[Samba] No Samba NT DOMAIN Name found exitting now...

Robert Wooden wdn2420systm at gmail.com
Tue Sep 29 13:18:51 UTC 2020 

Seems to relate to kerberos. I cannot "kinit administrator".
Returns "kinit cannot contact KDC for realm 'subdom.example.com' while
getting initial credentials."

"samba-info.sh" script returns 'NT_STATUS_CONNECTION_REFUSED' and that
'ERROR: invalid ip address for dc1.subdom.example.com'

(Sorry on my laptop. Difficult to copy & paste output info.)



On Tue, Sep 29, 2020 at 6:43 AM Robert Wooden <wdn2420systm at gmail.com>
wrote:

> Louis,
> Upgraded to 4.13 and running "samba-check-db-repl.sh" exits with: "No
> Samba NT DOMAIN Name found exitting now...:
>
> Complete output:
>
>> #!/bin/bash -v
>>
>> ##
>> ## Version      : 1.0.8
>> ## release d.d. : 24-03-2015
>> ## Author       : L. van Belle
>> ## E-mail       : louis at van-belle.nl
>> ## Copyright    : Free as free can be, copy it, change it if needed.
>> ## Sidenote     : if you change things, please inform me
>> ## ChangeLog    : first release d.d. 23-03-2015
>> ## 24-03-2015   : 1.0.2 few small changes, thanks Rowland for the
>> suggestions.
>> ## 22-04-2015   : 1.0.3 moved mailx part within check if an e-mail adres
>> is used.
>> ## 24-04-2015   : 1.0.4 added extra check, so if no is if found, you get
>> an error message and not a python error.
>> ## 21-11-2016   : 1.0.5 extra filter options. ( samba 4.5.x needs
>> adjusting )
>> ## ( removed the . in the hostname resolving for the DCS, this was no
>> error, but its more clear what people want to see )
>> ## 12-02-2018   : 1.0.6 fix the test for presence of "FAILURE" will be
>> true even if the actual result is "successful".
>> ## 13-02-2018   : 1.0.7 fix filter, variable was not used. optimized
>> code, remove ^M.
>> ## 30-01-2019   : 1.0.8 change filter defaults to whenChanged,dc,DC,cn,CN
>>
>> ## Samba database checker. ( samba 4.1-4.8 tested)
>> ## This script wil check for error in the samba databases with samba-tool
>> ## If needed adjust it to your os needs.
>>
>> ## !! Warning, samba 4.5.0 - 4.5.1 errors about cn CN ou OU differences.
>> ## This is a samba bug : https://bugzilla.samba.org/show_bug.cgi?id=12399
>> # you may need to adjust the filter options below. (SAMBA_LDAPCMD_FILTER)
>>
>> ## NOTICE !! This script does only work with samba DC's
>> ## A samba DC + Windows DC wont work and is not tested, if you get that
>> to work,
>> ## please share the code ;-)
>>
>> ## Howto use it:
>> ## Put it on any samba4 DC and run it.
>> ## if you put it in a cron job,
>> ## set the mail report adres and put in the password for Administrator
>> ## and set the relayhost.
>> ## Test it, by remove-ing the email adres at EMAIL_REPORT_ADRES
>> ## and you get a console output of the checks.
>> ## Thats it, enjoy..
>> ## All other settings are optional..
>>
>> ## Only tested with user "Administrator".. best is not to change this.
>> SAMBA_NT_ADMIN_USER="Administrator"
>> ## if empty the script wil ask for the pass..
>> ## for running this with cron this is a must !
>> SAMBA_NT_ADMIN_PASS="mypassword"
>>
>> ## perform 2 checkes by default for the database replication
>> ## keep both set to yes, thats the best.
>> SAMBA_CHECKDB_WITH_DRS="yes"
>> SAMBA_CHECKDB_WITH_LDAPCMD="yes"
>> ## Filter non-synced attributes
>> ## Change the filter to avoid mismatching, some items can be ignored.
>> ## Some examples. :
>> whenChanged,usnChanged,usnCreated,msDS-NcType,serverState
>> ## add them with "," seperated.
>> SAMBA_LDAPCMD_FILTER="whenChanged,dc,DC,cn,CN"
>>
>> # TODO, this one is not integrated yet!
>> ## Compare single AD partitions on Domain Controller DC1 and DC2:
>> ## You can compair also only one for more partitions in stead of the full
>> DB.
>> ## The options are : domain configuration schema dnsdomain dnsforest
>> ## Keep empty for full DB compair, or space separated partition options.
>> #SAMBA_LDAPCMD_PARTITIONS=""
>>
>>
>> ## The email adress to report to.
>> ## If you put an e-mail adres here the script wil also check for mail
>> tools.. etc
>> ## Email are only send when errors are found and no console output !
>> ## if you want console put, dont put any email address here..
>> EMAIL_REPORT_ADDRESS="myemailaddress"
>>
>>
>> ## Normaly only e-mail are send when errors are found, or set yes for
>> always email
>> EMAIL_REPORT_ALWAYS="no"
>>
>> ## I use postfix as relay host. ( set to run on localhost only)
>> ## Put here your mail relay host
>> ## hostname or hostname-fqdn or ip or ip:port are ok.
>> ## This is only used when NO sendmail program if found.
>> POSTFIX_RELAY_HOST=""
>>
>> ## postfix wil be automatily setup for your.
>> ## If you did already setup any mail server on the server or you are able
>> to mail
>> ## from this server with "mail" command, then this script does not
>> install postfix.
>>
>> ## cleanup the log in /tmp
>> ## can be handy if you want to review manualy.
>> SETREMOVELOG="no"
>>
>> ## So you reached the end for the configure..
>> ## Set this one to yes.. and your good to go.
>> ####CONFIGURED="no"
>> CONFIGURED="yes"
>>
>>
>> #######################################################################
>> ## DONT CHANGE BELOW Please, if you make changes, please share them.  #
>> #######################################################################
>>
>> ## hostname in single word, but you dont need to change this
>> SETHOSTNAME="$(hostname -s)"
>> ## domainname.tld, but if you installed correct, you dont need to change
>> this
>> SETDNSDOMAIN="$(hostname -d)"
>> ## hostname.domainname.tld, but if you installed correct, you dont need
>> to change this
>> SETFQDN="$(hostname -f)"
>>
>>
>> SETTPUT="$(which tput)"
>> if [ -z "${SETTPUT}" ]; then
>>     echo "program tput not found, installing it now.. please wait"
>>     apt-get update > /dev/null
>>     apt-get install -y --no-install-recommends ncurses-bin > /dev/null
>> fi
>>
>> RED="$(${SETTPUT} setaf 1)"
>> NORMAL="$(${SETTPUT} sgr0)"
>> GREEN="$(${SETTPUT} setaf 2)"
>> YELLOW="$(${SETTPUT} setaf 3)"
>> UNDERLINE="$(${SETTPUT} smul)"
>> WHITE="$(${SETTPUT} setaf 7)"
>> BOLD="$(${SETTPUT} bold)"
>>
>> message() {
>>   printf "%40s\n" "${WHITE}${BOLD}$*${NORMAL}"
>> }
>> good() {
>>   printf "%40s\n" "${GREEN}$*${NORMAL}"
>> }
>> error() {
>>   printf "%40s\n" "${RED}$*${NORMAL}"
>> }
>> warning() {
>>   printf "%40s\n" "${YELLOW}$*${NORMAL}"
>> }
>> warning_underline() {
>>   printf "%40s\n" "${YELLOW}${UNDERLINE}$*${NORMAL}"
>> }
>>
>> check_run_as_sudo_root() {
>>   if ! [[ $EUID -eq 0 ]]; then
>>     error "This script should be run using sudo or by root."
>>     exit 1
>>   fi
>> }
>> configured_script() {
>>     if [ "${CONFIGURED}" = "no" ]; then
>>         error "####################################################"
>>         error "You need to configure this script first to run it. "
>>         echo " "
>>         error "exiting script now... "
>>         exit 0
>>     fi
>> }
>>
>> configured_script
>> check_run_as_sudo_root
>>
>> if [ $SAMBA_CHECKDB_WITH_DRS = "no" ] && [ ${SAMBA_CHECKDB_WITH_LDAPCMD}
>> = "no" ] ; then
>>     error "When you set both SAMBA_CHECKBD... to NO.. then there is no
>> point of running this script"
>>     error "Please set at least 1 of these checks to yes"
>>     error "exiting script now... "
>>     exit 0
>> fi
>>
>> SET_SAMBATOOL="$(which samba-tool)"
>> if [ -z "$SET_SAMBATOOL" ]; then
>>     error "No samba-tool tool found, this script wil exit now.. this.. I
>> cant fix."
>>     exit 0
>> fi
>>
>> SET_TR="$(which tr)"
>> if [ -z "$SET_TR" ]; then
>>     warning "No tr tool found, running apt-get update and install
>> coreutils, please wait.."
>>     apt-get update > /dev/null
>>     apt-get install -y --no-install-recommends coreutils > /dev/null
>>     sleep 0.5
>>     SET_TR="$(which tr)"
>> fi
>>
>> ## get DC info
>> DCS="$(host -t SRV _kerberos._udp."${SETDNSDOMAIN}" | awk '{print $NF}'|
>> sed 's/.$//')"
>> if [ -z "${DCS}" ]; then
>>     error "No Samba DCS found, host -t SRV _kerberos.udp.${SETDNSDOMAIN}
>> returned nothing"
>>     error "exitting now..."
>>     exit 0
>> fi
>>
>> #SAMBA_DC_FSMO=(${SET_SAMBATOOL} fsmo show | cut -d',' -f2 | head -n1 |
>> cut -c4-100 | ${SET_TR} '[:upper:]' '[:lower:]')
>> SAMBA_DC_FSMO=$(echo $(${SET_SAMBATOOL} fsmo show | cut -d"," -f2 | head
>> -n1 | cut -c4-100) | ${SET_TR} '[:upper:]' '[:lower:]')
>> SAMBA_DC1="${SAMBA_DC_FSMO}.${SETDNSDOMAIN}"
>> if [ -z "${SAMBA_DC1}" ]; then
>>     error "No Samba DC Found with FSMO Roles, you might have dns problems"
>>     error "exitting now..."
>>     exit 0
>> fi
>>
>> #SAMBA_DCS="$(echo ${DCS} | grep -v ${SAMBA_DC_FSMO})"
>> SAMBA_DCS=$(echo "$DCS" | grep -v "${SAMBA_DC_FSMO}")
>> if [ -z "${SAMBA_DCS}" ]; then
>>     error "No Samba DC's Found with, you might have dns problems"
>>     error "exitting now..."
>>     echo $SAMBA_DCS
>>     exit 0
>> fi
>>
>> SAMBA_NT_DOMAINNAME="$($SET_SAMBATOOL domain info "${SAMBA_DC1}" | grep
>> Netbios | cut -d":" -f2 | cut -c2-100)"
>> ERROR: Invalid IP address 'dc1.subdom.example.com'!
>> if [ -z "${SAMBA_NT_DOMAINNAME}" ]; then
>>     error "No Samba NT DOMAIN Name found"
>>     error "exitting now..."
>>     exit 0
>> fi
>> No Samba NT DOMAIN Name found
>>               exitting now...
>>
>
> What to do?
>
>

More information about the samba mailing list