[Samba] Why can't I setup Samba 4.7.6 as Active Directory Domain Controller in Ubuntu 18.04.3 LTS Linux Server?

Turritopsis Dohrnii Teo En Ming ceo at teo-en-ming-corp.com
Mon Jan 27 10:43:16 UTC 2020


Subject: Why can't I setup Samba 4.7.6 as Active Directory Domain Controller in Ubuntu 18.04.3 LTS Linux Server?

Good day from Singapore,

I need your expert advice.

Why can't I setup Samba 4.7.6 as Active Directory Domain Controller in Ubuntu 18.04.3 LTS Linux Server?

By following the guide at https://www.tecmint.com/install-samba4-active-directory-ubuntu/ , I was able to setup Samba 4.3.11 
as Active Directory Domain Controller in Ubuntu 16.04.6 LTS Linux Server successfully.

You may refer to my extremely detailed 115-page PDF manual on how to setup Samba 4.3.11 as Active Directory Domain Controller in Ubuntu 16.04.6 LTS
Linux Server at the following redundant blog links:

Blog Post: Teo En Ming's Setting Up Ubuntu 16.04.6 LTS Linux Server with Samba4 as an Active Directory Domain Controller PDF Manual

[1] http://tdtemcerts.blogspot.com/2020/01/teo-en-mings-setting-up-ubuntu-16046.html

[2] https://tdtemcerts.wordpress.com/2020/01/26/teo-en-mings-setting-up-ubuntu-16-04-6-lts-linux-server-with-samba4-as-an-active-directory-domain-controller-pdf-manual/

So why can't I get Samba 4.7.6 to work as Active Directory Domain Controller in Ubuntu 18.04.3 LTS Linux Server?

In Ubuntu 18.04.3 LTS Linux Server, the Samba version is 4.7.6, not 4.3.11.

Ubuntu 18.04.3 LTS is using netplan instead of /etc/network/interfaces on Ubuntu 16.04.6 LTS.

I also found out that I had to unmask samba-ad-dc.service in Ubuntu 18.04.3 LTS.

Samba 4.7.6's INTERNAL DNS SERVER is only listening on 127.0.0.53, and not on all network interfaces.

teo-en-ming at dc1:~$ sudo netstat -anp | grep -v unix | grep LISTEN
tcp        0      0 127.0.0.53:53           0.0.0.0:*               LISTEN      446/systemd-resolve
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      897/sshd
tcp        0      0 0.0.0.0:88              0.0.0.0:*               LISTEN      1056/samba
tcp        0      0 0.0.0.0:636             0.0.0.0:*               LISTEN      1054/samba
tcp        0      0 0.0.0.0:445             0.0.0.0:*               LISTEN      1052/smbd
tcp        0      0 0.0.0.0:49152           0.0.0.0:*               LISTEN      1043/samba
tcp        0      0 0.0.0.0:49153           0.0.0.0:*               LISTEN      1043/samba
tcp        0      0 0.0.0.0:49154           0.0.0.0:*               LISTEN      1043/samba
tcp        0      0 0.0.0.0:3268            0.0.0.0:*               LISTEN      1054/samba
tcp        0      0 0.0.0.0:3269            0.0.0.0:*               LISTEN      1054/samba
tcp        0      0 0.0.0.0:389             0.0.0.0:*               LISTEN      1054/samba
tcp        0      0 0.0.0.0:135             0.0.0.0:*               LISTEN      1043/samba
tcp        0      0 0.0.0.0:139             0.0.0.0:*               LISTEN      1052/smbd
tcp        0      0 0.0.0.0:464             0.0.0.0:*               LISTEN      1056/samba
tcp6       0      0 :::53                   :::*                    LISTEN      1067/samba
tcp6       0      0 :::22                   :::*                    LISTEN      897/sshd
tcp6       0      0 :::88                   :::*                    LISTEN      1056/samba
tcp6       0      0 :::636                  :::*                    LISTEN      1054/samba
tcp6       0      0 :::445                  :::*                    LISTEN      1052/smbd
tcp6       0      0 :::49152                :::*                    LISTEN      1043/samba
tcp6       0      0 :::49153                :::*                    LISTEN      1043/samba
tcp6       0      0 :::49154                :::*                    LISTEN      1043/samba
tcp6       0      0 :::3268                 :::*                    LISTEN      1054/samba
tcp6       0      0 :::3269                 :::*                    LISTEN      1054/samba
tcp6       0      0 :::389                  :::*                    LISTEN      1054/samba
tcp6       0      0 :::135                  :::*                    LISTEN      1043/samba
tcp6       0      0 :::139                  :::*                    LISTEN      1052/smbd
tcp6       0      0 :::464                  :::*                    LISTEN      1056/samba

Samba 4.7.6 in Ubuntu 18.04.3 LTS Linux Server throws up the following errors:

teo-en-ming at dc1:~$ sudo systemctl status samba-ad-dc.service
● samba-ad-dc.service - Samba AD Daemon
   Loaded: loaded (/lib/systemd/system/samba-ad-dc.service; enabled; vendor preset: enabled)
   Active: active (running) since Mon 2020-01-27 08:52:50 UTC; 17min ago
     Docs: man:samba(8)
           man:samba(7)
           man:smb.conf(5)
 Main PID: 841 (samba)
   Status: "smbd: ready to serve connections..."
    Tasks: 22 (limit: 1108)
   CGroup: /system.slice/samba-ad-dc.service
           ├─ 841 /usr/sbin/samba --foreground --no-process-group
           ├─1042 /usr/sbin/samba --foreground --no-process-group
           ├─1043 /usr/sbin/samba --foreground --no-process-group
           ├─1044 /usr/sbin/samba --foreground --no-process-group
           ├─1051 /usr/sbin/samba --foreground --no-process-group
           ├─1052 /usr/sbin/smbd -D --option=server role check:inhibit=yes --foreground
           ├─1053 /usr/sbin/samba --foreground --no-process-group
           ├─1054 /usr/sbin/samba --foreground --no-process-group
           ├─1055 /usr/sbin/samba --foreground --no-process-group
           ├─1056 /usr/sbin/samba --foreground --no-process-group
           ├─1057 /usr/sbin/samba --foreground --no-process-group
           ├─1058 /usr/sbin/samba --foreground --no-process-group
           ├─1059 /usr/sbin/samba --foreground --no-process-group
           ├─1060 /usr/sbin/samba --foreground --no-process-group
           ├─1064 /usr/sbin/samba --foreground --no-process-group
           ├─1066 /usr/sbin/samba --foreground --no-process-group
           ├─1067 /usr/sbin/samba --foreground --no-process-group
           ├─1068 /usr/sbin/winbindd -D --option=server role check:inhibit=yes --foreground
           ├─1119 /usr/sbin/winbindd -D --option=server role check:inhibit=yes --foreground
           ├─1132 /usr/sbin/smbd -D --option=server role check:inhibit=yes --foreground
           ├─1133 /usr/sbin/smbd -D --option=server role check:inhibit=yes --foreground
           └─1135 /usr/sbin/smbd -D --option=server role check:inhibit=yes --foreground

Jan 27 09:02:47 dc1 samba[1064]: [2020/01/27 09:02:47.965323,  0] ../lib/util/util_runcmd.c:327(samba_runcmd_io_handler)
Jan 27 09:02:47 dc1 samba[1064]:   /usr/sbin/samba_dnsupdate:     elif not check_dns_name(d):
Jan 27 09:02:47 dc1 samba[1064]: [2020/01/27 09:02:47.965357,  0] ../lib/util/util_runcmd.c:327(samba_runcmd_io_handler)
Jan 27 09:02:47 dc1 samba[1064]:   /usr/sbin/samba_dnsupdate:   File "/usr/sbin/samba_dnsupdate", line 319, in check_dns_name
Jan 27 09:02:47 dc1 samba[1064]: [2020/01/27 09:02:47.965432,  0] ../lib/util/util_runcmd.c:327(samba_runcmd_io_handler)
Jan 27 09:02:47 dc1 samba[1064]:   /usr/sbin/samba_dnsupdate:     raise Exception("Unable to contact a working DNS server while looking for %s as %s" % (d, normalised_name))
Jan 27 09:02:47 dc1 samba[1064]: [2020/01/27 09:02:47.965490,  0] ../lib/util/util_runcmd.c:327(samba_runcmd_io_handler)
Jan 27 09:02:47 dc1 samba[1064]:   /usr/sbin/samba_dnsupdate: Exception: Unable to contact a working DNS server while looking for A dc1.teo-en-ming.corp 192.168.1.10 as dc1.teo-en-ming.corp.
Jan 27 09:02:47 dc1 samba[1064]: [2020/01/27 09:02:47.979324,  0] ../source4/dsdb/dns/dns_update.c:290(dnsupdate_nameupdate_done)
Jan 27 09:02:47 dc1 samba[1064]:   ../source4/dsdb/dns/dns_update.c:290: Failed DNS update - with error code 1
teo-en-ming at dc1:~$

I have also found out that provisioning Samba 4.7.6 Active Directory Domain Controller for my domain did not create any DNS records in Samba's INTERNAL DNS Server, as the following examples
show.

teo-en-ming at dc1:~$ dig @127.0.0.53 teo-en-ming.corp

; <<>> DiG 9.11.3-1ubuntu1.11-Ubuntu <<>> @127.0.0.53 teo-en-ming.corp
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 52987
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 65494
;; QUESTION SECTION:
;teo-en-ming.corp.              IN      A

;; Query time: 0 msec
;; SERVER: 127.0.0.53#53(127.0.0.53)
;; WHEN: Mon Jan 27 09:13:37 UTC 2020
;; MSG SIZE  rcvd: 45

teo-en-ming at dc1:~$ dig @127.0.0.53 dc1.teo-en-ming.corp

; <<>> DiG 9.11.3-1ubuntu1.11-Ubuntu <<>> @127.0.0.53 dc1.teo-en-ming.corp
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 51346
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 65494
;; QUESTION SECTION:
;dc1.teo-en-ming.corp.          IN      A

;; Query time: 0 msec
;; SERVER: 127.0.0.53#53(127.0.0.53)
;; WHEN: Mon Jan 27 09:15:16 UTC 2020
;; MSG SIZE  rcvd: 49

teo-en-ming at dc1:~$

May I know what is wrong with Samba 4.7.6 in Ubuntu 18.04.3 LTS Linux Server? Why is Samba 4.7.6 and Ubuntu 18.04.3 LTS behaving so differently from Samba 4.3.11 and Ubuntu 16.04.6 LTS?

Additionally, can I request Samba to emulate Windows Server 2019 Active Directory Domain Controller instead of Windows Server 2008 R2 Active Directory Domain Controller?
Because I am using Windows 10 Professional.

Finally, I am planning to setup Samba4 Active Directory Domain Controller in CentOS 8.1 1911 Linux Server by following the guide at https://wiki.samba.org/index.php/Setting_up_Samba_as_an_Active_Directory_Domain_Controller

I would need to compile Samba from source code myself because Red Hat does not officially support running Samba4 as an Active Directory Domain Controller.

Please advise.

Thank you very much.










-----BEGIN EMAIL SIGNATURE-----

The Gospel for all Targeted Individuals (TIs):

[The New York Times] Microwave Weapons Are Prime Suspect in Ills of
U.S. Embassy Workers

Link: https://www.nytimes.com/2018/09/01/science/sonic-attack-cuba-microwave.html

********************************************************************************************

Singaporean Mr. Turritopsis Dohrnii Teo En Ming's Academic
Qualifications as at 14 Feb 2019 and refugee seeking attempts at the United Nations Refugee Agency Bangkok (21 Mar 2017), in Taiwan (5 Aug 2019) and Australia (25 Dec 2019 to 9 Jan 2020):

[1] https://tdtemcerts.wordpress.com/

[2] https://tdtemcerts.blogspot.sg/

[3] https://www.scribd.com/user/270125049/Teo-En-Ming

-----END EMAIL SIGNATURE-----



More information about the samba mailing list