[Samba] No Samba NT DOMAIN Name found exitting now...
L.P.H. van Belle
belle at bazuin.nl
Tue Sep 29 14:21:11 UTC 2020
Hai,
As im very busy, a quick reply.
First try:
systemctl stop samba-ad-dc bind9
systemctl start bind9 samba-ad-dc
As far i quickly can tell, its a matter of "your resolving is not working."
Verify
/etc/hosts
/etc/resolv.conf
Is bind running?
Last, after this update, did you wait a few min, per server?
I just upgraded both my dc's way ahead of schedule .. ;-)
0 problems.
Only after checking. So before upgrade.
samba-tool domain info dc1
Forest : internal.domain.tld
Domain : internal.domain.tld
Netbios domain : ADDOM
DC name : dc1.internal.domain.tld
DC netbios name : DC1
Server site : Default-First-Site-Name
Client site : Default-First-Site-Name
root at dc1:~# samba-tool domain info dc1
ERROR: Invalid IP address dc1'!
root at dc1:~# samba-tool domain info dc1.rotterdam.bazuin.nl
ERROR: Invalid IP address 'dc1.rotterdam.bazuin.nl'!
root at dc1:~# samba-tool domain info dc1
ERROR: Invalid IP address 'rtd-dc1'!
root at dc1:~# samba-tool domain info
Usage: samba-tool domain info <ip_address> [options]
root at rtd-dc1:~# samba-tool domain info 192.168.0.1
ERROR: Invalid IP address '192.168.0.1'!
I say restore backkup, dont use 4.13 on AD-DC YET!
This is exactly why i dont upgrade my DC's with a .0 or .1 version..
Back to my work and reverting my own dc's..
Yeah, i did a quick test in my production...
But i can snapshot them and revert them very quickly..
So again, im adding :
Just my tip, test 4.13 good before you use it in production.
( as with every new big release)
None of the? xx.yy.0 versions are used in production environment.
This what i follow.
a .0 will go on a test server in production environment.
a .1 will go on auth only servers.
a .2 will go on auth and file share servers.
a .3 will go on AD-DC's
Greetz,
Louis
> -----Oorspronkelijk bericht-----
> Van: samba [mailto:samba-bounces at lists.samba.org] Namens
> Robert Wooden via samba
> Verzonden: dinsdag 29 september 2020 15:19
> Aan: SAMBA MailList
> Onderwerp: Re: [Samba] No Samba NT DOMAIN Name found exitting now...
>
> Seems to relate to kerberos. I cannot "kinit administrator".
> Returns "kinit cannot contact KDC for realm 'subdom.example.com' while
> getting initial credentials."
>
> "samba-info.sh" script returns 'NT_STATUS_CONNECTION_REFUSED' and that
> 'ERROR: invalid ip address for dc1.subdom.example.com'
>
> (Sorry on my laptop. Difficult to copy & paste output info.)
>
>
>
> On Tue, Sep 29, 2020 at 6:43 AM Robert Wooden <wdn2420systm at gmail.com>
> wrote:
>
> > Louis,
> > Upgraded to 4.13 and running "samba-check-db-repl.sh" exits
> with: "No
> > Samba NT DOMAIN Name found exitting now...:
> >
> > Complete output:
> >
> >> #!/bin/bash -v
> >>
> >> ##
> >> ## Version : 1.0.8
> >> ## release d.d. : 24-03-2015
> >> ## Author : L. van Belle
> >> ## E-mail : louis at van-belle.nl
> >> ## Copyright : Free as free can be, copy it, change it
> if needed.
> >> ## Sidenote : if you change things, please inform me
> >> ## ChangeLog : first release d.d. 23-03-2015
> >> ## 24-03-2015 : 1.0.2 few small changes, thanks Rowland for the
> >> suggestions.
> >> ## 22-04-2015 : 1.0.3 moved mailx part within check if
> an e-mail adres
> >> is used.
> >> ## 24-04-2015 : 1.0.4 added extra check, so if no is if
> found, you get
> >> an error message and not a python error.
> >> ## 21-11-2016 : 1.0.5 extra filter options. ( samba 4.5.x needs
> >> adjusting )
> >> ## ( removed the . in the hostname resolving for the DCS,
> this was no
> >> error, but its more clear what people want to see )
> >> ## 12-02-2018 : 1.0.6 fix the test for presence of
> "FAILURE" will be
> >> true even if the actual result is "successful".
> >> ## 13-02-2018 : 1.0.7 fix filter, variable was not used.
> optimized
> >> code, remove ^M.
> >> ## 30-01-2019 : 1.0.8 change filter defaults to
> whenChanged,dc,DC,cn,CN
> >>
> >> ## Samba database checker. ( samba 4.1-4.8 tested)
> >> ## This script wil check for error in the samba databases
> with samba-tool
> >> ## If needed adjust it to your os needs.
> >>
> >> ## !! Warning, samba 4.5.0 - 4.5.1 errors about cn CN ou
> OU differences.
> >> ## This is a samba bug :
> https://bugzilla.samba.org/show_bug.cgi?id=12399
> >> # you may need to adjust the filter options below.
> (SAMBA_LDAPCMD_FILTER)
> >>
> >> ## NOTICE !! This script does only work with samba DC's
> >> ## A samba DC + Windows DC wont work and is not tested, if
> you get that
> >> to work,
> >> ## please share the code ;-)
> >>
> >> ## Howto use it:
> >> ## Put it on any samba4 DC and run it.
> >> ## if you put it in a cron job,
> >> ## set the mail report adres and put in the password for
> Administrator
> >> ## and set the relayhost.
> >> ## Test it, by remove-ing the email adres at EMAIL_REPORT_ADRES
> >> ## and you get a console output of the checks.
> >> ## Thats it, enjoy..
> >> ## All other settings are optional..
> >>
> >> ## Only tested with user "Administrator".. best is not to
> change this.
> >> SAMBA_NT_ADMIN_USER="Administrator"
> >> ## if empty the script wil ask for the pass..
> >> ## for running this with cron this is a must !
> >> SAMBA_NT_ADMIN_PASS="mypassword"
> >>
> >> ## perform 2 checkes by default for the database replication
> >> ## keep both set to yes, thats the best.
> >> SAMBA_CHECKDB_WITH_DRS="yes"
> >> SAMBA_CHECKDB_WITH_LDAPCMD="yes"
> >> ## Filter non-synced attributes
> >> ## Change the filter to avoid mismatching, some items can
> be ignored.
> >> ## Some examples. :
> >> whenChanged,usnChanged,usnCreated,msDS-NcType,serverState
> >> ## add them with "," seperated.
> >> SAMBA_LDAPCMD_FILTER="whenChanged,dc,DC,cn,CN"
> >>
> >> # TODO, this one is not integrated yet!
> >> ## Compare single AD partitions on Domain Controller DC1 and DC2:
> >> ## You can compair also only one for more partitions in
> stead of the full
> >> DB.
> >> ## The options are : domain configuration schema dnsdomain
> dnsforest
> >> ## Keep empty for full DB compair, or space separated
> partition options.
> >> #SAMBA_LDAPCMD_PARTITIONS=""
> >>
> >>
> >> ## The email adress to report to.
> >> ## If you put an e-mail adres here the script wil also
> check for mail
> >> tools.. etc
> >> ## Email are only send when errors are found and no
> console output !
> >> ## if you want console put, dont put any email address here..
> >> EMAIL_REPORT_ADDRESS="myemailaddress"
> >>
> >>
> >> ## Normaly only e-mail are send when errors are found, or
> set yes for
> >> always email
> >> EMAIL_REPORT_ALWAYS="no"
> >>
> >> ## I use postfix as relay host. ( set to run on localhost only)
> >> ## Put here your mail relay host
> >> ## hostname or hostname-fqdn or ip or ip:port are ok.
> >> ## This is only used when NO sendmail program if found.
> >> POSTFIX_RELAY_HOST=""
> >>
> >> ## postfix wil be automatily setup for your.
> >> ## If you did already setup any mail server on the server
> or you are able
> >> to mail
> >> ## from this server with "mail" command, then this script does not
> >> install postfix.
> >>
> >> ## cleanup the log in /tmp
> >> ## can be handy if you want to review manualy.
> >> SETREMOVELOG="no"
> >>
> >> ## So you reached the end for the configure..
> >> ## Set this one to yes.. and your good to go.
> >> ####CONFIGURED="no"
> >> CONFIGURED="yes"
> >>
> >>
> >>
> ##############################################################
> #########
> >> ## DONT CHANGE BELOW Please, if you make changes, please
> share them. #
> >>
> ##############################################################
> #########
> >>
> >> ## hostname in single word, but you dont need to change this
> >> SETHOSTNAME="$(hostname -s)"
> >> ## domainname.tld, but if you installed correct, you dont
> need to change
> >> this
> >> SETDNSDOMAIN="$(hostname -d)"
> >> ## hostname.domainname.tld, but if you installed correct,
> you dont need
> >> to change this
> >> SETFQDN="$(hostname -f)"
> >>
> >>
> >> SETTPUT="$(which tput)"
> >> if [ -z "${SETTPUT}" ]; then
> >> echo "program tput not found, installing it now.. please wait"
> >> apt-get update > /dev/null
> >> apt-get install -y --no-install-recommends ncurses-bin
> > /dev/null
> >> fi
> >>
> >> RED="$(${SETTPUT} setaf 1)"
> >> NORMAL="$(${SETTPUT} sgr0)"
> >> GREEN="$(${SETTPUT} setaf 2)"
> >> YELLOW="$(${SETTPUT} setaf 3)"
> >> UNDERLINE="$(${SETTPUT} smul)"
> >> WHITE="$(${SETTPUT} setaf 7)"
> >> BOLD="$(${SETTPUT} bold)"
> >>
> >> message() {
> >> printf "%40s\n" "${WHITE}${BOLD}$*${NORMAL}"
> >> }
> >> good() {
> >> printf "%40s\n" "${GREEN}$*${NORMAL}"
> >> }
> >> error() {
> >> printf "%40s\n" "${RED}$*${NORMAL}"
> >> }
> >> warning() {
> >> printf "%40s\n" "${YELLOW}$*${NORMAL}"
> >> }
> >> warning_underline() {
> >> printf "%40s\n" "${YELLOW}${UNDERLINE}$*${NORMAL}"
> >> }
> >>
> >> check_run_as_sudo_root() {
> >> if ! [[ $EUID -eq 0 ]]; then
> >> error "This script should be run using sudo or by root."
> >> exit 1
> >> fi
> >> }
> >> configured_script() {
> >> if [ "${CONFIGURED}" = "no" ]; then
> >> error
> "####################################################"
> >> error "You need to configure this script first to run it. "
> >> echo " "
> >> error "exiting script now... "
> >> exit 0
> >> fi
> >> }
> >>
> >> configured_script
> >> check_run_as_sudo_root
> >>
> >> if [ $SAMBA_CHECKDB_WITH_DRS = "no" ] && [
> ${SAMBA_CHECKDB_WITH_LDAPCMD}
> >> = "no" ] ; then
> >> error "When you set both SAMBA_CHECKBD... to NO.. then
> there is no
> >> point of running this script"
> >> error "Please set at least 1 of these checks to yes"
> >> error "exiting script now... "
> >> exit 0
> >> fi
> >>
> >> SET_SAMBATOOL="$(which samba-tool)"
> >> if [ -z "$SET_SAMBATOOL" ]; then
> >> error "No samba-tool tool found, this script wil exit
> now.. this.. I
> >> cant fix."
> >> exit 0
> >> fi
> >>
> >> SET_TR="$(which tr)"
> >> if [ -z "$SET_TR" ]; then
> >> warning "No tr tool found, running apt-get update and install
> >> coreutils, please wait.."
> >> apt-get update > /dev/null
> >> apt-get install -y --no-install-recommends coreutils >
> /dev/null
> >> sleep 0.5
> >> SET_TR="$(which tr)"
> >> fi
> >>
> >> ## get DC info
> >> DCS="$(host -t SRV _kerberos._udp."${SETDNSDOMAIN}" | awk
> '{print $NF}'|
> >> sed 's/.$//')"
> >> if [ -z "${DCS}" ]; then
> >> error "No Samba DCS found, host -t SRV
> _kerberos.udp.${SETDNSDOMAIN}
> >> returned nothing"
> >> error "exitting now..."
> >> exit 0
> >> fi
> >>
> >> #SAMBA_DC_FSMO=(${SET_SAMBATOOL} fsmo show | cut -d',' -f2
> | head -n1 |
> >> cut -c4-100 | ${SET_TR} '[:upper:]' '[:lower:]')
> >> SAMBA_DC_FSMO=$(echo $(${SET_SAMBATOOL} fsmo show | cut
> -d"," -f2 | head
> >> -n1 | cut -c4-100) | ${SET_TR} '[:upper:]' '[:lower:]')
> >> SAMBA_DC1="${SAMBA_DC_FSMO}.${SETDNSDOMAIN}"
> >> if [ -z "${SAMBA_DC1}" ]; then
> >> error "No Samba DC Found with FSMO Roles, you might
> have dns problems"
> >> error "exitting now..."
> >> exit 0
> >> fi
> >>
> >> #SAMBA_DCS="$(echo ${DCS} | grep -v ${SAMBA_DC_FSMO})"
> >> SAMBA_DCS=$(echo "$DCS" | grep -v "${SAMBA_DC_FSMO}")
> >> if [ -z "${SAMBA_DCS}" ]; then
> >> error "No Samba DC's Found with, you might have dns problems"
> >> error "exitting now..."
> >> echo $SAMBA_DCS
> >> exit 0
> >> fi
> >>
> >> SAMBA_NT_DOMAINNAME="$($SET_SAMBATOOL domain info
> "${SAMBA_DC1}" | grep
> >> Netbios | cut -d":" -f2 | cut -c2-100)"
> >> ERROR: Invalid IP address 'dc1.subdom.example.com'!
> >> if [ -z "${SAMBA_NT_DOMAINNAME}" ]; then
> >> error "No Samba NT DOMAIN Name found"
> >> error "exitting now..."
> >> exit 0
> >> fi
> >> No Samba NT DOMAIN Name found
> >> exitting now...
> >>
> >
> > What to do?
> >
> >
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
>
>
More information about the samba
mailing list