Viktor Trojanovic
2019-May-26  17:17 UTC
[Samba] Please help with Samba AD DC after restore from backup
I just did a restore of a backed up Samba DC and as feared, I'm running
into issues that have kept me for hours on this already.
Everything seems fine at first sight. The daemon (samba-ad-dc, 4.10, on
Ubuntu Bionic) starts properly and without error messages in any log, even
with increased level 3. Most of the typical testing and troubleshooting
commands give the correct output.
Specifically, all the host commands mentioned in the wiki work, so
(internal) DNS seems to work fine. kinit and klist work, too, so I guess
Kerberos is set up correctly. What doesn't seem to work fully, however, is
the file server.
I can run
smbclient -L DC1 -U%
just fine. But when I switch DC1 for localhost, I get an error message.
Connection to localhost failed (Error NT_STATUS_CONNECTION_REFUSED)
I'm not sure if it matters, but no matter if I choose localhost or DC1, it
also says "Unable to initialize messaging context". I couldn't
find a clear
reference as to what this means.
What I further noticed is that I cannot seem to access "DC1" from
other
stations. I can ping the address 192.168.1.1, but running "nslookup
DC1"
gives an error
** server can't find dc1: SERVFAIL
It seems to me as if most of the DC is working fine but one element is
screwed up. Hopefully someone can guide me in the right direction to solve
this.
/etc/samba/smb.conf
[global]
workgroup = SAMDOM
realm = SAMDOM.EXAMPLE.COM
netbios name = DC1
server role = active directory domain controller
dns forwarder = 8.8.8.8
idmap_ldb:use rfc2307 = yes
interfaces = eth0
bind interfaces only = Yes
tls enabled = no
        log level = 3
[netlogon]
path = /var/lib/samba/sysvol/samdom.example.com/scripts
read only = No
acl_xattr:ignore system acls = yes
[sysvol]
path = /var/lib/samba/sysvol
read only = No
acl_xattr:ignore system acls = yes
/etc/hosts
127.0.0.1 localhost
192.168.1.1 dc1.samdom.example.com dc1
/etc/hostname
DC1
/etc/resolv.conf
nameserver 192.168.1.1
search samdom.example.com
Viktor Trojanovic
2019-May-26  17:28 UTC
[Samba] Please help with Samba AD DC after restore from backup
Small update: I added "lo" to the interfaces in smb.conf, now smbclient works also on localhost. But both the other problems remain as described for now. On Sun, 26 May 2019 at 19:17, Viktor Trojanovic <viktor at troja.ch> wrote:> I just did a restore of a backed up Samba DC and as feared, I'm running > into issues that have kept me for hours on this already. > > Everything seems fine at first sight. The daemon (samba-ad-dc, 4.10, on > Ubuntu Bionic) starts properly and without error messages in any log, even > with increased level 3. Most of the typical testing and troubleshooting > commands give the correct output. > > Specifically, all the host commands mentioned in the wiki work, so > (internal) DNS seems to work fine. kinit and klist work, too, so I guess > Kerberos is set up correctly. What doesn't seem to work fully, however, is > the file server. > > I can run > > smbclient -L DC1 -U% > > just fine. But when I switch DC1 for localhost, I get an error message. > > Connection to localhost failed (Error NT_STATUS_CONNECTION_REFUSED) > > I'm not sure if it matters, but no matter if I choose localhost or DC1, it > also says "Unable to initialize messaging context". I couldn't find a clear > reference as to what this means. > > What I further noticed is that I cannot seem to access "DC1" from other > stations. I can ping the address 192.168.1.1, but running "nslookup DC1" > gives an error > > ** server can't find dc1: SERVFAIL > > It seems to me as if most of the DC is working fine but one element is > screwed up. Hopefully someone can guide me in the right direction to solve > this. > > /etc/samba/smb.conf > [global] > workgroup = SAMDOM > realm = SAMDOM.EXAMPLE.COM > netbios name = DC1 > server role = active directory domain controller > dns forwarder = 8.8.8.8 > idmap_ldb:use rfc2307 = yes > interfaces = eth0 > bind interfaces only = Yes > tls enabled = no > log level = 3 > > [netlogon] > path = /var/lib/samba/sysvol/samdom.example.com/scripts > read only = No > acl_xattr:ignore system acls = yes > > [sysvol] > path = /var/lib/samba/sysvol > read only = No > acl_xattr:ignore system acls = yes > > /etc/hosts > 127.0.0.1 localhost > 192.168.1.1 dc1.samdom.example.com dc1 > > /etc/hostname > DC1 > > /etc/resolv.conf > nameserver 192.168.1.1 > search samdom.example.com > > >
Rowland penny
2019-May-26  17:53 UTC
[Samba] Please help with Samba AD DC after restore from backup
On 26/05/2019 18:28, Viktor Trojanovic via samba wrote:> Small update: I added "lo" to the interfaces in smb.conf, now smbclient > works also on localhost. But both the other problems remain as described > for now. > > On Sun, 26 May 2019 at 19:17, Viktor Trojanovic <viktor at troja.ch> wrote: > >> I just did a restore of a backed up Samba DC and as feared, I'm running >> into issues that have kept me for hours on this already. >> >> Everything seems fine at first sight. The daemon (samba-ad-dc, 4.10, on >> Ubuntu Bionic) starts properly and without error messages in any log, even >> with increased level 3. Most of the typical testing and troubleshooting >> commands give the correct output. >> >> Specifically, all the host commands mentioned in the wiki work, so >> (internal) DNS seems to work fine. kinit and klist work, too, so I guess >> Kerberos is set up correctly. What doesn't seem to work fully, however, is >> the file server. >> >> I can run >> >> smbclient -L DC1 -U% >> >> just fine. But when I switch DC1 for localhost, I get an error message. >> >> Connection to localhost failed (Error NT_STATUS_CONNECTION_REFUSED) >> >> I'm not sure if it matters, but no matter if I choose localhost or DC1, it >> also says "Unable to initialize messaging context". I couldn't find a clear >> reference as to what this means. >> >> What I further noticed is that I cannot seem to access "DC1" from other >> stations. I can ping the address 192.168.1.1, but running "nslookup DC1" >> gives an error >> >> ** server can't find dc1: SERVFAIL >> >> It seems to me as if most of the DC is working fine but one element is >> screwed up. Hopefully someone can guide me in the right direction to solve >> this. >> >> /etc/samba/smb.conf >> [global] >> workgroup = SAMDOM >> realm = SAMDOM.EXAMPLE.COM >> netbios name = DC1 >> server role = active directory domain controller >> dns forwarder = 8.8.8.8 >> idmap_ldb:use rfc2307 = yes >> interfaces = eth0 >> bind interfaces only = Yes >> tls enabled = no >> log level = 3 >> >> [netlogon] >> path = /var/lib/samba/sysvol/samdom.example.com/scripts >> read only = No >> acl_xattr:ignore system acls = yes >> >> [sysvol] >> path = /var/lib/samba/sysvol >> read only = No >> acl_xattr:ignore system acls = yes >> >> /etc/hosts >> 127.0.0.1 localhost >> 192.168.1.1 dc1.samdom.example.com dc1 >> >> /etc/hostname >> DC1 >> >> /etc/resolv.conf >> nameserver 192.168.1.1 >> search samdom.example.com >> >> >>Everything looks okay, just a few thoughts/comments You get 'Unable to initialize messaging context' if you are not root when running smbclient. Is the time on the DC correct ? Why do you have 'tls enabled = no' ? I know you have restored Samba from a backup, but what about the OS, is everything exactly the same as before you needed to restore ? Have you checked if the dns server is actually running on port 53 and if something is, that it is the DC and not something else ? Rowland