[Samba] Samba AD - Different IP than the existing one assigned

Lionel Monchecourt lionel.monchecourt at free.fr
Thu Feb 27 16:39:28 UTC 2020


Ok, so now :



 

 

Content of  /etc/hosts

 

127.0.0.1   localhost

172.31.6.15 adc1.transmitcorp.com adc1




Now, stop samba. 

Cleanup current data and now setup samba and provision again. 
cleanup /var/lib/samba /var/cache/samba 
Rename smb.conf 

Then provision again, the base is wrong so the AD-DB has wrong data.
>

> I removed smb.conf from /etc/samba

> un the interactive provisioning : 

samba-tool domain provision --use-rfc2307 --interactive

Realm [TRANSMITCORP.COM]:

Domain [TRANSMITCORP]:

Server Role (dc, member, standalone) [dc]:

DNS backend (SAMBA_INTERNAL, BIND9_FLATFILE, BIND9_DLZ, NONE) [SAMBA_INTERNAL]:

DNS forwarder IP address (write 'none' to disable forwarding) [172.31.6.15]: 8.8.8.8

Administrator password:

Retype password:

Looking up IPv4 addresses

Looking up IPv6 addresses

No IPv6 address will be assigned

Setting up secrets.ldb

Setting up the registry

Setting up the privileges database

Setting up idmap db

Setting up SAM db

Setting up sam.ldb partitions and settings

Setting up sam.ldb rootDSE

Pre-loading the Samba 4 and AD schema

Unable to determine the DomainSID, can not enforce uniqueness constraint on local domainSIDs

 

Adding DomainDN: DC=transmitcorp,DC=com

Adding configuration container

Setting up sam.ldb schema

Setting up sam.ldb configuration data

Setting up display specifiers

Modifying display specifiers and extended rights

Adding users container

Modifying users container

Adding computers container

Modifying computers container

Setting up sam.ldb data

Setting up well known security principals

Setting up sam.ldb users and groups

Setting up self join

Adding DNS accounts

Creating CN=MicrosoftDNS,CN=System,DC=transmitcorp,DC=com

Creating DomainDnsZones and ForestDnsZones partitions

Populating DomainDnsZones and ForestDnsZones partitions

Setting up sam.ldb rootDSE marking as synchronized

Fixing provision GUIDs

A Kerberos configuration suitable for Samba AD has been generated at /var/lib/samba/private/krb5.conf

Merge the contents of this file with your system krb5.conf or replace it with this one. Do not create a symlink!

Setting up fake yp server settings

Once the above files are installed, your Samba AD server will be ready to use

Server Role:           active directory domain controller

Hostname:              adc1

NetBIOS Domain:        TRANSMITCORP

DNS Domain:            transmitcorp.com

DOMAIN SID:            S-1-5-21-635820313-3681016748-1899333284

 

As mentioned, made the link to new brb5.conf file : 

root at TransmitCorp/etc# mv /etc/krb5.conf /etc/krb5.conf.initial

root at TransmitCorp/etc# ln -s /var/lib/samba/private/krb5.conf /etc/

 

try to start the service with 

service samba-ad-dc start

and get

 

Job for samba-ad-dc.service failed because the control process exited with error code.

See "systemctl status samba-ad-dc.service" and "journalctl -xe" for details.

 

With 

root at TransmitCorp~# service samba-ad-dc start

Job for samba-ad-dc.service failed because the control process exited with error code.

See "systemctl status samba-ad-dc.service" and "journalctl -xe" for details.

root at TransmitCorp~# ^C

root at TransmitCorp~# more /tmpservice samba-ad-dc status

● samba-ad-dc.service - Samba AD Daemon

   Loaded: loaded (/lib/systemd/system/samba-ad-dc.service; disabled; vendor preset: enabled)

   Active: failed (Result: exit-code) since Thu 2020-02-27 16:35:18 UTC; 2min 22s ago

     Docs: man:samba(8)

           man:samba(7)

           man:smb.conf(5)

  Process: 17808 ExecStart=/usr/sbin/samba --foreground --no-process-group $SAMBAOPTIONS (code=exited, status=1/FAILURE)

Main PID: 17808 (code=exited, status=1/FAILURE)

 

Feb 27 16:35:18 adc1 samba[17837]: task[ldapsrv][17837]: [2020/02/27 16:35:18.492522,  0] ../source4/smbd/service_stream.c:371(stream_setup_socket)

Feb 27 16:35:18 adc1 samba[17837]: task[ldapsrv][17837]:   stream_setup_socket: Failed to listen on 0.0.0.0:389 - NT_STATUS_ADDRESS_ALREADY_ASSOCIATED

Feb 27 16:35:18 adc1 samba[17837]: task[ldapsrv][17837]: [2020/02/27 16:35:18.492563,  0] ../source4/ldap_server/ldap_server.c:1036(add_socket)

Feb 27 16:35:18 adc1 samba[17837]: task[ldapsrv][17837]:   ldapsrv failed to bind to 0.0.0.0:389 - NT_STATUS_ADDRESS_ALREADY_ASSOCIATED

Feb 27 16:35:18 adc1 samba[17837]: task[ldapsrv][17837]: [2020/02/27 16:35:18.492584,  0] ../source4/smbd/service_task.c:36(task_server_terminate)

Feb 27 16:35:18 adc1 samba[17837]: task[ldapsrv][17837]:   task_server_terminate: task_server_terminate: [Failed to startup ldap server task]

Feb 27 16:35:18 adc1 samba[17837]: task[ldapsrv][17837]: [2020/02/27 16:35:18.492733,  0] ../source4/smbd/process_standard.c:81(sigterm_signal_handler)

Feb 27 16:35:18 adc1 samba[17837]: task[ldapsrv][17837]:   sigterm_signal_handler: Exiting pid 17837 on SIGTERM

Feb 27 16:35:18 adc1 systemd[1]: samba-ad-dc.service: Failed with result 'exit-code'.

Feb 27 16:35:18 adc1 systemd[1]: Failed to start Samba AD Daemon.

 

Output of the check script : 

 

Collected config  --- 2020-02-27-16:30 -----------

 

Hostname: adc1

DNS Domain: transmitcorp.com

FQDN: adc1.transmitcorp.com

ipaddress: 172.31.6.15

-----------

WARNING: kinit Administrator will fail and this needs to be fixed first.

unable to verify DNS kerberos._tcp SRV records

 

Server:         172.31.6.15

Address:        172.31.6.15#53

 

** server can't find _kerberos._tcp.transmitcorp.com: NXDOMAIN

 

 

I checked, nothing running on port 389 …


Greetz,

Louis





-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba



More information about the samba mailing list