On Mon, 2020-11-09 at 09:44 +1030, O'Connor, Daniel via samba wrote:> > On 9 Nov 2020, at 09:24, O'Connor, Daniel <darius at dons.net.au> > > wrote: > > > > > On 8 Nov 2020, at 22:49, Rowland penny via samba < > > > samba at lists.samba.org> wrote: > > > > > > On 08/11/2020 11:52, O'Connor, Daniel wrote: > > > > > I know little about Freebsd jails, but if I understand them > > > > > correctly, they are very similar to using a chroot on Linux > > > > > and I wouldn't want to try and run a second DC in a chroot. > > > > Jails are pretty similar to chroot but more secure - like Linux > > > > containers. > > > > > > > Have you tried setting this up in a VM instead of a jail, if this > > > works, it points to something to do with the jail, if it doesn't, > > > then it points to a possible problem with Samba on Freebsd, or > > > Samba itself. The latter isn't really likely, everything works on > > > LInux, though this isn't much comfort to you. > > > > It's not particularly urgent so it could be an opportunity to debug > > it. > > I just realised I used Samba 4.13 in the jail but the host is running > 4.11. > > I installed 4.11 in the jail and samba-tool works > > I am surprised it doesn't work but perhaps 4.13 is broken in some > way.Feel free to do a 'git bisect' between the two releases to pin that down. That will be the fastest way to resolve this. Andrew Bartlett -- Andrew Bartlett https://samba.org/~abartlet/ Authentication Developer, Samba Team https://samba.org Samba Developer, Catalyst IT https://catalyst.net.nz/services/samba
> On 9 Nov 2020, at 09:59, Andrew Bartlett <abartlet at samba.org> wrote: > > On Mon, 2020-11-09 at 09:44 +1030, O'Connor, Daniel via samba wrote: >>> On 9 Nov 2020, at 09:24, O'Connor, Daniel <darius at dons.net.au> >>> wrote: >>> >>>> On 8 Nov 2020, at 22:49, Rowland penny via samba < >>>> samba at lists.samba.org> wrote: >>>> >>>> On 08/11/2020 11:52, O'Connor, Daniel wrote: >>>>>> I know little about Freebsd jails, but if I understand them >>>>>> correctly, they are very similar to using a chroot on Linux >>>>>> and I wouldn't want to try and run a second DC in a chroot. >>>>> Jails are pretty similar to chroot but more secure - like Linux >>>>> containers. >>>>> >>>> Have you tried setting this up in a VM instead of a jail, if this >>>> works, it points to something to do with the jail, if it doesn't, >>>> then it points to a possible problem with Samba on Freebsd, or >>>> Samba itself. The latter isn't really likely, everything works on >>>> LInux, though this isn't much comfort to you. >>> >>> It's not particularly urgent so it could be an opportunity to debug >>> it. >> >> I just realised I used Samba 4.13 in the jail but the host is running >> 4.11. >> >> I installed 4.11 in the jail and samba-tool works >> >> I am surprised it doesn't work but perhaps 4.13 is broken in some >> way. > > Feel free to do a 'git bisect' between the two releases to pin that > down. That will be the fastest way to resolve this.OK, are there any special considerations given I am joining it as a DC? I guess I have to demote first, although I suppose I can join as a normal member for test purposes. -- Daniel O'Connor "The nice thing about standards is that there are so many of them to choose from." -- Andrew Tanenbaum
On Mon, 2020-11-09 at 10:16 +1030, O'Connor, Daniel wrote:> > > OK, are there any special considerations given I am joining it as a > DC? > I guess I have to demote first, although I suppose I can join as a > normal member for test purposes.No need to demote after failures, but on the success arm rejoining the DC might fail when we recognise we are joined. This is an extra safety check. Also regardless it isn't awesome to be creating and deleting lots of DCs in production. You could potentially just test with ldbsearch -H ldap://mydc -k yes However, and that would be harmless. Andrew Bartlett -- Andrew Bartlett https://samba.org/~abartlet/ Authentication Developer, Samba Team https://samba.org Samba Developer, Catalyst IT https://catalyst.net.nz/services/samba