On Fri, 30 Dec 2016 15:52:33 +0100
"Stefan G. Weichinger via samba" <samba at lists.samba.org>
wrote:
> Am 2016-12-30 um 14:44 schrieb Rowland Penny via samba:
> > On Fri, 30 Dec 2016 14:26:01 +0100
> > "Stefan G. Weichinger via samba" <samba at
lists.samba.org> wrote:
> >
> >> Am 2016-12-30 um 14:07 schrieb Rowland Penny via samba:
> >>> Is this the smb.conf you got when you ran the classicupgrade ?
> >>> I don't think it is, can I suggest you remove any and all
lines
> >>> you have added and restart samba
> >>
> >> that was the output of testparm
> >
> > Ah, can I introduce you to 'samba-tool testparm'
> >
> >>
> >> smb.conf on DC:
> >>
> >>
> >> [global]
> >> workgroup = ARBEITSGRUPPE
> >> realm = arbeitsgruppe.secret.tld
> >> netbios name = BACKUP
> >> server role = active directory domain controller
> >> idmap_ldb:use rfc2307 = yes
> >> dns forwarder = 10.0.0.254
> >>
> >> [netlogon]
> >> path
> >> = /var/lib/samba/sysvol/arbeitsgruppe.secret.tld/scripts read only
> >> = No
> >>
> >> [sysvol]
> >> path = /var/lib/samba/sysvol
> >> read only = No
> >>
> >> --
> >>
> >> root at backup:/etc/samba# cat /etc/resolv.conf
> >> search arbeitsgruppe.secret.tld
> >> nameserver 10.0.0.224
> >>
> >> root at backup:/etc/samba# cat /etc/krb5.conf
> >> [libdefaults]
> >> default_realm = ARBEITSGRUPPE.SECRET.TLD
> >> dns_lookup_realm = false
> >> dns_lookup_kdc = true
> >>
> >> --
> >>
> >> editing the resolv.conf(s) helped in stabilizing RSAT editing
> >>
> >> winbindd on member still fails, I left and rejoined ...
> >>
> >> --
> >>
> >> although I see users and GPOs on the member, etc (via net ads)
> >>
> >> # net ads info
> >> LDAP server: 10.0.0.224
> >> LDAP server name: backup.arbeitsgruppe.secret.tld
> >> Realm: ARBEITSGRUPPE.SECRET.TLD
> >> Bind Path: dc=ARBEITSGRUPPE,dc=SECRET,dc=TLD
> >> LDAP port: 389
> >> Server time: Fr, 30 Dez 2016 14:24:25 CET
> >> KDC server: 10.0.0.224
> >> Server time offset: 0
> >>
> >>
> >>
> >
> > What this shows is that your dns domain is
> > 'arbeitsgruppe.secret.tld' and your domain member should also
be
> > using this dns domain. Your earlier posts seem to suggest you are
> > using 'secret.tld' on the domain member, this must be changed.
>
> so you suggest to edit the hostname (did so via hostnamectl
> set-hostname) ?
>
> did that, left domain and rejoined (on member server, sure), winbindd
> fails again
No, not the hostname, the domain name, what does 'hostname -s',
'hostname -d' and 'hostname -f' show ?
Rowland