I'll resume this topic in this thread -- keep the noise down ...
> On 24/07/2023 07:52, Rowland Penny via samba wrote:
>
> > The correct version should have been:
> >
> > samba-tool domain join hprs.local DC -U Administrator
> >
> > The command should also have failed because you had a smb.conf file,
you
> > need to remove any existing smb.conf when joining a DC, the join would
> > then create a new one
> >
>
> Hi Mark, the only thing you did incorrectly was to not specify that you
> were joining as a DC. After reading the code, it seems that if you do
> not specify the type of join, MEMBER, DC or RODC, it defaults to MEMBER,
> which, in my opinion, it shouldn't, it should error out.
>
> Rowland
I removed the new computer from the domain and deleted the smb.conf file. I then
did:
samba-tool domain join hprs.local DC --option='idmap_ldb:use rfc2307 =
yes' -U Administrator
INFO 2023-07-24 09:29:41,946 pid:1261
/usr/lib64/python3.9/site-packages/samba/join.py #105: Finding a writeable DC
for domain 'hprs.local'
INFO 2023-07-24 09:29:41,983 pid:1261
/usr/lib64/python3.9/site-packages/samba/join.py #107: Found DC mail.hprs.local
Password for [WORKGROUP\Administrator]:
INFO 2023-07-24 09:29:48,623 pid:1261
/usr/lib64/python3.9/site-packages/samba/join.py #1527: workgroup is HPRS
INFO 2023-07-24 09:29:48,623 pid:1261
/usr/lib64/python3.9/site-packages/samba/join.py #1530: realm is hprs.local
Adding CN=DC1,OU=Domain Controllers,DC=hprs,DC=local
Adding
CN=DC1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=hprs,DC=local
Adding CN=NTDS
Settings,CN=DC1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=hprs,DC=local
Adding SPNs to CN=DC1,OU=Domain Controllers,DC=hprs,DC=local
Setting account password for DC1$
Enabling account
:
:
INFO 2023-07-24 09:30:05,249 pid:1261
/usr/lib64/python3.9/site-packages/samba/join.py #1544: Joined domain HPRS (SID
S-1-5-21-1052267278-1962196458-41193656
63) as a DC
plus I got a whole bunch more output not included here, but including messages
on
Setting up idmap db, kerberos, replication, schema objects, SAM database,
Note that I did not specify any --dns-backend. I hope that's OK as I
provisioned with --dns-backend=BIND9_FLATFILE on the original/current DC. I do
have LAN members not part of the domain that need to have DNS service, so I may
have to redo this later.
Under "Verifying the DNS Entries" I did change the 1st IP in
resolv.conf to be this new host's
IP, but that didn't work -- couldn't see any other host, so I reverted
back to
the original DC's IP. However, that's not working either, even after a
reboot. I
switched back to the new DC's IP and rebooted. Again, not working. So,
something
is wrong with the DNS setup.
$ host webserver
;; connection timed out; no servers could be reached
Note that I ran the following not realizing DNS wasn't working. That could
make
a difference.
Next I followed the instructions on syncing idmap.ldb. On my original server the
idmap.ldb in in /var/lib/samba/private, not /usr/local/samba/private; same with
this new DC, so I copied the idmap.ldb.bak from OLD:/var/lib/samba/private to
NEW:/var/lib/samba/idmap.ldb. Seem odd to just remove the .bak. The .bak file is
4% of the size of the idmap.ldb, so it appears some serious compressing is going
on. But whatever, that's what the wiki says!
Next I ran 'net cache flush' on the new DC; seemed to work (no error).
Next 'samba-tool ntacl sysvolreset', but I had a problem with that:
# samba-tool ntacl sysvolreset
set_nt_acl_conn: init_files_struct failed: NT_STATUS_OBJECT_NAME_NOT_FOUND
ERROR(runtime): uncaught exception - (3221225524, 'The object name is not
found.')
File "/usr/lib64/python3.9/site-packages/samba/netcmd/__init__.py",
line 186, in _run
return self.run(*args, **kwargs)
File "/usr/lib64/python3.9/site-packages/samba/netcmd/ntacl.py",
line 412, in run
provision.setsysvolacl(samdb, netlogon, sysvol,
File
"/usr/lib64/python3.9/site-packages/samba/provision/__init__.py", line
1754, in setsysvolacl
set_gpos_acl(sysvol, dnsdomain, domainsid, domaindn, samdb, lp, use_ntvfs,
passdb=s4_passdb)
File
"/usr/lib64/python3.9/site-packages/samba/provision/__init__.py", line
1630, in set_gpos_acl
setntacl(lp, root_policy_path, POLICIES_ACL, str(domainsid), session_info,
File "/usr/lib64/python3.9/site-packages/samba/ntacls.py", line 228,
in setntacl
smbd.set_nt_acl(
What did I do wrong? Note that samba is not yet running.
Also, you noted in your previous message:
> I feel that I should point out that, if you were to use Debian instead,
> you would find this all a lot easier and you would get a much more
> recent version of Samba, 4.17.8 at present, which would become 4.18.x
> when Bookworm backports is created (or so I am reliably informed).
In fact, way back in 2010 when I embarked on this venture, I did start with
Debian, but it wasn't going well; lots of extra packages to download,
configs
not working ... I switched to Slackware and it installed, provisioned and
worked right out of the box. So I've stuck with Slackware. Now, I have
several
other server (webserver, NAS, VM hosts ...) all running Slackware, so I'd
rather
not switch horses and add a new distro into the mix. Most of my problems on
this latest effort have been do to my misunderstandings or screw-ups, so I think
I can probably get this working with Slackware -- inch by inch.
Thanks --Mark