Dania Ramirez Moya
2015-Mar-27 19:32 UTC
[Samba] samba_dnsupdate failed with RuntimeError: kinit for SMB4ECONOMIA$@ECONOMIA failed (Cannot contact any KDC for requested realm)
2015-03-27 14:00 GMT-04:00 <samba-request at lists.samba.org>:> Send samba mailing list submissions to > samba at lists.samba.org > > To subscribe or unsubscribe via the World Wide Web, visit > https://lists.samba.org/mailman/listinfo/samba > or, via email, send a message with subject or body 'help' to > samba-request at lists.samba.org > > You can reach the person managing the list at > samba-owner at lists.samba.org > > When replying, please edit your Subject line so it is more specific > than "Re: Contents of samba digest..." > > Today's Topics: > > 1. BAD_NETWORK_NAME (jd at ionica.lv) > 2. Samba 4 join AD by samba (Krutskikh Ivan) > 3. Re: Samba 4 join AD by samba (L.P.H. van Belle) > 4. Re: BAD_NETWORK_NAME (L.P.H. van Belle) > 5. winbindd: Failed to fetch our own, local AD domain join > password for winbindd's internal use (Tom) > 6. Re: winbindd: Failed to fetch our own, local AD domain join > password for winbindd's internal use (L.P.H. van Belle) > 7. Re: winbindd: Failed to fetch our own, local AD domain join > password for winbindd's internal use (Rowland Penny) > 8. Re: winbindd: Failed to fetch our own, local AD domain join > password for winbindd's internal use (L.P.H. van Belle) > 9. Win 2008srv to Samba4 DNS problems (Sam) > 10. Replication error after trying to sync sysvol > (Johannes Amorosa | Celluloid VFX) > 11. Re: Replication error after trying to sync sysvol > (Johannes Amorosa | Celluloid VFX) > 12. Re: Replication error after trying to sync sysvol > (Johannes Amorosa | Celluloid VFX) > 13. Re: Win 2008srv to Samba4 DNS problems (Rowland Penny) > 14. samba_dnsupdate failed with RuntimeError: kinit for > SMB4ECONOMIA$@ECONOMIA failed (Cannot contact any KDC for > requested realm) (Dania Ramirez Moya) > 15. Re: samba_dnsupdate failed with RuntimeError: kinit for > SMB4ECONOMIA$@ECONOMIA failed (Cannot contact any KDC for > requested realm) (Rowland Penny) > 16. Weird issue - STATUS_DISK_FULL (Ciaran Scolard) > 17. Re: Weird issue - STATUS_DISK_FULL (David Disseldorp) > 18. Re: Weird issue - STATUS_DISK_FULL (Ciaran Scolard) > 19. Re: Weird issue - STATUS_DISK_FULL (David Disseldorp) > > > ---------- Mensaje reenviado ---------- > From: jd at ionica.lv > To: samba at lists.samba.org > Cc: > Date: Thu, 26 Mar 2015 20:38:22 +0200 > Subject: [Samba] BAD_NETWORK_NAME > H! > > I am getting such messages in log.samba: > ../source4/nbt_server/dgram netlogon.c:198(nbtd_mailslot_netlogon_handler) > nbtd netlogon handler failed from 192.168.0.125:138 to DOMAIN<1c> - > NT_STATUS_BAD_NETWORK_NAME > > What means that <1c>? seems like special char... > > There are two domains sharing one network - one - NT-style named DOMAIN > and the second, AD, named DOMAIN2 > > (samba 4.2.0/slack64-14.1) > > Janis > > > > > ---------- Mensaje reenviado ---------- > From: Krutskikh Ivan <stein.hak at gmail.com> > To: samba at lists.samba.org > Cc: > Date: Fri, 27 Mar 2015 08:32:49 +0300 > Subject: [Samba] Samba 4 join AD by samba > Hi, > > I have a task which requires AD + windows roaming profiles + automatic > backups. > > I want to use samba 4 AD server (debian jessie) + samba 4 file server for > user's home profiles (opensuse 13.1) + zfs for storage backend. > > The reason why I need 2 servers (actually a server with hosted lxc > container) is because opensuse has kerberos mit by default ( > samba at lists.samba.org.) > > I've succesfully provisioned a samba dc on debian jessie container using > https://wiki.samba.org/index.php/Samba_AD_DC_HOWTO and samba binary samba > from repo After that I've added a bunch of win machines to it. Everything > is working except for dns resolving of hosts ( i can only ping my dc > server). > > After that I wanted to join my 2nd server to AD. I've used the manual from > https://wiki.samba.org/index.php/Setup_a_Samba_AD_Member_Server and got > everything working except for user map. Examples: > > linux-abx8:/etc/samba # wbinfo -g > allowed rodc password replication group > enterprise read-only domain controllers > denied rodc password replication group > read-only domain controllers > group policy creator owners > video administrators > ras and ias servers > domain controllers > enterprise admins > domain computers > cert publishers > dnsupdateproxy > domain admins > domain guests > schema admins > domain users > video users > dnsadmins > > linux-abx8:/etc/samba # wbinfo -u > bastion > administrator > krbtgt > guest > > > linux-abx8:/etc/samba # wbinfo -i administrator ( waits for a long time, > maybe fails on timeout =( ) > failed to call wbcGetpwnam: WBC_ERR_DOMAIN_NOT_FOUND > Could not get info for user administrator > > linux-abx8:/etc/samba # id administrator > id: administrator:no such user > > > This is very disappointing. What can I do about it? > > Some details about the installation: > > smb.conf from ad dc server: > > root at DC01:/etc/samba# cat ./smb.conf > # Global parameters > [global] > workgroup = OFFICE > realm = OFFICE.MTT > netbios name = DC > server role = active directory domain controller > dns forwarder = 192.168.0.107 > idmap_ldb:use rfc2307 = yes > log level = 2 > > [netlogon] > path = /var/lib/samba/sysvol/mtt/scripts > read only = No > > [sysvol] > path = /var/lib/samba/sysvol > read only = No > > [profiles] # <---- ADD here > path = /var/lib/samba/sysvol/office.mtt/profiles > read only = no > > [New_Profile] > root preexec = mkdir -p /srv/samba/Profiles/%U > path = /srv/samba/Profiles/%U > read only = no > store dos attributes = Yes > create mask = 0600 > directory mask = 0700 > profile acls = yes > csc policy = disable > > > smb.conf from 2nd server with opensuse and zfs: > > > linux-abx8:/etc/samba # cat ./smb.conf > [global] > > netbios name = Melchior > workgroup = OFFICE > security = ADS > realm = OFFICE.MTT > dedicated keytab file = /etc/krb5.keytab > kerberos method = secrets and keytab > # password server = 192.168.0.50 > log level = 2 > idmap config *:backend = tdb > idmap config *:range = 2000-9999 > # idmap config * : base_rid = 0 > idmap config OFFICE:backend = ad > idmap config OFFICE:schema_mode = rfc2307 > idmap config OFFICE:range = 10000-99999 > > winbind nss info = rfc2307 > winbind trusted domains only = no > winbind use default domain = yes > winbind enum users = yes > winbind enum groups = yes > winbind refresh tickets = Yes > winbind normalize names = Yes > > [archive] > path = /archive/video > read only = no > writable = yes > force user = root > > I'll try to provide any other information if needed. Thanks in advance! > > > > ---------- Mensaje reenviado ---------- > From: "L.P.H. van Belle" <belle at bazuin.nl> > To: "samba at lists.samba.org" <samba at lists.samba.org> > Cc: > Date: Fri, 27 Mar 2015 08:45:14 +0100 > Subject: Re: [Samba] Samba 4 join AD by samba > Hai Ivan, > > sofare what i see is correct. > > for you profiles .. both these : > >[profiles] # <---- ADD here > > path = /var/lib/samba/sysvol/office.mtt/profiles > > read only = no > > > >[New_Profile] > > root preexec = mkdir -p /srv/samba/Profiles/%U > > path = /srv/samba/Profiles/%U > > read only = no > > store dos attributes = Yes > > create mask = 0600 > > directory mask = 0700 > > profile acls = yes > > csc policy = disable > > are not good. > > the second is better, > but i suggest this : > > > ## the profiles share is hidden > [profiles] > path = /srv/samba/Profiles/%U > browseable = Yes > read only = No > acl_xattr:ignore system acl = yes ## windows only rights, > better support for profiles.. > > and optional. if acl_xattr not is used.. > chmod the srv/samba/Profiles 1777 BEFORE setting the rights on the share. > > > setup the rights as the wiki says, and then you can hide the profiles > share, by setting browsable = No > when you read: https://wiki.samba.org/index.php/Samba_%26_Windows_Profiles > choose or AD ACL style, OR NT POSTIX stile.. not both.. > > On the DC.. > the "no id administrator" > set /etc/nsswitch.conf > passwd: compat winbind > group: compat winbind > > and on the AD DC's then you wil see something like. > uid=0(root) gid=10000(OFFICE\Domain Users) > groups=0(root),10000(OFFICE\Domain Users),3000009(OFFICE\Group Policy > Creator Owners),3000007(OFFICE\Enterprise Admins),3000008(OFFICE\Domain > Admins),3000017(OFFICE\Schema Admins) > read here : https://wiki.samba.org/index.php/Using_RFC2307_on_a_Samba_DC > > > but on the MEMBER SERVER, id adminstrator, wont give results back. > for that. > 1) or dont use administrator, and map user root to adminstrator and set > the SE Provileges. > 2) or set the backend to RID > this wil give automaticly the id's. this works fine if you > - only use the DC as DC ( and dns/time server ) > ( profiles share wil work ok also, but better to put this on the > member server ) > - only have 1 member server. > - you dont copy files from DC to member server. > > why, the ID's on DC wil be different then on the member server. > About this is lots to find in the samba list. > > > For the DNS. > i guest this ip: 192.168.0.107 is a router or something > if not, than what is it.. > > for the DC, set resolv.conf like > search yourdomain.tld. > nameserver IP_OF_AD_DC_SERVER ( or 127.0.0.1 ) > optional > nameserver dns_of_provider. > make user your server is first in resolv.conf > 2 DC's > the set it like this. > DC1. > search yourdomain.tld. > nameserver IP_OF_AD_DC2_SERVER ( or 127.0.0.1 ) > nameserver IP_OF_AD_DC1_SERVER ( or 127.0.0.1 ) > > DC2. > search yourdomain.tld. > nameserver IP_OF_AD_DC1_SERVER ( or 127.0.0.1 ) > nameserver IP_OF_AD_DC2_SERVER ( or 127.0.0.1 ) > > Point the member server to the DC's > Point the PC's tot the DC's > > AND. for you pcs > you can set the search domain of needed, if you use pc's with static ip.s > test: > ping pc_name > and pc_name.domain.tld > > if only the last resolves then your : domain/search is nog correct setup. > > If you have more questions, > mail the list again.. > > Greetz, > > Louis > > > > > >-----Oorspronkelijk bericht----- > >Van: stein.hak at gmail.com > >[mailto:samba-bounces at lists.samba.org] Namens Krutskikh Ivan > >Verzonden: vrijdag 27 maart 2015 6:33 > >Aan: samba at lists.samba.org > >Onderwerp: [Samba] Samba 4 join AD by samba > > > >Hi, > > > >I have a task which requires AD + windows roaming profiles + automatic > >backups. > > > >I want to use samba 4 AD server (debian jessie) + samba 4 file > >server for > >user's home profiles (opensuse 13.1) + zfs for storage backend. > > > >The reason why I need 2 servers (actually a server with hosted lxc > >container) is because opensuse has kerberos mit by default ( > >samba at lists.samba.org.) > > > >I've succesfully provisioned a samba dc on debian jessie > >container using > >https://wiki.samba.org/index.php/Samba_AD_DC_HOWTO and samba > >binary samba > >from repo After that I've added a bunch of win machines to it. > >Everything > >is working except for dns resolving of hosts ( i can only ping my dc > >server). > > > >After that I wanted to join my 2nd server to AD. I've used the > >manual from > >https://wiki.samba.org/index.php/Setup_a_Samba_AD_Member_Server and got > >everything working except for user map. Examples: > > > >linux-abx8:/etc/samba # wbinfo -g > >allowed rodc password replication group > >enterprise read-only domain controllers > >denied rodc password replication group > >read-only domain controllers > >group policy creator owners > >video administrators > >ras and ias servers > >domain controllers > >enterprise admins > >domain computers > >cert publishers > >dnsupdateproxy > >domain admins > >domain guests > >schema admins > >domain users > >video users > >dnsadmins > > > >linux-abx8:/etc/samba # wbinfo -u > >bastion > >administrator > >krbtgt > >guest > > > > > >linux-abx8:/etc/samba # wbinfo -i administrator ( waits for a > >long time, > >maybe fails on timeout =( ) > >failed to call wbcGetpwnam: WBC_ERR_DOMAIN_NOT_FOUND > >Could not get info for user administrator > > > >linux-abx8:/etc/samba # id administrator > >id: administrator:no such user > > > > > >This is very disappointing. What can I do about it? > > > >Some details about the installation: > > > >smb.conf from ad dc server: > > > >root at DC01:/etc/samba# cat ./smb.conf > ># Global parameters > >[global] > > workgroup = OFFICE > > realm = OFFICE.MTT > > netbios name = DC > > server role = active directory domain controller > > dns forwarder = 192.168.0.107 > > idmap_ldb:use rfc2307 = yes > > log level = 2 > > > >[netlogon] > > path = /var/lib/samba/sysvol/mtt/scripts > > read only = No > > > >[sysvol] > > path = /var/lib/samba/sysvol > > read only = No > > > >[profiles] # <---- ADD here > > path = /var/lib/samba/sysvol/office.mtt/profiles > > read only = no > > > >[New_Profile] > > root preexec = mkdir -p /srv/samba/Profiles/%U > > path = /srv/samba/Profiles/%U > > read only = no > > store dos attributes = Yes > > create mask = 0600 > > directory mask = 0700 > > profile acls = yes > > csc policy = disable > > > > > >smb.conf from 2nd server with opensuse and zfs: > > > > > >linux-abx8:/etc/samba # cat ./smb.conf > >[global] > > > > netbios name = Melchior > > workgroup = OFFICE > > security = ADS > > realm = OFFICE.MTT > > dedicated keytab file = /etc/krb5.keytab > > kerberos method = secrets and keytab > ># password server = 192.168.0.50 > > log level = 2 > > idmap config *:backend = tdb > > idmap config *:range = 2000-9999 > ># idmap config * : base_rid = 0 > > idmap config OFFICE:backend = ad > > idmap config OFFICE:schema_mode = rfc2307 > > idmap config OFFICE:range = 10000-99999 > > > > winbind nss info = rfc2307 > > winbind trusted domains only = no > > winbind use default domain = yes > > winbind enum users = yes > > winbind enum groups = yes > > winbind refresh tickets = Yes > > winbind normalize names = Yes > > > >[archive] > > path = /archive/video > > read only = no > > writable = yes > > force user = root > > > >I'll try to provide any other information if needed. Thanks in advance! > >-- > >To unsubscribe from this list go to the following URL and read the > >instructions: https://lists.samba.org/mailman/options/samba > > > > > > > > > ---------- Mensaje reenviado ---------- > From: "L.P.H. van Belle" <belle at bazuin.nl> > To: "samba at lists.samba.org" <samba at lists.samba.org> > Cc: > Date: Fri, 27 Mar 2015 08:49:13 +0100 > Subject: Re: [Samba] BAD_NETWORK_NAME > Hai Janis, > > This is save to ignore, provided that the IP address and the > name (DOMAIN) are referencing an old, previous or same-subnet domain. > This is just a warning about a recieved netbios name that is being ignored > cause it's not part of our AD. > > > Louis > > > >-----Oorspronkelijk bericht----- > >Van: jd at ionica.lv [mailto:samba-bounces at lists.samba.org] > >Namens jd at ionica.lv > >Verzonden: donderdag 26 maart 2015 19:38 > >Aan: samba at lists.samba.org > >Onderwerp: [Samba] BAD_NETWORK_NAME > > > >H! > > > >I am getting such messages in log.samba: > >../source4/nbt_server/dgram > >netlogon.c:198(nbtd_mailslot_netlogon_handler) > > nbtd netlogon handler failed from 192.168.0.125:138 to > >DOMAIN<1c> - > >NT_STATUS_BAD_NETWORK_NAME > > > >What means that <1c>? seems like special char... > > > >There are two domains sharing one network - one - NT-style named > >DOMAIN and the second, AD, named DOMAIN2 > > > >(samba 4.2.0/slack64-14.1) > > > >Janis > > > >-- > >To unsubscribe from this list go to the following URL and read the > >instructions: https://lists.samba.org/mailman/options/samba > > > > > > > > > ---------- Mensaje reenviado ---------- > From: Tom <tsml412101 at gmail.com> > To: samba-technical at lists.samba.org, samba at lists.samba.org > Cc: > Date: Thu, 26 Mar 2015 15:18:03 -0400 > Subject: [Samba] winbindd: Failed to fetch our own, local AD domain join > password for winbindd's internal use > Hello, > > I apologize in advance for cross-posting (and posting for help) to > samba-technical, but I've been seeking help on the samba list and bugzilla > since last week and have had no replies. Using Google, I've found this > issue referenced only once on the mailing list and once in a bugzilla bug > (10991). Unfortunately, I've found no resolutions. > > The problem appears to be specific to Samba 4.2, where domains were > provisioned using classicupgrade. In my case, the classicupgrade provision > was performed just a few weeks after 4.0.0 was released, going from version > 3.6.x > 4.0.0. I have since kept my install fairly up to date throughout > the 4.0 and 4.1 cycles. I am currently trying to upgrade from 4.1.16 to > 4.2.0. After this latest upgrade, S4 fails to start, with the above > mentioned error being logged to log.winbindd. I have found that adding > "server services = -winbindd +winbind" allows 4.2.0 to start correctly. > That said, I decided to revert to the 4.1.16 backup that I took immediately > before the upgrade. I did this just to be safe, as it appears to be > something specific to my AD directory, possibly related to the > classicupgrade. I say this because I do not have the issue with my test > domain, which was newly provisioned from 4.0.0. > > I have moved a copy of my live 4.1.16 instance to a VM environment for > testing, and have duplicated the problem in testing. My goal was to upgrade > to 4.2.0 and setup a secondary DC here on-site before standing up 3 more > DCs at branch offices. I am wary of moving forward with this deployment > knowing this problem exists, or without at least better understanding what > is happening. The concern that something wrong with my AD directory > (stemming from the classicupgrade) is what really worries me and I > certainly don't want to start replicating "bad" data to remote sites. > > If anyone has the time and can help me figure out this issue, it would be > much appreciated. I have included links to the bugzilla entry and the only > reference to this issue that I could find. If someone could help me > understand, what is Winbindd looking for when it throws the error "Failed > to fetch our own, local AD domain join password for winbindd's internal > use", perhaps that would get me looking in the right direction. > > Bugzilla: > https://bugzilla.samba.org/show_bug.cgi?id=10991 > > Samba List: > https://lists.samba.org/archive/samba/2014-September/185031.html > > log.winbindd > /usr/local/samba/sbin/winbindd: winbindd version 4.2.0 started. > /usr/local/samba/sbin/winbindd: Copyright Andrew Tridgell and the Samba > Team 1992-2014 > /usr/local/samba/sbin/winbindd: Maximum core file size limits now > 16777216(soft) -1(hard) > /usr/local/samba/sbin/winbindd: Registered MSG_REQ_POOL_USAGE > /usr/local/samba/sbin/winbindd: Registered MSG_REQ_DMALLOC_MARK and > LOG_CHANGED > /usr/local/samba/sbin/winbindd: lp_load_ex: refreshing parameters > /usr/local/samba/sbin/winbindd: Initialising global parameters > /usr/local/samba/sbin/winbindd: rlimit_max: increasing rlimit_max (1024) to > minimum Windows limit (16384) > /usr/local/samba/sbin/winbindd: Processing section "[global]" > /usr/local/samba/sbin/winbindd: added interface enp0s3 ip=10.0.2.100 > bcast=10.0.2.255 netmask=255.255.255.0 > /usr/local/samba/sbin/winbindd: added interface enp0s3 ip=10.0.2.100 > bcast=10.0.2.255 netmask=255.255.255.0 > /usr/local/samba/sbin/winbindd: initialize_winbindd_cache: clearing cache > and re-creating with version number 2 > /usr/local/samba/sbin/winbindd: Added domain BUILTIN (null) S-1-5-32 > /usr/local/samba/sbin/winbindd: Added domain TESTDOM internal.testdom.com > SID_REMOVED > /usr/local/samba/sbin/winbindd: Failed to fetch our own, local AD domain > join password for winbindd's internal use > /usr/local/samba/sbin/winbindd: unable to initialize domain list > Child /usr/local/samba/sbin/winbindd exited with status 1 - Operation not > permitted > winbindd daemon died with exit status 1 > task_server_terminate: [winbindd child process exited] > samba_terminate: winbindd child process exited > > > > ---------- Mensaje reenviado ---------- > From: "L.P.H. van Belle" <belle at bazuin.nl> > To: "samba at lists.samba.org" <samba at lists.samba.org> > Cc: > Date: Fri, 27 Mar 2015 10:38:30 +0100 > Subject: Re: [Samba] winbindd: Failed to fetch our own, local AD domain > join password for winbindd's internal use > Hai Tom, > > Im not in 4.2 yet, but maybe i can help analize your problem. ( as long > its possible, big power outage in the netherlands.. ) > > this : https://lists.samba.org/archive/samba/2014-September/185031.html > is a good example how not to setup your samba server. > > so before we can think with, please post (and sorry if its again) some > info. > > Your OS? > Compiles samba or os provided samba, or sernet samba? > and the output of : > cat /etc/hosts > cat /etc/resolv.conf > cat /etc/hostname > cat /etc/nsswitch.conf > cat /etc/samba/smb.conf > > some commands you can use to check your setup. > sudo net ads info > sudo net ads lookup > wbinfo -D TESTDOM > > Louis > > > > > > >-----Oorspronkelijk bericht----- > >Van: tsml412101 at gmail.com > >[mailto:samba-bounces at lists.samba.org] Namens Tom > >Verzonden: donderdag 26 maart 2015 20:18 > >Aan: samba-technical at lists.samba.org; samba at lists.samba.org > >Onderwerp: [Samba] winbindd: Failed to fetch our own, local AD > >domain join password for winbindd's internal use > > > >Hello, > > > >I apologize in advance for cross-posting (and posting for help) to > >samba-technical, but I've been seeking help on the samba list > >and bugzilla > >since last week and have had no replies. Using Google, I've found this > >issue referenced only once on the mailing list and once in a > >bugzilla bug > >(10991). Unfortunately, I've found no resolutions. > > > >The problem appears to be specific to Samba 4.2, where domains were > >provisioned using classicupgrade. In my case, the > >classicupgrade provision > >was performed just a few weeks after 4.0.0 was released, going > >from version > >3.6.x > 4.0.0. I have since kept my install fairly up to date > >throughout > >the 4.0 and 4.1 cycles. I am currently trying to upgrade from 4.1.16 to > >4.2.0. After this latest upgrade, S4 fails to start, with the above > >mentioned error being logged to log.winbindd. I have found that adding > >"server services = -winbindd +winbind" allows 4.2.0 to start correctly. > >That said, I decided to revert to the 4.1.16 backup that I > >took immediately > >before the upgrade. I did this just to be safe, as it appears to be > >something specific to my AD directory, possibly related to the > >classicupgrade. I say this because I do not have the issue with my test > >domain, which was newly provisioned from 4.0.0. > > > >I have moved a copy of my live 4.1.16 instance to a VM environment for > >testing, and have duplicated the problem in testing. My goal > >was to upgrade > >to 4.2.0 and setup a secondary DC here on-site before standing > >up 3 more > >DCs at branch offices. I am wary of moving forward with this deployment > >knowing this problem exists, or without at least better > >understanding what > >is happening. The concern that something wrong with my AD directory > >(stemming from the classicupgrade) is what really worries me and I > >certainly don't want to start replicating "bad" data to remote sites. > > > >If anyone has the time and can help me figure out this issue, > >it would be > >much appreciated. I have included links to the bugzilla entry > >and the only > >reference to this issue that I could find. If someone could help me > >understand, what is Winbindd looking for when it throws the > >error "Failed > >to fetch our own, local AD domain join password for winbindd's internal > >use", perhaps that would get me looking in the right direction. > > > >Bugzilla: > >https://bugzilla.samba.org/show_bug.cgi?id=10991 > > > >Samba List: > >https://lists.samba.org/archive/samba/2014-September/185031.html > > > >log.winbindd > >/usr/local/samba/sbin/winbindd: winbindd version 4.2.0 started. > >/usr/local/samba/sbin/winbindd: Copyright Andrew Tridgell and the Samba > >Team 1992-2014 > >/usr/local/samba/sbin/winbindd: Maximum core file size limits now > >16777216(soft) -1(hard) > >/usr/local/samba/sbin/winbindd: Registered MSG_REQ_POOL_USAGE > >/usr/local/samba/sbin/winbindd: Registered MSG_REQ_DMALLOC_MARK and > >LOG_CHANGED > >/usr/local/samba/sbin/winbindd: lp_load_ex: refreshing parameters > >/usr/local/samba/sbin/winbindd: Initialising global parameters > >/usr/local/samba/sbin/winbindd: rlimit_max: increasing > >rlimit_max (1024) to > >minimum Windows limit (16384) > >/usr/local/samba/sbin/winbindd: Processing section "[global]" > >/usr/local/samba/sbin/winbindd: added interface enp0s3 ip=10.0.2.100 > >bcast=10.0.2.255 netmask=255.255.255.0 > >/usr/local/samba/sbin/winbindd: added interface enp0s3 ip=10.0.2.100 > >bcast=10.0.2.255 netmask=255.255.255.0 > >/usr/local/samba/sbin/winbindd: initialize_winbindd_cache: > >clearing cache > >and re-creating with version number 2 > >/usr/local/samba/sbin/winbindd: Added domain BUILTIN (null) S-1-5-32 > >/usr/local/samba/sbin/winbindd: Added domain TESTDOM > >internal.testdom.com > >SID_REMOVED > >/usr/local/samba/sbin/winbindd: Failed to fetch our own, local > >AD domain > >join password for winbindd's internal use > >/usr/local/samba/sbin/winbindd: unable to initialize domain list > >Child /usr/local/samba/sbin/winbindd exited with status 1 - > >Operation not > >permitted > >winbindd daemon died with exit status 1 > >task_server_terminate: [winbindd child process exited] > >samba_terminate: winbindd child process exited > >-- > >To unsubscribe from this list go to the following URL and read the > >instructions: https://lists.samba.org/mailman/options/samba > > > > > > > > > ---------- Mensaje reenviado ---------- > From: Rowland Penny <rowlandpenny at googlemail.com> > To: samba at lists.samba.org > Cc: > Date: Fri, 27 Mar 2015 10:21:38 +0000 > Subject: Re: [Samba] winbindd: Failed to fetch our own, local AD domain > join password for winbindd's internal use > On 27/03/15 09:38, L.P.H. van Belle wrote: > >> Hai Tom, >> >> Im not in 4.2 yet, but maybe i can help analize your problem. ( as long >> its possible, big power outage in the netherlands.. ) >> >> this : https://lists.samba.org/archive/samba/2014-September/185031.html >> is a good example how not to setup your samba server. >> > > Er, which part is incorrect ?? > > Rowland > > >> so before we can think with, please post (and sorry if its again) some >> info. >> >> Your OS? >> Compiles samba or os provided samba, or sernet samba? >> and the output of : >> cat /etc/hosts >> cat /etc/resolv.conf >> cat /etc/hostname >> cat /etc/nsswitch.conf >> cat /etc/samba/smb.conf >> >> some commands you can use to check your setup. >> sudo net ads info >> sudo net ads lookup >> wbinfo -D TESTDOM >> >> Louis >> >> >> >> >> >> >> > > > > ---------- Mensaje reenviado ---------- > From: "L.P.H. van Belle" <belle at bazuin.nl> > To: "samba at lists.samba.org" <samba at lists.samba.org> > Cc: > Date: Fri, 27 Mar 2015 11:27:16 +0100 > Subject: Re: [Samba] winbindd: Failed to fetch our own, local AD domain > join password for winbindd's internal use > # cat /etc/resolv.conf > > domain dc1.domain.com.br > > search domain.com.br > > nameserver 172.17.0.4 > > > > more cosmetic yes, because of the first domain then search. > but there should not be domain dc1.domain.com.br there. > this can mislead others. a "hostname" is not a domain.. > > > > >-----Oorspronkelijk bericht----- > >Van: rowlandpenny at googlemail.com > >[mailto:samba-bounces at lists.samba.org] Namens Rowland Penny > >Verzonden: vrijdag 27 maart 2015 11:22 > >Aan: samba at lists.samba.org > >Onderwerp: Re: [Samba] winbindd: Failed to fetch our own, > >local AD domain join password for winbindd's internal use > > > >On 27/03/15 09:38, L.P.H. van Belle wrote: > >> Hai Tom, > >> > >> Im not in 4.2 yet, but maybe i can help analize your > >problem. ( as long its possible, big power outage in the > >netherlands.. ) > >> > >> this : > >https://lists.samba.org/archive/samba/2014-September/185031.html > >> is a good example how not to setup your samba server. > > > >Er, which part is incorrect ?? > > > >Rowland > > > >> > >> so before we can think with, please post (and sorry if its > >again) some info. > >> > >> Your OS? > >> Compiles samba or os provided samba, or sernet samba? > >> and the output of : > >> cat /etc/hosts > >> cat /etc/resolv.conf > >> cat /etc/hostname > >> cat /etc/nsswitch.conf > >> cat /etc/samba/smb.conf > >> > >> some commands you can use to check your setup. > >> sudo net ads info > >> sudo net ads lookup > >> wbinfo -D TESTDOM > >> > >> Louis > >> > >> > >> > >> > >> > >> > > > >-- > >To unsubscribe from this list go to the following URL and read the > >instructions: https://lists.samba.org/mailman/options/samba > > > > > > > > > ---------- Mensaje reenviado ---------- > From: Sam <sr42354 at gmail.com> > To: "samba at lists.samba.org" <samba at lists.samba.org> > Cc: > Date: Fri, 27 Mar 2015 11:57:18 +0100 > Subject: [Samba] Win 2008srv to Samba4 DNS problems > Hello, > > I try to migrate form an old windows AD ( win 2000 ) > So I use a temporary windows2008R2 to move AD from win2000 to S4. > Forest and domain level are W2008R2. > Now I have some problems with the dns in samba4. I have no answers even in > local from samba4. > > If I try to move from a new empty windows 2008 ad, The service start and > answer well... > So I think something in my old DNS database is missing or disturbing... > > I just have done this on the dns : (http://support.microsoft.com/ > fr-fr/kb/817470) > > > But in the new Windows 2008, I can see something that I don't have in the > old: > > > What I am missing? Is there a best practice guide for preparing DNS to > follow before joining a samba4? ( remove windows 2000 AD compatibility for > instance...) > > Thanks all! > > Samuel > > ps : here is my syslog details : > > Mar 27 11:46:00 S4 named[2226]: starting BIND 9.8.4-rpz2+rl005.12-P1 -u > bind -4 > Mar 27 11:46:00 S4 named[2226]: built with '--prefix=/usr' > '--mandir=/usr/share/man' '--infodir=/usr/share/info' > '--sysconfdir=/etc/bind' '--localstatedir=/var' '--enable-threads' > '--enable-largefile' '--with-libtool' '--enable-shared' '--enable-static' > '--with-openssl=/usr' '--with-gssapi=/usr' '--with-gnu-ld' > '--with-geoip=/usr' '--enable-ipv6' 'CFLAGS=-fno-strict-aliasing > -DDIG_SIGCHASE -O2' > Mar 27 11:46:00 S4 named[2226]: ------------------------------ > ---------------------- > Mar 27 11:46:00 S4 named[2226]: BIND 9 is maintained by Internet Systems > Consortium, > Mar 27 11:46:00 S4 named[2226]: Inc. (ISC), a non-profit 501(c)(3) > public-benefit > Mar 27 11:46:00 S4 named[2226]: corporation. Support and training for > BIND 9 are > Mar 27 11:46:00 S4 named[2226]: available at https://www.isc.org/support > Mar 27 11:46:00 S4 named[2226]: ------------------------------ > ---------------------- > Mar 27 11:46:00 S4 named[2226]: adjusted limit on open files from 4096 to > 1048576 > Mar 27 11:46:00 S4 named[2226]: found 2 CPUs, using 2 worker threads > Mar 27 11:46:00 S4 named[2226]: using up to 4096 sockets > Mar 27 11:46:00 S4 named[2226]: loading configuration from > '/etc/bind/named.conf' > Mar 27 11:46:00 S4 named[2226]: reading built-in trusted keys from file > '/etc/bind/bind.keys' > Mar 27 11:46:00 S4 named[2226]: using default UDP/IPv4 port range: [1024, > 65535] > Mar 27 11:46:00 S4 named[2226]: using default UDP/IPv6 port range: [1024, > 65535] > Mar 27 11:46:00 S4 named[2226]: no IPv6 interfaces found > Mar 27 11:46:00 S4 named[2226]: listening on IPv4 interface lo, > 127.0.0.1#53 > Mar 27 11:46:00 S4 named[2226]: listening on IPv4 interface eth0, > 172.20.2.2#53 > Mar 27 11:46:00 S4 named[2226]: generating session key for dynamic DNS > Mar 27 11:46:00 S4 named[2226]: sizing zone task pool based on 5 zones > Mar 27 11:46:01 S4 named[2226]: Loading 'AD DNS Zone' using driver dlopen > Mar 27 11:46:01 S4 ntpd[2301]: ntpd 4.2.6p5 at 1.2349-o Sat Feb 7 11:05:48 > UTC 2015 (1) > Mar 27 11:46:01 S4 ntpd[2302]: proto: precision = 0.100 usec > Mar 27 11:46:01 S4 ntpd[2302]: Listen normally on 0 lo 127.0.0.1 UDP 123 > Mar 27 11:46:01 S4 ntpd[2302]: Listen normally on 1 eth0 172.20.2.2 UDP 123 > Mar 27 11:46:01 S4 ntpd[2302]: peers refreshed > Mar 27 11:46:01 S4 ntpd[2302]: Listening on routing socket on fd #18 for > interface updates > Mar 27 11:46:01 S4 ntpd[2302]: MS-SNTP signd operations currently block > ntpd degrading service to all clients. > Mar 27 11:46:02 S4 samba[2374]: [2015/03/27 11:46:02.896676, 0] > ../source4/smbd/server.c:370(binary_smbd_main) > Mar 27 11:46:02 S4 samba[2374]: samba version > 4.1.17-SerNet-Debian-10.wheezy started. > Mar 27 11:46:02 S4 samba[2374]: Copyright Andrew Tridgell and the Samba > Team 1992-2013 > Mar 27 11:46:03 S4 named[2226]: samba_dlz: started for DN > DC=ariane,DC=intra > Mar 27 11:46:03 S4 named[2226]: samba_dlz: starting configure > Mar 27 11:46:03 S4 named[2226]: samba_dlz: configured writeable zone > '_msdcs.ariane.intra' > Mar 27 11:46:03 S4 named[2226]: using built-in root key for view _default > Mar 27 11:46:03 S4 named[2226]: set up managed keys zone for view > _default, file 'managed-keys.bind' > Mar 27 11:46:03 S4 named[2226]: command channel listening on 127.0.0.1#953 > Mar 27 11:46:03 S4 named[2226]: zone 0.in-addr.arpa/IN: loaded serial 1 > Mar 27 11:46:03 S4 named[2226]: zone 127.in-addr.arpa/IN: loaded serial 1 > Mar 27 11:46:03 S4 named[2226]: zone 255.in-addr.arpa/IN: loaded serial 1 > Mar 27 11:46:03 S4 named[2226]: zone localhost/IN: loaded serial 2 > Mar 27 11:46:03 S4 named[2226]: managed-keys-zone ./IN: loaded serial 2 > Mar 27 11:46:03 S4 named[2226]: running > Mar 27 11:46:04 S4 ntpdate[1701]: the NTP socket is in use, exiting > Mar 27 11:46:04 S4 ntpdate[1670]: the NTP socket is in use, exiting > Mar 27 11:46:04 S4 ntpdate[1668]: the NTP socket is in use, exiting > Mar 27 11:46:04 S4 /usr/sbin/cron[2525]: (CRON) INFO (pidfile fd = 3) > Mar 27 11:46:04 S4 /usr/sbin/cron[2527]: (CRON) STARTUP (fork ok) > Mar 27 11:46:04 S4 /usr/sbin/cron[2527]: (CRON) INFO (Running @reboot jobs) > Mar 27 11:46:04 S4 samba[2376]: [2015/03/27 11:46:04.862709, 0] > ../source4/smbd/server.c:488(binary_smbd_main) > Mar 27 11:46:04 S4 samba[2376]: samba: using 'standard' process model > Mar 27 11:46:04 S4 samba[2376]: [2015/03/27 11:46:04.885661, 0] > ../lib/util/become_daemon.c:136(daemon_ready) > Mar 27 11:46:07 S4 kernel: [ 17.220877] eth0: no IPv6 routers present > Mar 27 11:46:07 S4 samba[2792]: [2015/03/27 11:46:07.388008, 0] > ../source4/librpc/rpc/dcerpc_util.c:681(dcerpc_pipe_auth_recv) > Mar 27 11:46:07 S4 samba[2792]: Failed to bind to uuid > 12345678-1234-abcd-ef00-01234567cffb for 12345678-1234-abcd-ef00- > 01234567cffb at ncalrpc:127.0.0.1[DEFAULT,sign,seal] NT_STATUS_ACCESS_DENIED > Mar 27 11:46:07 S4 smbd[2785]: [2015/03/27 11:46:07.551928, 0] > ../lib/util/become_daemon.c:136(daemon_ready) > Mar 27 11:46:08 S4 kernel: [ 17.940675] eth1: no IPv6 routers present > Mar 27 11:46:21 S4 samba[2791]: [2015/03/27 11:46:21.280522, 0] > ../source4/dsdb/repl/replicated_objects.c:818(dsdb_ > replicated_objects_commit) > Mar 27 11:46:21 S4 samba[2791]: ../source4/dsdb/repl/replicated_objects.c:818 > Failed to prepare commit of transaction: operations error at > ../source4/dsdb/samdb/ldb_modules/descriptor.c:1147 > Mar 27 11:46:21 S4 samba[2791]: [2015/03/27 11:46:21.283141, 0] > ../source4/dsdb/repl/drepl_out_helpers.c:758(dreplsrv_op_ > pull_source_apply_changes_trigger) > Mar 27 11:46:21 S4 samba[2791]: Failed to commit objects: > WERR_GENERAL_FAILURE/NT_STATUS_INVALID_NETWORK_RESPONSE > > > > > ---------- Mensaje reenviado ---------- > From: "Johannes Amorosa | Celluloid VFX" <johannesa at celluloid-vfx.com> > To: samba at lists.samba.org > Cc: > Date: Fri, 27 Mar 2015 13:14:35 +0100 > Subject: [Samba] Replication error after trying to sync sysvol > I tried to synchronize the sysvol folders, on two dcs. Something went > wrong since yesterday we have replication problems: > One machine shows this, while the other one is happy. > > samba-tool drs showrepl > > ==== INBOUND NEIGHBORS ===> > DC=DomainDnsZones,DC=ourdomain,DC=com > Default-First-Site-Name\DC03 via RPC > DSA object GUID: af610e1a-9e3b-4cdd-a36b-c296d77a9479 > Last attempt @ Fri Mar 27 12:58:42 2015 CET failed, result 121 > (WERR_SEM_TIMEOUT) > 126 consecutive failure(s). > Last success @ Fri Mar 27 03:40:24 2015 CET > > DC=ForestDnsZones,DC=ourdomain,DC=com > Default-First-Site-Name\DC04 via RPC > DSA object GUID: af610e1a-9e3b-4cdd-a36b-c296d77a9479 > Last attempt @ Fri Mar 27 12:51:41 2015 CET failed, result 121 > (WERR_SEM_TIMEOUT) > 102 consecutive failure(s). > Last success @ Fri Mar 27 03:40:24 2015 CET > > DC=ourdomain,DC=com > Default-First-Site-Name\DC03 via RPC > DSA object GUID: af610e1a-9e3b-4cdd-a36b-c296d77a9479 > Last attempt @ Fri Mar 27 12:57:42 2015 CET failed, result 121 > (WERR_SEM_TIMEOUT) > 106 consecutive failure(s). > Last success @ Fri Mar 27 03:40:25 2015 CET > > CN=Configuration,DC=ourdomain,DC=com > Default-First-Site-Name\DC03 via RPC > DSA object GUID: af610e1a-9e3b-4cdd-a36b-c296d77a9479 > Last attempt @ Fri Mar 27 12:53:41 2015 CET failed, result 121 > (WERR_SEM_TIMEOUT) > 102 consecutive failure(s). > Last success @ Fri Mar 27 03:40:26 2015 CET > > CN=Schema,CN=Configuration,DC=ourdomain,DC=com > Default-First-Site-Name\DC03 via RPC > DSA object GUID: af610e1a-9e3b-4cdd-a36b-c296d77a9479 > Last attempt @ Fri Mar 27 12:54:41 2015 CET failed, result 121 > (WERR_SEM_TIMEOUT) > 102 consecutive failure(s). > Last success @ Fri Mar 27 03:40:28 2015 CET > <snip> > > Every service still seems to work - but we're quite nervous - this is a > production system(lesson learned!). > > I tried to force sync > samba-tool drs replicate --full-sync DC04 DC03 dc=ourdomain,dc=com > ERROR(<class 'samba.drs_utils.drsException'>): DsReplicaSync failed - > drsException: DsReplicaSync failed (-1073741643, 'NT_STATUS_IO_TIMEOUT') > > Or setup: > sernet-samba 99:4.1.17-10 > > [global] > workgroup = OURDOMAIN > realm = OURDOMAIN.COM > netbios name = DC04 > log level = 3 > > server role = active directory domain controller > dns forwarder = 192.168.1.254 > <snip> > > Ubuntu 12.04 > > How can I fix this. Any help is highly appreciated. > Joe > > -- > Johannes Amorosa | Celluloid VFX > > > > > ---------- Mensaje reenviado ---------- > From: "Johannes Amorosa | Celluloid VFX" <johannesa at celluloid-vfx.com> > To: samba at lists.samba.org > Cc: > Date: Fri, 27 Mar 2015 14:12:34 +0100 > Subject: Re: [Samba] Replication error after trying to sync sysvol > Found the problem. There is a DNS Problem on one machine. This happend > because I was testing some samba AD settings in a virtual machine, > without knowing that NAT isn't shielding this properly - this vm > propagated the "new" IP to one of the dcs. > > DC04> ping DC03 > gives wrong IP! > > This should be fixable with the samba-tool dns update? > > > On 03/27/2015 01:14 PM, Johannes Amorosa | Celluloid VFX wrote: > >> I tried to synchronize the sysvol folders, on two dcs. Something went >> wrong since yesterday we have replication problems: >> One machine shows this, while the other one is happy. >> >> samba-tool drs showrepl >> >> ==== INBOUND NEIGHBORS ===>> >> DC=DomainDnsZones,DC=ourdomain,DC=com >> Default-First-Site-Name\DC03 via RPC >> DSA object GUID: af610e1a-9e3b-4cdd-a36b-c296d77a9479 >> Last attempt @ Fri Mar 27 12:58:42 2015 CET failed, result 121 >> (WERR_SEM_TIMEOUT) >> 126 consecutive failure(s). >> Last success @ Fri Mar 27 03:40:24 2015 CET >> >> DC=ForestDnsZones,DC=ourdomain,DC=com >> Default-First-Site-Name\DC04 via RPC >> DSA object GUID: af610e1a-9e3b-4cdd-a36b-c296d77a9479 >> Last attempt @ Fri Mar 27 12:51:41 2015 CET failed, result 121 >> (WERR_SEM_TIMEOUT) >> 102 consecutive failure(s). >> Last success @ Fri Mar 27 03:40:24 2015 CET >> >> DC=ourdomain,DC=com >> Default-First-Site-Name\DC03 via RPC >> DSA object GUID: af610e1a-9e3b-4cdd-a36b-c296d77a9479 >> Last attempt @ Fri Mar 27 12:57:42 2015 CET failed, result 121 >> (WERR_SEM_TIMEOUT) >> 106 consecutive failure(s). >> Last success @ Fri Mar 27 03:40:25 2015 CET >> >> CN=Configuration,DC=ourdomain,DC=com >> Default-First-Site-Name\DC03 via RPC >> DSA object GUID: af610e1a-9e3b-4cdd-a36b-c296d77a9479 >> Last attempt @ Fri Mar 27 12:53:41 2015 CET failed, result 121 >> (WERR_SEM_TIMEOUT) >> 102 consecutive failure(s). >> Last success @ Fri Mar 27 03:40:26 2015 CET >> >> CN=Schema,CN=Configuration,DC=ourdomain,DC=com >> Default-First-Site-Name\DC03 via RPC >> DSA object GUID: af610e1a-9e3b-4cdd-a36b-c296d77a9479 >> Last attempt @ Fri Mar 27 12:54:41 2015 CET failed, result 121 >> (WERR_SEM_TIMEOUT) >> 102 consecutive failure(s). >> Last success @ Fri Mar 27 03:40:28 2015 CET >> <snip> >> >> Every service still seems to work - but we're quite nervous - this is a >> production system(lesson learned!). >> >> I tried to force sync >> samba-tool drs replicate --full-sync DC04 DC03 dc=ourdomain,dc=com >> ERROR(<class 'samba.drs_utils.drsException'>): DsReplicaSync failed - >> drsException: DsReplicaSync failed (-1073741643, 'NT_STATUS_IO_TIMEOUT') >> >> Or setup: >> sernet-samba 99:4.1.17-10 >> >> [global] >> workgroup = OURDOMAIN >> realm = OURDOMAIN.COM >> netbios name = DC04 >> log level = 3 >> >> server role = active directory domain controller >> dns forwarder = 192.168.1.254 >> <snip> >> >> Ubuntu 12.04 >> >> How can I fix this. Any help is highly appreciated. >> Joe >> >> > -- > Johannes Amorosa | Celluloid VFX > > > > > ---------- Mensaje reenviado ---------- > From: "Johannes Amorosa | Celluloid VFX" <johannesa at celluloid-vfx.com> > To: samba at lists.samba.org > Cc: > Date: Fri, 27 Mar 2015 14:59:54 +0100 > Subject: Re: [Samba] Replication error after trying to sync sysvol > for the records: > samba-tool dns delete DC03 ourdomain.inc DC03 A 10.0.2.15 -U administrator > > On 03/27/2015 02:12 PM, Johannes Amorosa | Celluloid VFX wrote: > >> Found the problem. There is a DNS Problem on one machine. This happend >> because I was testing some samba AD settings in a virtual machine, >> without knowing that NAT isn't shielding this properly - this vm >> propagated the "new" IP to one of the dcs. >> >> DC04> ping DC03 >> gives wrong IP! >> >> This should be fixable with the samba-tool dns update? >> >> >> On 03/27/2015 01:14 PM, Johannes Amorosa | Celluloid VFX wrote: >> >>> I tried to synchronize the sysvol folders, on two dcs. Something went >>> wrong since yesterday we have replication problems: >>> One machine shows this, while the other one is happy. >>> >>> samba-tool drs showrepl >>> >>> ==== INBOUND NEIGHBORS ===>>> >>> DC=DomainDnsZones,DC=ourdomain,DC=com >>> Default-First-Site-Name\DC03 via RPC >>> DSA object GUID: af610e1a-9e3b-4cdd-a36b-c296d77a9479 >>> Last attempt @ Fri Mar 27 12:58:42 2015 CET failed, result 121 >>> (WERR_SEM_TIMEOUT) >>> 126 consecutive failure(s). >>> Last success @ Fri Mar 27 03:40:24 2015 CET >>> >>> DC=ForestDnsZones,DC=ourdomain,DC=com >>> Default-First-Site-Name\DC04 via RPC >>> DSA object GUID: af610e1a-9e3b-4cdd-a36b-c296d77a9479 >>> Last attempt @ Fri Mar 27 12:51:41 2015 CET failed, result 121 >>> (WERR_SEM_TIMEOUT) >>> 102 consecutive failure(s). >>> Last success @ Fri Mar 27 03:40:24 2015 CET >>> >>> DC=ourdomain,DC=com >>> Default-First-Site-Name\DC03 via RPC >>> DSA object GUID: af610e1a-9e3b-4cdd-a36b-c296d77a9479 >>> Last attempt @ Fri Mar 27 12:57:42 2015 CET failed, result 121 >>> (WERR_SEM_TIMEOUT) >>> 106 consecutive failure(s). >>> Last success @ Fri Mar 27 03:40:25 2015 CET >>> >>> CN=Configuration,DC=ourdomain,DC=com >>> Default-First-Site-Name\DC03 via RPC >>> DSA object GUID: af610e1a-9e3b-4cdd-a36b-c296d77a9479 >>> Last attempt @ Fri Mar 27 12:53:41 2015 CET failed, result 121 >>> (WERR_SEM_TIMEOUT) >>> 102 consecutive failure(s). >>> Last success @ Fri Mar 27 03:40:26 2015 CET >>> >>> CN=Schema,CN=Configuration,DC=ourdomain,DC=com >>> Default-First-Site-Name\DC03 via RPC >>> DSA object GUID: af610e1a-9e3b-4cdd-a36b-c296d77a9479 >>> Last attempt @ Fri Mar 27 12:54:41 2015 CET failed, result 121 >>> (WERR_SEM_TIMEOUT) >>> 102 consecutive failure(s). >>> Last success @ Fri Mar 27 03:40:28 2015 CET >>> <snip> >>> >>> Every service still seems to work - but we're quite nervous - this is a >>> production system(lesson learned!). >>> >>> I tried to force sync >>> samba-tool drs replicate --full-sync DC04 DC03 dc=ourdomain,dc=com >>> ERROR(<class 'samba.drs_utils.drsException'>): DsReplicaSync failed - >>> drsException: DsReplicaSync failed (-1073741643, 'NT_STATUS_IO_TIMEOUT') >>> >>> Or setup: >>> sernet-samba 99:4.1.17-10 >>> >>> [global] >>> workgroup = OURDOMAIN >>> realm = OURDOMAIN.COM >>> netbios name = DC04 >>> log level = 3 >>> >>> server role = active directory domain controller >>> dns forwarder = 192.168.1.254 >>> <snip> >>> >>> Ubuntu 12.04 >>> >>> How can I fix this. Any help is highly appreciated. >>> Joe >>> >>> >> > -- > Johannes Amorosa | Celluloid VFX > > > > > ---------- Mensaje reenviado ---------- > From: Rowland Penny <rowlandpenny at googlemail.com> > To: samba at lists.samba.org > Cc: > Date: Fri, 27 Mar 2015 15:13:17 +0000 > Subject: Re: [Samba] Win 2008srv to Samba4 DNS problems > On 27/03/15 10:57, Sam wrote: > >> Hello, >> >> I try to migrate form an old windows AD ( win 2000 ) >> So I use a temporary windows2008R2 to move AD from win2000 to S4. >> Forest and domain level are W2008R2. >> Now I have some problems with the dns in samba4. I have no answers even >> in local from samba4. >> >> If I try to move from a new empty windows 2008 ad, The service start and >> answer well... >> So I think something in my old DNS database is missing or disturbing... >> >> I just have done this on the dns : (http://support.microsoft.com/ >> fr-fr/kb/817470) >> >> >> But in the new Windows 2008, I can see something that I don't have in the >> old: >> >> >> What I am missing? Is there a best practice guide for preparing DNS to >> follow before joining a samba4? ( remove windows 2000 AD compatibility for >> instance...) >> >> Thanks all! >> >> Samuel >> >> ps : here is my syslog details : >> >> Mar 27 11:46:00 S4 named[2226]: starting BIND 9.8.4-rpz2+rl005.12-P1 -u >> bind -4 >> Mar 27 11:46:00 S4 named[2226]: built with '--prefix=/usr' >> '--mandir=/usr/share/man' '--infodir=/usr/share/info' >> '--sysconfdir=/etc/bind' '--localstatedir=/var' '--enable-threads' >> '--enable-largefile' '--with-libtool' '--enable-shared' '--enable-static' >> '--with-openssl=/usr' '--with-gssapi=/usr' '--with-gnu-ld' >> '--with-geoip=/usr' '--enable-ipv6' 'CFLAGS=-fno-strict-aliasing >> -DDIG_SIGCHASE -O2' >> Mar 27 11:46:00 S4 named[2226]: ------------------------------ >> ---------------------- >> Mar 27 11:46:00 S4 named[2226]: BIND 9 is maintained by Internet Systems >> Consortium, >> Mar 27 11:46:00 S4 named[2226]: Inc. (ISC), a non-profit 501(c)(3) >> public-benefit >> Mar 27 11:46:00 S4 named[2226]: corporation. Support and training for >> BIND 9 are >> Mar 27 11:46:00 S4 named[2226]: available at https://www.isc.org/support >> Mar 27 11:46:00 S4 named[2226]: ------------------------------ >> ---------------------- >> Mar 27 11:46:00 S4 named[2226]: adjusted limit on open files from 4096 to >> 1048576 >> Mar 27 11:46:00 S4 named[2226]: found 2 CPUs, using 2 worker threads >> Mar 27 11:46:00 S4 named[2226]: using up to 4096 sockets >> Mar 27 11:46:00 S4 named[2226]: loading configuration from >> '/etc/bind/named.conf' >> Mar 27 11:46:00 S4 named[2226]: reading built-in trusted keys from file >> '/etc/bind/bind.keys' >> Mar 27 11:46:00 S4 named[2226]: using default UDP/IPv4 port range: [1024, >> 65535] >> Mar 27 11:46:00 S4 named[2226]: using default UDP/IPv6 port range: [1024, >> 65535] >> Mar 27 11:46:00 S4 named[2226]: no IPv6 interfaces found >> Mar 27 11:46:00 S4 named[2226]: listening on IPv4 interface lo, >> 127.0.0.1#53 >> Mar 27 11:46:00 S4 named[2226]: listening on IPv4 interface eth0, >> 172.20.2.2#53 >> Mar 27 11:46:00 S4 named[2226]: generating session key for dynamic DNS >> Mar 27 11:46:00 S4 named[2226]: sizing zone task pool based on 5 zones >> Mar 27 11:46:01 S4 named[2226]: Loading 'AD DNS Zone' using driver dlopen >> Mar 27 11:46:01 S4 ntpd[2301]: ntpd 4.2.6p5 at 1.2349-o Sat Feb 7 11:05:48 >> UTC 2015 (1) >> Mar 27 11:46:01 S4 ntpd[2302]: proto: precision = 0.100 usec >> Mar 27 11:46:01 S4 ntpd[2302]: Listen normally on 0 lo 127.0.0.1 UDP 123 >> Mar 27 11:46:01 S4 ntpd[2302]: Listen normally on 1 eth0 172.20.2.2 UDP >> 123 >> Mar 27 11:46:01 S4 ntpd[2302]: peers refreshed >> Mar 27 11:46:01 S4 ntpd[2302]: Listening on routing socket on fd #18 for >> interface updates >> Mar 27 11:46:01 S4 ntpd[2302]: MS-SNTP signd operations currently block >> ntpd degrading service to all clients. >> Mar 27 11:46:02 S4 samba[2374]: [2015/03/27 11:46:02.896676, 0] >> ../source4/smbd/server.c:370(binary_smbd_main) >> Mar 27 11:46:02 S4 samba[2374]: samba version >> 4.1.17-SerNet-Debian-10.wheezy started. >> Mar 27 11:46:02 S4 samba[2374]: Copyright Andrew Tridgell and the Samba >> Team 1992-2013 >> Mar 27 11:46:03 S4 named[2226]: samba_dlz: started for DN >> DC=ariane,DC=intra >> Mar 27 11:46:03 S4 named[2226]: samba_dlz: starting configure >> Mar 27 11:46:03 S4 named[2226]: samba_dlz: configured writeable zone >> '_msdcs.ariane.intra' >> Mar 27 11:46:03 S4 named[2226]: using built-in root key for view _default >> Mar 27 11:46:03 S4 named[2226]: set up managed keys zone for view >> _default, file 'managed-keys.bind' >> Mar 27 11:46:03 S4 named[2226]: command channel listening on 127.0.0.1#953 >> Mar 27 11:46:03 S4 named[2226]: zone 0.in-addr.arpa/IN: loaded serial 1 >> Mar 27 11:46:03 S4 named[2226]: zone 127.in-addr.arpa/IN: loaded serial 1 >> Mar 27 11:46:03 S4 named[2226]: zone 255.in-addr.arpa/IN: loaded serial 1 >> Mar 27 11:46:03 S4 named[2226]: zone localhost/IN: loaded serial 2 >> Mar 27 11:46:03 S4 named[2226]: managed-keys-zone ./IN: loaded serial 2 >> Mar 27 11:46:03 S4 named[2226]: running >> Mar 27 11:46:04 S4 ntpdate[1701]: the NTP socket is in use, exiting >> Mar 27 11:46:04 S4 ntpdate[1670]: the NTP socket is in use, exiting >> Mar 27 11:46:04 S4 ntpdate[1668]: the NTP socket is in use, exiting >> Mar 27 11:46:04 S4 /usr/sbin/cron[2525]: (CRON) INFO (pidfile fd = 3) >> Mar 27 11:46:04 S4 /usr/sbin/cron[2527]: (CRON) STARTUP (fork ok) >> Mar 27 11:46:04 S4 /usr/sbin/cron[2527]: (CRON) INFO (Running @reboot >> jobs) >> Mar 27 11:46:04 S4 samba[2376]: [2015/03/27 11:46:04.862709, 0] >> ../source4/smbd/server.c:488(binary_smbd_main) >> Mar 27 11:46:04 S4 samba[2376]: samba: using 'standard' process model >> Mar 27 11:46:04 S4 samba[2376]: [2015/03/27 11:46:04.885661, 0] >> ../lib/util/become_daemon.c:136(daemon_ready) >> Mar 27 11:46:07 S4 kernel: [ 17.220877] eth0: no IPv6 routers present >> Mar 27 11:46:07 S4 samba[2792]: [2015/03/27 11:46:07.388008, 0] >> ../source4/librpc/rpc/dcerpc_util.c:681(dcerpc_pipe_auth_recv) >> Mar 27 11:46:07 S4 samba[2792]: Failed to bind to uuid >> 12345678-1234-abcd-ef00-01234567cffb for 12345678-1234-abcd-ef00- >> 01234567cffb at ncalrpc:127.0.0.1[DEFAULT,sign,seal] NT_STATUS_ACCESS_DENIED >> Mar 27 11:46:07 S4 smbd[2785]: [2015/03/27 11:46:07.551928, 0] >> ../lib/util/become_daemon.c:136(daemon_ready) >> Mar 27 11:46:08 S4 kernel: [ 17.940675] eth1: no IPv6 routers present >> Mar 27 11:46:21 S4 samba[2791]: [2015/03/27 11:46:21.280522, 0] >> ../source4/dsdb/repl/replicated_objects.c:818(dsdb_ >> replicated_objects_commit) >> Mar 27 11:46:21 S4 samba[2791]: ../source4/dsdb/repl/replicated_objects.c:818 >> Failed to prepare commit of transaction: operations error at >> ../source4/dsdb/samdb/ldb_modules/descriptor.c:1147 >> Mar 27 11:46:21 S4 samba[2791]: [2015/03/27 11:46:21.283141, 0] >> ../source4/dsdb/repl/drepl_out_helpers.c:758(dreplsrv_op_ >> pull_source_apply_changes_trigger) >> Mar 27 11:46:21 S4 samba[2791]: Failed to commit objects: >> WERR_GENERAL_FAILURE/NT_STATUS_INVALID_NETWORK_RESPONSE >> >> > Hi, never had this problem, but I wonder if this would work, join a samba > 4 DC directly to the 2K Server and then run 'samba_upgradedns' > > Worth a try on a test network, there is this in the middle of the > 'samba_upgradedns' python code: > > # dnsprovision creates application partitions for AD based DNS mainly if > the existing > # provision was created using earlier snapshots of samba4 which did not > have support > # for DNS partitions > > Rowland > > > > > ---------- Mensaje reenviado ---------- > From: Dania Ramirez Moya <dania181087 at gmail.com> > To: samba <samba at lists.samba.org> > Cc: > Date: Fri, 27 Mar 2015 11:28:10 -0400 > Subject: [Samba] samba_dnsupdate failed with RuntimeError: kinit for > SMB4ECONOMIA$@ECONOMIA failed (Cannot contact any KDC for requested realm) > Hi list: > > I joined Samba4.1.7 to Windows2k3 R2 domain, when I run: > *samba_dnsupdate --verbose --all-names* > > > IPs: ['192.168.186.137'] > Skipping PDC entry (SRV > _ldap._tcp.pdc._msdcs.${DNSDOMAIN} ${HOSTNAME} 389) as we > are not a PDC > Skipping PDC entry (SRV > _ldap._tcp.pdc._msdcs.${DNSFOREST} ${HOSTNAME} 389) as we > are not a PDC > Traceback (most recent call last): > File "/usr/sbin/samba_dnsupdate", line 510, in <module> > get_credentials(lp) > File "/usr/sbin/samba_dnsupdate", line 123, in get_credentials > raise e > *RuntimeError: kinit for SMB4ECONOMIA$@ECONOMIA failed (Cannot contact any > KDC for requested realm)* > > Kinit works fine. This is mi /etc/resolv.conf: > domain economia > search economia > nameserver 127.0.0.1 > nameserver 192.168.186.234 (Windows2k3) > > samba dns server works fine too. > I haven't run fsmo transfer to samba4 nor w2k3 demote dc yet > Is this error important? > I would appreciate any help > Best regards > > > > ---------- Mensaje reenviado ---------- > From: Rowland Penny <rowlandpenny at googlemail.com> > To: samba at lists.samba.org > Cc: > Date: Fri, 27 Mar 2015 15:48:29 +0000 > Subject: Re: [Samba] samba_dnsupdate failed with RuntimeError: kinit for > SMB4ECONOMIA$@ECONOMIA failed (Cannot contact any KDC for requested realm) > On 27/03/15 15:28, Dania Ramirez Moya wrote: > >> Hi list: >> >> I joined Samba4.1.7 to Windows2k3 R2 domain, when I run: >> *samba_dnsupdate --verbose --all-names* >> >> >> IPs: ['192.168.186.137'] >> Skipping PDC entry (SRV >> _ldap._tcp.pdc._msdcs.${DNSDOMAIN} ${HOSTNAME} 389) as >> we >> are not a PDC >> Skipping PDC entry (SRV >> _ldap._tcp.pdc._msdcs.${DNSFOREST} ${HOSTNAME} 389) as >> we >> are not a PDC >> Traceback (most recent call last): >> File "/usr/sbin/samba_dnsupdate", line 510, in <module> >> get_credentials(lp) >> File "/usr/sbin/samba_dnsupdate", line 123, in get_credentials >> raise e >> *RuntimeError: kinit for SMB4ECONOMIA$@ECONOMIA failed (Cannot contact any >> KDC for requested realm)* >> >> Kinit works fine. This is mi /etc/resolv.conf: >> domain economia >> search economia >> nameserver 127.0.0.1 >> nameserver 192.168.186.234 (Windows2k3) >> >> samba dns server works fine too. >> I haven't run fsmo transfer to samba4 nor w2k3 demote dc yet >> Is this error important? >> I would appreciate any help >> Best regards >> > > Is your kerberos realm really 'ECONOMIA' ? > It is usually in the format 'EXAMPLE.COM' > > You can remove the domain line from /etc/resolv.conf, you cannot have both > 'domain' and 'search' and the second to be found will be used. You should > also have the other DC first in the list, so your DC uses the other DC for > dns unless that fails. > > What have you got in /etc/krb5.conf ? > > Rowland > > > > > > > ---------- Mensaje reenviado ---------- > From: Ciaran Scolard <Ciaran at phonovation.com> > To: "'samba at lists.samba.org'" <samba at lists.samba.org> > Cc: > Date: Fri, 27 Mar 2015 15:35:12 +0000 > Subject: [Samba] Weird issue - STATUS_DISK_FULL > Hi All, > > I've a share on a btrfs volume that is reporting that there isn't enough > disk space for a backup. > Which is odd as the file is about 300GB in size and df -h reports 5TB > free. > Any ideas? > > testparm -s > Load smb config files from /etc/samba/smb.conf > Processing section "[BACKUP00]" > Loaded services file OK. > Server role: ROLE_STANDALONE > [global] > map to guest = Bad User > log file = /var/log/samba/log.%m > max xmit = 65535 > deadtime = 15 > socket options = TCP_NODELAY IPTOS_LOWDELAY > load printers = No > printcap name = /dev/null > disable spoolss = Yes > idmap config * : backend = tdb > use sendfile = Yes > write cache size = 1048576 > printing = bsd > print command = lpr -r -P'%p' %s > lpq command = lpq -P'%p' > lprm command = lprm -P'%p' %j > > [BACKUP00] > comment = BACKUPS > path = /BACKUP00/Shared/ > read only = No > guest only = Yes > guest ok = Yes > vfs objects = btrfs > > > > ---------- Mensaje reenviado ---------- > From: David Disseldorp <ddiss at suse.de> > To: Ciaran Scolard <Ciaran at phonovation.com> > Cc: "'samba at lists.samba.org'" <samba at lists.samba.org> > Date: Fri, 27 Mar 2015 17:10:42 +0100 > Subject: Re: [Samba] Weird issue - STATUS_DISK_FULL > Hi Ciaran, > > On Fri, 27 Mar 2015 15:35:12 +0000, Ciaran Scolard wrote: > > > I've a share on a btrfs volume that is reporting that there isn't enough > disk space for a backup. > > Which is odd as the file is about 300GB in size and df -h reports 5TB > free. > > Any ideas? > > Free space tracking in Btrfs (and other CoW filesystems) is generally > complex. I'd suggest you take a look at the Btrfs documentation at: > > https://btrfs.wiki.kernel.org/index.php/FAQ#Help.21_I_ran_out_of_disk_space.21 > > Cheers, David > > > > ---------- Mensaje reenviado ---------- > From: Ciaran Scolard <Ciaran at phonovation.com> > To: "'David Disseldorp'" <ddiss at suse.de> > Cc: "'samba at lists.samba.org'" <samba at lists.samba.org> > Date: Fri, 27 Mar 2015 16:23:41 +0000 > Subject: Re: [Samba] Weird issue - STATUS_DISK_FULL > Thanks David. > > It's a brand new array but I've double checked and there's not much space > used and plenty free. > > > -----Original Message----- > From: David Disseldorp [mailto:ddiss at suse.de] > Sent: 27 March 2015 16:11 > To: Ciaran Scolard > Cc: 'samba at lists.samba.org' > Subject: Re: [Samba] Weird issue - STATUS_DISK_FULL > > Hi Ciaran, > > On Fri, 27 Mar 2015 15:35:12 +0000, Ciaran Scolard wrote: > > > I've a share on a btrfs volume that is reporting that there isn't enough > disk space for a backup. > > Which is odd as the file is about 300GB in size and df -h reports 5TB > free. > > Any ideas? > > Free space tracking in Btrfs (and other CoW filesystems) is generally > complex. I'd suggest you take a look at the Btrfs documentation at: > > https://btrfs.wiki.kernel.org/index.php/FAQ#Help.21_I_ran_out_of_disk_space.21 > > Cheers, David > > > > ---------- Mensaje reenviado ---------- > From: David Disseldorp <ddiss at suse.de> > To: Ciaran Scolard <Ciaran at phonovation.com> > Cc: "'samba at lists.samba.org'" <samba at lists.samba.org> > Date: Fri, 27 Mar 2015 17:35:33 +0100 > Subject: Re: [Samba] Weird issue - STATUS_DISK_FULL > On Fri, 27 Mar 2015 16:23:41 +0000, Ciaran Scolard wrote: > > > Thanks David. > > > > It's a brand new array but I've double checked and there's not much > space used and plenty free. > > Which kernel version are you using. Which version of Samba are you > running? Can you reproduce the ENOSPC error doing a similar IO on the > local filesystem, or only via Samba? > > Finally, have you tried running "btrfs fi balance ..." on the > filesystem? > > Cheers, David > > > _______________________________________________ > samba mailing list > samba at lists.samba.org > https://lists.samba.org/mailman/listinfo/samba > >Hello, thank you Rowland for you response Yes, it is.This domain was installed with a single label, just ECONOMIA. Is that a problem? Thit is my /etc/krb5.conf [libdefaults] default_realm = ECONOMIA dns_lookup_realm = true dns_lookup_kdc = true I made the changes that you suggest me but I continue to get the same result RuntimeError: kinit for SMB4ECONOMIA$@ECONOMIA failed (Cannot contact any KDC for) *samba_dnsupdate --verboseIPs: ['192.168.186.137']Skipping PDC entry (SRV _ldap._tcp.pdc._msdcs.${DNSDOMAIN} ${HOSTNAME} 389) as we are not a PDCSkipping PDC entry (SRV _ldap._tcp.pdc._msdcs.${DNSFOREST} ${HOSTNAME} 389) as we are not a PDCLooking for DNS entry A economia 192.168.186.137 as economia.Failed to find matching DNS entry A economia 192.168.186.137Looking for DNS entry A smb4economia.economia 192.168.186.137 as smb4economia.economia.Looking for DNS entry A gc._msdcs.economia 192.168.186.137 as gc._msdcs.economia.Failed to find matching DNS entry A gc._msdcs.economia 192.168.186.137Looking for DNS entry CNAME 207c6ca4-3976-4aaf-b60a-bc98093df340._msdcs.economia smb4economia.economia as 207c6ca4-3976-4aaf-b60a-bc98093df340._msdcs.economia.Looking for DNS entry SRV _kpasswd._tcp.economia smb4economia.economia 464 as _kpasswd._tcp.economia.Checking 0 100 464 dc.economia. against SRV _kpasswd._tcp.economia smb4economia.economia 464Failed to find matching DNS entry SRV _kpasswd._tcp.economia smb4economia.economia 464Looking for DNS entry SRV _kpasswd._udp.economia smb4economia.economia 464 as _kpasswd._udp.economia.Checking 0 100 464 dc.economia. against SRV _kpasswd._udp.economia smb4economia.economia 464Failed to find matching DNS entry SRV _kpasswd._udp.economia smb4economia.economia 464Looking for DNS entry SRV _kerberos._tcp.economia smb4economia.economia 88 as _kerberos._tcp.economia.Checking 0 100 88 dc.economia. against SRV _kerberos._tcp.economia smb4economia.economia 88Failed to find matching DNS entry SRV _kerberos._tcp.economia smb4economia.economia 88Looking for DNS entry SRV _kerberos._tcp.dc._msdcs.economia smb4economia.economia 88 as _kerberos._tcp.dc._msdcs.economia.Checking 0 100 88 dc.economia. against SRV _kerberos._tcp.dc._msdcs.economia smb4economia.economia 88Failed to find matching DNS entry SRV _kerberos._tcp.dc._msdcs.economia smb4economia.economia 88Looking for DNS entry SRV _kerberos._tcp.default-first-site-name._sites.economia smb4economia.economia 88 as _kerberos._tcp.default-first-site-name._sites.economia.Checking 0 100 88 dc.economia. against SRV _kerberos._tcp.default-first-site-name._sites.economia smb4economia.economia 88Failed to find matching DNS entry SRV _kerberos._tcp.default-first-site-name._sites.economia smb4economia.economia 88Looking for DNS entry SRV _kerberos._tcp.default-first-site-name._sites.dc._msdcs.economia smb4economia.economia 88 as _kerberos._tcp.default-first-site-name._sites.dc._msdcs.economia.Checking 0 100 88 dc.economia. against SRV _kerberos._tcp.default-first-site-name._sites.dc._msdcs.economia smb4economia.economia 88Failed to find matching DNS entry SRV _kerberos._tcp.default-first-site-name._sites.dc._msdcs.economia smb4economia.economia 88Looking for DNS entry SRV _kerberos._udp.economia smb4economia.economia 88 as _kerberos._udp.economia.Checking 0 100 88 dc.economia. against SRV _kerberos._udp.economia smb4economia.economia 88Failed to find matching DNS entry SRV _kerberos._udp.economia smb4economia.economia 88Looking for DNS entry SRV _ldap._tcp.economia smb4economia.economia 389 as _ldap._tcp.economia.Checking 0 100 389 dc.economia. against SRV _ldap._tcp.economia smb4economia.economia 389Failed to find matching DNS entry SRV _ldap._tcp.economia smb4economia.economia 389Looking for DNS entry SRV _ldap._tcp.dc._msdcs.economia smb4economia.economia 389 as _ldap._tcp.dc._msdcs.economia.Checking 0 100 389 dc.economia. against SRV _ldap._tcp.dc._msdcs.economia smb4economia.economia 389Failed to find matching DNS entry SRV _ldap._tcp.dc._msdcs.economia smb4economia.economia 389Looking for DNS entry SRV _ldap._tcp.gc._msdcs.economia smb4economia.economia 3268 as _ldap._tcp.gc._msdcs.economia.Checking 0 100 3268 dc.economia. against SRV _ldap._tcp.gc._msdcs.economia smb4economia.economia 3268Failed to find matching DNS entry SRV _ldap._tcp.gc._msdcs.economia smb4economia.economia 3268Looking for DNS entry SRV _ldap._tcp.default-first-site-name._sites.economia smb4economia.economia 389 as _ldap._tcp.default-first-site-name._sites.economia.Checking 0 100 389 dc.economia. against SRV _ldap._tcp.default-first-site-name._sites.economia smb4economia.economia 389Failed to find matching DNS entry SRV _ldap._tcp.default-first-site-name._sites.economia smb4economia.economia 389Looking for DNS entry SRV _ldap._tcp.default-first-site-name._sites.dc._msdcs.economia smb4economia.economia 389 as _ldap._tcp.default-first-site-name._sites.dc._msdcs.economia.Checking 0 100 389 dc.economia. against SRV _ldap._tcp.default-first-site-name._sites.dc._msdcs.economia smb4economia.economia 389Failed to find matching DNS entry SRV _ldap._tcp.default-first-site-name._sites.dc._msdcs.economia smb4economia.economia 389Looking for DNS entry SRV _ldap._tcp.default-first-site-name._sites.gc._msdcs.economia smb4economia.economia 3268 as _ldap._tcp.default-first-site-name._sites.gc._msdcs.economia.Checking 0 100 3268 dc.economia. against SRV _ldap._tcp.default-first-site-name._sites.gc._msdcs.economia smb4economia.economia 3268Failed to find matching DNS entry SRV _ldap._tcp.default-first-site-name._sites.gc._msdcs.economia smb4economia.economia 3268Looking for DNS entry SRV _ldap._tcp.2dcb8925-d286-4995-8b9a-3cbc85a636b0.domains._msdcs.economia smb4economia.economia 389 as _ldap._tcp.2dcb8925-d286-4995-8b9a-3cbc85a636b0.domains._msdcs.economia.Checking 0 100 389 dc.economia. against SRV _ldap._tcp.2dcb8925-d286-4995-8b9a-3cbc85a636b0.domains._msdcs.economia smb4economia.economia 389Failed to find matching DNS entry SRV _ldap._tcp.2dcb8925-d286-4995-8b9a-3cbc85a636b0.domains._msdcs.economia smb4economia.economia 389Looking for DNS entry SRV _gc._tcp.economia smb4economia.economia 3268 as _gc._tcp.economia.Checking 0 100 3268 dc.economia. against SRV _gc._tcp.economia smb4economia.economia 3268Failed to find matching DNS entry SRV _gc._tcp.economia smb4economia.economia 3268Looking for DNS entry SRV _gc._tcp.default-first-site-name._sites.economia smb4economia.economia 3268 as _gc._tcp.default-first-site-name._sites.economia.Checking 0 100 3268 dc.economia. against SRV _gc._tcp.default-first-site-name._sites.economia smb4economia.economia 3268Failed to find matching DNS entry SRV _gc._tcp.default-first-site-name._sites.economia smb4economia.economia 3268Traceback (most recent call last): File "/usr/sbin/samba_dnsupdate", line 510, in <module> get_credentials(lp) File "/usr/sbin/samba_dnsupdate", line 123, in get_credentials raise eRuntimeError: kinit for SMB4ECONOMIA$@ECONOMIA failed (Cannot contact any KDC for requested realm)*
Dania Ramirez Moya
2015-Mar-28 21:15 UTC
[Samba] Fwd: samba_dnsupdate failed with RuntimeError: kinit for SMB4ECONOMIA$@ECONOMIA failed (Cannot contact any KDC for requested realm)
---------- Forwarded message ---------- From: Dania Ramirez Moya <dania181087 at gmail.com> Date: 2015-03-27 15:32 GMT-04:00 Subject: Re:samba_dnsupdate failed with RuntimeError: kinit for SMB4ECONOMIA$@ECONOMIA failed (Cannot contact any KDC for requested realm) To: samba <samba at lists.samba.org> 2015-03-27 14:00 GMT-04:00 <samba-request at lists.samba.org>:> Send samba mailing list submissions to > samba at lists.samba.org > > To subscribe or unsubscribe via the World Wide Web, visit > https://lists.samba.org/mailman/listinfo/samba > or, via email, send a message with subject or body 'help' to > samba-request at lists.samba.org > > You can reach the person managing the list at > samba-owner at lists.samba.org > > When replying, please edit your Subject line so it is more specific > than "Re: Contents of samba digest..." > > Today's Topics: > > 1. BAD_NETWORK_NAME (jd at ionica.lv) > 2. Samba 4 join AD by samba (Krutskikh Ivan) > 3. Re: Samba 4 join AD by samba (L.P.H. van Belle) > 4. Re: BAD_NETWORK_NAME (L.P.H. van Belle) > 5. winbindd: Failed to fetch our own, local AD domain join > password for winbindd's internal use (Tom) > 6. Re: winbindd: Failed to fetch our own, local AD domain join > password for winbindd's internal use (L.P.H. van Belle) > 7. Re: winbindd: Failed to fetch our own, local AD domain join > password for winbindd's internal use (Rowland Penny) > 8. Re: winbindd: Failed to fetch our own, local AD domain join > password for winbindd's internal use (L.P.H. van Belle) > 9. Win 2008srv to Samba4 DNS problems (Sam) > 10. Replication error after trying to sync sysvol > (Johannes Amorosa | Celluloid VFX) > 11. Re: Replication error after trying to sync sysvol > (Johannes Amorosa | Celluloid VFX) > 12. Re: Replication error after trying to sync sysvol > (Johannes Amorosa | Celluloid VFX) > 13. Re: Win 2008srv to Samba4 DNS problems (Rowland Penny) > 14. samba_dnsupdate failed with RuntimeError: kinit for > SMB4ECONOMIA$@ECONOMIA failed (Cannot contact any KDC for > requested realm) (Dania Ramirez Moya) > 15. Re: samba_dnsupdate failed with RuntimeError: kinit for > SMB4ECONOMIA$@ECONOMIA failed (Cannot contact any KDC for > requested realm) (Rowland Penny) > 16. Weird issue - STATUS_DISK_FULL (Ciaran Scolard) > 17. Re: Weird issue - STATUS_DISK_FULL (David Disseldorp) > 18. Re: Weird issue - STATUS_DISK_FULL (Ciaran Scolard) > 19. Re: Weird issue - STATUS_DISK_FULL (David Disseldorp) > > > ---------- Mensaje reenviado ---------- > From: jd at ionica.lv > To: samba at lists.samba.org > Cc: > Date: Thu, 26 Mar 2015 20:38:22 +0200 > Subject: [Samba] BAD_NETWORK_NAME > H! > > I am getting such messages in log.samba: > ../source4/nbt_server/dgram netlogon.c:198(nbtd_mailslot_netlogon_handler) > nbtd netlogon handler failed from 192.168.0.125:138 to DOMAIN<1c> - > NT_STATUS_BAD_NETWORK_NAME > > What means that <1c>? seems like special char... > > There are two domains sharing one network - one - NT-style named DOMAIN > and the second, AD, named DOMAIN2 > > (samba 4.2.0/slack64-14.1) > > Janis > > > > > ---------- Mensaje reenviado ---------- > From: Krutskikh Ivan <stein.hak at gmail.com> > To: samba at lists.samba.org > Cc: > Date: Fri, 27 Mar 2015 08:32:49 +0300 > Subject: [Samba] Samba 4 join AD by samba > Hi, > > I have a task which requires AD + windows roaming profiles + automatic > backups. > > I want to use samba 4 AD server (debian jessie) + samba 4 file server for > user's home profiles (opensuse 13.1) + zfs for storage backend. > > The reason why I need 2 servers (actually a server with hosted lxc > container) is because opensuse has kerberos mit by default ( > samba at lists.samba.org.) > > I've succesfully provisioned a samba dc on debian jessie container using > https://wiki.samba.org/index.php/Samba_AD_DC_HOWTO and samba binary samba > from repo After that I've added a bunch of win machines to it. Everything > is working except for dns resolving of hosts ( i can only ping my dc > server). > > After that I wanted to join my 2nd server to AD. I've used the manual from > https://wiki.samba.org/index.php/Setup_a_Samba_AD_Member_Server and got > everything working except for user map. Examples: > > linux-abx8:/etc/samba # wbinfo -g > allowed rodc password replication group > enterprise read-only domain controllers > denied rodc password replication group > read-only domain controllers > group policy creator owners > video administrators > ras and ias servers > domain controllers > enterprise admins > domain computers > cert publishers > dnsupdateproxy > domain admins > domain guests > schema admins > domain users > video users > dnsadmins > > linux-abx8:/etc/samba # wbinfo -u > bastion > administrator > krbtgt > guest > > > linux-abx8:/etc/samba # wbinfo -i administrator ( waits for a long time, > maybe fails on timeout =( ) > failed to call wbcGetpwnam: WBC_ERR_DOMAIN_NOT_FOUND > Could not get info for user administrator > > linux-abx8:/etc/samba # id administrator > id: administrator:no such user > > > This is very disappointing. What can I do about it? > > Some details about the installation: > > smb.conf from ad dc server: > > root at DC01:/etc/samba# cat ./smb.conf > # Global parameters > [global] > workgroup = OFFICE > realm = OFFICE.MTT > netbios name = DC > server role = active directory domain controller > dns forwarder = 192.168.0.107 > idmap_ldb:use rfc2307 = yes > log level = 2 > > [netlogon] > path = /var/lib/samba/sysvol/mtt/scripts > read only = No > > [sysvol] > path = /var/lib/samba/sysvol > read only = No > > [profiles] # <---- ADD here > path = /var/lib/samba/sysvol/office.mtt/profiles > read only = no > > [New_Profile] > root preexec = mkdir -p /srv/samba/Profiles/%U > path = /srv/samba/Profiles/%U > read only = no > store dos attributes = Yes > create mask = 0600 > directory mask = 0700 > profile acls = yes > csc policy = disable > > > smb.conf from 2nd server with opensuse and zfs: > > > linux-abx8:/etc/samba # cat ./smb.conf > [global] > > netbios name = Melchior > workgroup = OFFICE > security = ADS > realm = OFFICE.MTT > dedicated keytab file = /etc/krb5.keytab > kerberos method = secrets and keytab > # password server = 192.168.0.50 > log level = 2 > idmap config *:backend = tdb > idmap config *:range = 2000-9999 > # idmap config * : base_rid = 0 > idmap config OFFICE:backend = ad > idmap config OFFICE:schema_mode = rfc2307 > idmap config OFFICE:range = 10000-99999 > > winbind nss info = rfc2307 > winbind trusted domains only = no > winbind use default domain = yes > winbind enum users = yes > winbind enum groups = yes > winbind refresh tickets = Yes > winbind normalize names = Yes > > [archive] > path = /archive/video > read only = no > writable = yes > force user = root > > I'll try to provide any other information if needed. Thanks in advance! > > > > ---------- Mensaje reenviado ---------- > From: "L.P.H. van Belle" <belle at bazuin.nl> > To: "samba at lists.samba.org" <samba at lists.samba.org> > Cc: > Date: Fri, 27 Mar 2015 08:45:14 +0100 > Subject: Re: [Samba] Samba 4 join AD by samba > Hai Ivan, > > sofare what i see is correct. > > for you profiles .. both these : > >[profiles] # <---- ADD here > > path = /var/lib/samba/sysvol/office.mtt/profiles > > read only = no > > > >[New_Profile] > > root preexec = mkdir -p /srv/samba/Profiles/%U > > path = /srv/samba/Profiles/%U > > read only = no > > store dos attributes = Yes > > create mask = 0600 > > directory mask = 0700 > > profile acls = yes > > csc policy = disable > > are not good. > > the second is better, > but i suggest this : > > > ## the profiles share is hidden > [profiles] > path = /srv/samba/Profiles/%U > browseable = Yes > read only = No > acl_xattr:ignore system acl = yes ## windows only rights, > better support for profiles.. > > and optional. if acl_xattr not is used.. > chmod the srv/samba/Profiles 1777 BEFORE setting the rights on the share. > > > setup the rights as the wiki says, and then you can hide the profiles > share, by setting browsable = No > when you read: https://wiki.samba.org/index.php/Samba_%26_Windows_Profiles > choose or AD ACL style, OR NT POSTIX stile.. not both.. > > On the DC.. > the "no id administrator" > set /etc/nsswitch.conf > passwd: compat winbind > group: compat winbind > > and on the AD DC's then you wil see something like. > uid=0(root) gid=10000(OFFICE\Domain Users) > groups=0(root),10000(OFFICE\Domain Users),3000009(OFFICE\Group Policy > Creator Owners),3000007(OFFICE\Enterprise Admins),3000008(OFFICE\Domain > Admins),3000017(OFFICE\Schema Admins) > read here : https://wiki.samba.org/index.php/Using_RFC2307_on_a_Samba_DC > > > but on the MEMBER SERVER, id adminstrator, wont give results back. > for that. > 1) or dont use administrator, and map user root to adminstrator and set > the SE Provileges. > 2) or set the backend to RID > this wil give automaticly the id's. this works fine if you > - only use the DC as DC ( and dns/time server ) > ( profiles share wil work ok also, but better to put this on the > member server ) > - only have 1 member server. > - you dont copy files from DC to member server. > > why, the ID's on DC wil be different then on the member server. > About this is lots to find in the samba list. > > > For the DNS. > i guest this ip: 192.168.0.107 is a router or something > if not, than what is it.. > > for the DC, set resolv.conf like > search yourdomain.tld. > nameserver IP_OF_AD_DC_SERVER ( or 127.0.0.1 ) > optional > nameserver dns_of_provider. > make user your server is first in resolv.conf > 2 DC's > the set it like this. > DC1. > search yourdomain.tld. > nameserver IP_OF_AD_DC2_SERVER ( or 127.0.0.1 ) > nameserver IP_OF_AD_DC1_SERVER ( or 127.0.0.1 ) > > DC2. > search yourdomain.tld. > nameserver IP_OF_AD_DC1_SERVER ( or 127.0.0.1 ) > nameserver IP_OF_AD_DC2_SERVER ( or 127.0.0.1 ) > > Point the member server to the DC's > Point the PC's tot the DC's > > AND. for you pcs > you can set the search domain of needed, if you use pc's with static ip.s > test: > ping pc_name > and pc_name.domain.tld > > if only the last resolves then your : domain/search is nog correct setup. > > If you have more questions, > mail the list again.. > > Greetz, > > Louis > > > > > >-----Oorspronkelijk bericht----- > >Van: stein.hak at gmail.com > >[mailto:samba-bounces at lists.samba.org] Namens Krutskikh Ivan > >Verzonden: vrijdag 27 maart 2015 6:33 > >Aan: samba at lists.samba.org > >Onderwerp: [Samba] Samba 4 join AD by samba > > > >Hi, > > > >I have a task which requires AD + windows roaming profiles + automatic > >backups. > > > >I want to use samba 4 AD server (debian jessie) + samba 4 file > >server for > >user's home profiles (opensuse 13.1) + zfs for storage backend. > > > >The reason why I need 2 servers (actually a server with hosted lxc > >container) is because opensuse has kerberos mit by default ( > >samba at lists.samba.org.) > > > >I've succesfully provisioned a samba dc on debian jessie > >container using > >https://wiki.samba.org/index.php/Samba_AD_DC_HOWTO and samba > >binary samba > >from repo After that I've added a bunch of win machines to it. > >Everything > >is working except for dns resolving of hosts ( i can only ping my dc > >server). > > > >After that I wanted to join my 2nd server to AD. I've used the > >manual from > >https://wiki.samba.org/index.php/Setup_a_Samba_AD_Member_Server and got > >everything working except for user map. Examples: > > > >linux-abx8:/etc/samba # wbinfo -g > >allowed rodc password replication group > >enterprise read-only domain controllers > >denied rodc password replication group > >read-only domain controllers > >group policy creator owners > >video administrators > >ras and ias servers > >domain controllers > >enterprise admins > >domain computers > >cert publishers > >dnsupdateproxy > >domain admins > >domain guests > >schema admins > >domain users > >video users > >dnsadmins > > > >linux-abx8:/etc/samba # wbinfo -u > >bastion > >administrator > >krbtgt > >guest > > > > > >linux-abx8:/etc/samba # wbinfo -i administrator ( waits for a > >long time, > >maybe fails on timeout =( ) > >failed to call wbcGetpwnam: WBC_ERR_DOMAIN_NOT_FOUND > >Could not get info for user administrator > > > >linux-abx8:/etc/samba # id administrator > >id: administrator:no such user > > > > > >This is very disappointing. What can I do about it? > > > >Some details about the installation: > > > >smb.conf from ad dc server: > > > >root at DC01:/etc/samba# cat ./smb.conf > ># Global parameters > >[global] > > workgroup = OFFICE > > realm = OFFICE.MTT > > netbios name = DC > > server role = active directory domain controller > > dns forwarder = 192.168.0.107 > > idmap_ldb:use rfc2307 = yes > > log level = 2 > > > >[netlogon] > > path = /var/lib/samba/sysvol/mtt/scripts > > read only = No > > > >[sysvol] > > path = /var/lib/samba/sysvol > > read only = No > > > >[profiles] # <---- ADD here > > path = /var/lib/samba/sysvol/office.mtt/profiles > > read only = no > > > >[New_Profile] > > root preexec = mkdir -p /srv/samba/Profiles/%U > > path = /srv/samba/Profiles/%U > > read only = no > > store dos attributes = Yes > > create mask = 0600 > > directory mask = 0700 > > profile acls = yes > > csc policy = disable > > > > > >smb.conf from 2nd server with opensuse and zfs: > > > > > >linux-abx8:/etc/samba # cat ./smb.conf > >[global] > > > > netbios name = Melchior > > workgroup = OFFICE > > security = ADS > > realm = OFFICE.MTT > > dedicated keytab file = /etc/krb5.keytab > > kerberos method = secrets and keytab > ># password server = 192.168.0.50 > > log level = 2 > > idmap config *:backend = tdb > > idmap config *:range = 2000-9999 > ># idmap config * : base_rid = 0 > > idmap config OFFICE:backend = ad > > idmap config OFFICE:schema_mode = rfc2307 > > idmap config OFFICE:range = 10000-99999 > > > > winbind nss info = rfc2307 > > winbind trusted domains only = no > > winbind use default domain = yes > > winbind enum users = yes > > winbind enum groups = yes > > winbind refresh tickets = Yes > > winbind normalize names = Yes > > > >[archive] > > path = /archive/video > > read only = no > > writable = yes > > force user = root > > > >I'll try to provide any other information if needed. Thanks in advance! > >-- > >To unsubscribe from this list go to the following URL and read the > >instructions: https://lists.samba.org/mailman/options/samba > > > > > > > > > ---------- Mensaje reenviado ---------- > From: "L.P.H. van Belle" <belle at bazuin.nl> > To: "samba at lists.samba.org" <samba at lists.samba.org> > Cc: > Date: Fri, 27 Mar 2015 08:49:13 +0100 > Subject: Re: [Samba] BAD_NETWORK_NAME > Hai Janis, > > This is save to ignore, provided that the IP address and the > name (DOMAIN) are referencing an old, previous or same-subnet domain. > This is just a warning about a recieved netbios name that is being ignored > cause it's not part of our AD. > > > Louis > > > >-----Oorspronkelijk bericht----- > >Van: jd at ionica.lv [mailto:samba-bounces at lists.samba.org] > >Namens jd at ionica.lv > >Verzonden: donderdag 26 maart 2015 19:38 > >Aan: samba at lists.samba.org > >Onderwerp: [Samba] BAD_NETWORK_NAME > > > >H! > > > >I am getting such messages in log.samba: > >../source4/nbt_server/dgram > >netlogon.c:198(nbtd_mailslot_netlogon_handler) > > nbtd netlogon handler failed from 192.168.0.125:138 to > >DOMAIN<1c> - > >NT_STATUS_BAD_NETWORK_NAME > > > >What means that <1c>? seems like special char... > > > >There are two domains sharing one network - one - NT-style named > >DOMAIN and the second, AD, named DOMAIN2 > > > >(samba 4.2.0/slack64-14.1) > > > >Janis > > > >-- > >To unsubscribe from this list go to the following URL and read the > >instructions: https://lists.samba.org/mailman/options/samba > > > > > > > > > ---------- Mensaje reenviado ---------- > From: Tom <tsml412101 at gmail.com> > To: samba-technical at lists.samba.org, samba at lists.samba.org > Cc: > Date: Thu, 26 Mar 2015 15:18:03 -0400 > Subject: [Samba] winbindd: Failed to fetch our own, local AD domain join > password for winbindd's internal use > Hello, > > I apologize in advance for cross-posting (and posting for help) to > samba-technical, but I've been seeking help on the samba list and bugzilla > since last week and have had no replies. Using Google, I've found this > issue referenced only once on the mailing list and once in a bugzilla bug > (10991). Unfortunately, I've found no resolutions. > > The problem appears to be specific to Samba 4.2, where domains were > provisioned using classicupgrade. In my case, the classicupgrade provision > was performed just a few weeks after 4.0.0 was released, going from version > 3.6.x > 4.0.0. I have since kept my install fairly up to date throughout > the 4.0 and 4.1 cycles. I am currently trying to upgrade from 4.1.16 to > 4.2.0. After this latest upgrade, S4 fails to start, with the above > mentioned error being logged to log.winbindd. I have found that adding > "server services = -winbindd +winbind" allows 4.2.0 to start correctly. > That said, I decided to revert to the 4.1.16 backup that I took immediately > before the upgrade. I did this just to be safe, as it appears to be > something specific to my AD directory, possibly related to the > classicupgrade. I say this because I do not have the issue with my test > domain, which was newly provisioned from 4.0.0. > > I have moved a copy of my live 4.1.16 instance to a VM environment for > testing, and have duplicated the problem in testing. My goal was to upgrade > to 4.2.0 and setup a secondary DC here on-site before standing up 3 more > DCs at branch offices. I am wary of moving forward with this deployment > knowing this problem exists, or without at least better understanding what > is happening. The concern that something wrong with my AD directory > (stemming from the classicupgrade) is what really worries me and I > certainly don't want to start replicating "bad" data to remote sites. > > If anyone has the time and can help me figure out this issue, it would be > much appreciated. I have included links to the bugzilla entry and the only > reference to this issue that I could find. If someone could help me > understand, what is Winbindd looking for when it throws the error "Failed > to fetch our own, local AD domain join password for winbindd's internal > use", perhaps that would get me looking in the right direction. > > Bugzilla: > https://bugzilla.samba.org/show_bug.cgi?id=10991 > > Samba List: > https://lists.samba.org/archive/samba/2014-September/185031.html > > log.winbindd > /usr/local/samba/sbin/winbindd: winbindd version 4.2.0 started. > /usr/local/samba/sbin/winbindd: Copyright Andrew Tridgell and the Samba > Team 1992-2014 > /usr/local/samba/sbin/winbindd: Maximum core file size limits now > 16777216(soft) -1(hard) > /usr/local/samba/sbin/winbindd: Registered MSG_REQ_POOL_USAGE > /usr/local/samba/sbin/winbindd: Registered MSG_REQ_DMALLOC_MARK and > LOG_CHANGED > /usr/local/samba/sbin/winbindd: lp_load_ex: refreshing parameters > /usr/local/samba/sbin/winbindd: Initialising global parameters > /usr/local/samba/sbin/winbindd: rlimit_max: increasing rlimit_max (1024) to > minimum Windows limit (16384) > /usr/local/samba/sbin/winbindd: Processing section "[global]" > /usr/local/samba/sbin/winbindd: added interface enp0s3 ip=10.0.2.100 > bcast=10.0.2.255 netmask=255.255.255.0 > /usr/local/samba/sbin/winbindd: added interface enp0s3 ip=10.0.2.100 > bcast=10.0.2.255 netmask=255.255.255.0 > /usr/local/samba/sbin/winbindd: initialize_winbindd_cache: clearing cache > and re-creating with version number 2 > /usr/local/samba/sbin/winbindd: Added domain BUILTIN (null) S-1-5-32 > /usr/local/samba/sbin/winbindd: Added domain TESTDOM internal.testdom.com > SID_REMOVED > /usr/local/samba/sbin/winbindd: Failed to fetch our own, local AD domain > join password for winbindd's internal use > /usr/local/samba/sbin/winbindd: unable to initialize domain list > Child /usr/local/samba/sbin/winbindd exited with status 1 - Operation not > permitted > winbindd daemon died with exit status 1 > task_server_terminate: [winbindd child process exited] > samba_terminate: winbindd child process exited > > > > ---------- Mensaje reenviado ---------- > From: "L.P.H. van Belle" <belle at bazuin.nl> > To: "samba at lists.samba.org" <samba at lists.samba.org> > Cc: > Date: Fri, 27 Mar 2015 10:38:30 +0100 > Subject: Re: [Samba] winbindd: Failed to fetch our own, local AD domain > join password for winbindd's internal use > Hai Tom, > > Im not in 4.2 yet, but maybe i can help analize your problem. ( as long > its possible, big power outage in the netherlands.. ) > > this : https://lists.samba.org/archive/samba/2014-September/185031.html > is a good example how not to setup your samba server. > > so before we can think with, please post (and sorry if its again) some > info. > > Your OS? > Compiles samba or os provided samba, or sernet samba? > and the output of : > cat /etc/hosts > cat /etc/resolv.conf > cat /etc/hostname > cat /etc/nsswitch.conf > cat /etc/samba/smb.conf > > some commands you can use to check your setup. > sudo net ads info > sudo net ads lookup > wbinfo -D TESTDOM > > Louis > > > > > > >-----Oorspronkelijk bericht----- > >Van: tsml412101 at gmail.com > >[mailto:samba-bounces at lists.samba.org] Namens Tom > >Verzonden: donderdag 26 maart 2015 20:18 > >Aan: samba-technical at lists.samba.org; samba at lists.samba.org > >Onderwerp: [Samba] winbindd: Failed to fetch our own, local AD > >domain join password for winbindd's internal use > > > >Hello, > > > >I apologize in advance for cross-posting (and posting for help) to > >samba-technical, but I've been seeking help on the samba list > >and bugzilla > >since last week and have had no replies. Using Google, I've found this > >issue referenced only once on the mailing list and once in a > >bugzilla bug > >(10991). Unfortunately, I've found no resolutions. > > > >The problem appears to be specific to Samba 4.2, where domains were > >provisioned using classicupgrade. In my case, the > >classicupgrade provision > >was performed just a few weeks after 4.0.0 was released, going > >from version > >3.6.x > 4.0.0. I have since kept my install fairly up to date > >throughout > >the 4.0 and 4.1 cycles. I am currently trying to upgrade from 4.1.16 to > >4.2.0. After this latest upgrade, S4 fails to start, with the above > >mentioned error being logged to log.winbindd. I have found that adding > >"server services = -winbindd +winbind" allows 4.2.0 to start correctly. > >That said, I decided to revert to the 4.1.16 backup that I > >took immediately > >before the upgrade. I did this just to be safe, as it appears to be > >something specific to my AD directory, possibly related to the > >classicupgrade. I say this because I do not have the issue with my test > >domain, which was newly provisioned from 4.0.0. > > > >I have moved a copy of my live 4.1.16 instance to a VM environment for > >testing, and have duplicated the problem in testing. My goal > >was to upgrade > >to 4.2.0 and setup a secondary DC here on-site before standing > >up 3 more > >DCs at branch offices. I am wary of moving forward with this deployment > >knowing this problem exists, or without at least better > >understanding what > >is happening. The concern that something wrong with my AD directory > >(stemming from the classicupgrade) is what really worries me and I > >certainly don't want to start replicating "bad" data to remote sites. > > > >If anyone has the time and can help me figure out this issue, > >it would be > >much appreciated. I have included links to the bugzilla entry > >and the only > >reference to this issue that I could find. If someone could help me > >understand, what is Winbindd looking for when it throws the > >error "Failed > >to fetch our own, local AD domain join password for winbindd's internal > >use", perhaps that would get me looking in the right direction. > > > >Bugzilla: > >https://bugzilla.samba.org/show_bug.cgi?id=10991 > > > >Samba List: > >https://lists.samba.org/archive/samba/2014-September/185031.html > > > >log.winbindd > >/usr/local/samba/sbin/winbindd: winbindd version 4.2.0 started. > >/usr/local/samba/sbin/winbindd: Copyright Andrew Tridgell and the Samba > >Team 1992-2014 > >/usr/local/samba/sbin/winbindd: Maximum core file size limits now > >16777216(soft) -1(hard) > >/usr/local/samba/sbin/winbindd: Registered MSG_REQ_POOL_USAGE > >/usr/local/samba/sbin/winbindd: Registered MSG_REQ_DMALLOC_MARK and > >LOG_CHANGED > >/usr/local/samba/sbin/winbindd: lp_load_ex: refreshing parameters > >/usr/local/samba/sbin/winbindd: Initialising global parameters > >/usr/local/samba/sbin/winbindd: rlimit_max: increasing > >rlimit_max (1024) to > >minimum Windows limit (16384) > >/usr/local/samba/sbin/winbindd: Processing section "[global]" > >/usr/local/samba/sbin/winbindd: added interface enp0s3 ip=10.0.2.100 > >bcast=10.0.2.255 netmask=255.255.255.0 > >/usr/local/samba/sbin/winbindd: added interface enp0s3 ip=10.0.2.100 > >bcast=10.0.2.255 netmask=255.255.255.0 > >/usr/local/samba/sbin/winbindd: initialize_winbindd_cache: > >clearing cache > >and re-creating with version number 2 > >/usr/local/samba/sbin/winbindd: Added domain BUILTIN (null) S-1-5-32 > >/usr/local/samba/sbin/winbindd: Added domain TESTDOM > >internal.testdom.com > >SID_REMOVED > >/usr/local/samba/sbin/winbindd: Failed to fetch our own, local > >AD domain > >join password for winbindd's internal use > >/usr/local/samba/sbin/winbindd: unable to initialize domain list > >Child /usr/local/samba/sbin/winbindd exited with status 1 - > >Operation not > >permitted > >winbindd daemon died with exit status 1 > >task_server_terminate: [winbindd child process exited] > >samba_terminate: winbindd child process exited > >-- > >To unsubscribe from this list go to the following URL and read the > >instructions: https://lists.samba.org/mailman/options/samba > > > > > > > > > ---------- Mensaje reenviado ---------- > From: Rowland Penny <rowlandpenny at googlemail.com> > To: samba at lists.samba.org > Cc: > Date: Fri, 27 Mar 2015 10:21:38 +0000 > Subject: Re: [Samba] winbindd: Failed to fetch our own, local AD domain > join password for winbindd's internal use > On 27/03/15 09:38, L.P.H. van Belle wrote: > >> Hai Tom, >> >> Im not in 4.2 yet, but maybe i can help analize your problem. ( as long >> its possible, big power outage in the netherlands.. ) >> >> this : https://lists.samba.org/archive/samba/2014-September/185031.html >> is a good example how not to setup your samba server. >> > > Er, which part is incorrect ?? > > Rowland > > >> so before we can think with, please post (and sorry if its again) some >> info. >> >> Your OS? >> Compiles samba or os provided samba, or sernet samba? >> and the output of : >> cat /etc/hosts >> cat /etc/resolv.conf >> cat /etc/hostname >> cat /etc/nsswitch.conf >> cat /etc/samba/smb.conf >> >> some commands you can use to check your setup. >> sudo net ads info >> sudo net ads lookup >> wbinfo -D TESTDOM >> >> Louis >> >> >> >> >> >> >> > > > > ---------- Mensaje reenviado ---------- > From: "L.P.H. van Belle" <belle at bazuin.nl> > To: "samba at lists.samba.org" <samba at lists.samba.org> > Cc: > Date: Fri, 27 Mar 2015 11:27:16 +0100 > Subject: Re: [Samba] winbindd: Failed to fetch our own, local AD domain > join password for winbindd's internal use > # cat /etc/resolv.conf > > domain dc1.domain.com.br > > search domain.com.br > > nameserver 172.17.0.4 > > > > more cosmetic yes, because of the first domain then search. > but there should not be domain dc1.domain.com.br there. > this can mislead others. a "hostname" is not a domain.. > > > > >-----Oorspronkelijk bericht----- > >Van: rowlandpenny at googlemail.com > >[mailto:samba-bounces at lists.samba.org] Namens Rowland Penny > >Verzonden: vrijdag 27 maart 2015 11:22 > >Aan: samba at lists.samba.org > >Onderwerp: Re: [Samba] winbindd: Failed to fetch our own, > >local AD domain join password for winbindd's internal use > > > >On 27/03/15 09:38, L.P.H. van Belle wrote: > >> Hai Tom, > >> > >> Im not in 4.2 yet, but maybe i can help analize your > >problem. ( as long its possible, big power outage in the > >netherlands.. ) > >> > >> this : > >https://lists.samba.org/archive/samba/2014-September/185031.html > >> is a good example how not to setup your samba server. > > > >Er, which part is incorrect ?? > > > >Rowland > > > >> > >> so before we can think with, please post (and sorry if its > >again) some info. > >> > >> Your OS? > >> Compiles samba or os provided samba, or sernet samba? > >> and the output of : > >> cat /etc/hosts > >> cat /etc/resolv.conf > >> cat /etc/hostname > >> cat /etc/nsswitch.conf > >> cat /etc/samba/smb.conf > >> > >> some commands you can use to check your setup. > >> sudo net ads info > >> sudo net ads lookup > >> wbinfo -D TESTDOM > >> > >> Louis > >> > >> > >> > >> > >> > >> > > > >-- > >To unsubscribe from this list go to the following URL and read the > >instructions: https://lists.samba.org/mailman/options/samba > > > > > > > > > ---------- Mensaje reenviado ---------- > From: Sam <sr42354 at gmail.com> > To: "samba at lists.samba.org" <samba at lists.samba.org> > Cc: > Date: Fri, 27 Mar 2015 11:57:18 +0100 > Subject: [Samba] Win 2008srv to Samba4 DNS problems > Hello, > > I try to migrate form an old windows AD ( win 2000 ) > So I use a temporary windows2008R2 to move AD from win2000 to S4. > Forest and domain level are W2008R2. > Now I have some problems with the dns in samba4. I have no answers even in > local from samba4. > > If I try to move from a new empty windows 2008 ad, The service start and > answer well... > So I think something in my old DNS database is missing or disturbing... > > I just have done this on the dns : (http://support.microsoft.com/ > fr-fr/kb/817470) > > > But in the new Windows 2008, I can see something that I don't have in the > old: > > > What I am missing? Is there a best practice guide for preparing DNS to > follow before joining a samba4? ( remove windows 2000 AD compatibility for > instance...) > > Thanks all! > > Samuel > > ps : here is my syslog details : > > Mar 27 11:46:00 S4 named[2226]: starting BIND 9.8.4-rpz2+rl005.12-P1 -u > bind -4 > Mar 27 11:46:00 S4 named[2226]: built with '--prefix=/usr' > '--mandir=/usr/share/man' '--infodir=/usr/share/info' > '--sysconfdir=/etc/bind' '--localstatedir=/var' '--enable-threads' > '--enable-largefile' '--with-libtool' '--enable-shared' '--enable-static' > '--with-openssl=/usr' '--with-gssapi=/usr' '--with-gnu-ld' > '--with-geoip=/usr' '--enable-ipv6' 'CFLAGS=-fno-strict-aliasing > -DDIG_SIGCHASE -O2' > Mar 27 11:46:00 S4 named[2226]: ------------------------------ > ---------------------- > Mar 27 11:46:00 S4 named[2226]: BIND 9 is maintained by Internet Systems > Consortium, > Mar 27 11:46:00 S4 named[2226]: Inc. (ISC), a non-profit 501(c)(3) > public-benefit > Mar 27 11:46:00 S4 named[2226]: corporation. Support and training for > BIND 9 are > Mar 27 11:46:00 S4 named[2226]: available at https://www.isc.org/support > Mar 27 11:46:00 S4 named[2226]: ------------------------------ > ---------------------- > Mar 27 11:46:00 S4 named[2226]: adjusted limit on open files from 4096 to > 1048576 > Mar 27 11:46:00 S4 named[2226]: found 2 CPUs, using 2 worker threads > Mar 27 11:46:00 S4 named[2226]: using up to 4096 sockets > Mar 27 11:46:00 S4 named[2226]: loading configuration from > '/etc/bind/named.conf' > Mar 27 11:46:00 S4 named[2226]: reading built-in trusted keys from file > '/etc/bind/bind.keys' > Mar 27 11:46:00 S4 named[2226]: using default UDP/IPv4 port range: [1024, > 65535] > Mar 27 11:46:00 S4 named[2226]: using default UDP/IPv6 port range: [1024, > 65535] > Mar 27 11:46:00 S4 named[2226]: no IPv6 interfaces found > Mar 27 11:46:00 S4 named[2226]: listening on IPv4 interface lo, > 127.0.0.1#53 > Mar 27 11:46:00 S4 named[2226]: listening on IPv4 interface eth0, > 172.20.2.2#53 > Mar 27 11:46:00 S4 named[2226]: generating session key for dynamic DNS > Mar 27 11:46:00 S4 named[2226]: sizing zone task pool based on 5 zones > Mar 27 11:46:01 S4 named[2226]: Loading 'AD DNS Zone' using driver dlopen > Mar 27 11:46:01 S4 ntpd[2301]: ntpd 4.2.6p5 at 1.2349-o Sat Feb 7 11:05:48 > UTC 2015 (1) > Mar 27 11:46:01 S4 ntpd[2302]: proto: precision = 0.100 usec > Mar 27 11:46:01 S4 ntpd[2302]: Listen normally on 0 lo 127.0.0.1 UDP 123 > Mar 27 11:46:01 S4 ntpd[2302]: Listen normally on 1 eth0 172.20.2.2 UDP 123 > Mar 27 11:46:01 S4 ntpd[2302]: peers refreshed > Mar 27 11:46:01 S4 ntpd[2302]: Listening on routing socket on fd #18 for > interface updates > Mar 27 11:46:01 S4 ntpd[2302]: MS-SNTP signd operations currently block > ntpd degrading service to all clients. > Mar 27 11:46:02 S4 samba[2374]: [2015/03/27 11:46:02.896676, 0] > ../source4/smbd/server.c:370(binary_smbd_main) > Mar 27 11:46:02 S4 samba[2374]: samba version > 4.1.17-SerNet-Debian-10.wheezy started. > Mar 27 11:46:02 S4 samba[2374]: Copyright Andrew Tridgell and the Samba > Team 1992-2013 > Mar 27 11:46:03 S4 named[2226]: samba_dlz: started for DN > DC=ariane,DC=intra > Mar 27 11:46:03 S4 named[2226]: samba_dlz: starting configure > Mar 27 11:46:03 S4 named[2226]: samba_dlz: configured writeable zone > '_msdcs.ariane.intra' > Mar 27 11:46:03 S4 named[2226]: using built-in root key for view _default > Mar 27 11:46:03 S4 named[2226]: set up managed keys zone for view > _default, file 'managed-keys.bind' > Mar 27 11:46:03 S4 named[2226]: command channel listening on 127.0.0.1#953 > Mar 27 11:46:03 S4 named[2226]: zone 0.in-addr.arpa/IN: loaded serial 1 > Mar 27 11:46:03 S4 named[2226]: zone 127.in-addr.arpa/IN: loaded serial 1 > Mar 27 11:46:03 S4 named[2226]: zone 255.in-addr.arpa/IN: loaded serial 1 > Mar 27 11:46:03 S4 named[2226]: zone localhost/IN: loaded serial 2 > Mar 27 11:46:03 S4 named[2226]: managed-keys-zone ./IN: loaded serial 2 > Mar 27 11:46:03 S4 named[2226]: running > Mar 27 11:46:04 S4 ntpdate[1701]: the NTP socket is in use, exiting > Mar 27 11:46:04 S4 ntpdate[1670]: the NTP socket is in use, exiting > Mar 27 11:46:04 S4 ntpdate[1668]: the NTP socket is in use, exiting > Mar 27 11:46:04 S4 /usr/sbin/cron[2525]: (CRON) INFO (pidfile fd = 3) > Mar 27 11:46:04 S4 /usr/sbin/cron[2527]: (CRON) STARTUP (fork ok) > Mar 27 11:46:04 S4 /usr/sbin/cron[2527]: (CRON) INFO (Running @reboot jobs) > Mar 27 11:46:04 S4 samba[2376]: [2015/03/27 11:46:04.862709, 0] > ../source4/smbd/server.c:488(binary_smbd_main) > Mar 27 11:46:04 S4 samba[2376]: samba: using 'standard' process model > Mar 27 11:46:04 S4 samba[2376]: [2015/03/27 11:46:04.885661, 0] > ../lib/util/become_daemon.c:136(daemon_ready) > Mar 27 11:46:07 S4 kernel: [ 17.220877] eth0: no IPv6 routers present > Mar 27 11:46:07 S4 samba[2792]: [2015/03/27 11:46:07.388008, 0] > ../source4/librpc/rpc/dcerpc_util.c:681(dcerpc_pipe_auth_recv) > Mar 27 11:46:07 S4 samba[2792]: Failed to bind to uuid > 12345678-1234-abcd-ef00-01234567cffb for 12345678-1234-abcd-ef00- > 01234567cffb at ncalrpc:127.0.0.1[DEFAULT,sign,seal] NT_STATUS_ACCESS_DENIED > Mar 27 11:46:07 S4 smbd[2785]: [2015/03/27 11:46:07.551928, 0] > ../lib/util/become_daemon.c:136(daemon_ready) > Mar 27 11:46:08 S4 kernel: [ 17.940675] eth1: no IPv6 routers present > Mar 27 11:46:21 S4 samba[2791]: [2015/03/27 11:46:21.280522, 0] > ../source4/dsdb/repl/replicated_objects.c:818(dsdb_ > replicated_objects_commit) > Mar 27 11:46:21 S4 samba[2791]: ../source4/dsdb/repl/replicated_objects.c:818 > Failed to prepare commit of transaction: operations error at > ../source4/dsdb/samdb/ldb_modules/descriptor.c:1147 > Mar 27 11:46:21 S4 samba[2791]: [2015/03/27 11:46:21.283141, 0] > ../source4/dsdb/repl/drepl_out_helpers.c:758(dreplsrv_op_ > pull_source_apply_changes_trigger) > Mar 27 11:46:21 S4 samba[2791]: Failed to commit objects: > WERR_GENERAL_FAILURE/NT_STATUS_INVALID_NETWORK_RESPONSE > > > > > ---------- Mensaje reenviado ---------- > From: "Johannes Amorosa | Celluloid VFX" <johannesa at celluloid-vfx.com> > To: samba at lists.samba.org > Cc: > Date: Fri, 27 Mar 2015 13:14:35 +0100 > Subject: [Samba] Replication error after trying to sync sysvol > I tried to synchronize the sysvol folders, on two dcs. Something went > wrong since yesterday we have replication problems: > One machine shows this, while the other one is happy. > > samba-tool drs showrepl > > ==== INBOUND NEIGHBORS ===> > DC=DomainDnsZones,DC=ourdomain,DC=com > Default-First-Site-Name\DC03 via RPC > DSA object GUID: af610e1a-9e3b-4cdd-a36b-c296d77a9479 > Last attempt @ Fri Mar 27 12:58:42 2015 CET failed, result 121 > (WERR_SEM_TIMEOUT) > 126 consecutive failure(s). > Last success @ Fri Mar 27 03:40:24 2015 CET > > DC=ForestDnsZones,DC=ourdomain,DC=com > Default-First-Site-Name\DC04 via RPC > DSA object GUID: af610e1a-9e3b-4cdd-a36b-c296d77a9479 > Last attempt @ Fri Mar 27 12:51:41 2015 CET failed, result 121 > (WERR_SEM_TIMEOUT) > 102 consecutive failure(s). > Last success @ Fri Mar 27 03:40:24 2015 CET > > DC=ourdomain,DC=com > Default-First-Site-Name\DC03 via RPC > DSA object GUID: af610e1a-9e3b-4cdd-a36b-c296d77a9479 > Last attempt @ Fri Mar 27 12:57:42 2015 CET failed, result 121 > (WERR_SEM_TIMEOUT) > 106 consecutive failure(s). > Last success @ Fri Mar 27 03:40:25 2015 CET > > CN=Configuration,DC=ourdomain,DC=com > Default-First-Site-Name\DC03 via RPC > DSA object GUID: af610e1a-9e3b-4cdd-a36b-c296d77a9479 > Last attempt @ Fri Mar 27 12:53:41 2015 CET failed, result 121 > (WERR_SEM_TIMEOUT) > 102 consecutive failure(s). > Last success @ Fri Mar 27 03:40:26 2015 CET > > CN=Schema,CN=Configuration,DC=ourdomain,DC=com > Default-First-Site-Name\DC03 via RPC > DSA object GUID: af610e1a-9e3b-4cdd-a36b-c296d77a9479 > Last attempt @ Fri Mar 27 12:54:41 2015 CET failed, result 121 > (WERR_SEM_TIMEOUT) > 102 consecutive failure(s). > Last success @ Fri Mar 27 03:40:28 2015 CET > <snip> > > Every service still seems to work - but we're quite nervous - this is a > production system(lesson learned!). > > I tried to force sync > samba-tool drs replicate --full-sync DC04 DC03 dc=ourdomain,dc=com > ERROR(<class 'samba.drs_utils.drsException'>): DsReplicaSync failed - > drsException: DsReplicaSync failed (-1073741643, 'NT_STATUS_IO_TIMEOUT') > > Or setup: > sernet-samba 99:4.1.17-10 > > [global] > workgroup = OURDOMAIN > realm = OURDOMAIN.COM > netbios name = DC04 > log level = 3 > > server role = active directory domain controller > dns forwarder = 192.168.1.254 > <snip> > > Ubuntu 12.04 > > How can I fix this. Any help is highly appreciated. > Joe > > -- > Johannes Amorosa | Celluloid VFX > > > > > ---------- Mensaje reenviado ---------- > From: "Johannes Amorosa | Celluloid VFX" <johannesa at celluloid-vfx.com> > To: samba at lists.samba.org > Cc: > Date: Fri, 27 Mar 2015 14:12:34 +0100 > Subject: Re: [Samba] Replication error after trying to sync sysvol > Found the problem. There is a DNS Problem on one machine. This happend > because I was testing some samba AD settings in a virtual machine, > without knowing that NAT isn't shielding this properly - this vm > propagated the "new" IP to one of the dcs. > > DC04> ping DC03 > gives wrong IP! > > This should be fixable with the samba-tool dns update? > > > On 03/27/2015 01:14 PM, Johannes Amorosa | Celluloid VFX wrote: > >> I tried to synchronize the sysvol folders, on two dcs. Something went >> wrong since yesterday we have replication problems: >> One machine shows this, while the other one is happy. >> >> samba-tool drs showrepl >> >> ==== INBOUND NEIGHBORS ===>> >> DC=DomainDnsZones,DC=ourdomain,DC=com >> Default-First-Site-Name\DC03 via RPC >> DSA object GUID: af610e1a-9e3b-4cdd-a36b-c296d77a9479 >> Last attempt @ Fri Mar 27 12:58:42 2015 CET failed, result 121 >> (WERR_SEM_TIMEOUT) >> 126 consecutive failure(s). >> Last success @ Fri Mar 27 03:40:24 2015 CET >> >> DC=ForestDnsZones,DC=ourdomain,DC=com >> Default-First-Site-Name\DC04 via RPC >> DSA object GUID: af610e1a-9e3b-4cdd-a36b-c296d77a9479 >> Last attempt @ Fri Mar 27 12:51:41 2015 CET failed, result 121 >> (WERR_SEM_TIMEOUT) >> 102 consecutive failure(s). >> Last success @ Fri Mar 27 03:40:24 2015 CET >> >> DC=ourdomain,DC=com >> Default-First-Site-Name\DC03 via RPC >> DSA object GUID: af610e1a-9e3b-4cdd-a36b-c296d77a9479 >> Last attempt @ Fri Mar 27 12:57:42 2015 CET failed, result 121 >> (WERR_SEM_TIMEOUT) >> 106 consecutive failure(s). >> Last success @ Fri Mar 27 03:40:25 2015 CET >> >> CN=Configuration,DC=ourdomain,DC=com >> Default-First-Site-Name\DC03 via RPC >> DSA object GUID: af610e1a-9e3b-4cdd-a36b-c296d77a9479 >> Last attempt @ Fri Mar 27 12:53:41 2015 CET failed, result 121 >> (WERR_SEM_TIMEOUT) >> 102 consecutive failure(s). >> Last success @ Fri Mar 27 03:40:26 2015 CET >> >> CN=Schema,CN=Configuration,DC=ourdomain,DC=com >> Default-First-Site-Name\DC03 via RPC >> DSA object GUID: af610e1a-9e3b-4cdd-a36b-c296d77a9479 >> Last attempt @ Fri Mar 27 12:54:41 2015 CET failed, result 121 >> (WERR_SEM_TIMEOUT) >> 102 consecutive failure(s). >> Last success @ Fri Mar 27 03:40:28 2015 CET >> <snip> >> >> Every service still seems to work - but we're quite nervous - this is a >> production system(lesson learned!). >> >> I tried to force sync >> samba-tool drs replicate --full-sync DC04 DC03 dc=ourdomain,dc=com >> ERROR(<class 'samba.drs_utils.drsException'>): DsReplicaSync failed - >> drsException: DsReplicaSync failed (-1073741643, 'NT_STATUS_IO_TIMEOUT') >> >> Or setup: >> sernet-samba 99:4.1.17-10 >> >> [global] >> workgroup = OURDOMAIN >> realm = OURDOMAIN.COM >> netbios name = DC04 >> log level = 3 >> >> server role = active directory domain controller >> dns forwarder = 192.168.1.254 >> <snip> >> >> Ubuntu 12.04 >> >> How can I fix this. Any help is highly appreciated. >> Joe >> >> > -- > Johannes Amorosa | Celluloid VFX > > > > > ---------- Mensaje reenviado ---------- > From: "Johannes Amorosa | Celluloid VFX" <johannesa at celluloid-vfx.com> > To: samba at lists.samba.org > Cc: > Date: Fri, 27 Mar 2015 14:59:54 +0100 > Subject: Re: [Samba] Replication error after trying to sync sysvol > for the records: > samba-tool dns delete DC03 ourdomain.inc DC03 A 10.0.2.15 -U administrator > > On 03/27/2015 02:12 PM, Johannes Amorosa | Celluloid VFX wrote: > >> Found the problem. There is a DNS Problem on one machine. This happend >> because I was testing some samba AD settings in a virtual machine, >> without knowing that NAT isn't shielding this properly - this vm >> propagated the "new" IP to one of the dcs. >> >> DC04> ping DC03 >> gives wrong IP! >> >> This should be fixable with the samba-tool dns update? >> >> >> On 03/27/2015 01:14 PM, Johannes Amorosa | Celluloid VFX wrote: >> >>> I tried to synchronize the sysvol folders, on two dcs. Something went >>> wrong since yesterday we have replication problems: >>> One machine shows this, while the other one is happy. >>> >>> samba-tool drs showrepl >>> >>> ==== INBOUND NEIGHBORS ===>>> >>> DC=DomainDnsZones,DC=ourdomain,DC=com >>> Default-First-Site-Name\DC03 via RPC >>> DSA object GUID: af610e1a-9e3b-4cdd-a36b-c296d77a9479 >>> Last attempt @ Fri Mar 27 12:58:42 2015 CET failed, result 121 >>> (WERR_SEM_TIMEOUT) >>> 126 consecutive failure(s). >>> Last success @ Fri Mar 27 03:40:24 2015 CET >>> >>> DC=ForestDnsZones,DC=ourdomain,DC=com >>> Default-First-Site-Name\DC04 via RPC >>> DSA object GUID: af610e1a-9e3b-4cdd-a36b-c296d77a9479 >>> Last attempt @ Fri Mar 27 12:51:41 2015 CET failed, result 121 >>> (WERR_SEM_TIMEOUT) >>> 102 consecutive failure(s). >>> Last success @ Fri Mar 27 03:40:24 2015 CET >>> >>> DC=ourdomain,DC=com >>> Default-First-Site-Name\DC03 via RPC >>> DSA object GUID: af610e1a-9e3b-4cdd-a36b-c296d77a9479 >>> Last attempt @ Fri Mar 27 12:57:42 2015 CET failed, result 121 >>> (WERR_SEM_TIMEOUT) >>> 106 consecutive failure(s). >>> Last success @ Fri Mar 27 03:40:25 2015 CET >>> >>> CN=Configuration,DC=ourdomain,DC=com >>> Default-First-Site-Name\DC03 via RPC >>> DSA object GUID: af610e1a-9e3b-4cdd-a36b-c296d77a9479 >>> Last attempt @ Fri Mar 27 12:53:41 2015 CET failed, result 121 >>> (WERR_SEM_TIMEOUT) >>> 102 consecutive failure(s). >>> Last success @ Fri Mar 27 03:40:26 2015 CET >>> >>> CN=Schema,CN=Configuration,DC=ourdomain,DC=com >>> Default-First-Site-Name\DC03 via RPC >>> DSA object GUID: af610e1a-9e3b-4cdd-a36b-c296d77a9479 >>> Last attempt @ Fri Mar 27 12:54:41 2015 CET failed, result 121 >>> (WERR_SEM_TIMEOUT) >>> 102 consecutive failure(s). >>> Last success @ Fri Mar 27 03:40:28 2015 CET >>> <snip> >>> >>> Every service still seems to work - but we're quite nervous - this is a >>> production system(lesson learned!). >>> >>> I tried to force sync >>> samba-tool drs replicate --full-sync DC04 DC03 dc=ourdomain,dc=com >>> ERROR(<class 'samba.drs_utils.drsException'>): DsReplicaSync failed - >>> drsException: DsReplicaSync failed (-1073741643, 'NT_STATUS_IO_TIMEOUT') >>> >>> Or setup: >>> sernet-samba 99:4.1.17-10 >>> >>> [global] >>> workgroup = OURDOMAIN >>> realm = OURDOMAIN.COM >>> netbios name = DC04 >>> log level = 3 >>> >>> server role = active directory domain controller >>> dns forwarder = 192.168.1.254 >>> <snip> >>> >>> Ubuntu 12.04 >>> >>> How can I fix this. Any help is highly appreciated. >>> Joe >>> >>> >> > -- > Johannes Amorosa | Celluloid VFX > > > > > ---------- Mensaje reenviado ---------- > From: Rowland Penny <rowlandpenny at googlemail.com> > To: samba at lists.samba.org > Cc: > Date: Fri, 27 Mar 2015 15:13:17 +0000 > Subject: Re: [Samba] Win 2008srv to Samba4 DNS problems > On 27/03/15 10:57, Sam wrote: > >> Hello, >> >> I try to migrate form an old windows AD ( win 2000 ) >> So I use a temporary windows2008R2 to move AD from win2000 to S4. >> Forest and domain level are W2008R2. >> Now I have some problems with the dns in samba4. I have no answers even >> in local from samba4. >> >> If I try to move from a new empty windows 2008 ad, The service start and >> answer well... >> So I think something in my old DNS database is missing or disturbing... >> >> I just have done this on the dns : (http://support.microsoft.com/ >> fr-fr/kb/817470) >> >> >> But in the new Windows 2008, I can see something that I don't have in the >> old: >> >> >> What I am missing? Is there a best practice guide for preparing DNS to >> follow before joining a samba4? ( remove windows 2000 AD compatibility for >> instance...) >> >> Thanks all! >> >> Samuel >> >> ps : here is my syslog details : >> >> Mar 27 11:46:00 S4 named[2226]: starting BIND 9.8.4-rpz2+rl005.12-P1 -u >> bind -4 >> Mar 27 11:46:00 S4 named[2226]: built with '--prefix=/usr' >> '--mandir=/usr/share/man' '--infodir=/usr/share/info' >> '--sysconfdir=/etc/bind' '--localstatedir=/var' '--enable-threads' >> '--enable-largefile' '--with-libtool' '--enable-shared' '--enable-static' >> '--with-openssl=/usr' '--with-gssapi=/usr' '--with-gnu-ld' >> '--with-geoip=/usr' '--enable-ipv6' 'CFLAGS=-fno-strict-aliasing >> -DDIG_SIGCHASE -O2' >> Mar 27 11:46:00 S4 named[2226]: ------------------------------ >> ---------------------- >> Mar 27 11:46:00 S4 named[2226]: BIND 9 is maintained by Internet Systems >> Consortium, >> Mar 27 11:46:00 S4 named[2226]: Inc. (ISC), a non-profit 501(c)(3) >> public-benefit >> Mar 27 11:46:00 S4 named[2226]: corporation. Support and training for >> BIND 9 are >> Mar 27 11:46:00 S4 named[2226]: available at https://www.isc.org/support >> Mar 27 11:46:00 S4 named[2226]: ------------------------------ >> ---------------------- >> Mar 27 11:46:00 S4 named[2226]: adjusted limit on open files from 4096 to >> 1048576 >> Mar 27 11:46:00 S4 named[2226]: found 2 CPUs, using 2 worker threads >> Mar 27 11:46:00 S4 named[2226]: using up to 4096 sockets >> Mar 27 11:46:00 S4 named[2226]: loading configuration from >> '/etc/bind/named.conf' >> Mar 27 11:46:00 S4 named[2226]: reading built-in trusted keys from file >> '/etc/bind/bind.keys' >> Mar 27 11:46:00 S4 named[2226]: using default UDP/IPv4 port range: [1024, >> 65535] >> Mar 27 11:46:00 S4 named[2226]: using default UDP/IPv6 port range: [1024, >> 65535] >> Mar 27 11:46:00 S4 named[2226]: no IPv6 interfaces found >> Mar 27 11:46:00 S4 named[2226]: listening on IPv4 interface lo, >> 127.0.0.1#53 >> Mar 27 11:46:00 S4 named[2226]: listening on IPv4 interface eth0, >> 172.20.2.2#53 >> Mar 27 11:46:00 S4 named[2226]: generating session key for dynamic DNS >> Mar 27 11:46:00 S4 named[2226]: sizing zone task pool based on 5 zones >> Mar 27 11:46:01 S4 named[2226]: Loading 'AD DNS Zone' using driver dlopen >> Mar 27 11:46:01 S4 ntpd[2301]: ntpd 4.2.6p5 at 1.2349-o Sat Feb 7 11:05:48 >> UTC 2015 (1) >> Mar 27 11:46:01 S4 ntpd[2302]: proto: precision = 0.100 usec >> Mar 27 11:46:01 S4 ntpd[2302]: Listen normally on 0 lo 127.0.0.1 UDP 123 >> Mar 27 11:46:01 S4 ntpd[2302]: Listen normally on 1 eth0 172.20.2.2 UDP >> 123 >> Mar 27 11:46:01 S4 ntpd[2302]: peers refreshed >> Mar 27 11:46:01 S4 ntpd[2302]: Listening on routing socket on fd #18 for >> interface updates >> Mar 27 11:46:01 S4 ntpd[2302]: MS-SNTP signd operations currently block >> ntpd degrading service to all clients. >> Mar 27 11:46:02 S4 samba[2374]: [2015/03/27 11:46:02.896676, 0] >> ../source4/smbd/server.c:370(binary_smbd_main) >> Mar 27 11:46:02 S4 samba[2374]: samba version >> 4.1.17-SerNet-Debian-10.wheezy started. >> Mar 27 11:46:02 S4 samba[2374]: Copyright Andrew Tridgell and the Samba >> Team 1992-2013 >> Mar 27 11:46:03 S4 named[2226]: samba_dlz: started for DN >> DC=ariane,DC=intra >> Mar 27 11:46:03 S4 named[2226]: samba_dlz: starting configure >> Mar 27 11:46:03 S4 named[2226]: samba_dlz: configured writeable zone >> '_msdcs.ariane.intra' >> Mar 27 11:46:03 S4 named[2226]: using built-in root key for view _default >> Mar 27 11:46:03 S4 named[2226]: set up managed keys zone for view >> _default, file 'managed-keys.bind' >> Mar 27 11:46:03 S4 named[2226]: command channel listening on 127.0.0.1#953 >> Mar 27 11:46:03 S4 named[2226]: zone 0.in-addr.arpa/IN: loaded serial 1 >> Mar 27 11:46:03 S4 named[2226]: zone 127.in-addr.arpa/IN: loaded serial 1 >> Mar 27 11:46:03 S4 named[2226]: zone 255.in-addr.arpa/IN: loaded serial 1 >> Mar 27 11:46:03 S4 named[2226]: zone localhost/IN: loaded serial 2 >> Mar 27 11:46:03 S4 named[2226]: managed-keys-zone ./IN: loaded serial 2 >> Mar 27 11:46:03 S4 named[2226]: running >> Mar 27 11:46:04 S4 ntpdate[1701]: the NTP socket is in use, exiting >> Mar 27 11:46:04 S4 ntpdate[1670]: the NTP socket is in use, exiting >> Mar 27 11:46:04 S4 ntpdate[1668]: the NTP socket is in use, exiting >> Mar 27 11:46:04 S4 /usr/sbin/cron[2525]: (CRON) INFO (pidfile fd = 3) >> Mar 27 11:46:04 S4 /usr/sbin/cron[2527]: (CRON) STARTUP (fork ok) >> Mar 27 11:46:04 S4 /usr/sbin/cron[2527]: (CRON) INFO (Running @reboot >> jobs) >> Mar 27 11:46:04 S4 samba[2376]: [2015/03/27 11:46:04.862709, 0] >> ../source4/smbd/server.c:488(binary_smbd_main) >> Mar 27 11:46:04 S4 samba[2376]: samba: using 'standard' process model >> Mar 27 11:46:04 S4 samba[2376]: [2015/03/27 11:46:04.885661, 0] >> ../lib/util/become_daemon.c:136(daemon_ready) >> Mar 27 11:46:07 S4 kernel: [ 17.220877] eth0: no IPv6 routers present >> Mar 27 11:46:07 S4 samba[2792]: [2015/03/27 11:46:07.388008, 0] >> ../source4/librpc/rpc/dcerpc_util.c:681(dcerpc_pipe_auth_recv) >> Mar 27 11:46:07 S4 samba[2792]: Failed to bind to uuid >> 12345678-1234-abcd-ef00-01234567cffb for 12345678-1234-abcd-ef00- >> 01234567cffb at ncalrpc:127.0.0.1[DEFAULT,sign,seal] NT_STATUS_ACCESS_DENIED >> Mar 27 11:46:07 S4 smbd[2785]: [2015/03/27 11:46:07.551928, 0] >> ../lib/util/become_daemon.c:136(daemon_ready) >> Mar 27 11:46:08 S4 kernel: [ 17.940675] eth1: no IPv6 routers present >> Mar 27 11:46:21 S4 samba[2791]: [2015/03/27 11:46:21.280522, 0] >> ../source4/dsdb/repl/replicated_objects.c:818(dsdb_ >> replicated_objects_commit) >> Mar 27 11:46:21 S4 samba[2791]: ../source4/dsdb/repl/replicated_objects.c:818 >> Failed to prepare commit of transaction: operations error at >> ../source4/dsdb/samdb/ldb_modules/descriptor.c:1147 >> Mar 27 11:46:21 S4 samba[2791]: [2015/03/27 11:46:21.283141, 0] >> ../source4/dsdb/repl/drepl_out_helpers.c:758(dreplsrv_op_ >> pull_source_apply_changes_trigger) >> Mar 27 11:46:21 S4 samba[2791]: Failed to commit objects: >> WERR_GENERAL_FAILURE/NT_STATUS_INVALID_NETWORK_RESPONSE >> >> > Hi, never had this problem, but I wonder if this would work, join a samba > 4 DC directly to the 2K Server and then run 'samba_upgradedns' > > Worth a try on a test network, there is this in the middle of the > 'samba_upgradedns' python code: > > # dnsprovision creates application partitions for AD based DNS mainly if > the existing > # provision was created using earlier snapshots of samba4 which did not > have support > # for DNS partitions > > Rowland > > > > > ---------- Mensaje reenviado ---------- > From: Dania Ramirez Moya <dania181087 at gmail.com> > To: samba <samba at lists.samba.org> > Cc: > Date: Fri, 27 Mar 2015 11:28:10 -0400 > Subject: [Samba] samba_dnsupdate failed with RuntimeError: kinit for > SMB4ECONOMIA$@ECONOMIA failed (Cannot contact any KDC for requested realm) > Hi list: > > I joined Samba4.1.7 to Windows2k3 R2 domain, when I run: > *samba_dnsupdate --verbose --all-names* > > > IPs: ['192.168.186.137'] > Skipping PDC entry (SRV > _ldap._tcp.pdc._msdcs.${DNSDOMAIN} ${HOSTNAME} 389) as we > are not a PDC > Skipping PDC entry (SRV > _ldap._tcp.pdc._msdcs.${DNSFOREST} ${HOSTNAME} 389) as we > are not a PDC > Traceback (most recent call last): > File "/usr/sbin/samba_dnsupdate", line 510, in <module> > get_credentials(lp) > File "/usr/sbin/samba_dnsupdate", line 123, in get_credentials > raise e > *RuntimeError: kinit for SMB4ECONOMIA$@ECONOMIA failed (Cannot contact any > KDC for requested realm)* > > Kinit works fine. This is mi /etc/resolv.conf: > domain economia > search economia > nameserver 127.0.0.1 > nameserver 192.168.186.234 (Windows2k3) > > samba dns server works fine too. > I haven't run fsmo transfer to samba4 nor w2k3 demote dc yet > Is this error important? > I would appreciate any help > Best regards > > > > ---------- Mensaje reenviado ---------- > From: Rowland Penny <rowlandpenny at googlemail.com> > To: samba at lists.samba.org > Cc: > Date: Fri, 27 Mar 2015 15:48:29 +0000 > Subject: Re: [Samba] samba_dnsupdate failed with RuntimeError: kinit for > SMB4ECONOMIA$@ECONOMIA failed (Cannot contact any KDC for requested realm) > On 27/03/15 15:28, Dania Ramirez Moya wrote: > >> Hi list: >> >> I joined Samba4.1.7 to Windows2k3 R2 domain, when I run: >> *samba_dnsupdate --verbose --all-names* >> >> >> IPs: ['192.168.186.137'] >> Skipping PDC entry (SRV >> _ldap._tcp.pdc._msdcs.${DNSDOMAIN} ${HOSTNAME} 389) as >> we >> are not a PDC >> Skipping PDC entry (SRV >> _ldap._tcp.pdc._msdcs.${DNSFOREST} ${HOSTNAME} 389) as >> we >> are not a PDC >> Traceback (most recent call last): >> File "/usr/sbin/samba_dnsupdate", line 510, in <module> >> get_credentials(lp) >> File "/usr/sbin/samba_dnsupdate", line 123, in get_credentials >> raise e >> *RuntimeError: kinit for SMB4ECONOMIA$@ECONOMIA failed (Cannot contact any >> KDC for requested realm)* >> >> Kinit works fine. This is mi /etc/resolv.conf: >> domain economia >> search economia >> nameserver 127.0.0.1 >> nameserver 192.168.186.234 (Windows2k3) >> >> samba dns server works fine too. >> I haven't run fsmo transfer to samba4 nor w2k3 demote dc yet >> Is this error important? >> I would appreciate any help >> Best regards >> > > Is your kerberos realm really 'ECONOMIA' ? > It is usually in the format 'EXAMPLE.COM' > > You can remove the domain line from /etc/resolv.conf, you cannot have both > 'domain' and 'search' and the second to be found will be used. You should > also have the other DC first in the list, so your DC uses the other DC for > dns unless that fails. > > What have you got in /etc/krb5.conf ? > > Rowland > > > > > > > ---------- Mensaje reenviado ---------- > From: Ciaran Scolard <Ciaran at phonovation.com> > To: "'samba at lists.samba.org'" <samba at lists.samba.org> > Cc: > Date: Fri, 27 Mar 2015 15:35:12 +0000 > Subject: [Samba] Weird issue - STATUS_DISK_FULL > Hi All, > > I've a share on a btrfs volume that is reporting that there isn't enough > disk space for a backup. > Which is odd as the file is about 300GB in size and df -h reports 5TB > free. > Any ideas? > > testparm -s > Load smb config files from /etc/samba/smb.conf > Processing section "[BACKUP00]" > Loaded services file OK. > Server role: ROLE_STANDALONE > [global] > map to guest = Bad User > log file = /var/log/samba/log.%m > max xmit = 65535 > deadtime = 15 > socket options = TCP_NODELAY IPTOS_LOWDELAY > load printers = No > printcap name = /dev/null > disable spoolss = Yes > idmap config * : backend = tdb > use sendfile = Yes > write cache size = 1048576 > printing = bsd > print command = lpr -r -P'%p' %s > lpq command = lpq -P'%p' > lprm command = lprm -P'%p' %j > > [BACKUP00] > comment = BACKUPS > path = /BACKUP00/Shared/ > read only = No > guest only = Yes > guest ok = Yes > vfs objects = btrfs > > > > ---------- Mensaje reenviado ---------- > From: David Disseldorp <ddiss at suse.de> > To: Ciaran Scolard <Ciaran at phonovation.com> > Cc: "'samba at lists.samba.org'" <samba at lists.samba.org> > Date: Fri, 27 Mar 2015 17:10:42 +0100 > Subject: Re: [Samba] Weird issue - STATUS_DISK_FULL > Hi Ciaran, > > On Fri, 27 Mar 2015 15:35:12 +0000, Ciaran Scolard wrote: > > > I've a share on a btrfs volume that is reporting that there isn't enough > disk space for a backup. > > Which is odd as the file is about 300GB in size and df -h reports 5TB > free. > > Any ideas? > > Free space tracking in Btrfs (and other CoW filesystems) is generally > complex. I'd suggest you take a look at the Btrfs documentation at: > > https://btrfs.wiki.kernel.org/index.php/FAQ#Help.21_I_ran_out_of_disk_space.21 > > Cheers, David > > > > ---------- Mensaje reenviado ---------- > From: Ciaran Scolard <Ciaran at phonovation.com> > To: "'David Disseldorp'" <ddiss at suse.de> > Cc: "'samba at lists.samba.org'" <samba at lists.samba.org> > Date: Fri, 27 Mar 2015 16:23:41 +0000 > Subject: Re: [Samba] Weird issue - STATUS_DISK_FULL > Thanks David. > > It's a brand new array but I've double checked and there's not much space > used and plenty free. > > > -----Original Message----- > From: David Disseldorp [mailto:ddiss at suse.de] > Sent: 27 March 2015 16:11 > To: Ciaran Scolard > Cc: 'samba at lists.samba.org' > Subject: Re: [Samba] Weird issue - STATUS_DISK_FULL > > Hi Ciaran, > > On Fri, 27 Mar 2015 15:35:12 +0000, Ciaran Scolard wrote: > > > I've a share on a btrfs volume that is reporting that there isn't enough > disk space for a backup. > > Which is odd as the file is about 300GB in size and df -h reports 5TB > free. > > Any ideas? > > Free space tracking in Btrfs (and other CoW filesystems) is generally > complex. I'd suggest you take a look at the Btrfs documentation at: > > https://btrfs.wiki.kernel.org/index.php/FAQ#Help.21_I_ran_out_of_disk_space.21 > > Cheers, David > > > > ---------- Mensaje reenviado ---------- > From: David Disseldorp <ddiss at suse.de> > To: Ciaran Scolard <Ciaran at phonovation.com> > Cc: "'samba at lists.samba.org'" <samba at lists.samba.org> > Date: Fri, 27 Mar 2015 17:35:33 +0100 > Subject: Re: [Samba] Weird issue - STATUS_DISK_FULL > On Fri, 27 Mar 2015 16:23:41 +0000, Ciaran Scolard wrote: > > > Thanks David. > > > > It's a brand new array but I've double checked and there's not much > space used and plenty free. > > Which kernel version are you using. Which version of Samba are you > running? Can you reproduce the ENOSPC error doing a similar IO on the > local filesystem, or only via Samba? > > Finally, have you tried running "btrfs fi balance ..." on the > filesystem? > > Cheers, David > > > _______________________________________________ > samba mailing list > samba at lists.samba.org > https://lists.samba.org/mailman/listinfo/samba > >Hello, thank you Rowland for you response Yes, it is.This domain was installed with a single label, just ECONOMIA. Is that a problem? Thit is my /etc/krb5.conf [libdefaults] default_realm = ECONOMIA dns_lookup_realm = true dns_lookup_kdc = true I made the changes that you suggest me but I continue to get the same result RuntimeError: kinit for SMB4ECONOMIA$@ECONOMIA failed (Cannot contact any KDC for) *samba_dnsupdate --verboseIPs: ['192.168.186.137']Skipping PDC entry (SRV _ldap._tcp.pdc._msdcs.${DNSDOMAIN} ${HOSTNAME} 389) as we are not a PDCSkipping PDC entry (SRV _ldap._tcp.pdc._msdcs.${DNSFOREST} ${HOSTNAME} 389) as we are not a PDCLooking for DNS entry A economia 192.168.186.137 as economia.Failed to find matching DNS entry A economia 192.168.186.137Looking for DNS entry A smb4economia.economia 192.168.186.137 as smb4economia.economia.Looking for DNS entry A gc._msdcs.economia 192.168.186.137 as gc._msdcs.economia.Failed to find matching DNS entry A gc._msdcs.economia 192.168.186.137Looking for DNS entry CNAME 207c6ca4-3976-4aaf-b60a-bc98093df340._msdcs.economia smb4economia.economia as 207c6ca4-3976-4aaf-b60a-bc98093df340._msdcs.economia.Looking for DNS entry SRV _kpasswd._tcp.economia smb4economia.economia 464 as _kpasswd._tcp.economia.Checking 0 100 464 dc.economia. against SRV _kpasswd._tcp.economia smb4economia.economia 464Failed to find matching DNS entry SRV _kpasswd._tcp.economia smb4economia.economia 464Looking for DNS entry SRV _kpasswd._udp.economia smb4economia.economia 464 as _kpasswd._udp.economia.Checking 0 100 464 dc.economia. against SRV _kpasswd._udp.economia smb4economia.economia 464Failed to find matching DNS entry SRV _kpasswd._udp.economia smb4economia.economia 464Looking for DNS entry SRV _kerberos._tcp.economia smb4economia.economia 88 as _kerberos._tcp.economia.Checking 0 100 88 dc.economia. against SRV _kerberos._tcp.economia smb4economia.economia 88Failed to find matching DNS entry SRV _kerberos._tcp.economia smb4economia.economia 88Looking for DNS entry SRV _kerberos._tcp.dc._msdcs.economia smb4economia.economia 88 as _kerberos._tcp.dc._msdcs.economia.Checking 0 100 88 dc.economia. against SRV _kerberos._tcp.dc._msdcs.economia smb4economia.economia 88Failed to find matching DNS entry SRV _kerberos._tcp.dc._msdcs.economia smb4economia.economia 88Looking for DNS entry SRV _kerberos._tcp.default-first-site-name._sites.economia smb4economia.economia 88 as _kerberos._tcp.default-first-site-name._sites.economia.Checking 0 100 88 dc.economia. against SRV _kerberos._tcp.default-first-site-name._sites.economia smb4economia.economia 88Failed to find matching DNS entry SRV _kerberos._tcp.default-first-site-name._sites.economia smb4economia.economia 88Looking for DNS entry SRV _kerberos._tcp.default-first-site-name._sites.dc._msdcs.economia smb4economia.economia 88 as _kerberos._tcp.default-first-site-name._sites.dc._msdcs.economia.Checking 0 100 88 dc.economia. against SRV _kerberos._tcp.default-first-site-name._sites.dc._msdcs.economia smb4economia.economia 88Failed to find matching DNS entry SRV _kerberos._tcp.default-first-site-name._sites.dc._msdcs.economia smb4economia.economia 88Looking for DNS entry SRV _kerberos._udp.economia smb4economia.economia 88 as _kerberos._udp.economia.Checking 0 100 88 dc.economia. against SRV _kerberos._udp.economia smb4economia.economia 88Failed to find matching DNS entry SRV _kerberos._udp.economia smb4economia.economia 88Looking for DNS entry SRV _ldap._tcp.economia smb4economia.economia 389 as _ldap._tcp.economia.Checking 0 100 389 dc.economia. against SRV _ldap._tcp.economia smb4economia.economia 389Failed to find matching DNS entry SRV _ldap._tcp.economia smb4economia.economia 389Looking for DNS entry SRV _ldap._tcp.dc._msdcs.economia smb4economia.economia 389 as _ldap._tcp.dc._msdcs.economia.Checking 0 100 389 dc.economia. against SRV _ldap._tcp.dc._msdcs.economia smb4economia.economia 389Failed to find matching DNS entry SRV _ldap._tcp.dc._msdcs.economia smb4economia.economia 389Looking for DNS entry SRV _ldap._tcp.gc._msdcs.economia smb4economia.economia 3268 as _ldap._tcp.gc._msdcs.economia.Checking 0 100 3268 dc.economia. against SRV _ldap._tcp.gc._msdcs.economia smb4economia.economia 3268Failed to find matching DNS entry SRV _ldap._tcp.gc._msdcs.economia smb4economia.economia 3268Looking for DNS entry SRV _ldap._tcp.default-first-site-name._sites.economia smb4economia.economia 389 as _ldap._tcp.default-first-site-name._sites.economia.Checking 0 100 389 dc.economia. against SRV _ldap._tcp.default-first-site-name._sites.economia smb4economia.economia 389Failed to find matching DNS entry SRV _ldap._tcp.default-first-site-name._sites.economia smb4economia.economia 389Looking for DNS entry SRV _ldap._tcp.default-first-site-name._sites.dc._msdcs.economia smb4economia.economia 389 as _ldap._tcp.default-first-site-name._sites.dc._msdcs.economia.Checking 0 100 389 dc.economia. against SRV _ldap._tcp.default-first-site-name._sites.dc._msdcs.economia smb4economia.economia 389Failed to find matching DNS entry SRV _ldap._tcp.default-first-site-name._sites.dc._msdcs.economia smb4economia.economia 389Looking for DNS entry SRV _ldap._tcp.default-first-site-name._sites.gc._msdcs.economia smb4economia.economia 3268 as _ldap._tcp.default-first-site-name._sites.gc._msdcs.economia.Checking 0 100 3268 dc.economia. against SRV _ldap._tcp.default-first-site-name._sites.gc._msdcs.economia smb4economia.economia 3268Failed to find matching DNS entry SRV _ldap._tcp.default-first-site-name._sites.gc._msdcs.economia smb4economia.economia 3268Looking for DNS entry SRV _ldap._tcp.2dcb8925-d286-4995-8b9a-3cbc85a636b0.domains._msdcs.economia smb4economia.economia 389 as _ldap._tcp.2dcb8925-d286-4995-8b9a-3cbc85a636b0.domains._msdcs.economia.Checking 0 100 389 dc.economia. against SRV _ldap._tcp.2dcb8925-d286-4995-8b9a-3cbc85a636b0.domains._msdcs.economia smb4economia.economia 389Failed to find matching DNS entry SRV _ldap._tcp.2dcb8925-d286-4995-8b9a-3cbc85a636b0.domains._msdcs.economia smb4economia.economia 389Looking for DNS entry SRV _gc._tcp.economia smb4economia.economia 3268 as _gc._tcp.economia.Checking 0 100 3268 dc.economia. against SRV _gc._tcp.economia smb4economia.economia 3268Failed to find matching DNS entry SRV _gc._tcp.economia smb4economia.economia 3268Looking for DNS entry SRV _gc._tcp.default-first-site-name._sites.economia smb4economia.economia 3268 as _gc._tcp.default-first-site-name._sites.economia.Checking 0 100 3268 dc.economia. against SRV _gc._tcp.default-first-site-name._sites.economia smb4economia.economia 3268Failed to find matching DNS entry SRV _gc._tcp.default-first-site-name._sites.economia smb4economia.economia 3268Traceback (most recent call last): File "/usr/sbin/samba_dnsupdate", line 510, in <module> get_credentials(lp) File "/usr/sbin/samba_dnsupdate", line 123, in get_credentials raise eRuntimeError: kinit for SMB4ECONOMIA$@ECONOMIA failed (Cannot contact any KDC for requested realm)*
Rowland Penny
2015-Mar-28 22:09 UTC
[Samba] Fwd: samba_dnsupdate failed with RuntimeError: kinit for SMB4ECONOMIA$@ECONOMIA failed (Cannot contact any KDC for requested realm)
On 28/03/15 21:15, Dania Ramirez Moya wrote:> > Hello, thank you Rowland for you response > Yes, it is.This domain was installed with a single label, just > ECONOMIA. Is that a problem?It could be, the realm name is usually the DNS domain name, whilst the windows domain name is just one word and is usually the left hand part of the realm name. i.e. if the DNS domain name is example.com then the realm name would be EXAMPLE.COM (the realm name is usually in uppercase) and the windows domain name would be EXAMPLE (again in uppercase). If samba_dnsupdate expects something like example.com, then this could be your problem, not saying it is, only that it could be. I would suggest that you check on the windows server what your realm name is, you may find that it isn't 'ECONOMIA' Rowland> Thit is my /etc/krb5.conf > > [libdefaults] > default_realm = ECONOMIA > dns_lookup_realm = true > dns_lookup_kdc = true > I made the changes that you suggest me but I continue to get the same > result RuntimeError: kinit for SMB4ECONOMIA$@ECONOMIA failed (Cannot > contact any KDC for) > > *samba_dnsupdate --verbose > IPs: ['192.168.186.137'] > Skipping PDC entry (SRV _ldap._tcp.pdc._msdcs.${DNSDOMAIN} ${HOSTNAME} > 389) as we are not a PDC > Skipping PDC entry (SRV _ldap._tcp.pdc._msdcs.${DNSFOREST} ${HOSTNAME} > 389) as we are not a PDC > Looking for DNS entry A economia 192.168.186.137 as economia. > Failed to find matching DNS entry A economia 192.168.186.137 > Looking for DNS entry A smb4economia.economia 192.168.186.137 as > smb4economia.economia. > Looking for DNS entry A gc._msdcs.economia 192.168.186.137 as > gc._msdcs.economia. > Failed to find matching DNS entry A gc._msdcs.economia 192.168.186.137 > Looking for DNS entry CNAME > 207c6ca4-3976-4aaf-b60a-bc98093df340._msdcs.economia > smb4economia.economia as > 207c6ca4-3976-4aaf-b60a-bc98093df340._msdcs.economia. > Looking for DNS entry SRV _kpasswd._tcp.economia smb4economia.economia > 464 as _kpasswd._tcp.economia. > Checking 0 100 464 dc.economia. against SRV _kpasswd._tcp.economia > smb4economia.economia 464 > Failed to find matching DNS entry SRV _kpasswd._tcp.economia > smb4economia.economia 464 > Looking for DNS entry SRV _kpasswd._udp.economia smb4economia.economia > 464 as _kpasswd._udp.economia. > Checking 0 100 464 dc.economia. against SRV _kpasswd._udp.economia > smb4economia.economia 464 > Failed to find matching DNS entry SRV _kpasswd._udp.economia > smb4economia.economia 464 > Looking for DNS entry SRV _kerberos._tcp.economia > smb4economia.economia 88 as _kerberos._tcp.economia. > Checking 0 100 88 dc.economia. against SRV _kerberos._tcp.economia > smb4economia.economia 88 > Failed to find matching DNS entry SRV _kerberos._tcp.economia > smb4economia.economia 88 > Looking for DNS entry SRV _kerberos._tcp.dc._msdcs.economia > smb4economia.economia 88 as _kerberos._tcp.dc._msdcs.economia. > Checking 0 100 88 dc.economia. against SRV > _kerberos._tcp.dc._msdcs.economia smb4economia.economia 88 > Failed to find matching DNS entry SRV > _kerberos._tcp.dc._msdcs.economia smb4economia.economia 88 > Looking for DNS entry SRV > _kerberos._tcp.default-first-site-name._sites.economia > smb4economia.economia 88 as > _kerberos._tcp.default-first-site-name._sites.economia. > Checking 0 100 88 dc.economia. against SRV > _kerberos._tcp.default-first-site-name._sites.economia > smb4economia.economia 88 > Failed to find matching DNS entry SRV > _kerberos._tcp.default-first-site-name._sites.economia > smb4economia.economia 88 > Looking for DNS entry SRV > _kerberos._tcp.default-first-site-name._sites.dc._msdcs.economia > smb4economia.economia 88 as > _kerberos._tcp.default-first-site-name._sites.dc._msdcs.economia. > Checking 0 100 88 dc.economia. against SRV > _kerberos._tcp.default-first-site-name._sites.dc._msdcs.economia > smb4economia.economia 88 > Failed to find matching DNS entry SRV > _kerberos._tcp.default-first-site-name._sites.dc._msdcs.economia > smb4economia.economia 88 > Looking for DNS entry SRV _kerberos._udp.economia > smb4economia.economia 88 as _kerberos._udp.economia. > Checking 0 100 88 dc.economia. against SRV _kerberos._udp.economia > smb4economia.economia 88 > Failed to find matching DNS entry SRV _kerberos._udp.economia > smb4economia.economia 88 > Looking for DNS entry SRV _ldap._tcp.economia smb4economia.economia > 389 as _ldap._tcp.economia. > Checking 0 100 389 dc.economia. against SRV _ldap._tcp.economia > smb4economia.economia 389 > Failed to find matching DNS entry SRV _ldap._tcp.economia > smb4economia.economia 389 > Looking for DNS entry SRV _ldap._tcp.dc._msdcs.economia > smb4economia.economia 389 as _ldap._tcp.dc._msdcs.economia. > Checking 0 100 389 dc.economia. against SRV > _ldap._tcp.dc._msdcs.economia smb4economia.economia 389 > Failed to find matching DNS entry SRV _ldap._tcp.dc._msdcs.economia > smb4economia.economia 389 > Looking for DNS entry SRV _ldap._tcp.gc._msdcs.economia > smb4economia.economia 3268 as _ldap._tcp.gc._msdcs.economia. > Checking 0 100 3268 dc.economia. against SRV > _ldap._tcp.gc._msdcs.economia smb4economia.economia 3268 > Failed to find matching DNS entry SRV _ldap._tcp.gc._msdcs.economia > smb4economia.economia 3268 > Looking for DNS entry SRV > _ldap._tcp.default-first-site-name._sites.economia > smb4economia.economia 389 as > _ldap._tcp.default-first-site-name._sites.economia. > Checking 0 100 389 dc.economia. against SRV > _ldap._tcp.default-first-site-name._sites.economia > smb4economia.economia 389 > Failed to find matching DNS entry SRV > _ldap._tcp.default-first-site-name._sites.economia > smb4economia.economia 389 > Looking for DNS entry SRV > _ldap._tcp.default-first-site-name._sites.dc._msdcs.economia > smb4economia.economia 389 as > _ldap._tcp.default-first-site-name._sites.dc._msdcs.economia. > Checking 0 100 389 dc.economia. against SRV > _ldap._tcp.default-first-site-name._sites.dc._msdcs.economia > smb4economia.economia 389 > Failed to find matching DNS entry SRV > _ldap._tcp.default-first-site-name._sites.dc._msdcs.economia > smb4economia.economia 389 > Looking for DNS entry SRV > _ldap._tcp.default-first-site-name._sites.gc._msdcs.economia > smb4economia.economia 3268 as > _ldap._tcp.default-first-site-name._sites.gc._msdcs.economia. > Checking 0 100 3268 dc.economia. against SRV > _ldap._tcp.default-first-site-name._sites.gc._msdcs.economia > smb4economia.economia 3268 > Failed to find matching DNS entry SRV > _ldap._tcp.default-first-site-name._sites.gc._msdcs.economia > smb4economia.economia 3268 > Looking for DNS entry SRV > _ldap._tcp.2dcb8925-d286-4995-8b9a-3cbc85a636b0.domains._msdcs.economia smb4economia.economia > 389 as > _ldap._tcp.2dcb8925-d286-4995-8b9a-3cbc85a636b0.domains._msdcs.economia. > Checking 0 100 389 dc.economia. against SRV > _ldap._tcp.2dcb8925-d286-4995-8b9a-3cbc85a636b0.domains._msdcs.economia smb4economia.economia > 389 > Failed to find matching DNS entry SRV > _ldap._tcp.2dcb8925-d286-4995-8b9a-3cbc85a636b0.domains._msdcs.economia smb4economia.economia > 389 > Looking for DNS entry SRV _gc._tcp.economia smb4economia.economia 3268 > as _gc._tcp.economia. > Checking 0 100 3268 dc.economia. against SRV _gc._tcp.economia > smb4economia.economia 3268 > Failed to find matching DNS entry SRV _gc._tcp.economia > smb4economia.economia 3268 > Looking for DNS entry SRV > _gc._tcp.default-first-site-name._sites.economia smb4economia.economia > 3268 as _gc._tcp.default-first-site-name._sites.economia. > Checking 0 100 3268 dc.economia. against SRV > _gc._tcp.default-first-site-name._sites.economia smb4economia.economia > 3268 > Failed to find matching DNS entry SRV > _gc._tcp.default-first-site-name._sites.economia smb4economia.economia > 3268 > Traceback (most recent call last): > File "/usr/sbin/samba_dnsupdate", line 510, in <module> > get_credentials(lp) > File "/usr/sbin/samba_dnsupdate", line 123, in get_credentials > raise e > RuntimeError: kinit for SMB4ECONOMIA$@ECONOMIA failed (Cannot contact > any KDC for requested realm) > * > >
Apparently Analagous Threads
- Fwd: Fwd: samba_dnsupdate failed with RuntimeError: kinit for SMB4ECONOMIA$@ECONOMIA failed (Cannot contact any KDC for requested realm)
- Fwd: samba_dnsupdate failed with RuntimeError: kinit for SMB4ECONOMIA$@ECONOMIA failed (Cannot contact any KDC for requested realm)
- samba_dnsupdate failed with RuntimeError: kinit for SMB4ECONOMIA$@ECONOMIA failed (Cannot contact any KDC for requested realm)
- samba_dnsupdate failed with RuntimeError: kinit for SMB4ECONOMIA$@ECONOMIA failed (Cannot contact any KDC for requested realm)
- GPO issues - getting SYSVOL cleaned up again