[Samba] Windows 2016 RSAT not connect with samba4 DC
Rommel Rodriguez Toirac
rommelrt at nauta.cu
Mon Nov 30 15:11:04 UTC 2020
El 30 de noviembre de 2020 3:18:34 GMT-05:00, "L.P.H. van Belle via samba" <samba at lists.samba.org> escribió:
>Hai,
>
>Looks to me there is more going on here.
>
>RSAT tools working fine here since 4.1 upto 4.13.2 now.
>From W7 upto Latest Windows 10 used with latest RSAT tools.
>
>Provide the info of the not working server, like :
>- OS
>- /etc/hosts and resolv.conf
>- replication status and how you checked this.
>
>If the os is ubuntu or debian.
>https://raw.githubusercontent.com/thctlo/samba4/master/samba-collect-debug-info.sh
>
>Run this and and post the content.
>
>Greetz,
>
>Louis
>
>
>> -----Oorspronkelijk bericht-----
>> Van: samba [mailto:samba-bounces at lists.samba.org] Namens
>> Rommel Rodriguez Toirac via samba
>> Verzonden: zaterdag 28 november 2020 2:09
>> Aan: Lista samba4
>> Onderwerp: Re: [Samba] Windows 2016 RSAT not connect with samba4 DC
>>
>> El 27 de noviembre de 2020 17:47:10 GMT-05:00, Michael Howard
>> via samba <samba at lists.samba.org> escribió:
>> >On 27/11/2020 21:20, Rowland penny via samba wrote:
>> >> On 27/11/2020 21:10, Michael Howard via samba wrote:
>> >>> On 27/11/2020 20:42, Rommel Rodriguez Toirac via samba wrote:
>> >>>> Thanks for answer me and to Rowland.
>> >>>> I understand well now, thanks.
>> >>>> But, from Windows 2016 Server I do connect to samba4.
>> >>>>
>> >>>> samba 4.11.2 (my actual ADDC) is management from this
>> Windows 2016,
>> >
>> >>>> but is impossible to connect to a samba 4.13.2 (an adicional DC)
>> >>>> To one yes and to another not. Thit is my question?
>> >>>>
>> >>> Rommel,
>> >>>
>> >>> Uhm, actually, I think had mis-read your situation/problem. Can I
>
>> >>> confirm you can use RSAT on a Server 2016 to manage your Samba
>> >4.11.2
>> >>> instance?
>> >> I am beginning to wonder what he is on about ????
>> >>>
>> >>> Rowland,
>> >>>
>> >>> If the above is correct, what has changed in Samba (if anything),
>
>> >>> since 4.11.2, that would prevent the use of RSAT on
>> Server 2016? Why
>> >
>> >>> would Web Services be running on 4.11.2 and not 4.13.2,
>> if that is
>> >>> what Server 2016 requires?
>> >>
>> >> Initially you could download and install the install RSAT on a
>> >Windows
>> >> server, this has now changed, it has become a web service that
>runs
>> >on
>> >> a DC and you connect to that with RSAT (a different RSAT),
>> Samba has
>> >> never run this web service, so it couldn't have worked
>> with 4.11.2. I
>> >
>> >> think we need more info, but the language barrier isn't
>> helping ????
>> >Ok, thanks. Sounds like the OP is actually running a different RSAT
>> >than
>> >he thinks he is. Maybe it got updated on him, behind his
>> back, in true
>> >Windows fashion!
>>
>>
>>
>> Sorry for all problem with my language.
>>
>> I have installed a Windows 2016 Server Operating System and
>> add the role of DNS, Users and Coputers of Active Directory
>> and others. All of then are into Administrate Tools.
>>
>> Using 'User and Computer of Active Directory' the option
>> 'Conect to another Domain Controller' I connect to samba4
>> 4.11.2 (the Active Directory Domain Controller) and I can see
>> and made the task with Users, Groups and Organizational Units
>> that are created.
>>
>> Using the same procedure, if I try to connect to samba
>> 4.13.2 (additional Domaind Controller) it never happend.
>>
>> Maybe mention RSAT way my mystake in the others messages,
>> sorry for the confution.
>>
>> Maybe, if possible, on Monday I send to the personal email
>> some pictures that clear the view. Is possible?
>>
>> --
>> Rommel Rodriguez Toirac
>> rommelrt at nauta.cu
>>
>> --
>> To unsubscribe from this list go to the following URL and read the
>> instructions: https://lists.samba.org/mailman/options/samba
>>
>>
Now I test from Windows 7 using RSAT and can not connect neather to the samba 4.13.2 (adittional DC)
Here the result of commands asked:
[root at gtmad1 ~]# cat /etc/centos-release
CentOS Linux release 8.2.2004 (Core)
[root at gtmad1 ~]# cat /etc/hosts
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
# --- BEGIN PVE ---
192.168.41.18 gtmad1.gtm.onat.gob.cu gtmad1
# --- END PVE ---
[root at gtmad1 ~]# cat /etc/resolv.conf
# --- BEGIN PVE ---
search gtm.onat.gob.cu
nameserver 192.168.41.18
# --- END PVE ---
[root at gtmad1 ~]# samba-tool drs showrepl
Default-First-Site-Name\GTMAD1
DSA Options: 0x00000001
DSA object GUID: 03d9f4b0-72a5-47cd-b572-a33ae30b73ce
DSA invocationId: 1a022b20-9777-4366-b996-5b27a46aff42
==== INBOUND NEIGHBORS ====
DC=DomainDnsZones,DC=gtm,DC=onat,DC=gob,DC=cu
Default-First-Site-Name\GTMAD via RPC
DSA object GUID: 968f8914-c861-4cd4-96f4-7a233880992c
Last attempt @ Mon Nov 30 09:39:54 2020 CST was successful
0 consecutive failure(s).
Last success @ Mon Nov 30 09:39:54 2020 CST
DC=ForestDnsZones,DC=gtm,DC=onat,DC=gob,DC=cu
Default-First-Site-Name\GTMAD via RPC
DSA object GUID: 968f8914-c861-4cd4-96f4-7a233880992c
Last attempt @ Mon Nov 30 09:39:54 2020 CST was successful
0 consecutive failure(s).
Last success @ Mon Nov 30 09:39:54 2020 CST
CN=Schema,CN=Configuration,DC=gtm,DC=onat,DC=gob,DC=cu
Default-First-Site-Name\GTMAD via RPC
DSA object GUID: 968f8914-c861-4cd4-96f4-7a233880992c
Last attempt @ Mon Nov 30 09:39:54 2020 CST was successful
0 consecutive failure(s).
Last success @ Mon Nov 30 09:39:54 2020 CST
DC=gtm,DC=onat,DC=gob,DC=cu
Default-First-Site-Name\GTMAD via RPC
DSA object GUID: 968f8914-c861-4cd4-96f4-7a233880992c
Last attempt @ Mon Nov 30 09:39:54 2020 CST was successful
0 consecutive failure(s).
Last success @ Mon Nov 30 09:39:54 2020 CST
CN=Configuration,DC=gtm,DC=onat,DC=gob,DC=cu
Default-First-Site-Name\GTMAD via RPC
DSA object GUID: 968f8914-c861-4cd4-96f4-7a233880992c
Last attempt @ Mon Nov 30 09:39:54 2020 CST was successful
0 consecutive failure(s).
Last success @ Mon Nov 30 09:39:54 2020 CST
==== OUTBOUND NEIGHBORS ====
DC=DomainDnsZones,DC=gtm,DC=onat,DC=gob,DC=cu
Default-First-Site-Name\GTMAD via RPC
DSA object GUID: 968f8914-c861-4cd4-96f4-7a233880992c
Last attempt @ NTTIME(0) was successful
0 consecutive failure(s).
Last success @ NTTIME(0)
DC=ForestDnsZones,DC=gtm,DC=onat,DC=gob,DC=cu
Default-First-Site-Name\GTMAD via RPC
DSA object GUID: 968f8914-c861-4cd4-96f4-7a233880992c
Last attempt @ NTTIME(0) was successful
0 consecutive failure(s).
Last success @ NTTIME(0)
CN=Schema,CN=Configuration,DC=gtm,DC=onat,DC=gob,DC=cu
Default-First-Site-Name\GTMAD via RPC
DSA object GUID: 968f8914-c861-4cd4-96f4-7a233880992c
Last attempt @ NTTIME(0) was successful
0 consecutive failure(s).
Last success @ NTTIME(0)
DC=gtm,DC=onat,DC=gob,DC=cu
Default-First-Site-Name\GTMAD via RPC
DSA object GUID: 968f8914-c861-4cd4-96f4-7a233880992c
Last attempt @ NTTIME(0) was successful
0 consecutive failure(s).
Last success @ NTTIME(0)
CN=Configuration,DC=gtm,DC=onat,DC=gob,DC=cu
Default-First-Site-Name\GTMAD via RPC
DSA object GUID: 968f8914-c861-4cd4-96f4-7a233880992c
Last attempt @ NTTIME(0) was successful
0 consecutive failure(s).
Last success @ NTTIME(0)
==== KCC CONNECTION OBJECTS ====
Connection --
Connection name: 0c6a236f-edeb-486a-9791-d75de0564fc4
Enabled : TRUE
Server DNS name : gtmad.gtm.onat.gob.cu
Server DN name : CN=NTDS Settings,CN=GTMAD,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=gtm,DC=onat,DC=gob,DC=cu
TransportType: RPC
options: 0x00000001
Warning: No NC replicated for Connection!
[root at gtmad1 ~]# ./samba-collect-debug-info.sh
Please wait, collecting debug info.
Password for Administrator at GTM.ONAT.GOB.CU: INFO 2020-11-30 09:55:44,894 pid:3983 /usr/local/samba/lib64/python3.6/site-packages/samba/netcmd/testparm.py #96: Loaded smb config files from /etc/samba//smb.conf
INFO 2020-11-30 09:55:44,895 pid:3983 /usr/local/samba/lib64/python3.6/site-packages/samba/netcmd/testparm.py #97: Loaded services file OK.
./samba-collect-debug-info.sh: línea 439: dpkg: no se encontró la orden
The debug info about your system can be found in this file: /tmp/samba-debug-info.txt
Please check this and if required, sanitise it.
Then copy & paste it into an email to the samba list
Do not attach it to the email, the Samba mailing list strips attachments.
[root at gtmad1 ~]# cat /tmp/samba-debug-info.txt
Collected config --- 2020-11-30-09:55 -----------
Hostname: gtmad1
DNS Domain: gtm.onat.gob.cu
FQDN: gtmad1.gtm.onat.gob.cu
ipaddress: 192.168.41.18
-----------
Kerberos SRV _kerberos._tcp.gtm.onat.gob.cu record verified ok, sample output:
Server: 192.168.41.18
Address: 192.168.41.18#53
_kerberos._tcp.gtm.onat.gob.cu service = 0 100 88 gtmad.gtm.onat.gob.cu.
_kerberos._tcp.gtm.onat.gob.cu service = 0 100 88 gtmad1.gtm.onat.gob.cu.
Samba is running as an AD DC
-----------
Checking file: /etc/os-release
NAME="CentOS Linux"
VERSION="8 (Core)"
ID="centos"
ID_LIKE="rhel fedora"
VERSION_ID="8"
PLATFORM_ID="platform:el8"
PRETTY_NAME="CentOS Linux 8 (Core)"
ANSI_COLOR="0;31"
CPE_NAME="cpe:/o:centos:centos:8"
HOME_URL="https://www.centos.org/"
BUG_REPORT_URL="https://bugs.centos.org/"
CENTOS_MANTISBT_PROJECT="CentOS-8"
CENTOS_MANTISBT_PROJECT_VERSION="8"
REDHAT_SUPPORT_PRODUCT="centos"
REDHAT_SUPPORT_PRODUCT_VERSION="8"
-----------
This computer is running an unknown distribution x86_64
-----------
running command : ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
inet6 ::1/128 scope host
2: eth0 at if53: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
link/ether 7a:d6:5a:bc:a6:fa brd ff:ff:ff:ff:ff:ff link-netnsid 0
inet 192.168.41.18/24 brd 192.168.41.255 scope global noprefixroute eth0
inet6 fe80::78d6:5aff:febc:a6fa/64 scope link
-----------
Checking file: /etc/hosts
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
# --- BEGIN PVE ---
192.168.41.18 gtmad1.gtm.onat.gob.cu gtmad1
# --- END PVE ---
-----------
Checking file: /etc/resolv.conf
# --- BEGIN PVE ---
search gtm.onat.gob.cu
nameserver 192.168.41.18
# --- END PVE ---
-----------
Checking file: /etc/krb5.conf
[libdefaults]
dns_lookup_realm = false
dns_lookup_kdc = true
default_realm = GTM.ONAT.GOB.CU
-----------
Checking file: /etc/nsswitch.conf
#
# /etc/nsswitch.conf
#
# An example Name Service Switch config file. This file should be
# sorted with the most-used services at the beginning.
#
# The entry '[NOTFOUND=return]' means that the search for an
# entry should stop if the search in the previous entry turned
# up nothing. Note that if the search failed due to some other reason
# (like no NIS server responding) then the search continues with the
# next entry.
#
# Valid entries include:
#
# nisplus Use NIS+ (NIS version 3)
# nis Use NIS (NIS version 2), also called YP
# dns Use DNS (Domain Name Service)
# files Use the local files in /etc
# db Use the pre-processed /var/db files
# compat Use /etc files plus *_compat pseudo-databases
# hesiod Use Hesiod (DNS) for user lookups
# sss Use sssd (System Security Services Daemon)
# [NOTFOUND=return] Stop searching if not found so far
#
# 'sssd' performs its own 'files'-based caching, so it should
# generally come before 'files'.
# To use 'db', install the nss_db package, and put the 'db' in front
# of 'files' for entries you want to be looked up first in the
# databases, like this:
#
# passwd: db files
# shadow: db files
# group: db files
passwd: sss files systemd
shadow: files sss
group: sss files systemd
hosts: files dns myhostname
bootparams: files
ethers: files
netmasks: files
networks: files
protocols: files
rpc: files
services: files sss
netgroup: sss
publickey: files
automount: files sss
aliases: files
-----------
Checking file: /etc/samba//smb.conf
# Global parameters
[global]
netbios name = GTMAD1
realm = GTM.ONAT.GOB.CU
server role = active directory domain controller
server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc, drepl, winbindd, ntp_signd, kcc, dnsupdate
workgroup = ATGTM00
idmap_ldb:use rfc2307 = yes
[sysvol]
path = /usr/local/samba/var/locks/sysvol
read only = No
[netlogon]
path = /usr/local/samba/var/locks/sysvol/gtm.onat.gob.cu/scripts
read only = No
-----------
Detected bind DLZ enabled..
Warning, detected bind is enabled in smb.conf, but no /etc/bind directory found
-----------
Installed packages:
-----------
[root at gtmad1 etc]# cat /etc/named.conf
# Global Configuration Options
options {
auth-nxdomain yes;
version "Parametro no soportado";
directory "/var/named";
notify no;
empty-zones-enable no;
dnssec-validation no;
dnssec-enable no;
dnssec-lookaside no;
listen-on-v6 { none; };
listen-on port 53 { 192.168.41.18; 127.0.0.1; };
# IP addresses and network ranges allowed to query the DNS server:
allow-query {
127.0.0.1;
192.168.41.0/24;
};
allow-query-cache {
127.0.0.1;
192.168.41.0/24;
};
# IP addresses and network ranges allowed to run recursive queries:
# (Zones not served by this DNS server)
allow-recursion {
127.0.0.1;
192.168.41.0/24;
};
# Forward queries that can not be answered from own zones
# to these DNS servers:
forwarders {
10.10.8.2;
};
# Disable zone transfers
allow-transfer {
none;
};
tkey-gssapi-keytab "/usr/local/samba/bind-dns/dns.keytab";
minimal-responses yes;
};
# Root Servers
# (Required for recursive DNS queries)
#zone "." {
# type hint;
# file "named.root";
#};
# localhost zone
zone "localhost" {
type master;
file "master/localhost.zone";
};
# 127.0.0. zone.
zone "0.0.127.in-addr.arpa" {
type master;
file "master/0.0.127.zone";
};
include "/usr/local/samba/bind-dns/named.conf";
--
Rommel Rodriguez Toirac
rommelrt at nauta.cu
More information about the samba
mailing list