[Samba] Teo En Ming's Manual for Setting Up Samba 4.11.6 and CentOS 8.1 (1911) Linux Server QEMU/KVM Virtual Machine as an Active Directory Domain Controller (AD DC)

Turritopsis Dohrnii Teo En Ming ceo at teo-en-ming-corp.com
Sat Feb 15 06:14:15 UTC 2020


Subject: Teo En Ming's Manual for Setting Up Samba 4.11.6 and CentOS 8.1 (1911) Linux Server QEMU/KVM Virtual Machine as an Active Directory Domain Controller (AD DC)

Subject: Teo En Ming's Manual for Setting Up Samba 4.11.6 and CentOS 8.1 (1911) Linux Server QEMU/KVM Virtual Machine as an Active Directory Domain Controller (AD DC)

PUBLISHED 15 FEB 2020 SATURDAY, SINGAPORE, SINGAPORE, SINGAPORE

This manual/guide is meant for small and medium businesses (SMB) which do not want to spend a lot of money on Windows Server 2016/2019 licensing.

REFERENCE GUIDE
===============

Guide: Setting up Samba as an Active Directory Domain Controller

Link: https://wiki.samba.org/index.php/Setting_up_Samba_as_an_Active_Directory_Domain_Controller

EXTREMELY DETAILED INSTRUCTIONS OF TEO EN MING'S MANUAL
=======================================================

Starting CentOS 8.1 (1911) Linux Server QEMU/KVM Virtual Machine on Ubuntu 18.04.3 LTS Desktop Host
===================================================================================================

Virtual Machine Manager (virt-manager) depends on libvirtd service.

$ sudo systemctl start libvirtd.service

Start the Virtual Machine Manager.

$ sudo virt-manager

Select the CentOS 8.1 QEMU/KVM virtual machine and click "Power on the virtual machine".

REFERENCE GUIDE
===============

Guide: ENABLING HOST-GUEST NETWORKING WITH KVM, MACVLAN AND MACVTAP

Link: https://www.furorteutonicus.eu/2013/08/04/enabling-host-guest-networking-with-kvm-macvlan-and-macvtap/

Still on the Ubuntu 18.04.3 LTS Desktop host.

$ nano /home/teo-en-ming/macvlan.sh

#!/bin/bash

# Adapted by Teo En Ming on 14 Feb 2020 Friday (Valentine's Day in Singapore).
 
# let host and guests talk to each other over macvlan
# configures a macvlan interface on the hypervisor
# run this on the hypervisor (e.g. in /etc/rc.local)
# made for IPv4; need modification for IPv6
# meant for a simple network setup with only eth0 or enp5s0 on the host,
# and a static (manual) ip config
# Original Author: Evert Mouw, 2013 (European Union)
 
#HWLINK=eth0
HWLINK=enp5s0
MACVLN=macvlan0
TESTHOST=www.google.com
 
# ------------
# wait for network availability
# ------------
 
# IPv4 pings only

while ! ping -4 -q -c 1 $TESTHOST > /dev/null
do
    echo "$0: Cannot ping $TESTHOST, waiting another 5 secs..."
    sleep 5
done
 
# ------------
# get network config
# ------------
 
IP=$(ip address show dev $HWLINK | grep "inet " | awk '{print $2}')
NETWORK=$(ip -o route | grep $HWLINK | grep -v default | grep -v 169 | awk '{print $1}')
GATEWAY=$(ip -o route | grep default | awk '{print $3}')
 
# ------------
# setting up $MACVLN interface
# ------------
 
ip link add link $HWLINK $MACVLN type macvlan mode bridge
ip address add $IP dev $MACVLN
ip link set dev $MACVLN up
 
# ------------
# routing table
# ------------
 
# empty routes
ip route flush dev $HWLINK
ip route flush dev $MACVLN
 
# add routes
ip route add $NETWORK dev $MACVLN metric 0
 
# add the default gateway
ip route add default via $GATEWAY

===END OF LINUX SHELL SCRIPT===

$ sudo chmod +x /home/teo-en-ming/macvlan.sh

$ sudo /home/teo-en-ming/macvlan.sh

192.168.1.122 is the IP address (DHCP auto configuration) of the CentOS 8.1 Linux Server.
ssh into the CentOS 8.1 Linux Server.

ssh teo-en-ming at 192.168.1.122

PREPARING THE INSTALLATION ON CENTOS 8.1 LINUX SERVER
=====================================================

Setting hostname of CentOS 8.1 Linux Server.
============================================

# hostnamectl set-hostname dc1

To see the hostname:

# hostnamectl

Output:

   Static hostname: dc1
         Icon name: computer-vm
           Chassis: vm
        Machine ID: 668fdf5de7214d56be0ef8b65f7166e9
           Boot ID: 5691a1a2dacd41c4ab5871d25885e138
    Virtualization: kvm
  Operating System: CentOS Linux 8 (Core)
       CPE OS Name: cpe:/o:centos:centos:8
            Kernel: Linux 4.18.0-147.el8.x86_64
      Architecture: x86-64

How to set static IP address 192.168.1.10 on CentOS 8.1 Linux Server
====================================================================

# cd /etc/sysconfig/network-scripts/

# nano ifcfg-ens3

TYPE="Ethernet"
PROXY_METHOD="none"
BROWSER_ONLY="no"
BOOTPROTO="static"
DEFROUTE="yes"
IPV4_FAILURE_FATAL="no"
IPV6INIT="yes"
IPV6_AUTOCONF="yes"
IPV6_DEFROUTE="yes"
IPV6_FAILURE_FATAL="no"
IPV6_ADDR_GEN_MODE="stable-privacy"
NAME="ens3"
UUID="8e179c97-1388-48ee-a8be-d173ee3ff40c"
DEVICE="ens3"
ONBOOT="yes"
IPADDR="192.168.1.10"
PREFIX="24"
GATEWAY="192.168.1.1"
DNS1="8.8.8.8" ===>>> (IF YOU USE THIS LINE, NETWORK MANAGER WILL ALWAYS OVERWRITE /etc/resolv.conf, which is undesirable)

# reboot

ssh into CentOS 8.1 Linux Server with static IP address 192.168.1.10.

$ ssh teo-en-ming at 192.168.1.10

Check if Samba processes are running:

# ps ax | egrep "samba|smbd|nmbd|winbindd"

# nano /etc/hosts

Contents of file:

127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4
::1         localhost localhost.localdomain localhost6 localhost6.localdomain6
192.168.1.10	dc1.teo-en-ming.corp dc1

Backup the original /etc/krb5.conf

# mv /etc/krb5.conf /etc/krb5.conf.bak

INSTALLING SAMBA 4.11.6 ON CENTOS 8.1 LINUX SERVER QEMU/KVM VIRTUAL MACHINE
===========================================================================

REFERENCE GUIDE
===============

Guide: Build Samba from Source

Link: https://wiki.samba.org/index.php/Build_Samba_from_Source

Installing package dependencies before building Samba on CentOS 8.1 Linux Server.

# yum -y install dnf-plugins-core

# yum config-manager --set-enabled PowerTools

# yum install docbook-style-xsl gcc gdb gnutls-devel gpgme-devel jansson-devel
# yum install keyutils-libs-devel krb5-workstation libacl-devel libaio-devel 
# yum install libarchive-devel libattr-devel libblkid-devel libtasn1 libtasn1-tools 
# yum install libxml2-devel libxslt openldap-devel pam-devel perl 
# yum install perl-ExtUtils-MakeMaker perl-Parse-Yapp popt-devel python3-cryptography 
# yum install python3-dns python3-gpg python36-devel readline-devel rpcgen systemd-devel 
# yum install tar zlib-devel

Compulsory Packages NOT installed at the moment:

lmdb-devel

Download Samba current stable release 4.11.6.

# wget https://download.samba.org/pub/samba/stable/samba-4.11.6.tar.gz

# tar -zxf samba-4.11.6.tar.gz

# cd samba-4.11.6/

# ./configure

Output:

Samba AD DC and --enable-selftest requires lmdb 0.9.16 or later

# yum install https://dl.fedoraproject.org/pub/epel/epel-release-latest-8.noarch.rpm

# yum install lmdb-devel

Run ./configure again.

# ./configure

Output:

'configure' finished successfully (42.262s)

Make full use of all 4 cores on my AMD Ryzen 3 3200G processor.

# make -j 4

Output:

Waf: Leaving directory `/root/samba-4.11.6/bin/default'
'build' finished successfully (9m24.396s)

# make install

Output:

Waf: Leaving directory `/root/samba-4.11.6/bin/default'
'install' finished successfully (2m58.171s)

# nano /etc/profile

Append the following line:

export PATH=$PATH:/usr/local/samba/bin/:/usr/local/samba/sbin/

PROVISIONING A SAMBA ACTIVE DIRECTORY DOMAIN CONTROLLER
=======================================================

Provisioning Samba AD DC in Interactive Mode.

The original intention was to use SAMBA_INTERNAL DNS backend.

# samba-tool domain provision --use-rfc2307 --interactive

Output:

Realm [TEO-EN-MING.CORP]:  TEO-EN-MING.CORP
Domain [TEO-EN-MING]:  TEO-EN-MING
Server Role (dc, member, standalone) [dc]:  dc
DNS backend (SAMBA_INTERNAL, BIND9_FLATFILE, BIND9_DLZ, NONE) [SAMBA_INTERNAL]:  SAMBA_INTERNAL
DNS forwarder IP address (write 'none' to disable forwarding) [8.8.8.8]:  8.8.8.8
Administrator password: 
Retype password: 
INFO 2020-02-14 22:56:13,700 pid:2609 /usr/local/samba/lib64/python3.6/site-packages/samba/provision/__init__.py #2128: Looking up IPv4 addresses
WARNING 2020-02-14 22:56:13,702 pid:2609 /usr/local/samba/lib64/python3.6/site-packages/samba/provision/__init__.py #2134: More than one IPv4 address found. Using 192.168.1.10
INFO 2020-02-14 22:56:13,702 pid:2609 /usr/local/samba/lib64/python3.6/site-packages/samba/provision/__init__.py #2145: Looking up IPv6 addresses
WARNING 2020-02-14 22:56:13,702 pid:2609 /usr/local/samba/lib64/python3.6/site-packages/samba/provision/__init__.py #2150: More than one IPv6 address found. Using 2401:7400:c802:de67::14c2
INFO 2020-02-14 22:56:14,152 pid:2609 /usr/local/samba/lib64/python3.6/site-packages/samba/provision/__init__.py #2319: Setting up share.ldb
INFO 2020-02-14 22:56:14,595 pid:2609 /usr/local/samba/lib64/python3.6/site-packages/samba/provision/__init__.py #2323: Setting up secrets.ldb
INFO 2020-02-14 22:56:14,848 pid:2609 /usr/local/samba/lib64/python3.6/site-packages/samba/provision/__init__.py #2329: Setting up the registry
INFO 2020-02-14 22:56:16,031 pid:2609 /usr/local/samba/lib64/python3.6/site-packages/samba/provision/__init__.py #2332: Setting up the privileges database
INFO 2020-02-14 22:56:16,721 pid:2609 /usr/local/samba/lib64/python3.6/site-packages/samba/provision/__init__.py #2335: Setting up idmap db
INFO 2020-02-14 22:56:17,155 pid:2609 /usr/local/samba/lib64/python3.6/site-packages/samba/provision/__init__.py #2342: Setting up SAM db
INFO 2020-02-14 22:56:17,263 pid:2609 /usr/local/samba/lib64/python3.6/site-packages/samba/provision/__init__.py #898: Setting up sam.ldb partitions and settings
INFO 2020-02-14 22:56:17,266 pid:2609 /usr/local/samba/lib64/python3.6/site-packages/samba/provision/__init__.py #910: Setting up sam.ldb rootDSE
INFO 2020-02-14 22:56:17,331 pid:2609 /usr/local/samba/lib64/python3.6/site-packages/samba/provision/__init__.py #1339: Pre-loading the Samba 4 and AD schema
Unable to determine the DomainSID, can not enforce uniqueness constraint on local domainSIDs

INFO 2020-02-14 22:56:17,548 pid:2609 /usr/local/samba/lib64/python3.6/site-packages/samba/provision/__init__.py #1417: Adding DomainDN: DC=teo-en-ming,DC=corp
INFO 2020-02-14 22:56:17,646 pid:2609 /usr/local/samba/lib64/python3.6/site-packages/samba/provision/__init__.py #1449: Adding configuration container
INFO 2020-02-14 22:56:17,722 pid:2609 /usr/local/samba/lib64/python3.6/site-packages/samba/provision/__init__.py #1464: Setting up sam.ldb schema
INFO 2020-02-14 22:56:21,121 pid:2609 /usr/local/samba/lib64/python3.6/site-packages/samba/provision/__init__.py #1482: Setting up sam.ldb configuration data
INFO 2020-02-14 22:56:21,263 pid:2609 /usr/local/samba/lib64/python3.6/site-packages/samba/provision/__init__.py #1523: Setting up display specifiers
INFO 2020-02-14 22:56:23,502 pid:2609 /usr/local/samba/lib64/python3.6/site-packages/samba/provision/__init__.py #1531: Modifying display specifiers and extended rights
INFO 2020-02-14 22:56:23,543 pid:2609 /usr/local/samba/lib64/python3.6/site-packages/samba/provision/__init__.py #1538: Adding users container
INFO 2020-02-14 22:56:23,545 pid:2609 /usr/local/samba/lib64/python3.6/site-packages/samba/provision/__init__.py #1544: Modifying users container
INFO 2020-02-14 22:56:23,547 pid:2609 /usr/local/samba/lib64/python3.6/site-packages/samba/provision/__init__.py #1547: Adding computers container
INFO 2020-02-14 22:56:23,549 pid:2609 /usr/local/samba/lib64/python3.6/site-packages/samba/provision/__init__.py #1553: Modifying computers container
INFO 2020-02-14 22:56:23,550 pid:2609 /usr/local/samba/lib64/python3.6/site-packages/samba/provision/__init__.py #1557: Setting up sam.ldb data
INFO 2020-02-14 22:56:23,695 pid:2609 /usr/local/samba/lib64/python3.6/site-packages/samba/provision/__init__.py #1587: Setting up well known security principals
INFO 2020-02-14 22:56:23,760 pid:2609 /usr/local/samba/lib64/python3.6/site-packages/samba/provision/__init__.py #1601: Setting up sam.ldb users and groups
INFO 2020-02-14 22:56:24,075 pid:2609 /usr/local/samba/lib64/python3.6/site-packages/samba/provision/__init__.py #1609: Setting up self join
Repacking database from v1 to v2 format (first record CN=ms-DS-Replication-Notify-First-DSA-Delay,CN=Schema,CN=Configuration,DC=teo-en-ming,DC=corp)
Repack: re-packed 10000 records so far
Repacking database from v1 to v2 format (first record CN=interSiteTransport-Display,CN=405,CN=DisplaySpecifiers,CN=Configuration,DC=teo-en-ming,DC=corp)
Repacking database from v1 to v2 format (first record CN=6bcd567f-8314-11d6-977b-00c04f613221,CN=Operations,CN=DomainUpdates,CN=System,DC=teo-en-ming,DC=corp)
INFO 2020-02-14 22:56:27,001 pid:2609 /usr/local/samba/lib64/python3.6/site-packages/samba/provision/sambadns.py #1138: Adding DNS accounts
INFO 2020-02-14 22:56:27,377 pid:2609 /usr/local/samba/lib64/python3.6/site-packages/samba/provision/sambadns.py #1172: Creating CN=MicrosoftDNS,CN=System,DC=teo-en-ming,DC=corp
INFO 2020-02-14 22:56:27,401 pid:2609 /usr/local/samba/lib64/python3.6/site-packages/samba/provision/sambadns.py #1185: Creating DomainDnsZones and ForestDnsZones partitions
INFO 2020-02-14 22:56:27,620 pid:2609 /usr/local/samba/lib64/python3.6/site-packages/samba/provision/sambadns.py #1190: Populating DomainDnsZones and ForestDnsZones partitions
Repacking database from v1 to v2 format (first record DC=f.root-servers.net,DC=RootDNSServers,CN=MicrosoftDNS,DC=DomainDnsZones,DC=teo-en-ming,DC=corp)
Repacking database from v1 to v2 format (first record DC=_ldap._tcp.dc,DC=_msdcs.teo-en-ming.corp,CN=MicrosoftDNS,DC=ForestDnsZones,DC=teo-en-ming,DC=corp)
INFO 2020-02-14 22:56:28,660 pid:2609 /usr/local/samba/lib64/python3.6/site-packages/samba/provision/__init__.py #2032: Setting up sam.ldb rootDSE marking as synchronized
INFO 2020-02-14 22:56:28,734 pid:2609 /usr/local/samba/lib64/python3.6/site-packages/samba/provision/__init__.py #2037: Fixing provision GUIDs
INFO 2020-02-14 22:56:29,720 pid:2609 /usr/local/samba/lib64/python3.6/site-packages/samba/provision/__init__.py #2395: A Kerberos configuration suitable for Samba AD has been generated at /usr/local/samba/private/krb5.conf
INFO 2020-02-14 22:56:29,720 pid:2609 /usr/local/samba/lib64/python3.6/site-packages/samba/provision/__init__.py #2396: Merge the contents of this file with your system krb5.conf or replace it with this one. Do not create a symlink!
INFO 2020-02-14 22:56:30,078 pid:2609 /usr/local/samba/lib64/python3.6/site-packages/samba/provision/__init__.py #2102: Setting up fake yp server settings
INFO 2020-02-14 22:56:30,277 pid:2609 /usr/local/samba/lib64/python3.6/site-packages/samba/provision/__init__.py #491: Once the above files are installed, your Samba AD server will be ready to use
INFO 2020-02-14 22:56:30,277 pid:2609 /usr/local/samba/lib64/python3.6/site-packages/samba/provision/__init__.py #495: Server Role:           active directory domain controller
INFO 2020-02-14 22:56:30,278 pid:2609 /usr/local/samba/lib64/python3.6/site-packages/samba/provision/__init__.py #496: Hostname:              dc1
INFO 2020-02-14 22:56:30,278 pid:2609 /usr/local/samba/lib64/python3.6/site-packages/samba/provision/__init__.py #497: NetBIOS Domain:        TEO-EN-MING
INFO 2020-02-14 22:56:30,278 pid:2609 /usr/local/samba/lib64/python3.6/site-packages/samba/provision/__init__.py #498: DNS Domain:            teo-en-ming.corp
INFO 2020-02-14 22:56:30,278 pid:2609 /usr/local/samba/lib64/python3.6/site-packages/samba/provision/__init__.py #499: DOMAIN SID:            S-1-5-21-3028196010-72872391-2123559056

Configuring the DNS Resolver. Network Manager will keep overwriting /etc/resolv.conf. This problem will be resolved later.

# nano /etc/resolv.conf


Contents of file:

search teo-en-ming.corp
nameserver 192.168.1.10

REFERENCE GUIDE
===============

Guide: Managing the Samba AD DC Service Using Systemd

Link: https://wiki.samba.org/index.php/Managing_the_Samba_AD_DC_Service_Using_Systemd

# systemctl mask smbd nmbd winbind

# systemctl disable smbd nmbd winbind

# nano /etc/systemd/system/samba-ad-dc.service

Contents of file:

[Unit]
Description=Samba Active Directory Domain Controller
After=network.target remote-fs.target nss-lookup.target

[Service]
Type=forking
ExecStart=/usr/local/samba/sbin/samba -D
PIDFile=/usr/local/samba/var/run/samba.pid
ExecReload=/bin/kill -HUP $MAINPID

[Install]
WantedBy=multi-user.target


# systemctl daemon-reload

# systemctl enable samba-ad-dc

# systemctl start samba-ad-dc

Output:

Job for samba-ad-dc.service failed because the control process exited with error code.
See "systemctl status samba-ad-dc.service" and "journalctl -xe" for details.

The SAMBA AD DC service cannot start because SELINUX is enabled on CentOS 8.1.
We will see later.

# systemctl status samba-ad-dc

Output:

● samba-ad-dc.service - Samba Active Directory Domain Controller
   Loaded: loaded (/etc/systemd/system/samba-ad-dc.service; enabled; vendor preset: disabled)
   Active: failed (Result: exit-code) since Sat 2020-02-15 08:39:58 +08; 46s ago
  Process: 6967 ExecStart=/usr/local/samba/sbin/samba -D (code=exited, status=203/EXEC)
 Main PID: 1595 (code=exited, status=203/EXEC)

Feb 15 08:39:58 dc1 systemd[1]: Starting Samba Active Directory Domain Controller...
Feb 15 08:39:58 dc1 systemd[1]: samba-ad-dc.service: Control process exited, code=exited status=203
Feb 15 08:39:58 dc1 systemd[1]: samba-ad-dc.service: Failed with result 'exit-code'.
Feb 15 08:39:58 dc1 systemd[1]: Failed to start Samba Active Directory Domain Controller.

SAMBA AD DC service cannot start because SELINUX is enabled on CentOS 8.1.
We will see later.


# reboot

Start Samba AD DC manually.

# samba -D

Create a reverse zone in Samba Internal DNS Backend.

# samba-tool dns zonecreate 192.168.1.10 1.168.192.in-addr.arpa -U administrator

Output:

Password for [TEO-EN-MING\administrator]:
Zone 1.168.192.in-addr.arpa created successfully

Configuring Kerberos
====================

cp /usr/local/samba/private/krb5.conf /etc/krb5.conf

Starting Samba AD DC Manually.

# samba -D

Verifying the File Server.
==========================

$ smbclient -L localhost -U%

Output:

	Sharename       Type      Comment
	---------       ----      -------
	sysvol          Disk      
	netlogon        Disk      
	IPC$            IPC       IPC Service (Samba 4.11.6)
SMB1 disabled -- no workgroup available

$ smbclient //localhost/netlogon -UAdministrator -c 'ls'

Output:

Enter TEO-EN-MING\Administrator's password: 
  .                                   D        0  Fri Feb 14 22:56:17 2020
  ..                                  D        0  Fri Feb 14 22:56:24 2020

		17811456 blocks of size 1024. 12025652 blocks available

Verifying DNS (Failed)
======================

# killall dnsmasq

$ host -t SRV _ldap._tcp.teo-en-ming.corp.

Output: 

Host _ldap._tcp.teo-en-ming.corp. not found: 3(NXDOMAIN)


$ host -t SRV _kerberos._udp.teo-en-ming.corp.

Output: 

Host _kerberos._udp.teo-en-ming.corp. not found: 3(NXDOMAIN)

$ host -t A dc1.teo-en-ming.corp.

Output:

Host dc1.teo-en-ming.corp. not found: 3(NXDOMAIN)

I am unable to find the above DNS records because Network Manager keeps overwriting /etc/resolv.conf
As a result, I am always looking up the WRONG DNS server.

Verifying Kerberos
==================

$ kinit administrator

Output:

kinit: Cannot find KDC for realm "TEO-EN-MING.CORP" while getting initial credentials

The above problem is also due to Network Manager keeps overwriting /etc/resolv.conf.
As a result, I am always looking up the WRONG DNS server.

TROUBLESHOOTING: DISABLE SELINUX ON CENTOS 8.1
==============================================

$ sestatus

Output:

SELinux status:                 enabled
SELinuxfs mount:                /sys/fs/selinux
SELinux root directory:         /etc/selinux
Loaded policy name:             targeted
Current mode:                   enforcing
Mode from config file:          enforcing
Policy MLS status:              enabled
Policy deny_unknown status:     allowed
Memory protection checking:     actual (secure)
Max kernel policy version:      31

# nano /etc/sysconfig/selinux

Change from SELINUX=enforcing to SELINUX=disabled

# reboot

$ sestatus

SELinux status:                 disabled

After disabling SELINUX, now we can start Samba AD DC successfully.

# systemctl status samba-ad-dc

Output:

● samba-ad-dc.service - Samba Active Directory Domain Controller
   Loaded: loaded (/etc/systemd/system/samba-ad-dc.service; enabled; vendor preset: disabled)
   Active: active (running) since Sat 2020-02-15 08:50:22 +08; 1min 0s ago
  Process: 1084 ExecStart=/usr/local/samba/sbin/samba -D (code=exited, status=0/SUCCESS)
 Main PID: 1131 (samba)
    Tasks: 44 (limit: 23972)
   Memory: 261.8M
   CGroup: /system.slice/samba-ad-dc.service
           ├─1131 /usr/local/samba/sbin/samba -D
           ├─1375 /usr/local/samba/sbin/samba -D
           ├─1376 /usr/local/samba/sbin/samba -D
           ├─1377 /usr/local/samba/sbin/samba -D
           ├─1379 /usr/local/samba/sbin/samba -D
           ├─1380 /usr/local/samba/sbin/samba -D
           ├─1387 /usr/local/samba/sbin/smbd -D --option=server role check:inhibit=yes --foreground
           ├─1389 /usr/local/samba/sbin/samba -D
           ├─1391 /usr/local/samba/sbin/samba -D
           ├─1392 /usr/local/samba/sbin/samba -D
           ├─1393 /usr/local/samba/sbin/samba -D
           ├─1396 /usr/local/samba/sbin/samba -D
           ├─1398 /usr/local/samba/sbin/samba -D
           ├─1399 /usr/local/samba/sbin/samba -D
           ├─1403 /usr/local/samba/sbin/samba -D
           ├─1404 /usr/local/samba/sbin/samba -D
           ├─1407 /usr/local/samba/sbin/samba -D
           ├─1408 /usr/local/samba/sbin/samba -D
           ├─1409 /usr/local/samba/sbin/samba -D
           ├─1411 /usr/local/samba/sbin/samba -D
           ├─1412 /usr/local/samba/sbin/samba -D
           ├─1413 /usr/local/samba/sbin/samba -D
           ├─1415 /usr/local/samba/sbin/samba -D
           ├─1416 /usr/local/samba/sbin/samba -D
           ├─1418 /usr/local/samba/sbin/samba -D
           ├─1419 /usr/local/samba/sbin/samba -D
           ├─1420 /usr/local/samba/sbin/samba -D
           ├─1422 /usr/local/samba/sbin/samba -D
           ├─1423 /usr/local/samba/sbin/samba -D
           ├─1424 /usr/local/samba/sbin/winbindd -D --option=server role check:inhibit=yes --foreground
           ├─1426 /usr/local/samba/sbin/samba -D
           ├─1427 /usr/local/samba/sbin/samba -D
           ├─1429 /usr/local/samba/sbin/samba -D
           ├─1464 /usr/local/samba/sbin/smbd -D --option=server role check:inhibit=yes --foreground
           ├─1465 /usr/local/samba/sbin/smbd -D --option=server role check:inhibit=yes --foreground
           ├─1469 /usr/local/samba/sbin/smbd -D --option=server role check:inhibit=yes --foreground
           ├─1490 /usr/local/samba/sbin/samba -D
           ├─1492 /usr/local/samba/sbin/samba -D
           ├─1493 /usr/local/samba/sbin/samba -D
           ├─1495 /usr/local/samba/sbin/samba -D
           ├─1496 /usr/local/samba/sbin/samba -D
           ├─1498 /usr/local/samba/sbin/samba -D
           ├─1499 /usr/local/samba/sbin/samba -D
           └─1501 /usr/local/samba/sbin/samba -D

Feb 15 08:50:25 dc1 samba[1131]: [2020/02/15 08:50:25.778777,  0] ../../source4/smbd/process_prefork.c:512(prefork_child_pipe_handler)
Feb 15 08:50:25 dc1 samba[1131]:   prefork_child_pipe_handler: Parent 1131, Child 1406 exited with status 0
Feb 15 08:50:27 dc1 smbd[1387]: [2020/02/15 08:50:27.634592,  0] ../../lib/util/become_daemon.c:136(daemon_ready)
Feb 15 08:50:27 dc1 smbd[1387]:   daemon_ready: daemon 'smbd' finished starting up and ready to serve connections
Feb 15 08:50:27 dc1 winbindd[1424]: [2020/02/15 08:50:27.761081,  0] ../../source3/winbindd/winbindd_cache.c:3166(initialize_winbindd_cache)
Feb 15 08:50:27 dc1 winbindd[1424]:   initialize_winbindd_cache: clearing cache and re-creating with version number 2
Feb 15 08:50:27 dc1 winbindd[1424]: [2020/02/15 08:50:27.770049,  0] ../../lib/util/become_daemon.c:136(daemon_ready)
Feb 15 08:50:27 dc1 winbindd[1424]:   daemon_ready: daemon 'winbindd' finished starting up and ready to serve connections
Feb 15 08:50:27 dc1 samba[1426]: [2020/02/15 08:50:27.870385,  0] ../../lib/util/util_runcmd.c:352(samba_runcmd_io_handler)
Feb 15 08:50:27 dc1 samba[1426]:   /usr/local/samba/sbin/samba_dnsupdate: WARNING: no network interfaces found

We need to kill dnsmasq so that Samba's internal DNS server can start.

# killall dnsmasq

# systemctl restart samba-ad-dc

# systemctl status samba-ad-dc

● samba-ad-dc.service - Samba Active Directory Domain Controller
   Loaded: loaded (/etc/systemd/system/samba-ad-dc.service; enabled; vendor preset: disabled)
   Active: active (running) since Sat 2020-02-15 08:53:28 +08; 21s ago
  Process: 2512 ExecStart=/usr/local/samba/sbin/samba -D (code=exited, status=0/SUCCESS)
 Main PID: 2514 (samba)
    Tasks: 58 (limit: 23972)
   Memory: 215.6M
   CGroup: /system.slice/samba-ad-dc.service
           ├─2514 /usr/local/samba/sbin/samba -D
           ├─2516 /usr/local/samba/sbin/samba -D
           ├─2517 /usr/local/samba/sbin/samba -D
           ├─2518 /usr/local/samba/sbin/samba -D
           ├─2519 /usr/local/samba/sbin/samba -D
           ├─2520 /usr/local/samba/sbin/samba -D
           ├─2521 /usr/local/samba/sbin/samba -D
           ├─2522 /usr/local/samba/sbin/smbd -D --option=server role check:inhibit=yes --foreground
           ├─2523 /usr/local/samba/sbin/samba -D
           ├─2524 /usr/local/samba/sbin/samba -D
           ├─2525 /usr/local/samba/sbin/samba -D
           ├─2526 /usr/local/samba/sbin/samba -D
           ├─2527 /usr/local/samba/sbin/samba -D
           ├─2528 /usr/local/samba/sbin/samba -D
           ├─2529 /usr/local/samba/sbin/samba -D
           ├─2530 /usr/local/samba/sbin/samba -D
           ├─2531 /usr/local/samba/sbin/samba -D
           ├─2532 /usr/local/samba/sbin/samba -D
           ├─2533 /usr/local/samba/sbin/samba -D
           ├─2534 /usr/local/samba/sbin/samba -D
           ├─2535 /usr/local/samba/sbin/samba -D
           ├─2536 /usr/local/samba/sbin/samba -D
           ├─2537 /usr/local/samba/sbin/samba -D
           ├─2538 /usr/local/samba/sbin/samba -D
           ├─2539 /usr/local/samba/sbin/samba -D
           ├─2540 /usr/local/samba/sbin/samba -D
           ├─2541 /usr/local/samba/sbin/samba -D
           ├─2542 /usr/local/samba/sbin/samba -D
           ├─2543 /usr/local/samba/sbin/samba -D
           ├─2544 /usr/local/samba/sbin/samba -D
           ├─2545 /usr/local/samba/sbin/samba -D
           ├─2546 /usr/local/samba/sbin/samba -D
           ├─2547 /usr/local/samba/sbin/samba -D
           ├─2548 /usr/local/samba/sbin/samba -D
           ├─2549 /usr/local/samba/sbin/samba -D
           ├─2550 /usr/local/samba/sbin/samba -D
           ├─2551 /usr/local/samba/sbin/samba -D
           ├─2552 /usr/local/samba/sbin/samba -D
           ├─2553 /usr/local/samba/sbin/winbindd -D --option=server role check:inhibit=yes --foreground
           ├─2554 /usr/local/samba/sbin/samba -D
           ├─2555 /usr/local/samba/sbin/samba -D
           ├─2556 /usr/local/samba/sbin/samba -D
           ├─2557 /usr/local/samba/sbin/samba -D
           ├─2558 /usr/local/samba/sbin/samba -D
           ├─2559 /usr/local/samba/sbin/samba -D
           ├─2560 /usr/local/samba/sbin/samba -D
           ├─2562 /usr/local/samba/sbin/samba -D
           ├─2569 /usr/local/samba/sbin/smbd -D --option=server role check:inhibit=yes --foreground
           ├─2570 /usr/local/samba/sbin/smbd -D --option=server role check:inhibit=yes --foreground
           ├─2571 /usr/local/samba/sbin/smbd -D --option=server role check:inhibit=yes --foreground
           ├─2572 /usr/local/samba/sbin/samba -D
           ├─2573 /usr/local/samba/sbin/samba -D
           ├─2574 /usr/local/samba/sbin/samba -D
           ├─2575 /usr/local/samba/sbin/samba -D
           ├─2576 /usr/local/samba/sbin/samba -D
           ├─2577 /usr/local/samba/sbin/samba -D
           ├─2578 /usr/local/samba/sbin/samba -D
           └─2579 /usr/local/samba/sbin/samba -D

Feb 15 08:53:38 dc1 samba[2556]: [2020/02/15 08:53:38.742774,  0] ../../lib/util/util_runcmd.c:352(samba_runcmd_io_handler)
Feb 15 08:53:38 dc1 samba[2556]:   /usr/local/samba/sbin/samba_dnsupdate:   File "/usr/local/samba/lib64/python3.6/site-packages/samba/netcmd/dns.py", line 945, in run
Feb 15 08:53:38 dc1 samba[2556]: [2020/02/15 08:53:38.742787,  0] ../../lib/util/util_runcmd.c:352(samba_runcmd_io_handler)
Feb 15 08:53:38 dc1 samba[2556]:   /usr/local/samba/sbin/samba_dnsupdate:     raise e
Feb 15 08:53:38 dc1 samba[2556]: [2020/02/15 08:53:38.742800,  0] ../../lib/util/util_runcmd.c:352(samba_runcmd_io_handler)
Feb 15 08:53:38 dc1 samba[2556]:   /usr/local/samba/sbin/samba_dnsupdate:   File "/usr/local/samba/lib64/python3.6/site-packages/samba/netcmd/dns.py", line 941, in run
Feb 15 08:53:38 dc1 samba[2556]: [2020/02/15 08:53:38.742813,  0] ../../lib/util/util_runcmd.c:352(samba_runcmd_io_handler)
Feb 15 08:53:38 dc1 samba[2556]:   /usr/local/samba/sbin/samba_dnsupdate:     0, server, zone, name, add_rec_buf, None)
Feb 15 08:53:38 dc1 samba[2556]: [2020/02/15 08:53:38.767521,  0] ../../source4/dsdb/dns/dns_update.c:331(dnsupdate_nameupdate_done)
Feb 15 08:53:38 dc1 samba[2556]:   dnsupdate_nameupdate_done: Failed DNS update with exit code 39


Testing your Samba AD DC
========================

# killall dnsmasq

# systemctl restart samba-ad-dc

Verifying the File Server
=========================

$ smbclient -L localhost -U%

Output:


	Sharename       Type      Comment
	---------       ----      -------
	sysvol          Disk      
	netlogon        Disk      
	IPC$            IPC       IPC Service (Samba 4.11.6)
SMB1 disabled -- no workgroup available

$ smbclient //localhost/netlogon -UAdministrator -c 'ls'

Output:

Enter TEO-EN-MING\Administrator's password: 
  .                                   D        0  Fri Feb 14 22:56:17 2020
  ..                                  D        0  Fri Feb 14 22:56:24 2020

		17811456 blocks of size 1024. 12018876 blocks available

Verifying DNS (Failed again)
============================

$ host -t SRV _ldap._tcp.teo-en-ming.corp.

Output:

Host _ldap._tcp.teo-en-ming.corp. not found: 3(NXDOMAIN)

Unable to find above DNS record because Network Manager is always overwriting /etc/resolv.conf
As a result, I am always looking up the WRONG DNS server.

# systemctl stop samba-ad-dc

TROUBLESHOOTING AGAIN
=====================

Re-provisioning the Samba AD DC, using Samba Internal DNS Backend again.

# samba-tool domain provision --use-rfc2307 --interactive

Output:

Realm [TEO-EN-MING.CORP]:  
Domain [TEO-EN-MING]:  
Server Role (dc, member, standalone) [dc]:  
DNS backend (SAMBA_INTERNAL, BIND9_FLATFILE, BIND9_DLZ, NONE) [SAMBA_INTERNAL]:  
DNS forwarder IP address (write 'none' to disable forwarding) [8.8.8.8]:  
Administrator password: 
Retype password: 
INFO 2020-02-15 09:01:10,638 pid:2672 /usr/local/samba/lib64/python3.6/site-packages/samba/provision/__init__.py #2128: Looking up IPv4 addresses
WARNING 2020-02-15 09:01:10,638 pid:2672 /usr/local/samba/lib64/python3.6/site-packages/samba/provision/__init__.py #2134: More than one IPv4 address found. Using 192.168.1.10
INFO 2020-02-15 09:01:10,638 pid:2672 /usr/local/samba/lib64/python3.6/site-packages/samba/provision/__init__.py #2145: Looking up IPv6 addresses
WARNING 2020-02-15 09:01:10,639 pid:2672 /usr/local/samba/lib64/python3.6/site-packages/samba/provision/__init__.py #2150: More than one IPv6 address found. Using 2401:7400:c802:de67::14c2
INFO 2020-02-15 09:01:11,057 pid:2672 /usr/local/samba/lib64/python3.6/site-packages/samba/provision/__init__.py #2323: Setting up secrets.ldb
INFO 2020-02-15 09:01:11,436 pid:2672 /usr/local/samba/lib64/python3.6/site-packages/samba/provision/__init__.py #2329: Setting up the registry
INFO 2020-02-15 09:01:11,620 pid:2672 /usr/local/samba/lib64/python3.6/site-packages/samba/provision/__init__.py #2332: Setting up the privileges database
INFO 2020-02-15 09:01:12,200 pid:2672 /usr/local/samba/lib64/python3.6/site-packages/samba/provision/__init__.py #2335: Setting up idmap db
INFO 2020-02-15 09:01:12,667 pid:2672 /usr/local/samba/lib64/python3.6/site-packages/samba/provision/__init__.py #2342: Setting up SAM db
INFO 2020-02-15 09:01:12,817 pid:2672 /usr/local/samba/lib64/python3.6/site-packages/samba/provision/__init__.py #898: Setting up sam.ldb partitions and settings
INFO 2020-02-15 09:01:12,820 pid:2672 /usr/local/samba/lib64/python3.6/site-packages/samba/provision/__init__.py #910: Setting up sam.ldb rootDSE
INFO 2020-02-15 09:01:12,893 pid:2672 /usr/local/samba/lib64/python3.6/site-packages/samba/provision/__init__.py #1339: Pre-loading the Samba 4 and AD schema
Unable to determine the DomainSID, can not enforce uniqueness constraint on local domainSIDs

INFO 2020-02-15 09:01:13,093 pid:2672 /usr/local/samba/lib64/python3.6/site-packages/samba/provision/__init__.py #1417: Adding DomainDN: DC=teo-en-ming,DC=corp
INFO 2020-02-15 09:01:13,201 pid:2672 /usr/local/samba/lib64/python3.6/site-packages/samba/provision/__init__.py #1449: Adding configuration container
INFO 2020-02-15 09:01:13,342 pid:2672 /usr/local/samba/lib64/python3.6/site-packages/samba/provision/__init__.py #1464: Setting up sam.ldb schema
INFO 2020-02-15 09:01:16,649 pid:2672 /usr/local/samba/lib64/python3.6/site-packages/samba/provision/__init__.py #1482: Setting up sam.ldb configuration data
INFO 2020-02-15 09:01:16,794 pid:2672 /usr/local/samba/lib64/python3.6/site-packages/samba/provision/__init__.py #1523: Setting up display specifiers
INFO 2020-02-15 09:01:19,013 pid:2672 /usr/local/samba/lib64/python3.6/site-packages/samba/provision/__init__.py #1531: Modifying display specifiers and extended rights
INFO 2020-02-15 09:01:19,053 pid:2672 /usr/local/samba/lib64/python3.6/site-packages/samba/provision/__init__.py #1538: Adding users container
INFO 2020-02-15 09:01:19,056 pid:2672 /usr/local/samba/lib64/python3.6/site-packages/samba/provision/__init__.py #1544: Modifying users container
INFO 2020-02-15 09:01:19,057 pid:2672 /usr/local/samba/lib64/python3.6/site-packages/samba/provision/__init__.py #1547: Adding computers container
INFO 2020-02-15 09:01:19,060 pid:2672 /usr/local/samba/lib64/python3.6/site-packages/samba/provision/__init__.py #1553: Modifying computers container
INFO 2020-02-15 09:01:19,061 pid:2672 /usr/local/samba/lib64/python3.6/site-packages/samba/provision/__init__.py #1557: Setting up sam.ldb data
INFO 2020-02-15 09:01:19,199 pid:2672 /usr/local/samba/lib64/python3.6/site-packages/samba/provision/__init__.py #1587: Setting up well known security principals
INFO 2020-02-15 09:01:19,261 pid:2672 /usr/local/samba/lib64/python3.6/site-packages/samba/provision/__init__.py #1601: Setting up sam.ldb users and groups
INFO 2020-02-15 09:01:19,564 pid:2672 /usr/local/samba/lib64/python3.6/site-packages/samba/provision/__init__.py #1609: Setting up self join
Repacking database from v1 to v2 format (first record CN=MSMQ-Sign-Certificates-Mig,CN=Schema,CN=Configuration,DC=teo-en-ming,DC=corp)
Repack: re-packed 10000 records so far
Repacking database from v1 to v2 format (first record CN=lostAndFound-Display,CN=411,CN=DisplaySpecifiers,CN=Configuration,DC=teo-en-ming,DC=corp)
Repacking database from v1 to v2 format (first record CN=5e1574f6-55df-493e-a671-aaeffca6a100,CN=Operations,CN=DomainUpdates,CN=System,DC=teo-en-ming,DC=corp)
INFO 2020-02-15 09:01:21,879 pid:2672 /usr/local/samba/lib64/python3.6/site-packages/samba/provision/sambadns.py #1138: Adding DNS accounts
INFO 2020-02-15 09:01:22,122 pid:2672 /usr/local/samba/lib64/python3.6/site-packages/samba/provision/sambadns.py #1172: Creating CN=MicrosoftDNS,CN=System,DC=teo-en-ming,DC=corp
INFO 2020-02-15 09:01:22,144 pid:2672 /usr/local/samba/lib64/python3.6/site-packages/samba/provision/sambadns.py #1185: Creating DomainDnsZones and ForestDnsZones partitions
INFO 2020-02-15 09:01:22,393 pid:2672 /usr/local/samba/lib64/python3.6/site-packages/samba/provision/sambadns.py #1190: Populating DomainDnsZones and ForestDnsZones partitions
Repacking database from v1 to v2 format (first record DC=l.root-servers.net,DC=RootDNSServers,CN=MicrosoftDNS,DC=DomainDnsZones,DC=teo-en-ming,DC=corp)
Repacking database from v1 to v2 format (first record DC=gc,DC=_msdcs.teo-en-ming.corp,CN=MicrosoftDNS,DC=ForestDnsZones,DC=teo-en-ming,DC=corp)
INFO 2020-02-15 09:01:23,163 pid:2672 /usr/local/samba/lib64/python3.6/site-packages/samba/provision/__init__.py #2032: Setting up sam.ldb rootDSE marking as synchronized
INFO 2020-02-15 09:01:23,213 pid:2672 /usr/local/samba/lib64/python3.6/site-packages/samba/provision/__init__.py #2037: Fixing provision GUIDs
INFO 2020-02-15 09:01:24,265 pid:2672 /usr/local/samba/lib64/python3.6/site-packages/samba/provision/__init__.py #2395: A Kerberos configuration suitable for Samba AD has been generated at /usr/local/samba/private/krb5.conf
INFO 2020-02-15 09:01:24,265 pid:2672 /usr/local/samba/lib64/python3.6/site-packages/samba/provision/__init__.py #2396: Merge the contents of this file with your system krb5.conf or replace it with this one. Do not create a symlink!
INFO 2020-02-15 09:01:24,581 pid:2672 /usr/local/samba/lib64/python3.6/site-packages/samba/provision/__init__.py #2102: Setting up fake yp server settings
INFO 2020-02-15 09:01:24,772 pid:2672 /usr/local/samba/lib64/python3.6/site-packages/samba/provision/__init__.py #491: Once the above files are installed, your Samba AD server will be ready to use
INFO 2020-02-15 09:01:24,772 pid:2672 /usr/local/samba/lib64/python3.6/site-packages/samba/provision/__init__.py #495: Server Role:           active directory domain controller
INFO 2020-02-15 09:01:24,772 pid:2672 /usr/local/samba/lib64/python3.6/site-packages/samba/provision/__init__.py #496: Hostname:              dc1
INFO 2020-02-15 09:01:24,773 pid:2672 /usr/local/samba/lib64/python3.6/site-packages/samba/provision/__init__.py #497: NetBIOS Domain:        TEO-EN-MING
INFO 2020-02-15 09:01:24,773 pid:2672 /usr/local/samba/lib64/python3.6/site-packages/samba/provision/__init__.py #498: DNS Domain:            teo-en-ming.corp
INFO 2020-02-15 09:01:24,773 pid:2672 /usr/local/samba/lib64/python3.6/site-packages/samba/provision/__init__.py #499: DOMAIN SID:            S-1-5-21-3427788993-2190856266-1509719656

# systemctl start samba-ad-dc

Verifying DNS (Failed again)
=============

host -t SRV _ldap._tcp.teo-en-ming.corp.

Output:

Host _ldap._tcp.teo-en-ming.corp. not found: 3(NXDOMAIN)

Unable to find above DNS record because Network Manager is always overwriting /etc/resolv.conf
As a result, I am always looking up the WRONG DNS server.

Installing BIND DNS Server and Using it as the DNS Backend for Samba
====================================================================

# yum install bind

# systemctl stop samba-ad-dc

We are going to use BIND9 as the Samba DNS backend this time.
I changed my mind. I decided not to use Samba's Internal DNS backend.

# samba-tool domain provision --use-rfc2307 --interactive

Output:

Realm [TEO-EN-MING.CORP]:  
Domain [TEO-EN-MING]:  
Server Role (dc, member, standalone) [dc]:  
DNS backend (SAMBA_INTERNAL, BIND9_FLATFILE, BIND9_DLZ, NONE) [SAMBA_INTERNAL]:  BIND9_DLZ
Administrator password: 
Retype password: 
INFO 2020-02-15 09:13:53,976 pid:3479 /usr/local/samba/lib64/python3.6/site-packages/samba/provision/__init__.py #2128: Looking up IPv4 addresses
WARNING 2020-02-15 09:13:53,976 pid:3479 /usr/local/samba/lib64/python3.6/site-packages/samba/provision/__init__.py #2134: More than one IPv4 address found. Using 192.168.1.10
INFO 2020-02-15 09:13:53,976 pid:3479 /usr/local/samba/lib64/python3.6/site-packages/samba/provision/__init__.py #2145: Looking up IPv6 addresses
WARNING 2020-02-15 09:13:53,977 pid:3479 /usr/local/samba/lib64/python3.6/site-packages/samba/provision/__init__.py #2150: More than one IPv6 address found. Using 2401:7400:c802:de67::14c2
INFO 2020-02-15 09:13:54,381 pid:3479 /usr/local/samba/lib64/python3.6/site-packages/samba/provision/__init__.py #2323: Setting up secrets.ldb
INFO 2020-02-15 09:13:54,704 pid:3479 /usr/local/samba/lib64/python3.6/site-packages/samba/provision/__init__.py #2329: Setting up the registry
INFO 2020-02-15 09:13:54,888 pid:3479 /usr/local/samba/lib64/python3.6/site-packages/samba/provision/__init__.py #2332: Setting up the privileges database
INFO 2020-02-15 09:13:55,478 pid:3479 /usr/local/samba/lib64/python3.6/site-packages/samba/provision/__init__.py #2335: Setting up idmap db
INFO 2020-02-15 09:13:55,819 pid:3479 /usr/local/samba/lib64/python3.6/site-packages/samba/provision/__init__.py #2342: Setting up SAM db
INFO 2020-02-15 09:13:55,886 pid:3479 /usr/local/samba/lib64/python3.6/site-packages/samba/provision/__init__.py #898: Setting up sam.ldb partitions and settings
INFO 2020-02-15 09:13:55,888 pid:3479 /usr/local/samba/lib64/python3.6/site-packages/samba/provision/__init__.py #910: Setting up sam.ldb rootDSE
INFO 2020-02-15 09:13:55,945 pid:3479 /usr/local/samba/lib64/python3.6/site-packages/samba/provision/__init__.py #1339: Pre-loading the Samba 4 and AD schema
Unable to determine the DomainSID, can not enforce uniqueness constraint on local domainSIDs

INFO 2020-02-15 09:13:56,187 pid:3479 /usr/local/samba/lib64/python3.6/site-packages/samba/provision/__init__.py #1417: Adding DomainDN: DC=teo-en-ming,DC=corp
INFO 2020-02-15 09:13:56,362 pid:3479 /usr/local/samba/lib64/python3.6/site-packages/samba/provision/__init__.py #1449: Adding configuration container
INFO 2020-02-15 09:13:56,518 pid:3479 /usr/local/samba/lib64/python3.6/site-packages/samba/provision/__init__.py #1464: Setting up sam.ldb schema
INFO 2020-02-15 09:13:59,846 pid:3479 /usr/local/samba/lib64/python3.6/site-packages/samba/provision/__init__.py #1482: Setting up sam.ldb configuration data
INFO 2020-02-15 09:13:59,991 pid:3479 /usr/local/samba/lib64/python3.6/site-packages/samba/provision/__init__.py #1523: Setting up display specifiers
INFO 2020-02-15 09:14:02,238 pid:3479 /usr/local/samba/lib64/python3.6/site-packages/samba/provision/__init__.py #1531: Modifying display specifiers and extended rights
INFO 2020-02-15 09:14:02,279 pid:3479 /usr/local/samba/lib64/python3.6/site-packages/samba/provision/__init__.py #1538: Adding users container
INFO 2020-02-15 09:14:02,280 pid:3479 /usr/local/samba/lib64/python3.6/site-packages/samba/provision/__init__.py #1544: Modifying users container
INFO 2020-02-15 09:14:02,282 pid:3479 /usr/local/samba/lib64/python3.6/site-packages/samba/provision/__init__.py #1547: Adding computers container
INFO 2020-02-15 09:14:02,283 pid:3479 /usr/local/samba/lib64/python3.6/site-packages/samba/provision/__init__.py #1553: Modifying computers container
INFO 2020-02-15 09:14:02,284 pid:3479 /usr/local/samba/lib64/python3.6/site-packages/samba/provision/__init__.py #1557: Setting up sam.ldb data
INFO 2020-02-15 09:14:02,425 pid:3479 /usr/local/samba/lib64/python3.6/site-packages/samba/provision/__init__.py #1587: Setting up well known security principals
INFO 2020-02-15 09:14:02,489 pid:3479 /usr/local/samba/lib64/python3.6/site-packages/samba/provision/__init__.py #1601: Setting up sam.ldb users and groups
INFO 2020-02-15 09:14:02,777 pid:3479 /usr/local/samba/lib64/python3.6/site-packages/samba/provision/__init__.py #1609: Setting up self join
Repacking database from v1 to v2 format (first record CN=MS-TS-Property02,CN=Schema,CN=Co