[Samba] Samba AD - Different IP than the existing one assigned
Lionel Monchecourt
lionel.monchecourt at free.fr
Thu Feb 27 16:39:28 UTC 2020
Ok, so now :
Content of /etc/hosts
127.0.0.1 localhost
172.31.6.15 adc1.transmitcorp.com adc1
Now, stop samba.
Cleanup current data and now setup samba and provision again.
cleanup /var/lib/samba /var/cache/samba
Rename smb.conf
Then provision again, the base is wrong so the AD-DB has wrong data.
>
> I removed smb.conf from /etc/samba
> un the interactive provisioning :
samba-tool domain provision --use-rfc2307 --interactive
Realm [TRANSMITCORP.COM]:
Domain [TRANSMITCORP]:
Server Role (dc, member, standalone) [dc]:
DNS backend (SAMBA_INTERNAL, BIND9_FLATFILE, BIND9_DLZ, NONE) [SAMBA_INTERNAL]:
DNS forwarder IP address (write 'none' to disable forwarding) [172.31.6.15]: 8.8.8.8
Administrator password:
Retype password:
Looking up IPv4 addresses
Looking up IPv6 addresses
No IPv6 address will be assigned
Setting up secrets.ldb
Setting up the registry
Setting up the privileges database
Setting up idmap db
Setting up SAM db
Setting up sam.ldb partitions and settings
Setting up sam.ldb rootDSE
Pre-loading the Samba 4 and AD schema
Unable to determine the DomainSID, can not enforce uniqueness constraint on local domainSIDs
Adding DomainDN: DC=transmitcorp,DC=com
Adding configuration container
Setting up sam.ldb schema
Setting up sam.ldb configuration data
Setting up display specifiers
Modifying display specifiers and extended rights
Adding users container
Modifying users container
Adding computers container
Modifying computers container
Setting up sam.ldb data
Setting up well known security principals
Setting up sam.ldb users and groups
Setting up self join
Adding DNS accounts
Creating CN=MicrosoftDNS,CN=System,DC=transmitcorp,DC=com
Creating DomainDnsZones and ForestDnsZones partitions
Populating DomainDnsZones and ForestDnsZones partitions
Setting up sam.ldb rootDSE marking as synchronized
Fixing provision GUIDs
A Kerberos configuration suitable for Samba AD has been generated at /var/lib/samba/private/krb5.conf
Merge the contents of this file with your system krb5.conf or replace it with this one. Do not create a symlink!
Setting up fake yp server settings
Once the above files are installed, your Samba AD server will be ready to use
Server Role: active directory domain controller
Hostname: adc1
NetBIOS Domain: TRANSMITCORP
DNS Domain: transmitcorp.com
DOMAIN SID: S-1-5-21-635820313-3681016748-1899333284
As mentioned, made the link to new brb5.conf file :
root at TransmitCorp/etc# mv /etc/krb5.conf /etc/krb5.conf.initial
root at TransmitCorp/etc# ln -s /var/lib/samba/private/krb5.conf /etc/
try to start the service with
service samba-ad-dc start
and get
Job for samba-ad-dc.service failed because the control process exited with error code.
See "systemctl status samba-ad-dc.service" and "journalctl -xe" for details.
With
root at TransmitCorp~# service samba-ad-dc start
Job for samba-ad-dc.service failed because the control process exited with error code.
See "systemctl status samba-ad-dc.service" and "journalctl -xe" for details.
root at TransmitCorp~# ^C
root at TransmitCorp~# more /tmpservice samba-ad-dc status
● samba-ad-dc.service - Samba AD Daemon
Loaded: loaded (/lib/systemd/system/samba-ad-dc.service; disabled; vendor preset: enabled)
Active: failed (Result: exit-code) since Thu 2020-02-27 16:35:18 UTC; 2min 22s ago
Docs: man:samba(8)
man:samba(7)
man:smb.conf(5)
Process: 17808 ExecStart=/usr/sbin/samba --foreground --no-process-group $SAMBAOPTIONS (code=exited, status=1/FAILURE)
Main PID: 17808 (code=exited, status=1/FAILURE)
Feb 27 16:35:18 adc1 samba[17837]: task[ldapsrv][17837]: [2020/02/27 16:35:18.492522, 0] ../source4/smbd/service_stream.c:371(stream_setup_socket)
Feb 27 16:35:18 adc1 samba[17837]: task[ldapsrv][17837]: stream_setup_socket: Failed to listen on 0.0.0.0:389 - NT_STATUS_ADDRESS_ALREADY_ASSOCIATED
Feb 27 16:35:18 adc1 samba[17837]: task[ldapsrv][17837]: [2020/02/27 16:35:18.492563, 0] ../source4/ldap_server/ldap_server.c:1036(add_socket)
Feb 27 16:35:18 adc1 samba[17837]: task[ldapsrv][17837]: ldapsrv failed to bind to 0.0.0.0:389 - NT_STATUS_ADDRESS_ALREADY_ASSOCIATED
Feb 27 16:35:18 adc1 samba[17837]: task[ldapsrv][17837]: [2020/02/27 16:35:18.492584, 0] ../source4/smbd/service_task.c:36(task_server_terminate)
Feb 27 16:35:18 adc1 samba[17837]: task[ldapsrv][17837]: task_server_terminate: task_server_terminate: [Failed to startup ldap server task]
Feb 27 16:35:18 adc1 samba[17837]: task[ldapsrv][17837]: [2020/02/27 16:35:18.492733, 0] ../source4/smbd/process_standard.c:81(sigterm_signal_handler)
Feb 27 16:35:18 adc1 samba[17837]: task[ldapsrv][17837]: sigterm_signal_handler: Exiting pid 17837 on SIGTERM
Feb 27 16:35:18 adc1 systemd[1]: samba-ad-dc.service: Failed with result 'exit-code'.
Feb 27 16:35:18 adc1 systemd[1]: Failed to start Samba AD Daemon.
Output of the check script :
Collected config --- 2020-02-27-16:30 -----------
Hostname: adc1
DNS Domain: transmitcorp.com
FQDN: adc1.transmitcorp.com
ipaddress: 172.31.6.15
-----------
WARNING: kinit Administrator will fail and this needs to be fixed first.
unable to verify DNS kerberos._tcp SRV records
Server: 172.31.6.15
Address: 172.31.6.15#53
** server can't find _kerberos._tcp.transmitcorp.com: NXDOMAIN
I checked, nothing running on port 389 …
Greetz,
Louis
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
More information about the samba
mailing list