add_rec_buf, None)
Feb 15 08:53:38 dc1 samba[2556]: [2020/02/15 08:53:38.767521, 0] ../../source4/dsdb/dns/dns_update.c:331(dnsupdate_nameupdate_done)
Feb 15 08:53:38 dc1 samba[2556]: dnsupdate_nameupdate_done: Failed DNS update with exit code 39
Testing your Samba AD DC
========================
# killall dnsmasq
# systemctl restart samba-ad-dc
Verifying the File Server
=========================
$ smbclient -L localhost -U%
Output:
Sharename Type Comment
--------- ---- -------
sysvol Disk
netlogon Disk
IPC$ IPC IPC Service (Samba 4.11.6)
SMB1 disabled -- no workgroup available
$ smbclient //localhost/netlogon -UAdministrator -c 'ls'
Output:
Enter TEO-EN-MING\Administrator's password:
. D 0 Fri Feb 14 22:56:17 2020
.. D 0 Fri Feb 14 22:56:24 2020
17811456 blocks of size 1024. 12018876 blocks available
Verifying DNS (Failed again)
============================
$ host -t SRV _ldap._tcp.teo-en-ming.corp.
Output:
Host _ldap._tcp.teo-en-ming.corp. not found: 3(NXDOMAIN)
Unable to find above DNS record because Network Manager is always overwriting /etc/resolv.conf
As a result, I am always looking up the WRONG DNS server.
# systemctl stop samba-ad-dc
TROUBLESHOOTING AGAIN
=====================
Re-provisioning the Samba AD DC, using Samba Internal DNS Backend again.
# samba-tool domain provision --use-rfc2307 --interactive
Output:
Realm [TEO-EN-MING.CORP]:
Domain [TEO-EN-MING]:
Server Role (dc, member, standalone) [dc]:
DNS backend (SAMBA_INTERNAL, BIND9_FLATFILE, BIND9_DLZ, NONE) [SAMBA_INTERNAL]:
DNS forwarder IP address (write 'none' to disable forwarding) [8.8.8.8]:
Administrator password:
Retype password:
INFO 2020-02-15 09:01:10,638 pid:2672 /usr/local/samba/lib64/python3.6/site-packages/samba/provision/__init__.py #2128: Looking up IPv4 addresses
WARNING 2020-02-15 09:01:10,638 pid:2672 /usr/local/samba/lib64/python3.6/site-packages/samba/provision/__init__.py #2134: More than one IPv4 address found. Using 192.168.1.10
INFO 2020-02-15 09:01:10,638 pid:2672 /usr/local/samba/lib64/python3.6/site-packages/samba/provision/__init__.py #2145: Looking up IPv6 addresses
WARNING 2020-02-15 09:01:10,639 pid:2672 /usr/local/samba/lib64/python3.6/site-packages/samba/provision/__init__.py #2150: More than one IPv6 address found. Using 2401:7400:c802:de67::14c2
INFO 2020-02-15 09:01:11,057 pid:2672 /usr/local/samba/lib64/python3.6/site-packages/samba/provision/__init__.py #2323: Setting up secrets.ldb
INFO 2020-02-15 09:01:11,436 pid:2672 /usr/local/samba/lib64/python3.6/site-packages/samba/provision/__init__.py #2329: Setting up the registry
INFO 2020-02-15 09:01:11,620 pid:2672 /usr/local/samba/lib64/python3.6/site-packages/samba/provision/__init__.py #2332: Setting up the privileges database
INFO 2020-02-15 09:01:12,200 pid:2672 /usr/local/samba/lib64/python3.6/site-packages/samba/provision/__init__.py #2335: Setting up idmap db
INFO 2020-02-15 09:01:12,667 pid:2672 /usr/local/samba/lib64/python3.6/site-packages/samba/provision/__init__.py #2342: Setting up SAM db
INFO 2020-02-15 09:01:12,817 pid:2672 /usr/local/samba/lib64/python3.6/site-packages/samba/provision/__init__.py #898: Setting up sam.ldb partitions and settings
INFO 2020-02-15 09:01:12,820 pid:2672 /usr/local/samba/lib64/python3.6/site-packages/samba/provision/__init__.py #910: Setting up sam.ldb rootDSE
INFO 2020-02-15 09:01:12,893 pid:2672 /usr/local/samba/lib64/python3.6/site-packages/samba/provision/__init__.py #1339: Pre-loading the Samba 4 and AD schema
Unable to determine the DomainSID, can not enforce uniqueness constraint on local domainSIDs
INFO 2020-02-15 09:01:13,093 pid:2672 /usr/local/samba/lib64/python3.6/site-packages/samba/provision/__init__.py #1417: Adding DomainDN: DC=teo-en-ming,DC=corp
INFO 2020-02-15 09:01:13,201 pid:2672 /usr/local/samba/lib64/python3.6/site-packages/samba/provision/__init__.py #1449: Adding configuration container
INFO 2020-02-15 09:01:13,342 pid:2672 /usr/local/samba/lib64/python3.6/site-packages/samba/provision/__init__.py #1464: Setting up sam.ldb schema
INFO 2020-02-15 09:01:16,649 pid:2672 /usr/local/samba/lib64/python3.6/site-packages/samba/provision/__init__.py #1482: Setting up sam.ldb configuration data
INFO 2020-02-15 09:01:16,794 pid:2672 /usr/local/samba/lib64/python3.6/site-packages/samba/provision/__init__.py #1523: Setting up display specifiers
INFO 2020-02-15 09:01:19,013 pid:2672 /usr/local/samba/lib64/python3.6/site-packages/samba/provision/__init__.py #1531: Modifying display specifiers and extended rights
INFO 2020-02-15 09:01:19,053 pid:2672 /usr/local/samba/lib64/python3.6/site-packages/samba/provision/__init__.py #1538: Adding users container
INFO 2020-02-15 09:01:19,056 pid:2672 /usr/local/samba/lib64/python3.6/site-packages/samba/provision/__init__.py #1544: Modifying users container
INFO 2020-02-15 09:01:19,057 pid:2672 /usr/local/samba/lib64/python3.6/site-packages/samba/provision/__init__.py #1547: Adding computers container
INFO 2020-02-15 09:01:19,060 pid:2672 /usr/local/samba/lib64/python3.6/site-packages/samba/provision/__init__.py #1553: Modifying computers container
INFO 2020-02-15 09:01:19,061 pid:2672 /usr/local/samba/lib64/python3.6/site-packages/samba/provision/__init__.py #1557: Setting up sam.ldb data
INFO 2020-02-15 09:01:19,199 pid:2672 /usr/local/samba/lib64/python3.6/site-packages/samba/provision/__init__.py #1587: Setting up well known security principals
INFO 2020-02-15 09:01:19,261 pid:2672 /usr/local/samba/lib64/python3.6/site-packages/samba/provision/__init__.py #1601: Setting up sam.ldb users and groups
INFO 2020-02-15 09:01:19,564 pid:2672 /usr/local/samba/lib64/python3.6/site-packages/samba/provision/__init__.py #1609: Setting up self join
Repacking database from v1 to v2 format (first record CN=MSMQ-Sign-Certificates-Mig,CN=Schema,CN=Configuration,DC=teo-en-ming,DC=corp)
Repack: re-packed 10000 records so far
Repacking database from v1 to v2 format (first record CN=lostAndFound-Display,CN=411,CN=DisplaySpecifiers,CN=Configuration,DC=teo-en-ming,DC=corp)
Repacking database from v1 to v2 format (first record CN=5e1574f6-55df-493e-a671-aaeffca6a100,CN=Operations,CN=DomainUpdates,CN=System,DC=teo-en-ming,DC=corp)
INFO 2020-02-15 09:01:21,879 pid:2672 /usr/local/samba/lib64/python3.6/site-packages/samba/provision/sambadns.py #1138: Adding DNS accounts
INFO 2020-02-15 09:01:22,122 pid:2672 /usr/local/samba/lib64/python3.6/site-packages/samba/provision/sambadns.py #1172: Creating CN=MicrosoftDNS,CN=System,DC=teo-en-ming,DC=corp
INFO 2020-02-15 09:01:22,144 pid:2672 /usr/local/samba/lib64/python3.6/site-packages/samba/provision/sambadns.py #1185: Creating DomainDnsZones and ForestDnsZones partitions
INFO 2020-02-15 09:01:22,393 pid:2672 /usr/local/samba/lib64/python3.6/site-packages/samba/provision/sambadns.py #1190: Populating DomainDnsZones and ForestDnsZones partitions
Repacking database from v1 to v2 format (first record DC=l.root-servers.net,DC=RootDNSServers,CN=MicrosoftDNS,DC=DomainDnsZones,DC=teo-en-ming,DC=corp)
Repacking database from v1 to v2 format (first record DC=gc,DC=_msdcs.teo-en-ming.corp,CN=MicrosoftDNS,DC=ForestDnsZones,DC=teo-en-ming,DC=corp)
INFO 2020-02-15 09:01:23,163 pid:2672 /usr/local/samba/lib64/python3.6/site-packages/samba/provision/__init__.py #2032: Setting up sam.ldb rootDSE marking as synchronized
INFO 2020-02-15 09:01:23,213 pid:2672 /usr/local/samba/lib64/python3.6/site-packages/samba/provision/__init__.py #2037: Fixing provision GUIDs
INFO 2020-02-15 09:01:24,265 pid:2672 /usr/local/samba/lib64/python3.6/site-packages/samba/provision/__init__.py #2395: A Kerberos configuration suitable for Samba AD has been generated at /usr/local/samba/private/krb5.conf
INFO 2020-02-15 09:01:24,265 pid:2672 /usr/local/samba/lib64/python3.6/site-packages/samba/provision/__init__.py #2396: Merge the contents of this file with your system krb5.conf or replace it with this one. Do not create a symlink!
INFO 2020-02-15 09:01:24,581 pid:2672 /usr/local/samba/lib64/python3.6/site-packages/samba/provision/__init__.py #2102: Setting up fake yp server settings
INFO 2020-02-15 09:01:24,772 pid:2672 /usr/local/samba/lib64/python3.6/site-packages/samba/provision/__init__.py #491: Once the above files are installed, your Samba AD server will be ready to use
INFO 2020-02-15 09:01:24,772 pid:2672 /usr/local/samba/lib64/python3.6/site-packages/samba/provision/__init__.py #495: Server Role: active directory domain controller
INFO 2020-02-15 09:01:24,772 pid:2672 /usr/local/samba/lib64/python3.6/site-packages/samba/provision/__init__.py #496: Hostname: dc1
INFO 2020-02-15 09:01:24,773 pid:2672 /usr/local/samba/lib64/python3.6/site-packages/samba/provision/__init__.py #497: NetBIOS Domain: TEO-EN-MING
INFO 2020-02-15 09:01:24,773 pid:2672 /usr/local/samba/lib64/python3.6/site-packages/samba/provision/__init__.py #498: DNS Domain: teo-en-ming.corp
INFO 2020-02-15 09:01:24,773 pid:2672 /usr/local/samba/lib64/python3.6/site-packages/samba/provision/__init__.py #499: DOMAIN SID: S-1-5-21-3427788993-2190856266-1509719656
# systemctl start samba-ad-dc
Verifying DNS (Failed again)
=============
host -t SRV _ldap._tcp.teo-en-ming.corp.
Output:
Host _ldap._tcp.teo-en-ming.corp. not found: 3(NXDOMAIN)
Unable to find above DNS record because Network Manager is always overwriting /etc/resolv.conf
As a result, I am always looking up the WRONG DNS server.
Installing BIND DNS Server and Using it as the DNS Backend for Samba
====================================================================
# yum install bind
# systemctl stop samba-ad-dc
We are going to use BIND9 as the Samba DNS backend this time.
I changed my mind. I decided not to use Samba's Internal DNS backend.
# samba-tool domain provision --use-rfc2307 --interactive
Output:
Realm [TEO-EN-MING.CORP]:
Domain [TEO-EN-MING]:
Server Role (dc, member, standalone) [dc]:
DNS backend (SAMBA_INTERNAL, BIND9_FLATFILE, BIND9_DLZ, NONE) [SAMBA_INTERNAL]: BIND9_DLZ
Administrator password:
Retype password:
INFO 2020-02-15 09:13:53,976 pid:3479 /usr/local/samba/lib64/python3.6/site-packages/samba/provision/__init__.py #2128: Looking up IPv4 addresses
WARNING 2020-02-15 09:13:53,976 pid:3479 /usr/local/samba/lib64/python3.6/site-packages/samba/provision/__init__.py #2134: More than one IPv4 address found. Using 192.168.1.10
INFO 2020-02-15 09:13:53,976 pid:3479 /usr/local/samba/lib64/python3.6/site-packages/samba/provision/__init__.py #2145: Looking up IPv6 addresses
WARNING 2020-02-15 09:13:53,977 pid:3479 /usr/local/samba/lib64/python3.6/site-packages/samba/provision/__init__.py #2150: More than one IPv6 address found. Using 2401:7400:c802:de67::14c2
INFO 2020-02-15 09:13:54,381 pid:3479 /usr/local/samba/lib64/python3.6/site-packages/samba/provision/__init__.py #2323: Setting up secrets.ldb
INFO 2020-02-15 09:13:54,704 pid:3479 /usr/local/samba/lib64/python3.6/site-packages/samba/provision/__init__.py #2329: Setting up the registry
INFO 2020-02-15 09:13:54,888 pid:3479 /usr/local/samba/lib64/python3.6/site-packages/samba/provision/__init__.py #2332: Setting up the privileges database
INFO 2020-02-15 09:13:55,478 pid:3479 /usr/local/samba/lib64/python3.6/site-packages/samba/provision/__init__.py #2335: Setting up idmap db
INFO 2020-02-15 09:13:55,819 pid:3479 /usr/local/samba/lib64/python3.6/site-packages/samba/provision/__init__.py #2342: Setting up SAM db
INFO 2020-02-15 09:13:55,886 pid:3479 /usr/local/samba/lib64/python3.6/site-packages/samba/provision/__init__.py #898: Setting up sam.ldb partitions and settings
INFO 2020-02-15 09:13:55,888 pid:3479 /usr/local/samba/lib64/python3.6/site-packages/samba/provision/__init__.py #910: Setting up sam.ldb rootDSE
INFO 2020-02-15 09:13:55,945 pid:3479 /usr/local/samba/lib64/python3.6/site-packages/samba/provision/__init__.py #1339: Pre-loading the Samba 4 and AD schema
Unable to determine the DomainSID, can not enforce uniqueness constraint on local domainSIDs
INFO 2020-02-15 09:13:56,187 pid:3479 /usr/local/samba/lib64/python3.6/site-packages/samba/provision/__init__.py #1417: Adding DomainDN: DC=teo-en-ming,DC=corp
INFO 2020-02-15 09:13:56,362 pid:3479 /usr/local/samba/lib64/python3.6/site-packages/samba/provision/__init__.py #1449: Adding configuration container
INFO 2020-02-15 09:13:56,518 pid:3479 /usr/local/samba/lib64/python3.6/site-packages/samba/provision/__init__.py #1464: Setting up sam.ldb schema
INFO 2020-02-15 09:13:59,846 pid:3479 /usr/local/samba/lib64/python3.6/site-packages/samba/provision/__init__.py #1482: Setting up sam.ldb configuration data
INFO 2020-02-15 09:13:59,991 pid:3479 /usr/local/samba/lib64/python3.6/site-packages/samba/provision/__init__.py #1523: Setting up display specifiers
INFO 2020-02-15 09:14:02,238 pid:3479 /usr/local/samba/lib64/python3.6/site-packages/samba/provision/__init__.py #1531: Modifying display specifiers and extended rights
INFO 2020-02-15 09:14:02,279 pid:3479 /usr/local/samba/lib64/python3.6/site-packages/samba/provision/__init__.py #1538: Adding users container
INFO 2020-02-15 09:14:02,280 pid:3479 /usr/local/samba/lib64/python3.6/site-packages/samba/provision/__init__.py #1544: Modifying users container
INFO 2020-02-15 09:14:02,282 pid:3479 /usr/local/samba/lib64/python3.6/site-packages/samba/provision/__init__.py #1547: Adding computers container
INFO 2020-02-15 09:14:02,283 pid:3479 /usr/local/samba/lib64/python3.6/site-packages/samba/provision/__init__.py #1553: Modifying computers container
INFO 2020-02-15 09:14:02,284 pid:3479 /usr/local/samba/lib64/python3.6/site-packages/samba/provision/__init__.py #1557: Setting up sam.ldb data
INFO 2020-02-15 09:14:02,425 pid:3479 /usr/local/samba/lib64/python3.6/site-packages/samba/provision/__init__.py #1587: Setting up well known security principals
INFO 2020-02-15 09:14:02,489 pid:3479 /usr/local/samba/lib64/python3.6/site-packages/samba/provision/__init__.py #1601: Setting up sam.ldb users and groups
INFO 2020-02-15 09:14:02,777 pid:3479 /usr/local/samba/lib64/python3.6/site-packages/samba/provision/__init__.py #1609: Setting up self join
Repacking database from v1 to v2 format (first record CN=MS-TS-Property02,CN=Schema,CN=Co