[Samba] ?==?utf-8?q? [Solved]?==?utf-8?q? ?= Joining a samba ad dc domain from another samba installatio
François Legal
devel at thom.fr.eu.org
Wed May 4 09:52:17 UTC 2022
Le Mardi, Mai 03, 2022 22:36 CEST, Rowland Penny via samba <samba at lists.samba.org> a écrit:
> On Tue, 2022-05-03 at 22:00 +0200, François Legal wrote:
> > >
> > Here comes the output :
> > root@[new dc]:~# ./samba-collect-debug-info.sh
> > Please wait, collecting debug info.
> >
> > Password for Administrator@[my realm]:
> > grep: : No such file or directory
> > Load smb config files from /etc/samba/smb.conf
> > Error loading services.
> > The debug info about your system can be found in this file:
> > /tmp/samba-debug-info.txt
> > Please check this and if required, sanitise it.
> > Then copy & paste it into an email to the samba list
> > Do not attach it to the email, the Samba mailing list strips
> > attachments.
> > root at tls-srv-03:~# more /tmp/samba-debug-info.txt
> > Collected config --- 2022-05-03-18:05 -----------
> >
> > Hostname: [new dc]
> > DNS Domain: [my domain]
> > FQDN: [new dc].[my domain]
> > ipaddress: 192.168.1.210
> >
> > -----------
> >
> > Kerberos SRV _kerberos._tcp.[my domain] record verified ok, sample
> > output:
> > Server: 10.211.254.253
> > Address: 10.211.254.253#53
> >
> > _kerberos._tcp.[my domain] service = 0 100 88 [my current dc].[my
> > domain].
> > Samba is not being run as a DC or a Unix domain member.
> >
> > -----------
> > Checking file: /etc/os-release
> >
> > PRETTY_NAME="Debian GNU/Linux 11 (bullseye)"
> > NAME="Debian GNU/Linux"
> > VERSION_ID="11"
> > VERSION="11 (bullseye)"
> > VERSION_CODENAME=bullseye
> > ID=debian
> > HOME_URL="https://www.debian.org/"
> > SUPPORT_URL="https://www.debian.org/support"
> > BUG_REPORT_URL="https://bugs.debian.org/"
> >
> > -----------
> >
> >
> > This computer is running Debian 11.3 x86_64
> >
> > -----------
> > running command : ip a
> > 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN
> > group default qlen 1000
> > link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
> > inet 127.0.0.1/8 scope host lo
> > inet6 ::1/128 scope host
> > 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP
> > group default qlen 1000
> > link/ether 00:16:3e:bd:bb:3a brd ff:ff:ff:ff:ff:ff
> > inet 192.168.1.210/24 brd 192.168.1.255 scope global eth0
> > inet6 fe80::216:3eff:febd:bb3a/64 scope link
> >
> > -----------
> > Checking file: /etc/hosts
> >
> > 127.0.0.1 localhost
> > 192.168.1.210 [new dc].[my domain] [new dc]
> > 10.211.254.253 [current dc].[my domain] [current dc]
>
> Remove the 'current dc' line from /etc/hosts, it shouldn't be there.
>
> >
> > # The following lines are desirable for IPv6 capable hosts
> > ::1 ip6-localhost ip6-loopback
> > fe00::0 ip6-localnet
> > ff00::0 ip6-mcastprefix
> > ff02::1 ip6-allnodes
> > ff02::2 ip6-allrouters
> > ff02::3 ip6-allhosts
> >
> > -----------
> >
> > Checking file: /etc/resolv.conf
> >
> > nameserver 10.211.254.253
> > search [my domain]
> >
> > -----------
> >
> > Checking file: /etc/krb5.conf
> >
> > [libdefaults]
> > default_realm = [my realm]
> > dns_lookup_realm = false
> > dns_lookup_kdc = true
> >
> > [realms]
> > [my realm] = {
> > kdc = 10.211.254.253
> > }
> >
> > -----------
> >
> > Checking file: /etc/nsswitch.conf
> >
> > # /etc/nsswitch.conf
> > #
> > # Example configuration of GNU Name Service Switch functionality.
> > # If you have the `glibc-doc-reference' and `info' packages
> > installed, try:
> > # `info libc "Name Service Switch"' for information about this file.
> >
> > passwd: files
> > group: files
> > shadow: files
> > gshadow: files
> >
> > hosts: files dns
> > networks: files
> >
> > protocols: db files
> > services: db files
> > ethers: db files
> > rpc: db files
> >
> > netgroup: nis
> >
> > -----------
> >
> > Warning, does not exist
>
> The smb.conf wouldn't exist on a non joined DC, you would get an error
> during the join if it did.
>
> >
> > -----------
> >
> >
> > Installed packages:
> > ii krb5-
> > config 2.6+nmu1 all Conf
> > iguration files for Kerberos Version 5
> > ii krb5-user 1.18.3-
> > 6+deb11u1 amd64 basic programs to authenticate
> > using MIT Kerberos
> > ii libacl1:amd64 2.2.53-
> > 10 amd64 access control list - shared
> > library
> > ii libattr1:amd64 1:2.4.48-
> > 6 amd64 extended attribute handling - shared
> > library
> > ii libgssapi-krb5-2:amd64 1.18.3-
> > 6+deb11u1 amd64 MIT Kerberos runtime libraries -
> > krb5 GSS-API Mechanism
> > ii libkrb5-3:amd64 1.18.3-
> > 6+deb11u1 amd64 MIT Kerberos runtime libraries
> > ii libkrb5support0:amd64 1.18.3-
> > 6+deb11u1 amd64 MIT Kerberos runtime libraries -
> > Support library
> > ii libwbclient0:amd64 2:4.13.13+dfsg-
> > 1~deb11u3 amd64 Samba winbind client library
> > ii python3-samba 2:4.13.13+dfsg-
> > 1~deb11u3 amd64 Python 3 bindings for Samba
> > ii samba 2:4.13.13+dfsg-
> > 1~deb11u3 amd64 SMB/CIFS file, print, and login server for
> > Unix
> > ii samba-common 2:4.13.13+dfsg-
> > 1~deb11u3 all common files used by both the Samba server
> > and client
> > ii samba-common-bin 2:4.13.13+dfsg-
> > 1~deb11u3 amd64 Samba common files used by both the server
> > and the client
> > ii samba-libs:amd64 2:4.13.13+dfsg-
> > 1~deb11u3 amd64 Samba core libraries
>
> You appear to have a few packages missing:
>
> apt install acl attr python3-xattr samba-dsdb-modules samba-vfs-modules
> winbind xattr
>
> >
> >
> > I also tried to paste the [global] section of my current DC smb.conf
> > to my new DC smb.conf, changing the netbios name, but that did not
> > help.
>
> It wouldn't, do not do this.
> Install the missing packages, remove the smb.conf
> Check if the old DC still exists in AD, remove it if it does, with:
>
> samba-tool domain demote -H ldap://current dc --remove-other-dead-
> server='THE_OLD_DC'
>
> Then attempt to join the new DC again.
>
> Rowland
Adding the missing packages did the trick.
Thanks a lot
François
More information about the samba
mailing list