On 2/28/21 12:31 PM, K. R. Foley via samba wrote:>
> On 2/28/21 11:12 AM, Rowland penny via samba wrote:
>> On 28/02/2021 17:01, K. R. Foley wrote
>>> One other thing that might be worth mentioning, I am not sure. I
>>> migrated an NT4 domain using the classicupgrade. This was a new
>>> server that I copied the data to from an existing server and then
>>> ran the classic upgrade.
>>
>>
>> I wonder if everything else is set up correctly, Bind9 for instance.
>> Can you download this script:
>>
>>
https://github.com/thctlo/samba4/blob/master/samba-collect-debug-info.sh
>>
>> Run it on the DC and then post the output in a reply to this,
>> sanitise it if you want, but do not attach it, this list strips
>> attachments.
>>
>> Rowland
>>
> As soon as it tried to test the _kerberos._tcp records it blew apart.
> I have run the configuration / migration multiple times playing around
> with different domains. Maybe I screwed something up or missed a step
> along the way. I am going to start from scratch again and I will
> report back after I am done. Thanks.
>
Okay. Turns out the problem with the script was that the
/etc/resolv.conf had been overwritten. After I resolved that, I was able
to run the script and capture the output below:
Collected config? --- 2021-02-28-12:54 -----------
Hostname: ss-prod
DNS Domain: local.richardshapiro.com
FQDN: ss-prod.local.richardshapiro.com
ipaddress: 10.50.20.87
-----------
Kerberos SRV _kerberos._tcp.local.richardshapiro.com record verified ok,
sample output:
Server:??? ??? 10.50.20.87
Address:??? 10.50.20.87#53
_kerberos._tcp.local.richardshapiro.com??? service = 0 100 88
ss-prod.local.richardshapiro.com.
Samba is running as an AD DC
-----------
?????? Checking file: /etc/os-release
NAME="CentOS Linux"
VERSION="7 (Core)"
ID="centos"
ID_LIKE="rhel fedora"
VERSION_ID="7"
PRETTY_NAME="CentOS Linux 7 (Core)"
ANSI_COLOR="0;31"
CPE_NAME="cpe:/o:centos:centos:7"
HOME_URL="https://www.centos.org/"
BUG_REPORT_URL="https://bugs.centos.org/"
CENTOS_MANTISBT_PROJECT="CentOS-7"
CENTOS_MANTISBT_PROJECT_VERSION="7"
REDHAT_SUPPORT_PRODUCT="centos"
REDHAT_SUPPORT_PRODUCT_VERSION="7"
-----------
This computer is running an unknown distribution x86_64
-----------
running command : ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN
group default qlen 1000
??? link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
??? inet 127.0.0.1/8 scope host lo
??? inet6 ::1/128 scope host
2: ens5: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 9001 qdisc mq state UP
group default qlen 1000
??? link/ether 12:ef:f5:d8:2b:d5 brd ff:ff:ff:ff:ff:ff
??? inet 10.50.20.87/24 brd 10.50.20.255 scope global dynamic ens5
?????? valid_lft 2623sec preferred_lft 2623sec
??? inet6 fe80::10ef:f5ff:fed8:2bd5/64 scope link
-----------
?????? Checking file: /etc/hosts
127.0.0.1?? localhost localhost.localdomain localhost4
localhost4.localdomain4
::1???????? localhost localhost.localdomain localhost6
localhost6.localdomain6
10.50.20.87 ss-prod.local.richardshapiro.com ss-prod
-----------
?????? Checking file: /etc/resolv.conf
; generated by /usr/sbin/dhclient-script
search local.richardshapiro.com
nameserver 10.50.20.87
-----------
?????? Checking file: /etc/krb5.conf
[libdefaults]
??? default_realm = LOCAL.RICHARDSHAPIRO.COM
??? dns_lookup_realm = false
??? dns_lookup_kdc = true
-----------
?????? Checking file: /etc/nsswitch.conf
#
# /etc/nsswitch.conf
#
# An example Name Service Switch config file. This file should be
# sorted with the most-used services at the beginning.
#
# The entry '[NOTFOUND=return]' means that the search for an
# entry should stop if the search in the previous entry turned
# up nothing. Note that if the search failed due to some other reason
# (like no NIS server responding) then the search continues with the
# next entry.
#
# Valid entries include:
#
#??? nisplus??? ??? ??? Use NIS+ (NIS version 3)
#??? nis??? ??? ??? Use NIS (NIS version 2), also called YP
#??? dns??? ??? ??? Use DNS (Domain Name Service)
#??? files??? ??? ??? Use the local files
#??? db??? ??? ??? Use the local database (.db) files
#??? compat??? ??? ??? Use NIS on compat mode
#??? hesiod??? ??? ??? Use Hesiod for user lookups
#??? [NOTFOUND=return]??? Stop searching if not found so far
#
# To use db, put the "db" in front of "files" for entries
you want to be
# looked up first in the databases
#
# Example:
#passwd:??? db files nisplus nis
#shadow:??? db files nisplus nis
#group:???? db files nisplus nis
passwd:???? files sss
shadow:???? files sss
group:????? files sss
#initgroups: files sss
#hosts:???? db files nisplus nis dns
hosts:????? files dns myhostname
# Example - obey only what nisplus tells us...
#services:?? nisplus [NOTFOUND=return] files
#networks:?? nisplus [NOTFOUND=return] files
#protocols:? nisplus [NOTFOUND=return] files
#rpc:??????? nisplus [NOTFOUND=return] files
#ethers:???? nisplus [NOTFOUND=return] files
#netmasks:?? nisplus [NOTFOUND=return] files
bootparams: nisplus [NOTFOUND=return] files
ethers:???? files
netmasks:?? files
networks:?? files
protocols:? files
rpc:??????? files
services:?? files sss
netgroup:?? nisplus sss
publickey:? nisplus
automount:? files nisplus sss
aliases:??? files nisplus
-----------
?????? Checking file: /usr/local/samba/etc/smb.conf
# Global parameters
[global]
??? netbios name = SS-PROD
??? realm = LOCAL.RICHARDSHAPIRO.COM
??? server role = active directory domain controller
??? server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc, drepl,
winbindd, ntp_signd, kcc, dnsupdate
??? workgroup = LOCAL
??? idmap_ldb:use rfc2307 = yes
??? #log level = 10
[sysvol]
??? path = /usr/local/samba/var/locks/sysvol
??? read only = No
[netlogon]
??? path =
/usr/local/samba/var/locks/sysvol/local.richardshapiro.com/scripts
??? read only = No
-----------
Detected bind DLZ enabled..
Warning, detected bind is enabled in smb.conf, but no /etc/bind
directory found
-----------
Installed packages:
-----------