[Samba] ?= Joining a samba ad dc domain from another samba installatio
Rowland Penny
rpenny at samba.org
Tue May 3 20:36:24 UTC 2022
On Tue, 2022-05-03 at 22:00 +0200, François Legal wrote:
> >
> Here comes the output :
> root@[new dc]:~# ./samba-collect-debug-info.sh
> Please wait, collecting debug info.
>
> Password for Administrator@[my realm]:
> grep: : No such file or directory
> Load smb config files from /etc/samba/smb.conf
> Error loading services.
> The debug info about your system can be found in this file:
> /tmp/samba-debug-info.txt
> Please check this and if required, sanitise it.
> Then copy & paste it into an email to the samba list
> Do not attach it to the email, the Samba mailing list strips
> attachments.
> root at tls-srv-03:~# more /tmp/samba-debug-info.txt
> Collected config --- 2022-05-03-18:05 -----------
>
> Hostname: [new dc]
> DNS Domain: [my domain]
> FQDN: [new dc].[my domain]
> ipaddress: 192.168.1.210
>
> -----------
>
> Kerberos SRV _kerberos._tcp.[my domain] record verified ok, sample
> output:
> Server: 10.211.254.253
> Address: 10.211.254.253#53
>
> _kerberos._tcp.[my domain] service = 0 100 88 [my current dc].[my
> domain].
> Samba is not being run as a DC or a Unix domain member.
>
> -----------
> Checking file: /etc/os-release
>
> PRETTY_NAME="Debian GNU/Linux 11 (bullseye)"
> NAME="Debian GNU/Linux"
> VERSION_ID="11"
> VERSION="11 (bullseye)"
> VERSION_CODENAME=bullseye
> ID=debian
> HOME_URL="https://www.debian.org/"
> SUPPORT_URL="https://www.debian.org/support"
> BUG_REPORT_URL="https://bugs.debian.org/"
>
> -----------
>
>
> This computer is running Debian 11.3 x86_64
>
> -----------
> running command : ip a
> 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN
> group default qlen 1000
> link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
> inet 127.0.0.1/8 scope host lo
> inet6 ::1/128 scope host
> 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP
> group default qlen 1000
> link/ether 00:16:3e:bd:bb:3a brd ff:ff:ff:ff:ff:ff
> inet 192.168.1.210/24 brd 192.168.1.255 scope global eth0
> inet6 fe80::216:3eff:febd:bb3a/64 scope link
>
> -----------
> Checking file: /etc/hosts
>
> 127.0.0.1 localhost
> 192.168.1.210 [new dc].[my domain] [new dc]
> 10.211.254.253 [current dc].[my domain] [current dc]
Remove the 'current dc' line from /etc/hosts, it shouldn't be there.
>
> # The following lines are desirable for IPv6 capable hosts
> ::1 ip6-localhost ip6-loopback
> fe00::0 ip6-localnet
> ff00::0 ip6-mcastprefix
> ff02::1 ip6-allnodes
> ff02::2 ip6-allrouters
> ff02::3 ip6-allhosts
>
> -----------
>
> Checking file: /etc/resolv.conf
>
> nameserver 10.211.254.253
> search [my domain]
>
> -----------
>
> Checking file: /etc/krb5.conf
>
> [libdefaults]
> default_realm = [my realm]
> dns_lookup_realm = false
> dns_lookup_kdc = true
>
> [realms]
> [my realm] = {
> kdc = 10.211.254.253
> }
>
> -----------
>
> Checking file: /etc/nsswitch.conf
>
> # /etc/nsswitch.conf
> #
> # Example configuration of GNU Name Service Switch functionality.
> # If you have the `glibc-doc-reference' and `info' packages
> installed, try:
> # `info libc "Name Service Switch"' for information about this file.
>
> passwd: files
> group: files
> shadow: files
> gshadow: files
>
> hosts: files dns
> networks: files
>
> protocols: db files
> services: db files
> ethers: db files
> rpc: db files
>
> netgroup: nis
>
> -----------
>
> Warning, does not exist
The smb.conf wouldn't exist on a non joined DC, you would get an error
during the join if it did.
>
> -----------
>
>
> Installed packages:
> ii krb5-
> config 2.6+nmu1 all Conf
> iguration files for Kerberos Version 5
> ii krb5-user 1.18.3-
> 6+deb11u1 amd64 basic programs to authenticate
> using MIT Kerberos
> ii libacl1:amd64 2.2.53-
> 10 amd64 access control list - shared
> library
> ii libattr1:amd64 1:2.4.48-
> 6 amd64 extended attribute handling - shared
> library
> ii libgssapi-krb5-2:amd64 1.18.3-
> 6+deb11u1 amd64 MIT Kerberos runtime libraries -
> krb5 GSS-API Mechanism
> ii libkrb5-3:amd64 1.18.3-
> 6+deb11u1 amd64 MIT Kerberos runtime libraries
> ii libkrb5support0:amd64 1.18.3-
> 6+deb11u1 amd64 MIT Kerberos runtime libraries -
> Support library
> ii libwbclient0:amd64 2:4.13.13+dfsg-
> 1~deb11u3 amd64 Samba winbind client library
> ii python3-samba 2:4.13.13+dfsg-
> 1~deb11u3 amd64 Python 3 bindings for Samba
> ii samba 2:4.13.13+dfsg-
> 1~deb11u3 amd64 SMB/CIFS file, print, and login server for
> Unix
> ii samba-common 2:4.13.13+dfsg-
> 1~deb11u3 all common files used by both the Samba server
> and client
> ii samba-common-bin 2:4.13.13+dfsg-
> 1~deb11u3 amd64 Samba common files used by both the server
> and the client
> ii samba-libs:amd64 2:4.13.13+dfsg-
> 1~deb11u3 amd64 Samba core libraries
You appear to have a few packages missing:
apt install acl attr python3-xattr samba-dsdb-modules samba-vfs-modules
winbind xattr
>
>
> I also tried to paste the [global] section of my current DC smb.conf
> to my new DC smb.conf, changing the netbios name, but that did not
> help.
It wouldn't, do not do this.
Install the missing packages, remove the smb.conf
Check if the old DC still exists in AD, remove it if it does, with:
samba-tool domain demote -H ldap://current dc --remove-other-dead-
server='THE_OLD_DC'
Then attempt to join the new DC again.
Rowland
More information about the samba
mailing list