samba - Oct 2015 - net ads info: failed to get server's current time

I have no "server services" line in my smb.conf and "net ads
info" is
working well using DC running Samba 4.3.1 on Centos 7.

Did you tried without "server services" line?

Cheers,

mathias

2015-10-22 23:53 GMT+02:00 Rowland Penny <rowlandpenny241155 at
gmail.com>:
> On 22/10/15 22:33, Guy-Laurent Subri wrote:
>
>> On Thu, Oct 22, 2015 at 10:13:01PM +0100, Rowland Penny wrote:
>>
>>> On 22/10/15 21:51, Guy-Laurent Subri wrote:
>>>
>>>> On Wed, Oct 21, 2015 at 07:06:33PM +0100, Rowland Penny wrote:
>>>>
>>>>> On 21/10/15 18:35, Guy-Laurent Subri wrote:
>>>>>
>>>>>> Hi all,
>>>>>> We're having issues with Samba at work. I've
searched a bit and the
>>>>>> only
>>>>>> thing that have caught my eye is this: when I run the
'net ads info'
>>>>>> command on our DC --we have a Debian on which samba4 is
installed and
>>>>>> configured as a AD DC-- I have the message "Failed
to get server's
>>>>>> current time!", and "Server time: Thu, 01 Jan
1970 01:00:00 CET".
>>>>>>
>>>>>
>>>>> It works for me on a Debian 4.1.17 DC, so you may have
something
>>>>> mis-configured, have you altered the smb.conf in any way ?
>>>>>
>>>>
>>>> I don't think the modifications I did to smb.conf are
relevant enough to
>>>> cause problem, but here's our smb.conf, just in case:
>>>>
>>>> # Global parameters
>>>> [global]
>>>>    workgroup = TRS-CH
>>>>    realm = TRS-CH.COM
>>>>    netbios name = PDC
>>>>    server role = active directory domain controller
>>>>    server services = +s3fs, +rpc, +nbt, +wrepl, +ldap, +cldap,
+kdc,
>>>> +drepl,
>>>>                        +winbind, +ntp_signd, +kcc, +dnsupdate
>>>> [netlogon]
>>>>   path = /var/lib/samba/sysvol/trs-ch.com/scripts
>>>>   read only = No
>>>>
>>>> [sysvol]
>>>>   path = /var/lib/samba/sysvol
>>>>   read only = No
>>>>
>>>> do you have ntp installed and configured correctly ?
>>>>>
>>>> Yes, I have it installed and everything works fine.
>>>>
>>>> I also already tested the DNS by running the commands described
here:
>>>>
>>>>
https://wiki.samba.org/index.php/Setup_a_Samba_Active_Directory_Domain_Controller
>>>>
>>>> Everything is reachable.
>>>>
>>>> I tested kerberos by doing:
>>>> 'kinit administrator at TRS-CH.COM'
>>>> It showed up when I did 'klist'.
>>>>
>>>> Do you need more information ?
>>>>
>>>> Thanks !
>>>> Cheers,
>>>> Guy-Laurent Subri
>>>>
>>>
>>> Are you running with Bind9 ?
>>>
>>> I think you need to remove all the '+' signs you have added
to the
>>> 'server services' line, you normally only use the
'+' sign to add a
>>> service to the line, I think you may still be using the un-shown
'dns'
>>> option.
>>> I would also recommend that you use the new separate
'winbindd' instead
>>> of the 'winbind' that you are using. I think that before
long the old
>>> 'winbind' built into the samba daemon is going to
disappear, so you
>>> might as well get used to it now.
>>>
>> Yes, I'm running Bind9.
>> If I either remove the + sings or change 'windbind' to
'windbindd' I
>> cannot contact the server again. (The result of the command 'net
ads
>> info' is : no logon servers, didn't find the ldap server).
>>
>> Cheers,
>> Guy-Laurent Subri
>>
>
> OK, I have just joined a new DC to my domain and I am using Bind9 and this
> is what I have in smb.conf:
>
> server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc, drepl,
> winbindd, ntp_signd, kcc, dnsupdate
>
> Note the lack of '+' signs
>
> This is with Samba 4.3.1
>
> I have also checked and 'net ads info' works as well, so if yours
isn't
> working, then something else is wrong, can you post your ntp.conf and bind9
> conf files, also your /etc/resolv.conf & /etc/krb5.conf
>
>
> Rowland
>
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
>

On 26/10/15 13:56, mathias dufresne wrote:
> I have no "server services" line in my smb.conf and "net ads
info" is
> working well using DC running Samba 4.3.1 on Centos 7.
>
> Did you tried without "server services" line?
>
> Cheers,
>
> mathias
>
If you provision with 'BIND9_DLZ' you get the 'server services'
line in
smb.conf but without 'dns', if you provision using the internal DNS, you
do not get the 'server services' line. If you later change to using 
Bind9, you would need to add 'server services -dns' to smb.conf.

Rowland

Thanks for precision Rowland : )

2015-10-26 17:27 GMT+01:00 Rowland Penny <rowlandpenny241155 at
gmail.com>:
> On 26/10/15 13:56, mathias dufresne wrote:
>
>> I have no "server services" line in my smb.conf and "net
ads info" is
>> working well using DC running Samba 4.3.1 on Centos 7.
>>
>> Did you tried without "server services" line?
>>
>> Cheers,
>>
>> mathias
>>
>>
> If you provision with 'BIND9_DLZ' you get the 'server
services' line in
> smb.conf but without 'dns', if you provision using the internal
DNS, you do
> not get the 'server services' line. If you later change to using
Bind9, you
> would need to add 'server services -dns' to smb.conf.
>
>
> Rowland
>
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
>