> Where did you get the Samba packages from ? Out of the box the OS Samba > packages cannot provision an AD domain. >My installation and configuration was a mix between https://samba.tranquil.it/doc/en/samba_config_server/redhat8/server_install_samba_centos.html#server-install-samba-centos and https://wiki.samba.org/index.php/Setting_up_Samba_as_an_Active_Directory_Domain_Controller. So the packages were obtained from this repo: https://samba.tranquil.it/redhat8/samba-4.15/, and I could make the provision process without problem.> > How did you provision the domain ? >More specifically: samba-tool domain provision --realm=ADTEST.XX.XX.UY --domain ADTEST --server-role=dc --use-rfc2307> Does the DC use itself as nameserver (and not 127.0.0.1) ? >At OS level?. No, it wasn't. But I change it now, reboot the DC, reboot the windows client, and the issue persists. What is in /etc/krb5.conf ?>[libdefaults] default_realm = ADTEST.XX.XX.UY dns_lookup_realm = false dns_lookup_kdc = true [realms] ADTEST.XX.XX.UY = { default_domain = adtest.xx.xx.uy } [domain_realm] smbtest = ADTEST.XX.XX.UY> What is in your smb.conf ? ># Global parameters [global] dns forwarder = 10.1.100.3 netbios name = SMBTEST realm = ADTEST.XX.XX.UY server role = active directory domain controller workgroup = ADTEST idmap_ldb:use rfc2307 = yes [sysvol] path = /var/lib/samba/sysvol read only = No [netlogon] path = /var/lib/samba/sysvol/adtest.xx.xx.uy/scripts read only = No
On Wed, 2021-11-24 at 13:24 -0300, tizo wrote:> > Where did you get the Samba packages from ? Out of the box the OS > > Samba > > packages cannot provision an AD domain. > > My installation and configuration was a mix between > https://samba.tranquil.it/doc/en/samba_config_server/redhat8/server_install_samba_centos.html#server-install-samba-centos > and > https://wiki.samba.org/index.php/Setting_up_Samba_as_an_Active_Directory_Domain_Controller > . So the packages were obtained from this repo: > https://samba.tranquil.it/redhat8/samba-4.15/, and I could make the > provision process without problem.As someone else has pointed out, Samba 4.15.0 was broken and is undoubtedly your problem. Unfortunately, Tranquil IT doesn't seem to have updated their Samba packages yet. Your options are probably limited to waiting for Tranquil IT updating Samba, compiling Samba yourself (not really recommended) or using a different OS. If you do the latter, you could use Debian or Ubuntu and Louis Van Belle's repo: https://apt.van-belle.nl/ Rowland
Hi Tizo, Le 24/11/2021 ? 17:24, tizo via samba a ?crit?:>> Where did you get the Samba packages from ? Out of the box the OS Samba >> packages cannot provision an AD domain. >> > > My installation and configuration was a mix between > https://samba.tranquil.it/doc/en/samba_config_server/redhat8/server_install_samba_centos.html#server-install-samba-centos > and > https://wiki.samba.org/index.php/Setting_up_Samba_as_an_Active_Directory_Domain_Controller. > So the packages were obtained from this repo: > https://samba.tranquil.it/redhat8/samba-4.15/, and I could make the > provision process without problem.Sorry for the inconvenience. Actually it is not recommended to use a .0 minor version in production unless you really know what you are doing. I have renamed the repo with a -testing suffix since it does not seem to be clear. And in the documentation we don't refer to that version actually. The version that we have mostly in production is 4.14.10. I think you can downgrade your server without having to reinstall. What specific feature of 4.15 are you looking for? Denis> > >> >> How did you provision the domain ? >> > > More specifically: > > samba-tool domain provision --realm=ADTEST.XX.XX.UY --domain ADTEST > --server-role=dc --use-rfc2307 > > >> Does the DC use itself as nameserver (and not 127.0.0.1) ? >> > > At OS level?. No, it wasn't. But I change it now, reboot the DC, reboot the > windows client, and the issue persists. > > What is in /etc/krb5.conf ? >> > > [libdefaults] > default_realm = ADTEST.XX.XX.UY > dns_lookup_realm = false > dns_lookup_kdc = true > > [realms] > ADTEST.XX.XX.UY = { > default_domain = adtest.xx.xx.uy > } > > [domain_realm] > smbtest = ADTEST.XX.XX.UY > > >> What is in your smb.conf ? >> > > # Global parameters > [global] > dns forwarder = 10.1.100.3 > netbios name = SMBTEST > realm = ADTEST.XX.XX.UY > server role = active directory domain controller > workgroup = ADTEST > idmap_ldb:use rfc2307 = yes > > [sysvol] > path = /var/lib/samba/sysvol > read only = No > > [netlogon] > path = /var/lib/samba/sysvol/adtest.xx.xx.uy/scripts > read only = No >