[Samba] Unable to join domain
Rob Campbell
robcampbell08105 at gmail.com
Thu Oct 7 04:29:25 UTC 2021
Installed a new Debian server and not able to 'kinit Administrator'.
# uname -a
Linux DSDC01 5.10.0-8-amd64 #1 SMP Debian 5.10.46-5 (2021-09-23) x86_64
GNU/Linux
# samba-tool domain provision --use-rfc2307 --interactive
Realm [TEST-SERVER.LAN]: DC01.TEST-SERVER.LAN
Domain [DC01]:
Server Role (dc, member, standalone) [dc]:
DNS backend (SAMBA_INTERNAL, BIND9_FLATFILE, BIND9_DLZ, NONE)
[SAMBA_INTERNAL]:
DNS forwarder IP address (write 'none' to disable forwarding) [10.0.0.12]:
8.8.8.8
Administrator password:
Retype password:
INFO 2021-10-07 00:08:31,157 pid:8408
/usr/lib/python3/dist-packages/samba/provision/__init__.py #2122: Looking
up IPv4 addresses
INFO 2021-10-07 00:08:31,158 pid:8408
/usr/lib/python3/dist-packages/samba/provision/__init__.py #2139: Looking
up IPv6 addresses
WARNING 2021-10-07 00:08:31,159 pid:8408
/usr/lib/python3/dist-packages/samba/provision/__init__.py #2146: No IPv6
address will be assigned
INFO 2021-10-07 00:08:31,651 pid:8408
/usr/lib/python3/dist-packages/samba/provision/__init__.py #2294: Setting
up secrets.ldb
INFO 2021-10-07 00:08:33,312 pid:8408
/usr/lib/python3/dist-packages/samba/provision/__init__.py #2299: Setting
up the registry
INFO 2021-10-07 00:08:34,051 pid:8408
/usr/lib/python3/dist-packages/samba/provision/__init__.py #2302: Setting
up the privileges database
INFO 2021-10-07 00:08:36,675 pid:8408
/usr/lib/python3/dist-packages/samba/provision/__init__.py #2305: Setting
up idmap db
INFO 2021-10-07 00:08:38,216 pid:8408
/usr/lib/python3/dist-packages/samba/provision/__init__.py #2312: Setting
up SAM db
INFO 2021-10-07 00:08:38,524 pid:8408
/usr/lib/python3/dist-packages/samba/provision/__init__.py #897: Setting up
sam.ldb partitions and settings
INFO 2021-10-07 00:08:38,525 pid:8408
/usr/lib/python3/dist-packages/samba/provision/__init__.py #909: Setting up
sam.ldb rootDSE
INFO 2021-10-07 00:08:38,825 pid:8408
/usr/lib/python3/dist-packages/samba/provision/__init__.py #1322:
Pre-loading the Samba 4 and AD schema
Unable to determine the DomainSID, can not enforce uniqueness constraint on
local domainSIDs
INFO 2021-10-07 00:08:39,391 pid:8408
/usr/lib/python3/dist-packages/samba/provision/__init__.py #1400: Adding
DomainDN: DC=dc01,DC=test-server,DC=lan
INFO 2021-10-07 00:08:39,741 pid:8408
/usr/lib/python3/dist-packages/samba/provision/__init__.py #1432: Adding
configuration container
INFO 2021-10-07 00:08:40,016 pid:8408
/usr/lib/python3/dist-packages/samba/provision/__init__.py #1447: Setting
up sam.ldb schema
INFO 2021-10-07 00:08:43,658 pid:8408
/usr/lib/python3/dist-packages/samba/provision/__init__.py #1465: Setting
up sam.ldb configuration data
INFO 2021-10-07 00:08:43,834 pid:8408
/usr/lib/python3/dist-packages/samba/provision/__init__.py #1506: Setting
up display specifiers
INFO 2021-10-07 00:08:46,236 pid:8408
/usr/lib/python3/dist-packages/samba/provision/__init__.py #1514: Modifying
display specifiers and extended rights
INFO 2021-10-07 00:08:46,279 pid:8408
/usr/lib/python3/dist-packages/samba/provision/__init__.py #1521: Adding
users container
INFO 2021-10-07 00:08:46,281 pid:8408
/usr/lib/python3/dist-packages/samba/provision/__init__.py #1527: Modifying
users container
INFO 2021-10-07 00:08:46,282 pid:8408
/usr/lib/python3/dist-packages/samba/provision/__init__.py #1530: Adding
computers container
INFO 2021-10-07 00:08:46,283 pid:8408
/usr/lib/python3/dist-packages/samba/provision/__init__.py #1536: Modifying
computers container
INFO 2021-10-07 00:08:46,284 pid:8408
/usr/lib/python3/dist-packages/samba/provision/__init__.py #1540: Setting
up sam.ldb data
INFO 2021-10-07 00:08:46,452 pid:8408
/usr/lib/python3/dist-packages/samba/provision/__init__.py #1570: Setting
up well known security principals
INFO 2021-10-07 00:08:46,513 pid:8408
/usr/lib/python3/dist-packages/samba/provision/__init__.py #1584: Setting
up sam.ldb users and groups
INFO 2021-10-07 00:08:46,653 pid:8408
/usr/lib/python3/dist-packages/samba/provision/__init__.py #1592: Setting
up self join
Repacking database from v1 to v2 format (first record
CN=Auxiliary-Class,CN=Schema,CN=Configuration,DC=dc01,DC=test-server,DC=lan)
Repack: re-packed 10000 records so far
Repacking database from v1 to v2 format (first record
CN=computer-Display,CN=408,CN=DisplaySpecifiers,CN=Configuration,DC=dc01,DC=test-server,DC=lan)
Repacking database from v1 to v2 format (first record
CN=RpcServices,CN=System,DC=dc01,DC=test-server,DC=lan)
INFO 2021-10-07 00:08:54,081 pid:8408
/usr/lib/python3/dist-packages/samba/provision/sambadns.py #1143: Adding
DNS accounts
INFO 2021-10-07 00:08:55,466 pid:8408
/usr/lib/python3/dist-packages/samba/provision/sambadns.py #1177: Creating
CN=MicrosoftDNS,CN=System,DC=dc01,DC=test-server,DC=lan
INFO 2021-10-07 00:08:55,501 pid:8408
/usr/lib/python3/dist-packages/samba/provision/sambadns.py #1190: Creating
DomainDnsZones and ForestDnsZones partitions
INFO 2021-10-07 00:08:56,398 pid:8408
/usr/lib/python3/dist-packages/samba/provision/sambadns.py #1195:
Populating DomainDnsZones and ForestDnsZones partitions
Repacking database from v1 to v2 format (first record DC=f.root-servers.net
,DC=RootDNSServers,CN=MicrosoftDNS,DC=DomainDnsZones,DC=dc01,DC=test-server,DC=lan)
Repacking database from v1 to v2 format (first record
DC=_ldap._tcp.Default-First-Site-Name._sites.dc,DC=_msdcs.dc01.test-server.lan,CN=MicrosoftDNS,DC=ForestDnsZones,DC=dc01,DC=test-server,DC=lan)
INFO 2021-10-07 00:09:00,648 pid:8408
/usr/lib/python3/dist-packages/samba/provision/__init__.py #2026: Setting
up sam.ldb rootDSE marking as synchronized
INFO 2021-10-07 00:09:00,956 pid:8408
/usr/lib/python3/dist-packages/samba/provision/__init__.py #2031: Fixing
provision GUIDs
INFO 2021-10-07 00:09:03,541 pid:8408
/usr/lib/python3/dist-packages/samba/provision/__init__.py #2364: A
Kerberos configuration suitable for Samba AD has been generated at
/var/lib/samba/private/krb5.conf
INFO 2021-10-07 00:09:03,541 pid:8408
/usr/lib/python3/dist-packages/samba/provision/__init__.py #2366: Merge the
contents of this file with your system krb5.conf or replace it with this
one. Do not create a symlink!
INFO 2021-10-07 00:09:04,107 pid:8408
/usr/lib/python3/dist-packages/samba/provision/__init__.py #2096: Setting
up fake yp server settings
INFO 2021-10-07 00:09:04,924 pid:8408
/usr/lib/python3/dist-packages/samba/provision/__init__.py #489: Once the
above files are installed, your Samba AD server will be ready to use
INFO 2021-10-07 00:09:04,924 pid:8408
/usr/lib/python3/dist-packages/samba/provision/__init__.py #494: Server
Role: active directory domain controller
INFO 2021-10-07 00:09:04,925 pid:8408
/usr/lib/python3/dist-packages/samba/provision/__init__.py #495: Hostname:
DSDC01
INFO 2021-10-07 00:09:04,925 pid:8408
/usr/lib/python3/dist-packages/samba/provision/__init__.py #496: NetBIOS
Domain: DC01
INFO 2021-10-07 00:09:04,926 pid:8408
/usr/lib/python3/dist-packages/samba/provision/__init__.py #497: DNS
Domain: dc01.test-server.lan
INFO 2021-10-07 00:09:04,926 pid:8408
/usr/lib/python3/dist-packages/samba/provision/__init__.py #498: DOMAIN
SID: S-1-5-21-4043830203-3024252423-4073420798
No issues following the guide until
# kinit Administrator
kinit: Client 'Administrator at TEST-SERVER.LAN' not found in Kerberos
database while getting initial credentials
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
In all things, Be Intentional.
On Tue, Oct 5, 2021 at 4:57 PM Rowland Penny via samba <
samba at lists.samba.org> wrote:
> On Tue, 2021-10-05 at 16:10 -0400, Rob Campbell wrote:
> > I added to the existing smb.conf that was created from running the
> > provisioning. So if that is not the proper file (minus the shares),
> > I don't know what is.
> Try reading this:
> https://wiki.samba.org/index.php/Setting_up_Samba_as_a_Domain_Member
>
> and this:
> https://wiki.samba.org/index.php/Idmap_config_rid
>
> > Here were my steps to prepare for this configuration:
> >
> > 1. systemctl stop named
> > 2. systemctl stop dnsmasq
>
> You can use named or dnsmasq on Unix domain member, provided named or
> dnsmasq forwards your AD domain requests to the DC. You cannot use
> both.
>
> > 3. systemctl stop smb
> > 4. systemctl stop samba
> > 5. rm -rf /etc/samba/smb.conf
> > 6. rm -rf /etc/krb5.conf
> > 7. for file in `locate *.tdb`;do rm -rf $file;done
> > 8. for file in `locate *.ldb`;do rm -rf $file;done
> > 9. netstat -tulpn (to see if any of the ports I'll be needing is
> > already in use. If so, I would stop the service or completely remove
> > it.)
> > 10. systemctl stop systemd-resolved
> >
> > Then I went through the wiki.
>
> It depends on how you want to run Samba, as a DC with a separate
> fileserver (Unix domain member) or as a DC/filserver.
>
> > I didn't add my shares to smb.conf until I was able to complete all
> > the steps in the wiki. After I was able to complete the steps
> > successfully, I added my shares, restarted samba and tested that I
> > was able to access the shares. I then set up rules to map the shares
> > on my workstations to see if that worked and it worked.
> >
> > To my knowledge, the only things I can't do is authenticate from
> > another host (kinit anyuser). There is probably more that isn't
> > right but I haven't tried anything else yet. I am able to see
> > everything from cockpit too and I've tried setting everything up from
> > there in the beginning and that was a major fail.
> >
> > If I can figure out how to install Ubuntu or some other distro on a
> > vm hosted on a headless server, I can try again. I think that
> > mention about Redhat/Fedora should be mentioned in the wiki. Is that
> > something that will be resolved in the near future?
>
> I wouldn't hold my breath waiting, it has been a problem for a long
> time and whilst work does get done, it is slow going.
>
> > Is there a workaround in the near future where some extra steps are
> > needed to make it work?
>
> It does work already, I am typing this on a Debian 10 Unix domain
> member running Samba 4.14.7
>
> Rowland
>
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
>
More information about the samba
mailing list