Yes, the resolv.conf is as follows:
*search fritz.boxnameserver 172.27.1.4*
Doing a fresh install of samba with 4.15.9 works, and a fresh install on
4.16.5, following the same procedure, doesn't.
this is what I do:
*:~# sudo apt-get update && sudo apt-get upgrade*
*:~# *
*nano /etc/hosts*
*:~# *
*nano /etc/hostname #to change name of device*
*:~# *
*nano /etc/dhcpcd.conf*
*:~# **apt-get install samba krb5-config krb5-user winbind smbclient
samba-dsdb-modules samba-vfs-modules*
the hosts file:
*127.0.0.1 localhost#127.0.1.1 SMBDC1::1 localhost SMBDC1
ip6-localhost ip6-loopbackfe00::0 ip6-localnetff00::0
ip6-mcastprefixff02::1 ip6-allnodesff02::2 ip6-allrouters172.27.1.4
SMBDC1.example.com <http://SMBDC1.example.com> SMBDC1*
the dhcpdc.conf file:
*interface eth0static ip_address=172.27.1.4/24
<http://172.27.1.4/24>static
routers=172.27.0.1static domain_name_servers=172.27.1.4static
domain_search=example.com <http://example.com>*
then I do the following
*:~# reboot now*
*:~# rm /etc/samba/smb.conf*
*:~# rm /etc/krb5.conf:~# rm /var/run/samba/*.tdb:~# rm
/var/run/samba/*.ldb:~# rm /var/lib/samba/*.tdb**:~#*
*rm /var/lib/samba/*.ldb:~# rm /var/cache/samba/*.tdb:~# rm
/var/cache/samba/*.ldb:~# rm /var/lib/samba/private/*.tdb:~# rm
/var/lib/samba/private/*.ldb:~# samba-tool domain provision --use-rfc2307
--interactive*
and follow the guided setup, inputting the same data if 4.15.9 and 4.16.5.
Then I execute these commands
*:~# nano /etc/samba/smb.conf*
*:~# cp /var/lib/samba/private/krb5.conf /etc/krb5.conf:~# systemctl
disable --now smbd nmbd winbind systemd-resolved:~# systemctl unmask
samba-ad-dc.service:~# systemctl enable --now
samba-ad-dc.service:~# samba-tool domain level show:~# reboot now*
the smb.conf file:
*# Global parameters[global] dns forwarder = 172.27.1.2
netbios name = SMBDC1 realm = EXAMPLE.COM <http://EXAMPLE.COM>
server role = active directory domain controller workgroup = *
*EXAMPLE*
* idmap_ldb:use rfc2307 = yes host msdfs = yes[sysvol]
path = /var/lib/samba/sysvol*
* read only = No[netlogon] path
/var/lib/samba/sysvol/frankini.net/scripts <http://frankini.net/scripts>
read only = No*
the krb5.conf file:
*[libdefaults] default_realm = * *EXAMPLE*
*.COM dns_lookup_realm = false dns_lookup_kdc
true[realms]FRANKINI.NET <http://FRANKINI.NET> = { default_domain
example.net <http://example.net>}[domain_realm] SMBDC1 = **EXAMPLE*
*.COM*
when the PI reboots I set from my router the DNS server to be the same IP
as the Samba's and then do these tests:
*:~# host -t SRV _ldap._tcp.gander.bag:~# host -t SRV
_kerberos._udp.gander.bag:~# host -t A Pi4DC.gander.bag*
*:~# sudo kinit Administrator*
If none of these commands result in errors, then it's configured correctly
and fully working.
But perhaps you can spot something fishy in these configurations...
Il giorno sab 15 ott 2022 alle ore 20:11 Rowland Penny via samba <
samba at lists.samba.org> ha scritto:
>
>
> On 15/10/2022 18:57, Diego Franchini wrote:
> > On Samba Version 4.16.5-Debian (OS: Armbian 22.08.4 - Linux
> > 5.19.14-sunxi), I cannot make this command work:
> >
> > root at SMBDC1:~# kinit Administrator
> > kinit: Cannot contact any KDC for realm 'EXAMPLE.COM
> > <http://EXAMPLE.COM>' while getting initial credentials
> >
> > with Samba Version 4.15.9-Ubuntu it works perfectly using the same
> > setup... Should I change some config files to adapt them to the new
> > version perhaps?
> >
>
> I wouldn't think so, it works for me on Raspberry pi OS 64bit using
> 4.16.5 from backports:
>
> adminuser at rpidc1:~ $ sudo kinit Administrator
> Password for Administrator at SAMDOM.EXAMPLE.COM:
> adminuser at rpidc1:~ $ sudo klist
> Ticket cache: FILE:/tmp/krb5cc_0
> Default principal: Administrator at SAMDOM.EXAMPLE.COM
>
> Valid starting Expires Service principal
> 10/15/2022 19:00:01 10/16/2022 05:00:01
> krbtgt/SAMDOM.EXAMPLE.COM at SAMDOM.EXAMPLE.COM
> renew until 10/16/2022 18:59:43
>
> Is the first nameserver in /etc/resolv.conf the DC's ipaddress (and not
> 127.0.0.1) ?
>
> Rowland
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
>
This is to add some more information and fix some other... I get the OS for my Pi here: https://www.armbian.com/orange-pi-zero/#kernels-archive-all And I use the *Sid Server* version, as it's the only one that supports Samba 4.16.5 out of the box. and in my previous email, the last commands to check if everything is working, are actually these: *:~# host -t SRV _ldap._tcp.example.com <http://tcp.example.com>:~# host -t SRV _kerberos._udp.* *example.com <http://example.com>* *:~# host -t A SMBDC1.**example.com <http://example.com>* *:~# sudo kinit Administrator* Hope it's useful info Il giorno sab 15 ott 2022 alle ore 22:15 Diego Franchini < diego.tartol at gmail.com> ha scritto:> Yes, the resolv.conf is as follows: > > > *search fritz.boxnameserver 172.27.1.4* > > Doing a fresh install of samba with 4.15.9 works, and a fresh install on > 4.16.5, following the same procedure, doesn't. > > this is what I do: > > *:~# sudo apt-get update && sudo apt-get upgrade* > *:~# * > *nano /etc/hosts* > *:~# * > *nano /etc/hostname #to change name of device* > *:~# * > *nano /etc/dhcpcd.conf* > *:~# **apt-get install samba krb5-config krb5-user winbind smbclient > samba-dsdb-modules samba-vfs-modules* > > the hosts file: > > > > > > > > > *127.0.0.1 localhost#127.0.1.1 SMBDC1::1 localhost SMBDC1 > ip6-localhost ip6-loopbackfe00::0 ip6-localnetff00::0 > ip6-mcastprefixff02::1 ip6-allnodesff02::2 ip6-allrouters172.27.1.4 > SMBDC1.example.com <http://SMBDC1.example.com> SMBDC1* > > the dhcpdc.conf file: > > > > > > > *interface eth0static ip_address=172.27.1.4/24 > <http://172.27.1.4/24>static routers=172.27.0.1static > domain_name_servers=172.27.1.4static domain_search=example.com > <http://example.com>* > > then I do the following > > > *:~# reboot now* > > *:~# rm /etc/samba/smb.conf* > > > > > *:~# rm /etc/krb5.conf:~# rm /var/run/samba/*.tdb:~# rm > /var/run/samba/*.ldb:~# rm /var/lib/samba/*.tdb**:~#* > > > > > *rm /var/lib/samba/*.ldb:~# rm /var/cache/samba/*.tdb:~# rm > /var/cache/samba/*.ldb:~# rm /var/lib/samba/private/*.tdb:~# rm > /var/lib/samba/private/*.ldb:~# samba-tool domain provision --use-rfc2307 > --interactive* > > and follow the guided setup, inputting the same data if 4.15.9 and 4.16.5. > > Then I execute these commands > > *:~# nano /etc/samba/smb.conf* > > > > > > *:~# cp /var/lib/samba/private/krb5.conf /etc/krb5.conf:~# systemctl > disable --now smbd nmbd winbind systemd-resolved:~# systemctl unmask > samba-ad-dc.service:~# systemctl enable --now > samba-ad-dc.service:~# samba-tool domain level show:~# reboot now* > > the smb.conf file: > > > > > > > > *# Global parameters[global] dns forwarder = 172.27.1.2 > netbios name = SMBDC1 realm = EXAMPLE.COM <http://EXAMPLE.COM> > server role = active directory domain controller workgroup = * > *EXAMPLE* > > > > * idmap_ldb:use rfc2307 = yes host msdfs = yes[sysvol] > path = /var/lib/samba/sysvol* > > > > * read only = No[netlogon] path > /var/lib/samba/sysvol/frankini.net/scripts <http://frankini.net/scripts> > read only = No* > > the krb5.conf file: > > > *[libdefaults] default_realm = * *EXAMPLE* > > > > > > > > *.COM dns_lookup_realm = false dns_lookup_kdc > true[realms]FRANKINI.NET <http://FRANKINI.NET> = { default_domain > example.net <http://example.net>}[domain_realm] SMBDC1 = **EXAMPLE* > *.COM* > > when the PI reboots I set from my router the DNS server to be the same IP > as the Samba's and then do these tests: > > > > > *:~# host -t SRV _ldap._tcp.gander.bag:~# host -t SRV > _kerberos._udp.gander.bag:~# host -t A Pi4DC.gander.bag* > *:~# sudo kinit Administrator* > > If none of these commands result in errors, then it's configured correctly > and fully working. > > But perhaps you can spot something fishy in these configurations... > > Il giorno sab 15 ott 2022 alle ore 20:11 Rowland Penny via samba < > samba at lists.samba.org> ha scritto: > >> >> >> On 15/10/2022 18:57, Diego Franchini wrote: >> > On Samba Version 4.16.5-Debian (OS: Armbian 22.08.4 - Linux >> > 5.19.14-sunxi), I cannot make this command work: >> > >> > root at SMBDC1:~# kinit Administrator >> > kinit: Cannot contact any KDC for realm 'EXAMPLE.COM >> > <http://EXAMPLE.COM>' while getting initial credentials >> > >> > with Samba Version 4.15.9-Ubuntu it works perfectly using the same >> > setup... Should I change some config files to adapt them to the new >> > version perhaps? >> > >> >> I wouldn't think so, it works for me on Raspberry pi OS 64bit using >> 4.16.5 from backports: >> >> adminuser at rpidc1:~ $ sudo kinit Administrator >> Password for Administrator at SAMDOM.EXAMPLE.COM: >> adminuser at rpidc1:~ $ sudo klist >> Ticket cache: FILE:/tmp/krb5cc_0 >> Default principal: Administrator at SAMDOM.EXAMPLE.COM >> >> Valid starting Expires Service principal >> 10/15/2022 19:00:01 10/16/2022 05:00:01 >> krbtgt/SAMDOM.EXAMPLE.COM at SAMDOM.EXAMPLE.COM >> renew until 10/16/2022 18:59:43 >> >> Is the first nameserver in /etc/resolv.conf the DC's ipaddress (and not >> 127.0.0.1) ? >> >> Rowland >> >> -- >> To unsubscribe from this list go to the following URL and read the >> instructions: https://lists.samba.org/mailman/options/samba >> >
On 15/10/2022 21:15, Diego Franchini wrote:> Yes, the resolv.conf is as follows: > > /search fritz.box > nameserver 172.27.1.4/ > > Doing a fresh install of samba with 4.15.9 works, and a fresh install on > 4.16.5, following the same procedure, doesn't. > > this is what I do: > > /:~# sudo apt-get update && sudo apt-get upgrade/ > /:~# //nano /etc/hosts > / > /:~# //nano /etc/hostname? ? #to change name of device > / > /:~# //nano /etc/dhcpcd.conf > / > /:~# //apt-get install samba krb5-config krb5-user winbind smbclient > samba-dsdb-modules samba-vfs-modules/ > > the hosts file: > > /127.0.0.1 ? localhost > #127.0.1.1 ? SMBDC1 > ::1 ? ? ? ? localhost SMBDC1 ip6-localhost ip6-loopback > fe00::0 ? ? ip6-localnet > ff00::0 ? ? ip6-mcastprefix > ff02::1 ? ? ip6-allnodes > ff02::2 ? ? ip6-allrouters > 172.27.1.4 SMBDC1.example.com <http://SMBDC1.example.com> SMBDC1/ > > the dhcpdc.conf?file:That is one big difference between your orange pi and my raspberry pi, an AD DC has to have a fixed ipaddress, so I set up the /etc/network/interfaces file and then 'apt purge dhcpcd5 resolvconf' followed by a reboot. I seem to remember having problems with dhcpcd (on a Unix domain member) where it wouldn't retain an IP, so I just removed it and found that dhclient was also installed and worked out of the box. Rowland