On 2023-03-29 23:28, Gary Dale via samba wrote:> On 2023-03-29 15:50, Rowland Penny via samba wrote:
>>
>>
>> On 29/03/2023 20:06, Gary Dale via samba wrote:
>>>>
>>> Following the advice of
>>>
https://wiki.samba.org/index.php/Distribution-specific_Package_Installation,
>>> below the installation report after I did a more thorough purging
of
>>> Samba-related stuff. I took the further advice and changed the
realm
>>> to HOME.RAHIM-DALE-ORG. The DC remains TheLibrarian.
>>>
>>> # apt install acl attr samba samba-dsdb-modules samba-vfs-modules
>>> winbind libpam-winbind libnss-win bind krb5-config krb5-user
dnsutils
>>
>> I have updated that list.
>>
>>>
>>> Creating config file /etc/samba/smb.conf with new version
>>
>> This is why you need to remove the smb.conf, the package install
>> creates one for a standalone server.
>>
>>>
>>>
>>> The reported errors seem to be due to further configuration being
>>> needed for a DC.
>>>
>>> Next I continued with the wiki at
>>>
https://wiki.samba.org/index.php/Setting_up_Samba_as_an_Active_Directory_Domain_Controller
>>
>> I have updated that wikipage slightly.
>>
>>>
>>> First I verified that /etc/resolv.conf was correct then I updated
>>> /etc/hosts to reflect the new realm name.
>>>
>>> Next I ran: samba-tool domain provision --use-rfc2307 --interactive
>>>
>>> This failed with an error:
>>>
>>> ERROR(<class 'samba.provision.ProvisioningError'>):
Provision failed
>>> - ProvisioningError: guess_names: 'realm =' was not
specified in
>>> supplied /etc/samba/smb.conf.? Please remove the smb.conf file and
>>> let provision generate it
>>
>> I moved the deletion on the wikipage, from where it was, it sounded
>> like you only had to remove the smb.conf if the provision had run
>> successfully.
>>
>>>
>>> So I removed the smb.conf and ran it again. This time I got:
>>>
>>> INFO 2023-03-29 15:01:07,831 pid:17352
>>> /usr/lib/python3/dist-packages/samba/provision/__init__.py #2122:
>>> Looking up IPv4 addresses
>>> INFO 2023-03-29 15:01:07,832 pid:17352
>>> /usr/lib/python3/dist-packages/samba/provision/__init__.py #2139:
>>> Looking up IPv6 addresses
>>> WARNING 2023-03-29 15:01:07,833 pid:17352
>>> /usr/lib/python3/dist-packages/samba/provision/__init__.py #2146:
No
>>> IPv6 address will be assigned
>>> Error: Unable to parse dn
>>> 'CN=Schema,CN=Configuration,DC=home,DC=rahim-dale,DC=org,'
>>
>> I know you updated /etc/hosts, but did the computer pick this up,
>> does it think it is in the home.rahim-dale.org dns domain ?
>
> The computer should query /etc/hosts each time. The actual problem was
> a typo in the file - I put a comma in when it only allows spaces to
> separate the names.
>
>
>>
>>> I'm not sure what is causing this error. The only samba log is
named
>>> log.%m and it has nothing from the time of running samba-tool
either
>>> time.
>>
>> There wouldn't be anything in the logs at this point, Samba
hasn't
>> started, though thinking about it, did you stop any running Samba
>> processes before the provision.
>>
>> I can assure this does work, to test it, I setup Debian 11 in a VM
>> and created a new domain, the only real difference is that I used
>> Samba from backports.
>>
>> I really suggest you use backports, even the Debian Samba maintainer
>> (Michael Tokarev) is telling you to use backports.
>
> Baokports are for people who need something that the stable version
> doesn't provide. That's not me. I run Debian/Stable on my servers
for
> a reason. I run Testing on my workstation because I want to help test
> things. And I run it my new laptop because it requires drivers that
> aren't available in Stable.
>
> Debian does update stable when a serious issue is found that can't be
> patched. However that is a vector for breakage - it wasn't that long
> ago that an update to ghostscript broke a lot programs in Stable that
> used it to produce PDFs. We had to choose between a security flaw or a
> lack of functionality.
>
> I'll wait until Bookworm becomes Stable to get the Samba upgrade.
>
>>
>> If it helps I can send you my notes.
>>
>> Rowland
>>
> BTW: After I fixed /etc/hosts, removed the /etc/samba/smb.conf and
> re-ran provisioning, I was able to start samba. I connected my VM to
> the new domain and I have almost everything working (for some reason
> I've lost the E: drive letter for network mapping).
>
> Thanks for your help! Greatly appreciated.
>
Actually, I was probably a little optimistic in assessment. My network
shares are problematic. I tried using
https://wiki.samba.org/index.php/Setting_up_a_Share_Using_Windows_ACLs
to get the shares working but that let me down a rabbithole
The basic problem is my Linux computers use NSF to connect to network
shares, If I set up the shares as described in the wiki, my Linux
computers lose access - there doesn't appear to be a mapping between,
for example, "Domain Users" and users. If I don't set up all the
file
ownerships to use "Domain Users", my Windows users can't use them
(except for the domain Administrator).
And even going into the security tab on files or folders properties
usually crashes the window - even when I'm logged in as the domain
Administrator.
My first attempt to fix this was to upgrade to the backports version of
Samba since you indicated it might be necessary for an up-to-date
Windows 10 machine. The upgrade had no impact - the problems remain the
same.
In the past this was resolvable by manually mapping the Windows groups
to the Linux ones - and this was working on my server until recently.
However I gather that some change to either Windows or Samba caused that
to stop working.
Any advice on how to proceed?
Thanks.