Hello Rowland,
thank you for advice. I reconfigure both AC-DCs again with new data
and send updated data. Unfortunately, the result is the same. I'm also
sending a listing from
samba-setup-checkup.sh.
* Linux: Raspbian, debian stretch lite
* Samba version 4.5.12-Debian
* DNS: BIND9_DLZ 9.10.x
* Installed packages: ntp ntpdate samba smbclient winbind libcups2
samba-common cups ldb-tools bind9 bind9utils dnsutils krb5-user
*root at ry11citdc:/home/pi/Ry11# samba-tool drs replicate ry11citsdc
ry11citdc dc=ry11cit,dc=lan*
Replicate from ry11citdc to ry11citsdc was successful.
*root at ry11citdc:/home/pi/Ry11# samba-tool drs replicate ry11citdc
ry11citsdc dc=ry11cit,dc=lan*
ERROR(<class 'samba.drs_utils.drsException'>): DsReplicaSync
failed -
drsException: DsReplicaSync failed (2, 'WERR_BADFILE')
File "/usr/lib/python2.7/dist-packages/samba/netcmd/drs.py", line
368, in run
drs_utils.sendDsReplicaSync(server_bind, server_bind_handle,
source_dsa_guid, NC, req_options)
File "/usr/lib/python2.7/dist-packages/samba/drs_utils.py", line
83,
in sendDsReplicaSync
raise drsException("DsReplicaSync failed %s" % estr)
*root at ry11citdc:/home/pi/Ry11# bash samba-setup-checkup.sh*
Check hostnames : Mismatch in hostname definitions
please check :
HOST_NAME_SHORT: ry11citdc
HOST_NAME_DOMAIN:
HOST_NAME_FQDN: ry11citdc
HOST_IP1: 10.44.1.10
HOST_IP2: Only one interface detected
HOST_GATEWAY: 10.44.1.1
HOST_PRIMARY_INTERFACE: 10.44.1.1
eth0
HOST_RESOLV_DOMAIN: domain ry11cit.lan
HOST_RESOLV_SEARCH: search ry11cit.lan
HOST_RESOLV_NAMESERV1: 10.44.1.10
HOST_RESOLV_NAMESERV2: 10.44.1.9
HOST_RESOLV_NAMESERV3:
Possible error detected in /etc/hosts, mismatch FQDN and detected IP
10.44.1.10 for the host.
expected was : 10.44.1.10 ry11citdc ry11citdc
Checking detected host ipnumbers from resolv.conf and default gateway
Ping gateway ip : 10.44.1.1 : Error
ping nameserver1: 10.44.1.10 : Ok
ping nameserver2: 10.44.1.9 : Ok
Check ping google dns : 8.8.8.8 : Error
Checking file owner..
-rw-r--r-- pi pi /etc/samba/smb.conf
Checking file owner..
-rw-r--r-- pi pi /etc/samba/lmhosts
Checking file owner..
Missing file /etc/samba/smbpasswd
drwxr-xr-x root root /usr/bin
drwxr-xr-x root root /var/cache/samba
drwxr-xr-x root root /usr/lib/arm-linux-gnueabihf
drwxr-xr-x root root /var/run/samba
drwxr-x--- root adm /var/log/samba
drwxr-xr-x root root /usr/lib/arm-linux-gnueabihf/samba
drwxr-xr-x root root /var/run/samba
drwxr-xr-x root root /var/lib/samba/private
drwxr-xr-x root root /usr/sbin
drwxr-xr-x root root /var/lib/samba
DCS 2(SERVFAIL
DC1 2(SERVFAIL
DC2
ERROR: Invalid IP address '2(SERVFAIL'!
Samba AD DC info: = detected (command and where to look)
This server hostname = ry11citdc (hostname -s and /etc/hosts
and DNS server)
This server FQDN (hostname) = ry11citdc (hostname -f and /etc/hosts
and DNS server)
This server primary dnsdomain = (hostname -d and /etc/resolv.conf and
DNS server)
This server IP address(ses) = 10.44.1.10 Only one interface detected
(hostname -i (-I) and /etc/networking/interfaces and DNS server
The DC with FSMO roles = RY11CITDC (samba-tool fsmo show)
The DC (with FSMO) Site name = Default-First-Site-Name (samba-tool fsmo
show)
The Default Naming Context = DC=ry11cit,DC=lan (samba-tool fsmo show)
The Kerberos REALM name used = RY11CIT.LAN (kinit and /etc/krb5.conf
and resolving)
The Ipadres of DC 2(SERVFAIL = 2(SERVFAIL)
SAMBA_SERVER_ROLE: active directory domain controller
SAMBA_SERVER_SERVICES: s3fs, rpc, nbt, wrepl, ldap, cldap, kdc, drepl,
winbindd, ntp_signd, kcc, dnsupdate
SAMBA_DCERPC_ENDPOINT_SERVERS: epmapper, wkssvc, rpcecho, samr,
netlogon, lsarpc, drsuapi, dssetup, unixinfo, browser, eventlog6,
backupkey, dnsserver
*I did not come to the way the hostname -d command would return the
domain name. How can I do that? In addition, there are host, lmhost,
resolv.conf, and so on**
*
Please help, I don 't know the advice.
System integrator Jiří Knotek
"Primary" Active Directory Domain
Controler:---------------------------------------------------------------------------------------------------
-----------------------------------------------------------------------------------------------------------------------------------------------------
hostname:-----------------
ry11citdc.ry11cit.lan
hosts:---------------
127.0.0.1 localhost localhost.localdomain
10.44.1.10 ry11citdc ry11citdc.ry11cit.lan
10.44.1.9 ry11citsdc ry11citsdc.ry11cit.lan
resolv.conf.head:-------------------
domain ry11cit.lan
search ry11cit.lan
systemctl.conf"--------------------
net.ipv4.ip_forward=1
net.ipv6.conf.all.disable_ipv6=1
krb5.conf:------------
[libdefaults]
default_realm = RY11CIT.LAN
dns_lookup_realm = false
dns_lookup_kdc = true
named.conf:------------------------
include "/etc/bind/named.conf.options";
include "/etc/bind/named.conf.local";
include "/etc/bind/named.conf.default-zones";
include "/var/lib/samba/private/named.conf";
named.conf.options:-----------------------
options {
directory "/var/cache/bind";
dnssec-validation auto;
auth-nxdomain no; # conform to RFC1035
listen-on-v6 { none; };
tkey-gssapi-keytab "/var/lib/samba/private/dns.keytab";
};
lmhost:--------------------------
127.0.0.1 localhost
10.44.1.10 ry11citdc
10.44.1.9 ry11citsdc
smb.conf:------------------------------
# Global parameters
[global]
netbios name = RY11CITDC
realm = RY11CIT.LAN
server services = -dns
workgroup = RY11CIT
server role = active directory domain controller
[netlogon]
path = /var/lib/samba/sysvol/ry11cit.lan/scripts
read only = No
[sysvol]
path = /var/lib/samba/sysvol
read only = No
Samba Provision---------------:
samba-tool domain provision --realm=RY11CIT.LAN --domain=RY11CIT
--server-role=dc --dns-backend=BIND9_DLZ --adminpass='.....'
"Backup / Standby" Active Directory Domain
Controler:---------------------------------------------------------------------------------------------------
-----------------------------------------------------------------------------------------------------------------------------------------------------
hostname:-----------------
ry11citsdc.ry11cit.lan
hosts:---------------
127.0.0.1 localhost localhost.localdomain
10.44.1.10 ry11citdc ry11citdc.ry11cit.lan
10.44.1.9 ry11citsdc ry11citsdc.ry11cit.lan
resolv.conf.head:-------------------
domain ry11cit.lan
search ry11cit.lan
systemctl.conf"--------------------
net.ipv4.ip_forward=1
net.ipv6.conf.all.disable_ipv6=1
krb5.conf:------------
[libdefaults]
default_realm = RY11CIT.LAN
dns_lookup_realm = false
dns_lookup_kdc = true
named.conf:------------------------
include "/etc/bind/named.conf.options";
include "/etc/bind/named.conf.local";
include "/etc/bind/named.conf.default-zones";
include "/var/lib/samba/private/named.conf";
named.conf.options:-----------------------
options {
directory "/var/cache/bind";
dnssec-validation auto;
auth-nxdomain no; # conform to RFC1035
listen-on-v6 { none; };
tkey-gssapi-keytab "/var/lib/samba/private/dns.keytab";
};
lmhost:--------------------------
127.0.0.1 localhost
10.44.1.10 ry11citdc
10.44.1.9 ry11citsdc
smb.conf:------------------------------
# Global parameters
[global]
netbios name = RY11CITSDC
realm = RY11CIT.LAN
server services = -dns
workgroup = RY11CIT
server role = active directory domain controller
[netlogon]
path = /var/lib/samba/sysvol/ry11cit.lan/scripts
read only = No
[sysvol]
path = /var/lib/samba/sysvol
read only = No
Samba join---------------:
samba-tool domain join RY11CIT DC -Uadministrator
--realm=RY11CIT.LAN --dns-backend=BIND9_DLZ --adminpass='.....'
Thanks Jiri Knotek
Ow and.. Your hosts files are incorrect. Layout should be : ip hostname.fqdn hostname So this should be :> 10.44.1.10 ry11citdc.ry11cit.lan ry11citdc > 10.44.1.9 ry11citsdc.ry11cit.lan ry11citsdcReboot both servers after the change. Greetz, Louis> -----Oorspronkelijk bericht----- > Van: samba [mailto:samba-bounces at lists.samba.org] Namens > L.P.H. van Belle via samba > Verzonden: woensdag 13 december 2017 10:41 > Aan: samba at lists.samba.org > CC: Ji??í Knotek > Onderwerp: Re: [Samba] Replication problems bdc to pdc > > Great you use my script :-) > Now we know something is wrong, run this one. > > https://raw.githubusercontent.com/thctlo/samba4/master/samba-collect-debug-info.sh> And post the content to the list, that helps a lot. > > Greetz, > > Louis > > > > > -----Oorspronkelijk bericht----- > > Van: samba [mailto:samba-bounces at lists.samba.org] Namens > > Ji??í Knotek via samba > > Verzonden: woensdag 13 december 2017 10:14 > > Aan: samba at lists.samba.org > > Onderwerp: Re: [Samba] Replication problems bdc to pdc > > > > Hello Rowland, > > > > thank you for advice. I reconfigure both AC-DCs again > > with new data > > and send updated data. Unfortunately, the result is the same. > > I'm also > > sending a listing from > > > > samba-setup-checkup.sh. > > > > * Linux: Raspbian, debian stretch lite > > * Samba version 4.5.12-Debian > > * DNS: BIND9_DLZ 9.10.x > > * Installed packages: ntp ntpdate samba smbclient winbind > libcups2 > > samba-common cups ldb-tools bind9 bind9utils dnsutils krb5-user > > > > *root at ry11citdc:/home/pi/Ry11# samba-tool drs replicate ry11citsdc > > ry11citdc dc=ry11cit,dc=lan* > > Replicate from ry11citdc to ry11citsdc was successful. > > > > *root at ry11citdc:/home/pi/Ry11# samba-tool drs replicate ry11citdc > > ry11citsdc dc=ry11cit,dc=lan* > > ERROR(<class 'samba.drs_utils.drsException'>): > DsReplicaSync failed - > > drsException: DsReplicaSync failed (2, 'WERR_BADFILE') > > File > "/usr/lib/python2.7/dist-packages/samba/netcmd/drs.py", line > > 368, in run > > drs_utils.sendDsReplicaSync(server_bind, server_bind_handle, > > source_dsa_guid, NC, req_options) > > File > > "/usr/lib/python2.7/dist-packages/samba/drs_utils.py", line 83, > > in sendDsReplicaSync > > raise drsException("DsReplicaSync failed %s" % estr) > > > > > > *root at ry11citdc:/home/pi/Ry11# bash samba-setup-checkup.sh* > > Check hostnames : Mismatch in hostname definitions > > please check : > > HOST_NAME_SHORT: ry11citdc > > HOST_NAME_DOMAIN: > > HOST_NAME_FQDN: ry11citdc > > HOST_IP1: 10.44.1.10 > > HOST_IP2: Only one interface detected > > HOST_GATEWAY: 10.44.1.1 > > HOST_PRIMARY_INTERFACE: 10.44.1.1 > > eth0 > > HOST_RESOLV_DOMAIN: domain ry11cit.lan > > HOST_RESOLV_SEARCH: search ry11cit.lan > > HOST_RESOLV_NAMESERV1: 10.44.1.10 > > HOST_RESOLV_NAMESERV2: 10.44.1.9 > > HOST_RESOLV_NAMESERV3: > > Possible error detected in /etc/hosts, mismatch FQDN and > detected IP > > 10.44.1.10 for the host. > > expected was : 10.44.1.10 ry11citdc ry11citdc > > Checking detected host ipnumbers from resolv.conf and > default gateway > > Ping gateway ip : 10.44.1.1 : Error > > ping nameserver1: 10.44.1.10 : Ok > > ping nameserver2: 10.44.1.9 : Ok > > Check ping google dns : 8.8.8.8 : Error > > Checking file owner.. > > -rw-r--r-- pi pi /etc/samba/smb.conf > > Checking file owner.. > > -rw-r--r-- pi pi /etc/samba/lmhosts > > Checking file owner.. > > Missing file /etc/samba/smbpasswd > > drwxr-xr-x root root /usr/bin > > drwxr-xr-x root root /var/cache/samba > > drwxr-xr-x root root /usr/lib/arm-linux-gnueabihf > > drwxr-xr-x root root /var/run/samba > > drwxr-x--- root adm /var/log/samba > > drwxr-xr-x root root /usr/lib/arm-linux-gnueabihf/samba > > drwxr-xr-x root root /var/run/samba > > drwxr-xr-x root root /var/lib/samba/private > > drwxr-xr-x root root /usr/sbin > > drwxr-xr-x root root /var/lib/samba > > DCS 2(SERVFAIL > > DC1 2(SERVFAIL > > DC2 > > ERROR: Invalid IP address '2(SERVFAIL'! > > Samba AD DC info: = detected (command and > where to look) > > This server hostname = ry11citdc (hostname -s and > /etc/hosts > > and DNS server) > > This server FQDN (hostname) = ry11citdc (hostname -f and > /etc/hosts > > and DNS server) > > This server primary dnsdomain = (hostname -d and > > /etc/resolv.conf and > > DNS server) > > This server IP address(ses) = 10.44.1.10 Only one > > interface detected > > (hostname -i (-I) and /etc/networking/interfaces and DNS server > > The DC with FSMO roles = RY11CITDC (samba-tool fsmo show) > > The DC (with FSMO) Site name = Default-First-Site-Name > > (samba-tool fsmo > > show) > > The Default Naming Context = DC=ry11cit,DC=lan (samba-tool > > fsmo show) > > The Kerberos REALM name used = RY11CIT.LAN (kinit and > > /etc/krb5.conf > > and resolving) > > The Ipadres of DC 2(SERVFAIL = 2(SERVFAIL) > > SAMBA_SERVER_ROLE: active directory domain controller > > SAMBA_SERVER_SERVICES: s3fs, rpc, nbt, wrepl, ldap, cldap, > > kdc, drepl, > > winbindd, ntp_signd, kcc, dnsupdate > > SAMBA_DCERPC_ENDPOINT_SERVERS: epmapper, wkssvc, rpcecho, samr, > > netlogon, lsarpc, drsuapi, dssetup, unixinfo, browser, eventlog6, > > backupkey, dnsserver > > > > > > *I did not come to the way the hostname -d command would return the > > domain name. How can I do that? In addition, there are > host, lmhost, > > resolv.conf, and so on** > > * > > > > Please help, I don 't know the advice. > > > > System integrator Ji??í Knotek > > > > > > "Primary" Active Directory Domain > > Controler:---------------------------------------------------- > > ----------------------------------------------- > > > > -------------------------------------------------------------- > > -------------------------------------------------------------- > > ------------------------- > > > > > > hostname:----------------- > > ry11citdc.ry11cit.lan > > > > hosts:--------------- > > 127.0.0.1 localhost localhost.localdomain > > 10.44.1.10 ry11citdc ry11citdc.ry11cit.lan > > 10.44.1.9 ry11citsdc ry11citsdc.ry11cit.lan > > > > resolv.conf.head:------------------- > > domain ry11cit.lan > > search ry11cit.lan > > > > systemctl.conf"-------------------- > > net.ipv4.ip_forward=1 > > net.ipv6.conf.all.disable_ipv6=1 > > > > > > > > krb5.conf:------------ > > > > [libdefaults] > > default_realm = RY11CIT.LAN > > dns_lookup_realm = false > > dns_lookup_kdc = true > > > > named.conf:------------------------ > > > > include "/etc/bind/named.conf.options"; > > include "/etc/bind/named.conf.local"; > > include "/etc/bind/named.conf.default-zones"; > > include "/var/lib/samba/private/named.conf"; > > > > named.conf.options:----------------------- > > > > options { > > directory "/var/cache/bind"; > > > > dnssec-validation auto; > > > > auth-nxdomain no; # conform to RFC1035 > > listen-on-v6 { none; }; > > tkey-gssapi-keytab "/var/lib/samba/private/dns.keytab"; > > }; > > > > lmhost:-------------------------- > > 127.0.0.1 localhost > > 10.44.1.10 ry11citdc > > 10.44.1.9 ry11citsdc > > > > smb.conf:------------------------------ > > > > # Global parameters > > [global] > > netbios name = RY11CITDC > > realm = RY11CIT.LAN > > server services = -dns > > workgroup = RY11CIT > > server role = active directory domain controller > > > > [netlogon] > > path = /var/lib/samba/sysvol/ry11cit.lan/scripts > > read only = No > > > > [sysvol] > > path = /var/lib/samba/sysvol > > read only = No > > > > Samba Provision---------------: > > > > samba-tool domain provision --realm=RY11CIT.LAN > --domain=RY11CIT > > --server-role=dc --dns-backend=BIND9_DLZ --adminpass='.....' > > > > "Backup / Standby" Active Directory Domain > > Controler:---------------------------------------------------- > > ----------------------------------------------- > > > > > > -------------------------------------------------------------- > > -------------------------------------------------------------- > > ------------------------- > > > > > > hostname:----------------- > > ry11citsdc.ry11cit.lan > > > > hosts:--------------- > > 127.0.0.1 localhost localhost.localdomain > > 10.44.1.10 ry11citdc ry11citdc.ry11cit.lan > > 10.44.1.9 ry11citsdc ry11citsdc.ry11cit.lan > > > > resolv.conf.head:------------------- > > domain ry11cit.lan > > search ry11cit.lan > > > > systemctl.conf"-------------------- > > net.ipv4.ip_forward=1 > > net.ipv6.conf.all.disable_ipv6=1 > > > > > > > > krb5.conf:------------ > > > > [libdefaults] > > default_realm = RY11CIT.LAN > > dns_lookup_realm = false > > dns_lookup_kdc = true > > > > named.conf:------------------------ > > > > include "/etc/bind/named.conf.options"; > > include "/etc/bind/named.conf.local"; > > include "/etc/bind/named.conf.default-zones"; > > include "/var/lib/samba/private/named.conf"; > > > > named.conf.options:----------------------- > > > > options { > > directory "/var/cache/bind"; > > > > dnssec-validation auto; > > > > auth-nxdomain no; # conform to RFC1035 > > listen-on-v6 { none; }; > > tkey-gssapi-keytab "/var/lib/samba/private/dns.keytab"; > > }; > > > > lmhost:-------------------------- > > 127.0.0.1 localhost > > 10.44.1.10 ry11citdc > > 10.44.1.9 ry11citsdc > > > > smb.conf:------------------------------ > > > > # Global parameters > > [global] > > netbios name = RY11CITSDC > > realm = RY11CIT.LAN > > server services = -dns > > workgroup = RY11CIT > > server role = active directory domain controller > > > > [netlogon] > > path = /var/lib/samba/sysvol/ry11cit.lan/scripts > > read only = No > > > > [sysvol] > > path = /var/lib/samba/sysvol > > read only = No > > > > Samba join---------------: > > > > samba-tool domain join RY11CIT DC -Uadministrator > > --realm=RY11CIT.LAN --dns-backend=BIND9_DLZ --adminpass='.....' > > > > > > Thanks Jiri Knotek > > > > > > -- > > To unsubscribe from this list go to the following URL and read the > > instructions: https://lists.samba.org/mailman/options/samba > > > > > > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba > >
See inline comments: On Wed, 13 Dec 2017 10:13:52 +0100 Jiří Knotek via samba <samba at lists.samba.org> wrote:> Hello Rowland, > > thank you for advice. I reconfigure both AC-DCs again with new > data and send updated data. Unfortunately, the result is the same. > I'm also sending a listing from > > samba-setup-checkup.sh. > > * Linux: Raspbian, debian stretch lite > * Samba version 4.5.12-Debian > * DNS: BIND9_DLZ 9.10.x > * Installed packages: ntp ntpdate samba smbclient winbind libcups2 > samba-common cups ldb-tools bind9 bind9utils dnsutils krb5-user > > *root at ry11citdc:/home/pi/Ry11# samba-tool drs replicate ry11citsdc > ry11citdc dc=ry11cit,dc=lan* > Replicate from ry11citdc to ry11citsdc was successful. > > *root at ry11citdc:/home/pi/Ry11# samba-tool drs replicate ry11citdc > ry11citsdc dc=ry11cit,dc=lan* > ERROR(<class 'samba.drs_utils.drsException'>): DsReplicaSync failed - > drsException: DsReplicaSync failed (2, 'WERR_BADFILE') > File "/usr/lib/python2.7/dist-packages/samba/netcmd/drs.py", line > 368, in run > drs_utils.sendDsReplicaSync(server_bind, server_bind_handle, > source_dsa_guid, NC, req_options) > File "/usr/lib/python2.7/dist-packages/samba/drs_utils.py", line > 83, in sendDsReplicaSync > raise drsException("DsReplicaSync failed %s" % estr) > > > *root at ry11citdc:/home/pi/Ry11# bash samba-setup-checkup.sh* > Check hostnames : Mismatch in hostname definitions > please check : > HOST_NAME_SHORT: ry11citdc > HOST_NAME_DOMAIN: > HOST_NAME_FQDN: ry11citdc > HOST_IP1: 10.44.1.10 > HOST_IP2: Only one interface detected > HOST_GATEWAY: 10.44.1.1 > HOST_PRIMARY_INTERFACE: 10.44.1.1 > eth0 > HOST_RESOLV_DOMAIN: domain ry11cit.lan > HOST_RESOLV_SEARCH: search ry11cit.lan > HOST_RESOLV_NAMESERV1: 10.44.1.10 > HOST_RESOLV_NAMESERV2: 10.44.1.9 > HOST_RESOLV_NAMESERV3: > Possible error detected in /etc/hosts, mismatch FQDN and detected IP > 10.44.1.10 for the host. > expected was : 10.44.1.10 ry11citdc ry11citdc > Checking detected host ipnumbers from resolv.conf and default gateway > Ping gateway ip : 10.44.1.1 : Error > ping nameserver1: 10.44.1.10 : Ok > ping nameserver2: 10.44.1.9 : Ok > Check ping google dns : 8.8.8.8 : Error > Checking file owner.. > -rw-r--r-- pi pi /etc/samba/smb.conf > Checking file owner.. > -rw-r--r-- pi pi /etc/samba/lmhosts > Checking file owner.. > Missing file /etc/samba/smbpasswd > drwxr-xr-x root root /usr/bin > drwxr-xr-x root root /var/cache/samba > drwxr-xr-x root root /usr/lib/arm-linux-gnueabihf > drwxr-xr-x root root /var/run/samba > drwxr-x--- root adm /var/log/samba > drwxr-xr-x root root /usr/lib/arm-linux-gnueabihf/samba > drwxr-xr-x root root /var/run/samba > drwxr-xr-x root root /var/lib/samba/private > drwxr-xr-x root root /usr/sbin > drwxr-xr-x root root /var/lib/samba > DCS 2(SERVFAIL > DC1 2(SERVFAIL > DC2 > ERROR: Invalid IP address '2(SERVFAIL'! > Samba AD DC info: = detected (command and where to look) > This server hostname = ry11citdc (hostname -s and /etc/hosts > and DNS server) > This server FQDN (hostname) = ry11citdc (hostname -f and /etc/hosts > and DNS server) > This server primary dnsdomain = (hostname -d and /etc/resolv.conf > and DNS server) > This server IP address(ses) = 10.44.1.10 Only one interface > detected (hostname -i (-I) and /etc/networking/interfaces and DNS > server The DC with FSMO roles = RY11CITDC (samba-tool fsmo > show) The DC (with FSMO) Site name = Default-First-Site-Name > (samba-tool fsmo show) > The Default Naming Context = DC=ry11cit,DC=lan (samba-tool fsmo > show) The Kerberos REALM name used = RY11CIT.LAN (kinit > and /etc/krb5.conf and resolving) > The Ipadres of DC 2(SERVFAIL = 2(SERVFAIL) > SAMBA_SERVER_ROLE: active directory domain controller > SAMBA_SERVER_SERVICES: s3fs, rpc, nbt, wrepl, ldap, cldap, kdc, > drepl, winbindd, ntp_signd, kcc, dnsupdate > SAMBA_DCERPC_ENDPOINT_SERVERS: epmapper, wkssvc, rpcecho, samr, > netlogon, lsarpc, drsuapi, dssetup, unixinfo, browser, eventlog6, > backupkey, dnsserver > > > *I did not come to the way the hostname -d command would return the > domain name. How can I do that? In addition, there are host, lmhost, > resolv.conf, and so on** > * > > Please help, I don 't know the advice. > > System integrator Jiří Knotek > > > "Primary" Active Directory Domain > Controler:--------------------------------------------------------------------------------------------------- > > ----------------------------------------------------------------------------------------------------------------------------------------------------- > > > hostname:----------------- > ry11citdc.ry11cit.lanThis should be just the short hostname In this case 'ry11citdc'> > hosts:--------------- > 127.0.0.1 localhost localhost.localdomain > 10.44.1.10 ry11citdc ry11citdc.ry11cit.lan > 10.44.1.9 ry11citsdc ry11citsdc.ry11cit.lanThis should be: 127.0.0.1 localhost 10.44.1.10 ry11citdc.ry11cit.lan ry11citdc> > resolv.conf.head:------------------- > domain ry11cit.lan > search ry11cit.lanWhat is 'resolv.conf.head' ? Do you have the resolvconf package installed ? if so, remove it and the create an /etc/resolv.conf file with this content: search ry11cit.lan nameserver 10.44.1.10> > systemctl.conf"-------------------- > net.ipv4.ip_forward=1 > net.ipv6.conf.all.disable_ipv6=1 > > > > krb5.conf:------------ > > [libdefaults] > default_realm = RY11CIT.LAN > dns_lookup_realm = false > dns_lookup_kdc = true > > named.conf:------------------------ > > include "/etc/bind/named.conf.options"; > include "/etc/bind/named.conf.local"; > include "/etc/bind/named.conf.default-zones"; > include "/var/lib/samba/private/named.conf"; > > named.conf.options:----------------------- > > options { > directory "/var/cache/bind"; > > dnssec-validation auto; > > auth-nxdomain no; # conform to RFC1035 > listen-on-v6 { none; }; > tkey-gssapi-keytab "/var/lib/samba/private/dns.keytab"; > }; > > lmhost:-------------------------- > 127.0.0.1 localhost > 10.44.1.10 ry11citdc > 10.44.1.9 ry11citsdc >not required> smb.conf:------------------------------ > > # Global parameters > [global] > netbios name = RY11CITDC > realm = RY11CIT.LAN > server services = -dns > workgroup = RY11CIT > server role = active directory domain controller > > [netlogon] > path = /var/lib/samba/sysvol/ry11cit.lan/scripts > read only = No > > [sysvol] > path = /var/lib/samba/sysvol > read only = No > > Samba Provision---------------: > > samba-tool domain provision --realm=RY11CIT.LAN --domain=RY11CIT > --server-role=dc --dns-backend=BIND9_DLZ --adminpass='.....' > > "Backup / Standby" Active Directory Domain > Controler:--------------------------------------------------------------------------------------------------- > > > ----------------------------------------------------------------------------------------------------------------------------------------------------- > > > hostname:----------------- > ry11citsdc.ry11cit.lanshould be just 'ry11citsdc'> > hosts:--------------- > 127.0.0.1 localhost localhost.localdomain > 10.44.1.10 ry11citdc ry11citdc.ry11cit.lan > 10.44.1.9 ry11citsdc ry11citsdc.ry11cit.lanshould be: 127.0.0.1 localhost 10.44.1.9 ry11citsdc.ry11cit.lan ry11citsdc> > resolv.conf.head:------------------- > domain ry11cit.lan > search ry11cit.lan >/etc/resolv.conf should be: search ry11cit.lan nameserver 10.44.1.9> systemctl.conf"-------------------- > net.ipv4.ip_forward=1 > net.ipv6.conf.all.disable_ipv6=1 > > > > krb5.conf:------------ > > [libdefaults] > default_realm = RY11CIT.LAN > dns_lookup_realm = false > dns_lookup_kdc = true > > named.conf:------------------------ > > include "/etc/bind/named.conf.options"; > include "/etc/bind/named.conf.local"; > include "/etc/bind/named.conf.default-zones"; > include "/var/lib/samba/private/named.conf"; > > named.conf.options:----------------------- > > options { > directory "/var/cache/bind"; > > dnssec-validation auto; > > auth-nxdomain no; # conform to RFC1035 > listen-on-v6 { none; }; > tkey-gssapi-keytab "/var/lib/samba/private/dns.keytab"; > }; > > lmhost:-------------------------- > 127.0.0.1 localhost > 10.44.1.10 ry11citdc > 10.44.1.9 ry11citsdc >Not required> smb.conf:------------------------------ > > # Global parameters > [global] > netbios name = RY11CITSDC > realm = RY11CIT.LAN > server services = -dns > workgroup = RY11CIT > server role = active directory domain controller > > [netlogon] > path = /var/lib/samba/sysvol/ry11cit.lan/scripts > read only = No > > [sysvol] > path = /var/lib/samba/sysvol > read only = No > > Samba join---------------: > > samba-tool domain join RY11CIT DC -Uadministrator > --realm=RY11CIT.LAN --dns-backend=BIND9_DLZ --adminpass='.....' >You haven't provisioned with '--use-rfc2307' I suggest you go and read this: https://wiki.samba.org/index.php/Setting_up_RFC2307_in_AD Rowland
On Wed, 13 Dec 2017 10:52:38 +0100 "L.P.H. van Belle via samba" <samba at lists.samba.org> wrote:> Ow and.. > > Your hosts files are incorrect. > Layout should be : > ip hostname.fqdn hostname > > So this should be : > > 10.44.1.10 ry11citdc.ry11cit.lan ry11citdc > > 10.44.1.9 ry11citsdc.ry11cit.lan ry11citsdc > Reboot both servers after the change. > >Correct, but wrong at the same time ;-) You should only have the DCs own information in /etc/hosts, the DC should find any other DCs by dns, not by /etc/hosts. Rowland
Hallo Louis,
thanks for the response.
Yes, change on ry11citsdc, now hostname -d works correctly. Somewhere I
saw the opposite entry. Thanks for the repair. Samba-setup-checkup.sh
follows:----------------------------------------------------
pi at ry11citsdc:~ $ bash /home/pi/Ry11/samba-setup-checkup.sh
Check hostnames : Ok
Checking detected host ipnumbers from resolv.conf and default gateway
Ping gateway ip : 10.44.1.1 : Error
ping nameserver1: 10.44.1.9 : Ok
ping nameserver2: 10.44.1.10 : Ok
Check ping google dns : 8.8.8.8 : Error
Checking file owner..
-rw-r--r-- pi pi /etc/samba/smb.conf
Checking file owner..
-rw-r--r-- pi pi /etc/samba/lmhosts
Checking file owner..
Missing file /etc/samba/smbpasswd
drwxr-xr-x root root /usr/bin
drwxr-xr-x root root /var/cache/samba
drwxr-xr-x root root /usr/lib/arm-linux-gnueabihf
drwxr-xr-x root root /var/run/samba
drwxr-x--- root adm /var/log/samba
drwxr-xr-x root root /usr/lib/arm-linux-gnueabihf/samba
drwxr-xr-x root root /var/run/samba
drwxr-xr-x root root /var/lib/samba/private
drwxr-xr-x root root /usr/sbin
drwxr-xr-x root root /var/lib/samba
ltdb: tdb(/var/lib/samba/private/sam.ldb): tdb_open_ex: could not open
file /var/lib/samba/private/sam.ldb: Permission denied
Unable to open tdb '/var/lib/samba/private/sam.ldb': Permission denied
Failed to connect to 'tdb:///var/lib/samba/private/sam.ldb' with backend
'tdb': Unable to open tdb '/var/lib/samba/private/sam.ldb':
Permission
denied
ERROR(ldb): uncaught exception - Unable to open tdb
'/var/lib/samba/private/sam.ldb': Permission denied
File "/usr/lib/python2.7/dist-packages/samba/netcmd/__init__.py",
line 176, in _run
return self.run(*args, **kwargs)
File "/usr/lib/python2.7/dist-packages/samba/netcmd/fsmo.py", line
438, in run
credentials=creds, lp=lp)
File "/usr/lib/python2.7/dist-packages/samba/samdb.py", line 57, in
__init__
options=options)
File "/usr/lib/python2.7/dist-packages/samba/__init__.py", line
115,
in __init__
self.connect(url, flags, options)
File "/usr/lib/python2.7/dist-packages/samba/samdb.py", line 72, in
connect
options=options)
ltdb: tdb(/var/lib/samba/private/sam.ldb): tdb_open_ex: could not open
file /var/lib/samba/private/sam.ldb: Permission denied
Unable to open tdb '/var/lib/samba/private/sam.ldb': Permission denied
Failed to connect to 'tdb:///var/lib/samba/private/sam.ldb' with backend
'tdb': Unable to open tdb '/var/lib/samba/private/sam.ldb':
Permission
denied
ERROR(ldb): uncaught exception - Unable to open tdb
'/var/lib/samba/private/sam.ldb': Permission denied
File "/usr/lib/python2.7/dist-packages/samba/netcmd/__init__.py",
line 176, in _run
return self.run(*args, **kwargs)
File "/usr/lib/python2.7/dist-packages/samba/netcmd/fsmo.py", line
438, in run
credentials=creds, lp=lp)
File "/usr/lib/python2.7/dist-packages/samba/samdb.py", line 57, in
__init__
options=options)
File "/usr/lib/python2.7/dist-packages/samba/__init__.py", line
115,
in __init__
self.connect(url, flags, options)
File "/usr/lib/python2.7/dist-packages/samba/samdb.py", line 72, in
connect
options=options)
ltdb: tdb(/var/lib/samba/private/sam.ldb): tdb_open_ex: could not open
file /var/lib/samba/private/sam.ldb: Permission denied
Unable to open tdb '/var/lib/samba/private/sam.ldb': Permission denied
Failed to connect to 'tdb:///var/lib/samba/private/sam.ldb' with backend
'tdb': Unable to open tdb '/var/lib/samba/private/sam.ldb':
Permission
denied
ERROR(ldb): uncaught exception - Unable to open tdb
'/var/lib/samba/private/sam.ldb': Permission denied
File "/usr/lib/python2.7/dist-packages/samba/netcmd/__init__.py",
line 176, in _run
return self.run(*args, **kwargs)
File "/usr/lib/python2.7/dist-packages/samba/netcmd/fsmo.py", line
438, in run
credentials=creds, lp=lp)
File "/usr/lib/python2.7/dist-packages/samba/samdb.py", line 57, in
__init__
options=options)
File "/usr/lib/python2.7/dist-packages/samba/__init__.py", line
115,
in __init__
self.connect(url, flags, options)
File "/usr/lib/python2.7/dist-packages/samba/samdb.py", line 72, in
connect
options=options)
DCS ry11citsdc.ry11cit.lan
ry11citdc.ry11cit.lan
DC1 ry11citsdc.ry11cit.lan
DC2 ry11citdc.ry11cit.lan
Samba AD DC info: = detected (command and where to look)
This server hostname = ry11citsdc (hostname -s and /etc/hosts
and DNS server)
This server FQDN (hostname) = ry11citsdc.ry11cit.lan (hostname -f and
/etc/hosts and DNS server)
This server primary dnsdomain = ry11cit.lan (hostname -d and
/etc/resolv.conf and DNS server)
This server IP address(ses) = 10.44.1.9 Only one interface detected
(hostname -i (-I) and /etc/networking/interfaces and DNS server
The DC with FSMO roles = (samba-tool fsmo show)
The DC (with FSMO) Site name = (samba-tool fsmo show)
The Default Naming Context = (samba-tool fsmo show)
The Kerberos REALM name used = RY11CIT.LAN (kinit and /etc/krb5.conf
and resolving)
The Ipadres of DC ry11citsdc.ry11cit.lan = 10.44.1.9
The Ipadres of DC ry11citdc.ry11cit.lan = 10.44.1.10
SAMBA_SERVER_ROLE: active directory domain controller
SAMBA_SERVER_SERVICES: s3fs, rpc, nbt, wrepl, ldap, cldap, kdc, drepl,
winbindd, ntp_signd, kcc, dnsupdate
SAMBA_DCERPC_ENDPOINT_SERVERS: epmapper, wkssvc, rpcecho, samr,
netlogon, lsarpc, drsuapi, dssetup, unixinfo, browser, eventlog6,
backupkey, dnsserver
file
samba-debug-info.txt:---------------------------------------------------------------------------------------------
an error occurred while running:
pi at ry11citsdc:~ $ bash /home/pi/Ry11/samba-collect-debug-info.sh
Please wait, collecting debug info.
ERROR(runtime): uncaught exception - (-1073741606, 'Configuration
information could not be read from the domain controller, either because
the machine is unavailable or access has been
d enied.')
File "/usr/lib/python2.7/dist-packages/samba/netcmd/__init__.py",
line 176, in _run
return self.run(*args, **kwargs)
File "/usr/lib/python2.7/dist-packages/samba/netcmd/dns.py", line
812, in run
self.creds = credopts.get_credentials(self.lp)
File "/usr/lib/python2.7/dist-packages/samba/getopt.py", line 212,
in
get_credentials
self.creds.set_machine_account(lp)
The debug info about your system can be found in this file:
/tmp/samba-debug-info.txt
Collected config --- 2017-12-13-11:27 -----------
Hostname: ry11citsdc
DNS Domain: ry11cit.lan
FQDN: ry11citsdc.ry11cit.lan
ipaddress: 10.44.1.9
-----------
Samba is running as an AD DC
Checking file: /etc/os-release
PRETTY_NAME="Raspbian GNU/Linux 9 (stretch)"
NAME="Raspbian GNU/Linux"
VERSION_ID="9"
VERSION="9 (stretch)"
ID=raspbian
ID_LIKE=debian
HOME_URL="http://www.raspbian.org/"
SUPPORT_URL="http://www.raspbian.org/RaspbianForums"
BUG_REPORT_URL="http://www.raspbian.org/RaspbianBugs"
-----------
Warning, /etc/devuan_version does not exist
-----------
running command : ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN
group default qlen 1
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast
state UP group default qlen 1000
link/ether b8:27:eb:9d:64:eb brd ff:ff:ff:ff:ff:ff
inet 10.44.1.9/16 brd 10.44.255.255 scope global eth0
3: wlan0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast
state DOWN group default qlen 1000
link/ether b8:27:eb:c8:31:be brd ff:ff:ff:ff:ff:ff
-----------
Checking file: /etc/hosts
127.0.0.1 localhost.localdomain localhost
10.44.1.10 ry11citdc.ry11cit.lan ry11citdc
10.44.1.9 ry11citsdc.ry11cit.lan ry11citsdc
-----------
Checking file: /etc/krb5.conf
[libdefaults]
default_realm = RY11CIT.LAN
dns_lookup_realm = false
dns_lookup_kdc = true
-----------
Checking file: /etc/nsswitch.conf
# /etc/nsswitch.conf
#
# Example configuration of GNU Name Service Switch functionality.
# If you have the `glibc-doc-reference' and `info' packages installed,
try:
# `info libc "Name Service Switch"' for information about this
file.
passwd: compat
group: compat
shadow: compat
gshadow: files
hosts: files mdns4_minimal [NOTFOUND=return] dns
networks: files
protocols: db files
services: db files
ethers: db files
rpc: db files
netgroup: nis
-----------
Checking file: /etc/samba/smb.conf
# Global parameters
[global]
netbios name = RY11CITSDC
realm = RY11CIT.LAN
server services = -dns
workgroup = RY11CIT
server role = active directory domain controller
[netlogon]
path = /var/lib/samba/sysvol/ry11cit.lan/scripts
read only = No
[sysvol]
path = /var/lib/samba/sysvol
read only = No
-----------
No username map detected.
-----------
Detected bind DLZ enabled..
Checking file: /etc/bind/named.conf
// This is the primary configuration file for the BIND DNS server named.
//
// Please read /usr/share/doc/bind9/README.Debian.gz for information on the
// structure of BIND configuration files in Debian, *BEFORE* you customize
// this configuration file.
//
// If you are just adding zones, please do that in
/etc/bind/named.conf.local
include "/etc/bind/named.conf.options";
include "/etc/bind/named.conf.local";
include "/etc/bind/named.conf.default-zones";
include "/var/lib/samba/private/named.conf";
-----------
Checking file: /etc/bind/named.conf.options
options {
directory "/var/cache/bind";
// If there is a firewall between you and nameservers you want
// to talk to, you may need to fix the firewall to allow multiple
// ports to talk. See http://www.kb.cert.org/vuls/id/800113
// If your ISP provided one or more IP addresses for stable
// nameservers, you probably want to use them as forwarders.
// Uncomment the following block, and insert the addresses replacing
// the all-0's placeholder.
// forwarders {
// 0.0.0.0;
// };
//======================================================================= //
If BIND logs error messages about the root key being expired,
// you will need to update your keys. See
https://www.isc.org/bind-keys
//=======================================================================
dnssec-validation auto;
auth-nxdomain no; # conform to RFC1035
listen-on-v6 { none; };
tkey-gssapi-keytab "/var/lib/samba/private/dns.keytab";
};
-----------
Checking file: /etc/bind/named.conf.local
//
// Do any local configuration here
//
// Consider adding the 1918 zones here, if they are not used in your
// organization
//include "/etc/bind/zones.rfc1918";
-----------
Checking file: /etc/bind/named.conf.default-zones
// prime the server with knowledge of the root servers
zone "." {
type hint;
file "/etc/bind/db.root";
};
// be authoritative for the localhost forward and reverse zones, and for
// broadcast zones as per RFC 1912
zone "localhost" {
type master;
file "/etc/bind/db.local";
};
zone "127.in-addr.arpa" {
type master;
file "/etc/bind/db.127";
};
zone "0.in-addr.arpa" {
type master;
file "/etc/bind/db.0";
};
zone "255.in-addr.arpa" {
type master;
file "/etc/bind/db.255";
};
-----------
Installed packages, running: dpkg -l | egrep
"samba|winbind|krb5|smb|acl|xattr"
ii acl 2.2.52-3 armhf Access control list
utilities
ii krb5-config 2.6 all Configuration
files for Kerberos Version 5
ii krb5-user 1.15-1+deb9u1 armhf basic programs
to authenticate using MIT Kerberos
ii libacl1:armhf 2.2.52-3 armhf Access
control list shared library
ii libgssapi-krb5-2:armhf 1.15-1+deb9u1 armhf MIT
Kerberos runtime libraries - krb5 GSS-API Mechanism
ii libkrb5-3:armhf 1.15-1+deb9u1 armhf MIT
Kerberos runtime libraries
ii libkrb5support0:armhf 1.15-1+deb9u1 armhf MIT
Kerberos runtime libraries - Support library
ii libsmbclient:armhf 2:4.5.12+dfsg-2+deb9u1 armhf shared
library for communication with SMB/CIFS servers
ii libwbclient0:armhf 2:4.5.12+dfsg-2+deb9u1 armhf Samba
winbind client library
ii python-samba 2:4.5.12+dfsg-2+deb9u1 armhf Python
bindings for Samba
ii samba 2:4.5.12+dfsg-2+deb9u1 armhf SMB/CIFS file,
print, and login server for Unix
ii samba-common 2:4.5.12+dfsg-2+deb9u1 all common files
used by both the Samba server and client
ii samba-common-bin 2:4.5.12+dfsg-2+deb9u1 armhf Samba
common files used by both the server and the client
ii samba-dsdb-modules 2:4.5.12+dfsg-2+deb9u1 armhf Samba
Directory Services Database
ii samba-libs:armhf 2:4.5.12+dfsg-2+deb9u1 armhf Samba
core libraries
ii samba-vfs-modules 2:4.5.12+dfsg-2+deb9u1 armhf Samba
Virtual FileSystem plugins
ii smbclient 2:4.5.12+dfsg-2+deb9u1 armhf command-line
SMB/CIFS clients for Unix
ii winbind 2:4.5.12+dfsg-2+deb9u1 armhf service to resolve
user and group information from Windows NT servers
-----------
Thanks Jiri Knotek
On 13. 12. 2017 10:52, L.P.H. van Belle via samba wrote:> Ow and..
>
> Your hosts files are incorrect.
> Layout should be :
> ip hostname.fqdn hostname
>
> So this should be :
>> 10.44.1.10 ry11citdc.ry11cit.lan ry11citdc
>> 10.44.1.9 ry11citsdc.ry11cit.lan ry11citsdc
> Reboot both servers after the change.
>
>
> Greetz,
>
> Louis
>
>
>> -----Oorspronkelijk bericht-----
>> Van: samba [mailto:samba-bounces at lists.samba.org] Namens
>> L.P.H. van Belle via samba
>> Verzonden: woensdag 13 december 2017 10:41
>> Aan: samba at lists.samba.org
>> CC: Ji??í Knotek
>> Onderwerp: Re: [Samba] Replication problems bdc to pdc
>>
>> Great you use my script :-)
>> Now we know something is wrong, run this one.
>>
>> https://raw.githubusercontent.com/thctlo/samba4/master/samba-c
> ollect-debug-info.sh
>> And post the content to the list, that helps a lot.
>>
>> Greetz,
>>
>> Louis
>>
>>
>>
>>> -----Oorspronkelijk bericht-----
>>> Van: samba [mailto:samba-bounces at lists.samba.org] Namens
>>> Ji??í Knotek via samba
>>> Verzonden: woensdag 13 december 2017 10:14
>>> Aan: samba at lists.samba.org
>>> Onderwerp: Re: [Samba] Replication problems bdc to pdc
>>>
>>> Hello Rowland,
>>>
>>> thank you for advice. I reconfigure both AC-DCs again
>>> with new data
>>> and send updated data. Unfortunately, the result is the same.
>>> I'm also
>>> sending a listing from
>>>
>>> samba-setup-checkup.sh.
>>>
>>> * Linux: Raspbian, debian stretch lite
>>> * Samba version 4.5.12-Debian
>>> * DNS: BIND9_DLZ 9.10.x
>>> * Installed packages: ntp ntpdate samba smbclient winbind
>> libcups2
>>> samba-common cups ldb-tools bind9 bind9utils dnsutils krb5-user
>>>
>>> *root at ry11citdc:/home/pi/Ry11# samba-tool drs replicate
ry11citsdc
>>> ry11citdc dc=ry11cit,dc=lan*
>>> Replicate from ry11citdc to ry11citsdc was successful.
>>>
>>> *root at ry11citdc:/home/pi/Ry11# samba-tool drs replicate
ry11citdc
>>> ry11citsdc dc=ry11cit,dc=lan*
>>> ERROR(<class 'samba.drs_utils.drsException'>):
>> DsReplicaSync failed -
>>> drsException: DsReplicaSync failed (2, 'WERR_BADFILE')
>>> File
>> "/usr/lib/python2.7/dist-packages/samba/netcmd/drs.py", line
>>> 368, in run
>>> drs_utils.sendDsReplicaSync(server_bind, server_bind_handle,
>>> source_dsa_guid, NC, req_options)
>>> File
>>> "/usr/lib/python2.7/dist-packages/samba/drs_utils.py",
line 83,
>>> in sendDsReplicaSync
>>> raise drsException("DsReplicaSync failed %s" %
estr)
>>>
>>>
>>> *root at ry11citdc:/home/pi/Ry11# bash samba-setup-checkup.sh*
>>> Check hostnames : Mismatch in hostname definitions
>>> please check :
>>> HOST_NAME_SHORT: ry11citdc
>>> HOST_NAME_DOMAIN:
>>> HOST_NAME_FQDN: ry11citdc
>>> HOST_IP1: 10.44.1.10
>>> HOST_IP2: Only one interface detected
>>> HOST_GATEWAY: 10.44.1.1
>>> HOST_PRIMARY_INTERFACE: 10.44.1.1
>>> eth0
>>> HOST_RESOLV_DOMAIN: domain ry11cit.lan
>>> HOST_RESOLV_SEARCH: search ry11cit.lan
>>> HOST_RESOLV_NAMESERV1: 10.44.1.10
>>> HOST_RESOLV_NAMESERV2: 10.44.1.9
>>> HOST_RESOLV_NAMESERV3:
>>> Possible error detected in /etc/hosts, mismatch FQDN and
>> detected IP
>>> 10.44.1.10 for the host.
>>> expected was : 10.44.1.10 ry11citdc ry11citdc
>>> Checking detected host ipnumbers from resolv.conf and
>> default gateway
>>> Ping gateway ip : 10.44.1.1 : Error
>>> ping nameserver1: 10.44.1.10 : Ok
>>> ping nameserver2: 10.44.1.9 : Ok
>>> Check ping google dns : 8.8.8.8 : Error
>>> Checking file owner..
>>> -rw-r--r-- pi pi /etc/samba/smb.conf
>>> Checking file owner..
>>> -rw-r--r-- pi pi /etc/samba/lmhosts
>>> Checking file owner..
>>> Missing file /etc/samba/smbpasswd
>>> drwxr-xr-x root root /usr/bin
>>> drwxr-xr-x root root /var/cache/samba
>>> drwxr-xr-x root root /usr/lib/arm-linux-gnueabihf
>>> drwxr-xr-x root root /var/run/samba
>>> drwxr-x--- root adm /var/log/samba
>>> drwxr-xr-x root root /usr/lib/arm-linux-gnueabihf/samba
>>> drwxr-xr-x root root /var/run/samba
>>> drwxr-xr-x root root /var/lib/samba/private
>>> drwxr-xr-x root root /usr/sbin
>>> drwxr-xr-x root root /var/lib/samba
>>> DCS 2(SERVFAIL
>>> DC1 2(SERVFAIL
>>> DC2
>>> ERROR: Invalid IP address '2(SERVFAIL'!
>>> Samba AD DC info: = detected (command and
>> where to look)
>>> This server hostname = ry11citdc (hostname -s and
>> /etc/hosts
>>> and DNS server)
>>> This server FQDN (hostname) = ry11citdc (hostname -f and
>> /etc/hosts
>>> and DNS server)
>>> This server primary dnsdomain = (hostname -d and
>>> /etc/resolv.conf and
>>> DNS server)
>>> This server IP address(ses) = 10.44.1.10 Only one
>>> interface detected
>>> (hostname -i (-I) and /etc/networking/interfaces and DNS server
>>> The DC with FSMO roles = RY11CITDC (samba-tool fsmo show)
>>> The DC (with FSMO) Site name = Default-First-Site-Name
>>> (samba-tool fsmo
>>> show)
>>> The Default Naming Context = DC=ry11cit,DC=lan (samba-tool
>>> fsmo show)
>>> The Kerberos REALM name used = RY11CIT.LAN (kinit and
>>> /etc/krb5.conf
>>> and resolving)
>>> The Ipadres of DC 2(SERVFAIL = 2(SERVFAIL)
>>> SAMBA_SERVER_ROLE: active directory domain controller
>>> SAMBA_SERVER_SERVICES: s3fs, rpc, nbt, wrepl, ldap, cldap,
>>> kdc, drepl,
>>> winbindd, ntp_signd, kcc, dnsupdate
>>> SAMBA_DCERPC_ENDPOINT_SERVERS: epmapper, wkssvc, rpcecho, samr,
>>> netlogon, lsarpc, drsuapi, dssetup, unixinfo, browser, eventlog6,
>>> backupkey, dnsserver
>>>
>>>
>>> *I did not come to the way the hostname -d command would return the
>>> domain name. How can I do that? In addition, there are
>> host, lmhost,
>>> resolv.conf, and so on**
>>> *
>>>
>>> Please help, I don 't know the advice.
>>>
>>> System integrator Ji??í Knotek
>>>
>>>
>>> "Primary" Active Directory Domain
>>> Controler:----------------------------------------------------
>>> -----------------------------------------------
>>>
>>> --------------------------------------------------------------
>>> --------------------------------------------------------------
>>> -------------------------
>>>
>>>
>>> hostname:-----------------
>>> ry11citdc.ry11cit.lan
>>>
>>> hosts:---------------
>>> 127.0.0.1 localhost localhost.localdomain
>>> 10.44.1.10 ry11citdc ry11citdc.ry11cit.lan
>>> 10.44.1.9 ry11citsdc ry11citsdc.ry11cit.lan
>>>
>>> resolv.conf.head:-------------------
>>> domain ry11cit.lan
>>> search ry11cit.lan
>>>
>>> systemctl.conf"--------------------
>>> net.ipv4.ip_forward=1
>>> net.ipv6.conf.all.disable_ipv6=1
>>>
>>>
>>>
>>> krb5.conf:------------
>>>
>>> [libdefaults]
>>> default_realm = RY11CIT.LAN
>>> dns_lookup_realm = false
>>> dns_lookup_kdc = true
>>>
>>> named.conf:------------------------
>>>
>>> include "/etc/bind/named.conf.options";
>>> include "/etc/bind/named.conf.local";
>>> include "/etc/bind/named.conf.default-zones";
>>> include "/var/lib/samba/private/named.conf";
>>>
>>> named.conf.options:-----------------------
>>>
>>> options {
>>> directory "/var/cache/bind";
>>>
>>> dnssec-validation auto;
>>>
>>> auth-nxdomain no; # conform to RFC1035
>>> listen-on-v6 { none; };
>>> tkey-gssapi-keytab
"/var/lib/samba/private/dns.keytab";
>>> };
>>>
>>> lmhost:--------------------------
>>> 127.0.0.1 localhost
>>> 10.44.1.10 ry11citdc
>>> 10.44.1.9 ry11citsdc
>>>
>>> smb.conf:------------------------------
>>>
>>> # Global parameters
>>> [global]
>>> netbios name = RY11CITDC
>>> realm = RY11CIT.LAN
>>> server services = -dns
>>> workgroup = RY11CIT
>>> server role = active directory domain controller
>>>
>>> [netlogon]
>>> path = /var/lib/samba/sysvol/ry11cit.lan/scripts
>>> read only = No
>>>
>>> [sysvol]
>>> path = /var/lib/samba/sysvol
>>> read only = No
>>>
>>> Samba Provision---------------:
>>>
>>> samba-tool domain provision --realm=RY11CIT.LAN
>> --domain=RY11CIT
>>> --server-role=dc --dns-backend=BIND9_DLZ
--adminpass='.....'
>>>
>>> "Backup / Standby" Active Directory Domain
>>> Controler:----------------------------------------------------
>>> -----------------------------------------------
>>>
>>>
>>> --------------------------------------------------------------
>>> --------------------------------------------------------------
>>> -------------------------
>>>
>>>
>>> hostname:-----------------
>>> ry11citsdc.ry11cit.lan
>>>
>>> hosts:---------------
>>> 127.0.0.1 localhost localhost.localdomain
>>> 10.44.1.10 ry11citdc ry11citdc.ry11cit.lan
>>> 10.44.1.9 ry11citsdc ry11citsdc.ry11cit.lan
>>>
>>> resolv.conf.head:-------------------
>>> domain ry11cit.lan
>>> search ry11cit.lan
>>>
>>> systemctl.conf"--------------------
>>> net.ipv4.ip_forward=1
>>> net.ipv6.conf.all.disable_ipv6=1
>>>
>>>
>>>
>>> krb5.conf:------------
>>>
>>> [libdefaults]
>>> default_realm = RY11CIT.LAN
>>> dns_lookup_realm = false
>>> dns_lookup_kdc = true
>>>
>>> named.conf:------------------------
>>>
>>> include "/etc/bind/named.conf.options";
>>> include "/etc/bind/named.conf.local";
>>> include "/etc/bind/named.conf.default-zones";
>>> include "/var/lib/samba/private/named.conf";
>>>
>>> named.conf.options:-----------------------
>>>
>>> options {
>>> directory "/var/cache/bind";
>>>
>>> dnssec-validation auto;
>>>
>>> auth-nxdomain no; # conform to RFC1035
>>> listen-on-v6 { none; };
>>> tkey-gssapi-keytab
"/var/lib/samba/private/dns.keytab";
>>> };
>>>
>>> lmhost:--------------------------
>>> 127.0.0.1 localhost
>>> 10.44.1.10 ry11citdc
>>> 10.44.1.9 ry11citsdc
>>>
>>> smb.conf:------------------------------
>>>
>>> # Global parameters
>>> [global]
>>> netbios name = RY11CITSDC
>>> realm = RY11CIT.LAN
>>> server services = -dns
>>> workgroup = RY11CIT
>>> server role = active directory domain controller
>>>
>>> [netlogon]
>>> path = /var/lib/samba/sysvol/ry11cit.lan/scripts
>>> read only = No
>>>
>>> [sysvol]
>>> path = /var/lib/samba/sysvol
>>> read only = No
>>>
>>> Samba join---------------:
>>>
>>> samba-tool domain join RY11CIT DC -Uadministrator
>>> --realm=RY11CIT.LAN --dns-backend=BIND9_DLZ
--adminpass='.....'
>>>
>>>
>>> Thanks Jiri Knotek
>>>
>>>
>>> --
>>> To unsubscribe from this list go to the following URL and read the
>>> instructions: https://lists.samba.org/mailman/options/samba
>>>
>>>
>>
>> --
>> To unsubscribe from this list go to the following URL and read the
>> instructions: https://lists.samba.org/mailman/options/samba
>>
>>
>
--
*Ing. Jiří Knotek*
programátor
*GEMA s.r.o. Automatizace technologických procesů*
Doubravice 13, Pardubice 19, 53353
Tel: +420604570127
E-mail: jiri.knotek at gemapce.cz <mailto:jiri.knotek at gemapce.cz>
Web:www.gemapce.cz <http://www.gemapce.cz/>
Hai, Both script where missing "run as root". I've update the github versions. Can you run that these again, but as root or with sudo. And post the content again. Greetz, Louis> -----Oorspronkelijk bericht----- > Van: samba [mailto:samba-bounces at lists.samba.org] Namens > Ji??í Knotek via samba > Verzonden: woensdag 13 december 2017 11:36 > Aan: samba at lists.samba.org > Onderwerp: Re: [Samba] Replication problems bdc to pdc > > Hallo Louis, > > thanks for the response. > > Yes, change on ry11citsdc, now hostname -d works correctly. > Somewhere I > saw the opposite entry. Thanks for the repair. Samba-setup-checkup.sh > follows:---------------------------------------------------- > > pi at ry11citsdc:~ $ bash /home/pi/Ry11/samba-setup-checkup.sh > Check hostnames : Ok > Checking detected host ipnumbers from resolv.conf and default gateway > Ping gateway ip : 10.44.1.1 : Error > ping nameserver1: 10.44.1.9 : Ok > ping nameserver2: 10.44.1.10 : Ok > Check ping google dns : 8.8.8.8 : Error > Checking file owner.. > -rw-r--r-- pi pi /etc/samba/smb.conf > Checking file owner.. > -rw-r--r-- pi pi /etc/samba/lmhosts > Checking file owner.. > Missing file /etc/samba/smbpasswd > drwxr-xr-x root root /usr/bin > drwxr-xr-x root root /var/cache/samba > drwxr-xr-x root root /usr/lib/arm-linux-gnueabihf > drwxr-xr-x root root /var/run/samba > drwxr-x--- root adm /var/log/samba > drwxr-xr-x root root /usr/lib/arm-linux-gnueabihf/samba > drwxr-xr-x root root /var/run/samba > drwxr-xr-x root root /var/lib/samba/private > drwxr-xr-x root root /usr/sbin > drwxr-xr-x root root /var/lib/samba > ltdb: tdb(/var/lib/samba/private/sam.ldb): tdb_open_ex: could > not open > file /var/lib/samba/private/sam.ldb: Permission denied > > Unable to open tdb '/var/lib/samba/private/sam.ldb': Permission denied > Failed to connect to 'tdb:///var/lib/samba/private/sam.ldb' > with backend > 'tdb': Unable to open tdb '/var/lib/samba/private/sam.ldb': > Permission > denied > ERROR(ldb): uncaught exception - Unable to open tdb > '/var/lib/samba/private/sam.ldb': Permission denied > File "/usr/lib/python2.7/dist-packages/samba/netcmd/__init__.py", > line 176, in _run > return self.run(*args, **kwargs) > File "/usr/lib/python2.7/dist-packages/samba/netcmd/fsmo.py", line > 438, in run > credentials=creds, lp=lp) > File "/usr/lib/python2.7/dist-packages/samba/samdb.py", > line 57, in > __init__ > options=options) > File "/usr/lib/python2.7/dist-packages/samba/__init__.py", > line 115, > in __init__ > self.connect(url, flags, options) > File "/usr/lib/python2.7/dist-packages/samba/samdb.py", > line 72, in > connect > options=options) > ltdb: tdb(/var/lib/samba/private/sam.ldb): tdb_open_ex: could > not open > file /var/lib/samba/private/sam.ldb: Permission denied > > Unable to open tdb '/var/lib/samba/private/sam.ldb': Permission denied > Failed to connect to 'tdb:///var/lib/samba/private/sam.ldb' > with backend > 'tdb': Unable to open tdb '/var/lib/samba/private/sam.ldb': > Permission > denied > ERROR(ldb): uncaught exception - Unable to open tdb > '/var/lib/samba/private/sam.ldb': Permission denied > File "/usr/lib/python2.7/dist-packages/samba/netcmd/__init__.py", > line 176, in _run > return self.run(*args, **kwargs) > File "/usr/lib/python2.7/dist-packages/samba/netcmd/fsmo.py", line > 438, in run > credentials=creds, lp=lp) > File "/usr/lib/python2.7/dist-packages/samba/samdb.py", > line 57, in > __init__ > options=options) > File "/usr/lib/python2.7/dist-packages/samba/__init__.py", > line 115, > in __init__ > self.connect(url, flags, options) > File "/usr/lib/python2.7/dist-packages/samba/samdb.py", > line 72, in > connect > options=options) > ltdb: tdb(/var/lib/samba/private/sam.ldb): tdb_open_ex: could > not open > file /var/lib/samba/private/sam.ldb: Permission denied > > Unable to open tdb '/var/lib/samba/private/sam.ldb': Permission denied > Failed to connect to 'tdb:///var/lib/samba/private/sam.ldb' > with backend > 'tdb': Unable to open tdb '/var/lib/samba/private/sam.ldb': > Permission > denied > ERROR(ldb): uncaught exception - Unable to open tdb > '/var/lib/samba/private/sam.ldb': Permission denied > File "/usr/lib/python2.7/dist-packages/samba/netcmd/__init__.py", > line 176, in _run > return self.run(*args, **kwargs) > File "/usr/lib/python2.7/dist-packages/samba/netcmd/fsmo.py", line > 438, in run > credentials=creds, lp=lp) > File "/usr/lib/python2.7/dist-packages/samba/samdb.py", > line 57, in > __init__ > options=options) > File "/usr/lib/python2.7/dist-packages/samba/__init__.py", > line 115, > in __init__ > self.connect(url, flags, options) > File "/usr/lib/python2.7/dist-packages/samba/samdb.py", > line 72, in > connect > options=options) > DCS ry11citsdc.ry11cit.lan > ry11citdc.ry11cit.lan > DC1 ry11citsdc.ry11cit.lan > DC2 ry11citdc.ry11cit.lan > Samba AD DC info: = detected (command and where to look) > This server hostname = ry11citsdc (hostname -s and > /etc/hosts > and DNS server) > This server FQDN (hostname) = ry11citsdc.ry11cit.lan > (hostname -f and > /etc/hosts and DNS server) > This server primary dnsdomain = ry11cit.lan (hostname -d and > /etc/resolv.conf and DNS server) > This server IP address(ses) = 10.44.1.9 Only one interface > detected > (hostname -i (-I) and /etc/networking/interfaces and DNS server > The DC with FSMO roles = (samba-tool fsmo show) > The DC (with FSMO) Site name = (samba-tool fsmo show) > The Default Naming Context = (samba-tool fsmo show) > The Kerberos REALM name used = RY11CIT.LAN (kinit and > /etc/krb5.conf > and resolving) > The Ipadres of DC ry11citsdc.ry11cit.lan = 10.44.1.9 > The Ipadres of DC ry11citdc.ry11cit.lan = 10.44.1.10 > SAMBA_SERVER_ROLE: active directory domain controller > SAMBA_SERVER_SERVICES: s3fs, rpc, nbt, wrepl, ldap, cldap, > kdc, drepl, > winbindd, ntp_signd, kcc, dnsupdate > SAMBA_DCERPC_ENDPOINT_SERVERS: epmapper, wkssvc, rpcecho, samr, > netlogon, lsarpc, drsuapi, dssetup, unixinfo, browser, eventlog6, > backupkey, dnsserver > > > file > samba-debug-info.txt:----------------------------------------- > ---------------------------------------------------- > > an error occurred while running: > > pi at ry11citsdc:~ $ bash /home/pi/Ry11/samba-collect-debug-info.sh > Please wait, collecting debug info. > ERROR(runtime): uncaught exception - (-1073741606, 'Configuration > information could not be read from the domain controller, > either because > the machine is unavailable or access has been > d enied.') > File "/usr/lib/python2.7/dist-packages/samba/netcmd/__init__.py", > line 176, in _run > return self.run(*args, **kwargs) > File "/usr/lib/python2.7/dist-packages/samba/netcmd/dns.py", line > 812, in run > self.creds = credopts.get_credentials(self.lp) > File "/usr/lib/python2.7/dist-packages/samba/getopt.py", > line 212, in > get_credentials > self.creds.set_machine_account(lp) > The debug info about your system can be found in this file: > /tmp/samba-debug-info.txt > > > Collected config --- 2017-12-13-11:27 ----------- > > Hostname: ry11citsdc > DNS Domain: ry11cit.lan > FQDN: ry11citsdc.ry11cit.lan > ipaddress: 10.44.1.9 > > ----------- > Samba is running as an AD DC > Checking file: /etc/os-release > PRETTY_NAME="Raspbian GNU/Linux 9 (stretch)" > NAME="Raspbian GNU/Linux" > VERSION_ID="9" > VERSION="9 (stretch)" > ID=raspbian > ID_LIKE=debian > HOME_URL="http://www.raspbian.org/" > SUPPORT_URL="http://www.raspbian.org/RaspbianForums" > BUG_REPORT_URL="http://www.raspbian.org/RaspbianBugs" > > ----------- > > Warning, /etc/devuan_version does not exist > > ----------- > running command : ip a > 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN > group default qlen 1 > link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 > inet 127.0.0.1/8 scope host lo > 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast > state UP group default qlen 1000 > link/ether b8:27:eb:9d:64:eb brd ff:ff:ff:ff:ff:ff > inet 10.44.1.9/16 brd 10.44.255.255 scope global eth0 > 3: wlan0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc > pfifo_fast > state DOWN group default qlen 1000 > link/ether b8:27:eb:c8:31:be brd ff:ff:ff:ff:ff:ff > ----------- > Checking file: /etc/hosts > 127.0.0.1 localhost.localdomain localhost > 10.44.1.10 ry11citdc.ry11cit.lan ry11citdc > 10.44.1.9 ry11citsdc.ry11cit.lan ry11citsdc > > ----------- > Checking file: /etc/krb5.conf > [libdefaults] > default_realm = RY11CIT.LAN > dns_lookup_realm = false > dns_lookup_kdc = true > > ----------- > Checking file: /etc/nsswitch.conf > # /etc/nsswitch.conf > # > # Example configuration of GNU Name Service Switch functionality. > # If you have the `glibc-doc-reference' and `info' packages > installed, try: > # `info libc "Name Service Switch"' for information about this file. > > passwd: compat > group: compat > shadow: compat > gshadow: files > > hosts: files mdns4_minimal [NOTFOUND=return] dns > networks: files > > protocols: db files > services: db files > ethers: db files > rpc: db files > > netgroup: nis > > ----------- > Checking file: /etc/samba/smb.conf > # Global parameters > [global] > netbios name = RY11CITSDC > realm = RY11CIT.LAN > server services = -dns > workgroup = RY11CIT > server role = active directory domain controller > > [netlogon] > path = /var/lib/samba/sysvol/ry11cit.lan/scripts > read only = No > > [sysvol] > path = /var/lib/samba/sysvol > read only = No > > ----------- > No username map detected. > > ----------- > Detected bind DLZ enabled.. > Checking file: /etc/bind/named.conf > // This is the primary configuration file for the BIND DNS > server named. > // > // Please read /usr/share/doc/bind9/README.Debian.gz for > information on the > // structure of BIND configuration files in Debian, *BEFORE* > you customize > // this configuration file. > // > // If you are just adding zones, please do that in > /etc/bind/named.conf.local > > include "/etc/bind/named.conf.options"; > include "/etc/bind/named.conf.local"; > include "/etc/bind/named.conf.default-zones"; > include "/var/lib/samba/private/named.conf"; > > ----------- > Checking file: /etc/bind/named.conf.options > options { > directory "/var/cache/bind"; > > // If there is a firewall between you and nameservers you want > // to talk to, you may need to fix the firewall to allow multiple > // ports to talk. See http://www.kb.cert.org/vuls/id/800113 > > // If your ISP provided one or more IP addresses for stable > // nameservers, you probably want to use them as forwarders. > // Uncomment the following block, and insert the > addresses replacing > // the all-0's placeholder. > > // forwarders { > // 0.0.0.0; > // }; > > //===========================================================> ===========> // If BIND logs error messages about the root key being expired, > // you will need to update your keys. See > https://www.isc.org/bind-keys > //===========================================================> ===========> dnssec-validation auto; > > auth-nxdomain no; # conform to RFC1035 > listen-on-v6 { none; }; > tkey-gssapi-keytab "/var/lib/samba/private/dns.keytab"; > }; > > > ----------- > Checking file: /etc/bind/named.conf.local > // > // Do any local configuration here > // > > // Consider adding the 1918 zones here, if they are not used in your > // organization > //include "/etc/bind/zones.rfc1918"; > > > ----------- > Checking file: /etc/bind/named.conf.default-zones > // prime the server with knowledge of the root servers > zone "." { > type hint; > file "/etc/bind/db.root"; > }; > > // be authoritative for the localhost forward and reverse > zones, and for > // broadcast zones as per RFC 1912 > > zone "localhost" { > type master; > file "/etc/bind/db.local"; > }; > > zone "127.in-addr.arpa" { > type master; > file "/etc/bind/db.127"; > }; > > zone "0.in-addr.arpa" { > type master; > file "/etc/bind/db.0"; > }; > > zone "255.in-addr.arpa" { > type master; > file "/etc/bind/db.255"; > }; > > > > ----------- > > Installed packages, running: dpkg -l | egrep > "samba|winbind|krb5|smb|acl|xattr" > ii acl 2.2.52-3 armhf Access control list > utilities > ii krb5-config 2.6 all > Configuration > files for Kerberos Version 5 > ii krb5-user 1.15-1+deb9u1 armhf basic > programs > to authenticate using MIT Kerberos > ii libacl1:armhf 2.2.52-3 armhf Access > control list shared library > ii libgssapi-krb5-2:armhf 1.15-1+deb9u1 armhf > MIT > Kerberos runtime libraries - krb5 GSS-API Mechanism > ii libkrb5-3:armhf 1.15-1+deb9u1 armhf MIT > Kerberos runtime libraries > ii libkrb5support0:armhf 1.15-1+deb9u1 armhf > MIT > Kerberos runtime libraries - Support library > ii libsmbclient:armhf 2:4.5.12+dfsg-2+deb9u1 armhf > shared > library for communication with SMB/CIFS servers > ii libwbclient0:armhf 2:4.5.12+dfsg-2+deb9u1 armhf > Samba > winbind client library > ii python-samba 2:4.5.12+dfsg-2+deb9u1 armhf Python > bindings for Samba > ii samba 2:4.5.12+dfsg-2+deb9u1 armhf SMB/CIFS file, > print, and login server for Unix > ii samba-common 2:4.5.12+dfsg-2+deb9u1 all > common files > used by both the Samba server and client > ii samba-common-bin 2:4.5.12+dfsg-2+deb9u1 armhf Samba > common files used by both the server and the client > ii samba-dsdb-modules 2:4.5.12+dfsg-2+deb9u1 armhf > Samba > Directory Services Database > ii samba-libs:armhf 2:4.5.12+dfsg-2+deb9u1 armhf Samba > core libraries > ii samba-vfs-modules 2:4.5.12+dfsg-2+deb9u1 armhf Samba > Virtual FileSystem plugins > ii smbclient 2:4.5.12+dfsg-2+deb9u1 armhf command-line > SMB/CIFS clients for Unix > ii winbind 2:4.5.12+dfsg-2+deb9u1 armhf service > to resolve > user and group information from Windows NT servers > ----------- > > Thanks Jiri Knotek > > > On 13. 12. 2017 10:52, L.P.H. van Belle via samba wrote: > > Ow and.. > > > > Your hosts files are incorrect. > > Layout should be : > > ip hostname.fqdn hostname > > > > So this should be : > >> 10.44.1.10 ry11citdc.ry11cit.lan ry11citdc > >> 10.44.1.9 ry11citsdc.ry11cit.lan ry11citsdc > > Reboot both servers after the change. > > > > > > Greetz, > > > > Louis > > > > > >> -----Oorspronkelijk bericht----- > >> Van: samba [mailto:samba-bounces at lists.samba.org] Namens > >> L.P.H. van Belle via samba > >> Verzonden: woensdag 13 december 2017 10:41 > >> Aan: samba at lists.samba.org > >> CC: Ji??í Knotek > >> Onderwerp: Re: [Samba] Replication problems bdc to pdc > >> > >> Great you use my script :-) > >> Now we know something is wrong, run this one. > >> > >> https://raw.githubusercontent.com/thctlo/samba4/master/samba-c > > ollect-debug-info.sh > >> And post the content to the list, that helps a lot. > >> > >> Greetz, > >> > >> Louis > >> > >> > >> > >>> -----Oorspronkelijk bericht----- > >>> Van: samba [mailto:samba-bounces at lists.samba.org] Namens > >>> Ji??í Knotek via samba > >>> Verzonden: woensdag 13 december 2017 10:14 > >>> Aan: samba at lists.samba.org > >>> Onderwerp: Re: [Samba] Replication problems bdc to pdc > >>> > >>> Hello Rowland, > >>> > >>> thank you for advice. I reconfigure both AC-DCs again > >>> with new data > >>> and send updated data. Unfortunately, the result is the same. > >>> I'm also > >>> sending a listing from > >>> > >>> samba-setup-checkup.sh. > >>> > >>> * Linux: Raspbian, debian stretch lite > >>> * Samba version 4.5.12-Debian > >>> * DNS: BIND9_DLZ 9.10.x > >>> * Installed packages: ntp ntpdate samba smbclient winbind > >> libcups2 > >>> samba-common cups ldb-tools bind9 bind9utils dnsutils krb5-user > >>> > >>> *root at ry11citdc:/home/pi/Ry11# samba-tool drs replicate ry11citsdc > >>> ry11citdc dc=ry11cit,dc=lan* > >>> Replicate from ry11citdc to ry11citsdc was successful. > >>> > >>> *root at ry11citdc:/home/pi/Ry11# samba-tool drs replicate ry11citdc > >>> ry11citsdc dc=ry11cit,dc=lan* > >>> ERROR(<class 'samba.drs_utils.drsException'>): > >> DsReplicaSync failed - > >>> drsException: DsReplicaSync failed (2, 'WERR_BADFILE') > >>> File > >> "/usr/lib/python2.7/dist-packages/samba/netcmd/drs.py", line > >>> 368, in run > >>> drs_utils.sendDsReplicaSync(server_bind, server_bind_handle, > >>> source_dsa_guid, NC, req_options) > >>> File > >>> "/usr/lib/python2.7/dist-packages/samba/drs_utils.py", line 83, > >>> in sendDsReplicaSync > >>> raise drsException("DsReplicaSync failed %s" % estr) > >>> > >>> > >>> *root at ry11citdc:/home/pi/Ry11# bash samba-setup-checkup.sh* > >>> Check hostnames : Mismatch in hostname definitions > >>> please check : > >>> HOST_NAME_SHORT: ry11citdc > >>> HOST_NAME_DOMAIN: > >>> HOST_NAME_FQDN: ry11citdc > >>> HOST_IP1: 10.44.1.10 > >>> HOST_IP2: Only one interface detected > >>> HOST_GATEWAY: 10.44.1.1 > >>> HOST_PRIMARY_INTERFACE: 10.44.1.1 > >>> eth0 > >>> HOST_RESOLV_DOMAIN: domain ry11cit.lan > >>> HOST_RESOLV_SEARCH: search ry11cit.lan > >>> HOST_RESOLV_NAMESERV1: 10.44.1.10 > >>> HOST_RESOLV_NAMESERV2: 10.44.1.9 > >>> HOST_RESOLV_NAMESERV3: > >>> Possible error detected in /etc/hosts, mismatch FQDN and > >> detected IP > >>> 10.44.1.10 for the host. > >>> expected was : 10.44.1.10 ry11citdc ry11citdc > >>> Checking detected host ipnumbers from resolv.conf and > >> default gateway > >>> Ping gateway ip : 10.44.1.1 : Error > >>> ping nameserver1: 10.44.1.10 : Ok > >>> ping nameserver2: 10.44.1.9 : Ok > >>> Check ping google dns : 8.8.8.8 : Error > >>> Checking file owner.. > >>> -rw-r--r-- pi pi /etc/samba/smb.conf > >>> Checking file owner.. > >>> -rw-r--r-- pi pi /etc/samba/lmhosts > >>> Checking file owner.. > >>> Missing file /etc/samba/smbpasswd > >>> drwxr-xr-x root root /usr/bin > >>> drwxr-xr-x root root /var/cache/samba > >>> drwxr-xr-x root root /usr/lib/arm-linux-gnueabihf > >>> drwxr-xr-x root root /var/run/samba > >>> drwxr-x--- root adm /var/log/samba > >>> drwxr-xr-x root root /usr/lib/arm-linux-gnueabihf/samba > >>> drwxr-xr-x root root /var/run/samba > >>> drwxr-xr-x root root /var/lib/samba/private > >>> drwxr-xr-x root root /usr/sbin > >>> drwxr-xr-x root root /var/lib/samba > >>> DCS 2(SERVFAIL > >>> DC1 2(SERVFAIL > >>> DC2 > >>> ERROR: Invalid IP address '2(SERVFAIL'! > >>> Samba AD DC info: = detected (command and > >> where to look) > >>> This server hostname = ry11citdc (hostname -s and > >> /etc/hosts > >>> and DNS server) > >>> This server FQDN (hostname) = ry11citdc (hostname -f and > >> /etc/hosts > >>> and DNS server) > >>> This server primary dnsdomain = (hostname -d and > >>> /etc/resolv.conf and > >>> DNS server) > >>> This server IP address(ses) = 10.44.1.10 Only one > >>> interface detected > >>> (hostname -i (-I) and /etc/networking/interfaces and DNS server > >>> The DC with FSMO roles = RY11CITDC (samba-tool fsmo show) > >>> The DC (with FSMO) Site name = Default-First-Site-Name > >>> (samba-tool fsmo > >>> show) > >>> The Default Naming Context = DC=ry11cit,DC=lan (samba-tool > >>> fsmo show) > >>> The Kerberos REALM name used = RY11CIT.LAN (kinit and > >>> /etc/krb5.conf > >>> and resolving) > >>> The Ipadres of DC 2(SERVFAIL = 2(SERVFAIL) > >>> SAMBA_SERVER_ROLE: active directory domain controller > >>> SAMBA_SERVER_SERVICES: s3fs, rpc, nbt, wrepl, ldap, cldap, > >>> kdc, drepl, > >>> winbindd, ntp_signd, kcc, dnsupdate > >>> SAMBA_DCERPC_ENDPOINT_SERVERS: epmapper, wkssvc, rpcecho, samr, > >>> netlogon, lsarpc, drsuapi, dssetup, unixinfo, browser, eventlog6, > >>> backupkey, dnsserver > >>> > >>> > >>> *I did not come to the way the hostname -d command would > return the > >>> domain name. How can I do that? In addition, there are > >> host, lmhost, > >>> resolv.conf, and so on** > >>> * > >>> > >>> Please help, I don 't know the advice. > >>> > >>> System integrator Ji??í Knotek > >>> > >>> > >>> "Primary" Active Directory Domain > >>> Controler:---------------------------------------------------- > >>> ----------------------------------------------- > >>> > >>> -------------------------------------------------------------- > >>> -------------------------------------------------------------- > >>> ------------------------- > >>> > >>> > >>> hostname:----------------- > >>> ry11citdc.ry11cit.lan > >>> > >>> hosts:--------------- > >>> 127.0.0.1 localhost localhost.localdomain > >>> 10.44.1.10 ry11citdc ry11citdc.ry11cit.lan > >>> 10.44.1.9 ry11citsdc ry11citsdc.ry11cit.lan > >>> > >>> resolv.conf.head:------------------- > >>> domain ry11cit.lan > >>> search ry11cit.lan > >>> > >>> systemctl.conf"-------------------- > >>> net.ipv4.ip_forward=1 > >>> net.ipv6.conf.all.disable_ipv6=1 > >>> > >>> > >>> > >>> krb5.conf:------------ > >>> > >>> [libdefaults] > >>> default_realm = RY11CIT.LAN > >>> dns_lookup_realm = false > >>> dns_lookup_kdc = true > >>> > >>> named.conf:------------------------ > >>> > >>> include "/etc/bind/named.conf.options"; > >>> include "/etc/bind/named.conf.local"; > >>> include "/etc/bind/named.conf.default-zones"; > >>> include "/var/lib/samba/private/named.conf"; > >>> > >>> named.conf.options:----------------------- > >>> > >>> options { > >>> directory "/var/cache/bind"; > >>> > >>> dnssec-validation auto; > >>> > >>> auth-nxdomain no; # conform to RFC1035 > >>> listen-on-v6 { none; }; > >>> tkey-gssapi-keytab "/var/lib/samba/private/dns.keytab"; > >>> }; > >>> > >>> lmhost:-------------------------- > >>> 127.0.0.1 localhost > >>> 10.44.1.10 ry11citdc > >>> 10.44.1.9 ry11citsdc > >>> > >>> smb.conf:------------------------------ > >>> > >>> # Global parameters > >>> [global] > >>> netbios name = RY11CITDC > >>> realm = RY11CIT.LAN > >>> server services = -dns > >>> workgroup = RY11CIT > >>> server role = active directory domain controller > >>> > >>> [netlogon] > >>> path = /var/lib/samba/sysvol/ry11cit.lan/scripts > >>> read only = No > >>> > >>> [sysvol] > >>> path = /var/lib/samba/sysvol > >>> read only = No > >>> > >>> Samba Provision---------------: > >>> > >>> samba-tool domain provision --realm=RY11CIT.LAN > >> --domain=RY11CIT > >>> --server-role=dc --dns-backend=BIND9_DLZ --adminpass='.....' > >>> > >>> "Backup / Standby" Active Directory Domain > >>> Controler:---------------------------------------------------- > >>> ----------------------------------------------- > >>> > >>> > >>> -------------------------------------------------------------- > >>> -------------------------------------------------------------- > >>> ------------------------- > >>> > >>> > >>> hostname:----------------- > >>> ry11citsdc.ry11cit.lan > >>> > >>> hosts:--------------- > >>> 127.0.0.1 localhost localhost.localdomain > >>> 10.44.1.10 ry11citdc ry11citdc.ry11cit.lan > >>> 10.44.1.9 ry11citsdc ry11citsdc.ry11cit.lan > >>> > >>> resolv.conf.head:------------------- > >>> domain ry11cit.lan > >>> search ry11cit.lan > >>> > >>> systemctl.conf"-------------------- > >>> net.ipv4.ip_forward=1 > >>> net.ipv6.conf.all.disable_ipv6=1 > >>> > >>> > >>> > >>> krb5.conf:------------ > >>> > >>> [libdefaults] > >>> default_realm = RY11CIT.LAN > >>> dns_lookup_realm = false > >>> dns_lookup_kdc = true > >>> > >>> named.conf:------------------------ > >>> > >>> include "/etc/bind/named.conf.options"; > >>> include "/etc/bind/named.conf.local"; > >>> include "/etc/bind/named.conf.default-zones"; > >>> include "/var/lib/samba/private/named.conf"; > >>> > >>> named.conf.options:----------------------- > >>> > >>> options { > >>> directory "/var/cache/bind"; > >>> > >>> dnssec-validation auto; > >>> > >>> auth-nxdomain no; # conform to RFC1035 > >>> listen-on-v6 { none; }; > >>> tkey-gssapi-keytab "/var/lib/samba/private/dns.keytab"; > >>> }; > >>> > >>> lmhost:-------------------------- > >>> 127.0.0.1 localhost > >>> 10.44.1.10 ry11citdc > >>> 10.44.1.9 ry11citsdc > >>> > >>> smb.conf:------------------------------ > >>> > >>> # Global parameters > >>> [global] > >>> netbios name = RY11CITSDC > >>> realm = RY11CIT.LAN > >>> server services = -dns > >>> workgroup = RY11CIT > >>> server role = active directory domain controller > >>> > >>> [netlogon] > >>> path = /var/lib/samba/sysvol/ry11cit.lan/scripts > >>> read only = No > >>> > >>> [sysvol] > >>> path = /var/lib/samba/sysvol > >>> read only = No > >>> > >>> Samba join---------------: > >>> > >>> samba-tool domain join RY11CIT DC -Uadministrator > >>> --realm=RY11CIT.LAN --dns-backend=BIND9_DLZ --adminpass='.....' > >>> > >>> > >>> Thanks Jiri Knotek > >>> > >>> > >>> -- > >>> To unsubscribe from this list go to the following URL and read the > >>> instructions: https://lists.samba.org/mailman/options/samba > >>> > >>> > >> > >> -- > >> To unsubscribe from this list go to the following URL and read the > >> instructions: https://lists.samba.org/mailman/options/samba > >> > >> > > > > -- > > *Ing. Ji??í Knotek* > programátor > > *GEMA s.r.o. Automatizace technologických proces??* > > Doubravice 13, Pardubice 19, 53353 > Tel: +420604570127 > E-mail: jiri.knotek at gemapce.cz <mailto:jiri.knotek at gemapce.cz> > Web:www.gemapce.cz <http://www.gemapce.cz/> > > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba > >
Hello Rowland,
See inline comments:
If I did not make a mistake somewhere, it's even worse. Additionally,
replication does not work ry11citdc to ry11citsdc executed from ry11citdc:
---------------------------------------------------------------------------------------------------------------
root at ry11citdc:~# samba-tool drs replicate ry11citsdc ry11citdc
dc=ry11cit,dc=lan
ERROR(<class 'samba.drs_utils.drsException'>): DRS connection to
ry11citsdc failed - drsException: DRS connection to ry11citsdc failed:
(-1073741643, '{Device Timeout} The specified I/O operation on %hs was not
completed before the time-out period expired.')
File "/usr/lib/python2.7/dist-packages/samba/netcmd/drs.py", line
41, in drsuapi_connect
(ctx.drsuapi, ctx.drsuapi_handle, ctx.bind_supported_extensions) =
drs_utils.drsuapi_connect(ctx.server, ctx.lp, ctx.creds)
File "/usr/lib/python2.7/dist-packages/samba/drs_utils.py", line
54, in drsuapi_connect
raise drsException("DRS connection to %s failed: %s" % (server,
e))
----------------------------------------------------------------------------------------------------------------
root at ry11citdc:~# bash /home/pi/Ry11/samba-setup-checkup.sh
/home/pi/Ry11/samba-setup-checkup.sh: line 134: HOST_: command not found
Check hostnames : Ok
Checking detected host ipnumbers from resolv.conf and default gateway
Ping gateway ip : 10.44.1.1 : Error
Warning, no ping to gateway, this might be firewalled.
check you internet connection, AD DNS might need it.
ping nameserver1: 10.44.1.10 : Ok
Check ping google dns : 8.8.8.8 : Error
Warning, no ping to internet dns 8.8.8.8, this might be firewalled.
Check you internet connection, AD DNS might need it.
Checking file owner..
-rw-r--r-- pi pi /etc/samba/smb.conf
Checking file owner..
Missing file /etc/samba/lmhosts
Checking file owner..
Missing file /etc/samba/smbpasswd
drwxr-xr-x root root /usr/bin
drwxr-xr-x root root /var/cache/samba
drwxr-xr-x root root /usr/lib/arm-linux-gnueabihf
drwxr-xr-x root root /var/run/samba
drwxr-x--- root adm /var/log/samba
drwxr-xr-x root root /usr/lib/arm-linux-gnueabihf/samba
drwxr-xr-x root root /var/run/samba
drwxr-xr-x root root /var/lib/samba/private
drwxr-xr-x root root /usr/sbin
drwxr-xr-x root root /var/lib/samba
DCS ry11citdc.ry11cit.lan
DC1 ry11citdc.ry11cit.lan
DC2
Samba AD DC info: = detected (command and where to look)
This server hostname = ry11citdc (hostname -s and /etc/hosts and DNS
server)
This server FQDN (hostname) = ry11citdc.ry11cit.lan (hostname -f and
/etc/hosts and DNS server)
This server primary dnsdomain = ry11cit.lan (hostname -d and /etc/resolv.conf
and DNS server)
This server IP address(ses) = 10.44.1.10 Only one interface detected
(hostname -i (-I) and /etc/networking/interfaces and DNS server
The DC with FSMO roles = RY11CITDC (samba-tool fsmo show)
The DC (with FSMO) Site name = Default-First-Site-Name (samba-tool fsmo show)
The Default Naming Context = DC=ry11cit,DC=lan (samba-tool fsmo show)
The Kerberos REALM name used = RY11CIT.LAN (kinit and /etc/krb5.conf and
resolving)
The Ipadres of DC ry11citdc.ry11cit.lan = 10.44.1.10
SAMBA_SERVER_ROLE: active directory domain controller
SAMBA_SERVER_SERVICES: s3fs, rpc, nbt, wrepl, ldap, cldap, kdc, drepl, winbindd,
ntp_signd, kcc, dnsupdate
SAMBA_DCERPC_ENDPOINT_SERVERS: epmapper, wkssvc, rpcecho, samr, netlogon,
lsarpc, drsuapi, dssetup, unixinfo, browser, eventlog6, backupkey, dnsserver
----------------------------------------------------------------------------------------------------------------------
Collected config --- 2017-12-13-15:16 -----------
Hostname: ry11citdc
DNS Domain: ry11cit.lan
FQDN: ry11citdc.ry11cit.lan
ipaddress: 10.44.1.10
-----------
Samba is running as an AD DC
Checking file: /etc/os-release
PRETTY_NAME="Raspbian GNU/Linux 9 (stretch)"
NAME="Raspbian GNU/Linux"
VERSION_ID="9"
VERSION="9 (stretch)"
ID=raspbian
ID_LIKE=debian
HOME_URL="http://www.raspbian.org/"
SUPPORT_URL="http://www.raspbian.org/RaspbianForums"
BUG_REPORT_URL="http://www.raspbian.org/RaspbianBugs"
-----------
Warning, /etc/devuan_version does not exist
-----------
running command : ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group
default qlen 1
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state
UP group default qlen 1000
link/ether b8:27:eb:69:ac:e4 brd ff:ff:ff:ff:ff:ff
inet 10.44.1.10/16 brd 10.44.255.255 scope global eth0
-----------
Checking file: /etc/hosts
127.0.0.1 localhost
10.44.1.10 ry11citdc.ry11cit.lan ry11citdc
-----------
Checking file: /etc/krb5.conf
[libdefaults]
default_realm = RY11CIT.LAN
dns_lookup_realm = false
dns_lookup_kdc = true
-----------
Checking file: /etc/nsswitch.conf
# /etc/nsswitch.conf
#
# Example configuration of GNU Name Service Switch functionality.
# If you have the `glibc-doc-reference' and `info' packages installed,
try:
# `info libc "Name Service Switch"' for information about this
file.
passwd: compat winbind
group: compat winbind
shadow: compat
gshadow: files
hosts: files dns mdns4_minimal [NOTFOUND=return]
networks: files
protocols: db files
services: db files
ethers: db files
rpc: db files
netgroup: nis
-----------
Checking file: /etc/samba/smb.conf
# Global parameters
[global]
netbios name = RY11CITDC
realm = RY11CIT.LAN
server services = -dns
workgroup = RY11CIT
server role = active directory domain controller
[netlogon]
path = /var/lib/samba/sysvol/ry11cit.lan/scripts
read only = No
[sysvol]
path = /var/lib/samba/sysvol
read only = No
-----------
No username map detected.
-----------
Detected bind DLZ enabled..
Checking file: /etc/bind/named.conf
// This is the primary configuration file for the BIND DNS server named.
//
// Please read /usr/share/doc/bind9/README.Debian.gz for information on the
// structure of BIND configuration files in Debian, *BEFORE* you customize
// this configuration file.
//
// If you are just adding zones, please do that in /etc/bind/named.conf.local
include "/etc/bind/named.conf.options";
include "/etc/bind/named.conf.local";
include "/etc/bind/named.conf.default-zones";
include "/var/lib/samba/private/named.conf";
-----------
Checking file: /etc/bind/named.conf.options
options {
directory "/var/cache/bind";
// If there is a firewall between you and nameservers you want
// to talk to, you may need to fix the firewall to allow multiple
// ports to talk. See http://www.kb.cert.org/vuls/id/800113
// If your ISP provided one or more IP addresses for stable
// nameservers, you probably want to use them as forwarders.
// Uncomment the following block, and insert the addresses replacing
// the all-0's placeholder.
// forwarders {
// 0.0.0.0;
// };
//=======================================================================
// If BIND logs error messages about the root key being expired,
// you will need to update your keys. See https://www.isc.org/bind-keys
//=======================================================================
dnssec-validation auto;
auth-nxdomain no; # conform to RFC1035
listen-on-v6 { none; };
tkey-gssapi-keytab "/var/lib/samba/private/dns.keytab";
};
-----------
Checking file: /etc/bind/named.conf.local
//
// Do any local configuration here
//
// Consider adding the 1918 zones here, if they are not used in your
// organization
//include "/etc/bind/zones.rfc1918";
-----------
Checking file: /etc/bind/named.conf.default-zones
// prime the server with knowledge of the root servers
zone "." {
type hint;
file "/etc/bind/db.root";
};
// be authoritative for the localhost forward and reverse zones, and for
// broadcast zones as per RFC 1912
zone "localhost" {
type master;
file "/etc/bind/db.local";
};
zone "127.in-addr.arpa" {
type master;
file "/etc/bind/db.127";
};
zone "0.in-addr.arpa" {
type master;
file "/etc/bind/db.0";
};
zone "255.in-addr.arpa" {
type master;
file "/etc/bind/db.255";
};
-----------
Installed packages, running: dpkg -l | egrep
"samba|winbind|krb5|smb|acl|xattr"
ii acl 2.2.52-3 armhf
Access control list utilities
ii krb5-config 2.6 all
Configuration files for Kerberos Version 5
ii krb5-user 1.15-1+deb9u1 armhf
basic programs to authenticate using MIT Kerberos
ii libacl1:armhf 2.2.52-3 armhf
Access control list shared library
ii libgssapi-krb5-2:armhf 1.15-1+deb9u1 armhf
MIT Kerberos runtime libraries - krb5 GSS-API Mechanism
ii libkrb5-3:armhf 1.15-1+deb9u1 armhf
MIT Kerberos runtime libraries
ii libkrb5support0:armhf 1.15-1+deb9u1 armhf
MIT Kerberos runtime libraries - Support library
ii libsmbclient:armhf 2:4.5.12+dfsg-2+deb9u1 armhf
shared library for communication with SMB/CIFS servers
ii libwbclient0:armhf 2:4.5.12+dfsg-2+deb9u1 armhf
Samba winbind client library
ii python-samba 2:4.5.12+dfsg-2+deb9u1 armhf
Python bindings for Samba
ii samba 2:4.5.12+dfsg-2+deb9u1 armhf
SMB/CIFS file, print, and login server for Unix
ii samba-common 2:4.5.12+dfsg-2+deb9u1 all
common files used by both the Samba server and client
ii samba-common-bin 2:4.5.12+dfsg-2+deb9u1 armhf
Samba common files used by both the server and the client
ii samba-dsdb-modules 2:4.5.12+dfsg-2+deb9u1 armhf
Samba Directory Services Database
ii samba-libs:armhf 2:4.5.12+dfsg-2+deb9u1 armhf
Samba core libraries
ii samba-vfs-modules 2:4.5.12+dfsg-2+deb9u1 armhf
Samba Virtual FileSystem plugins
ii smbclient 2:4.5.12+dfsg-2+deb9u1 armhf
command-line SMB/CIFS clients for Unix
ii winbind 2:4.5.12+dfsg-2+deb9u1 armhf
service to resolve user and group information from Windows NT servers
-----------
RY11CITSDC:
---------------------------------------------------------------------------------------------------------------------
--------------------------------------------------------------------------------------------------------------------------
root at ry11citsdc:~# samba-tool drs replicate ry11citdc ry11citsdc
dc=ry11cit,dc=lan
ERROR(<class 'samba.drs_utils.drsException'>): DsReplicaSync
failed - drsException: DsReplicaSync failed (2, 'WERR_BADFILE')
File "/usr/lib/python2.7/dist-packages/samba/netcmd/drs.py", line
368, in run
drs_utils.sendDsReplicaSync(server_bind, server_bind_handle,
source_dsa_guid, NC, req_options)
File "/usr/lib/python2.7/dist-packages/samba/drs_utils.py", line
83, in sendDsReplicaSync
raise drsException("DsReplicaSync failed %s" % estr)
-------------------------------------------------------------------------------------------------------------------
root at ry11citsdc:~# bash /home/pi/Ry11/samba-setup-checkup.sh
/home/pi/Ry11/samba-setup-checkup.sh: line 134: HOST_: command not found
Check hostnames : Ok
Checking detected host ipnumbers from resolv.conf and default gateway
Ping gateway ip : 10.44.1.1 : Error
Warning, no ping to gateway, this might be firewalled.
check you internet connection, AD DNS might need it.
ping nameserver1: 10.44.1.9 : Ok
Check ping google dns : 8.8.8.8 : Error
Warning, no ping to internet dns 8.8.8.8, this might be firewalled.
Check you internet connection, AD DNS might need it.
Checking file owner..
-rw-r--r-- pi pi /etc/samba/smb.conf
Checking file owner..
Missing file /etc/samba/lmhosts
Checking file owner..
Missing file /etc/samba/smbpasswd
drwxr-xr-x root root /usr/bin
drwxr-xr-x root root /var/cache/samba
drwxr-xr-x root root /usr/lib/arm-linux-gnueabihf
drwxr-xr-x root root /var/run/samba
drwxr-x--- root adm /var/log/samba
drwxr-xr-x root root /usr/lib/arm-linux-gnueabihf/samba
drwxr-xr-x root root /var/run/samba
drwxr-xr-x root root /var/lib/samba/private
drwxr-xr-x root root /usr/sbin
drwxr-xr-x root root /var/lib/samba
DCS ry11citsdc.ry11cit.lan
ry11citdc.ry11cit.lan
DC1 ry11citsdc.ry11cit.lan
DC2 ry11citdc.ry11cit.lan
Samba AD DC info: = detected (command and where to look)
This server hostname = ry11citsdc (hostname -s and /etc/hosts and DNS
server)
This server FQDN (hostname) = ry11citsdc.ry11cit.lan (hostname -f and
/etc/hosts and DNS server)
This server primary dnsdomain = ry11cit.lan (hostname -d and /etc/resolv.conf
and DNS server)
This server IP address(ses) = 10.44.1.9 Only one interface detected (hostname
-i (-I) and /etc/networking/interfaces and DNS server
The DC with FSMO roles = RY11CITDC (samba-tool fsmo show)
The DC (with FSMO) Site name = Default-First-Site-Name (samba-tool fsmo show)
The Default Naming Context = DC=ry11cit,DC=lan (samba-tool fsmo show)
The Kerberos REALM name used = RY11CIT.LAN (kinit and /etc/krb5.conf and
resolving)
The Ipadres of DC ry11citsdc.ry11cit.lan = 10.44.1.9
The Ipadres of DC ry11citdc.ry11cit.lan = 10.44.1.10
SAMBA_SERVER_ROLE: active directory domain controller
SAMBA_SERVER_SERVICES: s3fs, rpc, nbt, wrepl, ldap, cldap, kdc, drepl, winbindd,
ntp_signd, kcc, dnsupdate
SAMBA_DCERPC_ENDPOINT_SERVERS: epmapper, wkssvc, rpcecho, samr, netlogon,
lsarpc, drsuapi, dssetup, unixinfo, browser, eventlog6, backupkey, dnsserver
-----------------------------------------------------------------------------------------------------------------------
Collected config --- 2017-12-13-15:22 -----------
Hostname: ry11citsdc
DNS Domain: ry11cit.lan
FQDN: ry11citsdc.ry11cit.lan
ipaddress: 10.44.1.9
-----------
Samba is running as an AD DC
Checking file: /etc/os-release
PRETTY_NAME="Raspbian GNU/Linux 9 (stretch)"
NAME="Raspbian GNU/Linux"
VERSION_ID="9"
VERSION="9 (stretch)"
ID=raspbian
ID_LIKE=debian
HOME_URL="http://www.raspbian.org/"
SUPPORT_URL="http://www.raspbian.org/RaspbianForums"
BUG_REPORT_URL="http://www.raspbian.org/RaspbianBugs"
-----------
Warning, /etc/devuan_version does not exist
-----------
running command : ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group
default qlen 1
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state
UP group default qlen 1000
link/ether b8:27:eb:9d:64:eb brd ff:ff:ff:ff:ff:ff
inet 10.44.1.9/16 brd 10.44.255.255 scope global eth0
3: wlan0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast
state DOWN group default qlen 1000
link/ether b8:27:eb:c8:31:be brd ff:ff:ff:ff:ff:ff
-----------
Checking file: /etc/hosts
127.0.0.1 localhost
10.44.1.9 ry11citsdc.ry11cit.lan ry11citsdc
-----------
Checking file: /etc/krb5.conf
[libdefaults]
default_realm = RY11CIT.LAN
dns_lookup_realm = false
dns_lookup_kdc = true
-----------
Checking file: /etc/nsswitch.conf
# /etc/nsswitch.conf
#
# Example configuration of GNU Name Service Switch functionality.
# If you have the `glibc-doc-reference' and `info' packages installed,
try:
# `info libc "Name Service Switch"' for information about this
file.
passwd: compat winbind
group: compat winbind
shadow: compat
gshadow: files
hosts: files dns mdns4_minimal [NOTFOUND=return]
networks: files
protocols: db files
services: db files
ethers: db files
rpc: db files
netgroup: nis
-----------
Checking file: /etc/samba/smb.conf
# Global parameters
[global]
netbios name = RY11CITSDC
realm = RY11CIT.LAN
server services = -dns
workgroup = RY11CIT
server role = active directory domain controller
[netlogon]
path = /var/lib/samba/sysvol/ry11cit.lan/scripts
read only = No
[sysvol]
path = /var/lib/samba/sysvol
read only = No
-----------
No username map detected.
-----------
Detected bind DLZ enabled..
Checking file: /etc/bind/named.conf
// This is the primary configuration file for the BIND DNS server named.
//
// Please read /usr/share/doc/bind9/README.Debian.gz for information on the
// structure of BIND configuration files in Debian, *BEFORE* you customize
// this configuration file.
//
// If you are just adding zones, please do that in /etc/bind/named.conf.local
include "/etc/bind/named.conf.options";
include "/etc/bind/named.conf.local";
include "/etc/bind/named.conf.default-zones";
include "/var/lib/samba/private/named.conf";
-----------
Checking file: /etc/bind/named.conf.options
options {
directory "/var/cache/bind";
// If there is a firewall between you and nameservers you want
// to talk to, you may need to fix the firewall to allow multiple
// ports to talk. See http://www.kb.cert.org/vuls/id/800113
// If your ISP provided one or more IP addresses for stable
// nameservers, you probably want to use them as forwarders.
// Uncomment the following block, and insert the addresses replacing
// the all-0's placeholder.
// forwarders {
// 0.0.0.0;
// };
//=======================================================================
// If BIND logs error messages about the root key being expired,
// you will need to update your keys. See https://www.isc.org/bind-keys
//=======================================================================
dnssec-validation auto;
auth-nxdomain no; # conform to RFC1035
listen-on-v6 { none; };
tkey-gssapi-keytab "/var/lib/samba/private/dns.keytab";
};
-----------
Checking file: /etc/bind/named.conf.local
//
// Do any local configuration here
//
// Consider adding the 1918 zones here, if they are not used in your
// organization
//include "/etc/bind/zones.rfc1918";
-----------
Checking file: /etc/bind/named.conf.default-zones
// prime the server with knowledge of the root servers
zone "." {
type hint;
file "/etc/bind/db.root";
};
// be authoritative for the localhost forward and reverse zones, and for
// broadcast zones as per RFC 1912
zone "localhost" {
type master;
file "/etc/bind/db.local";
};
zone "127.in-addr.arpa" {
type master;
file "/etc/bind/db.127";
};
zone "0.in-addr.arpa" {
type master;
file "/etc/bind/db.0";
};
zone "255.in-addr.arpa" {
type master;
file "/etc/bind/db.255";
};
-----------
Installed packages, running: dpkg -l | egrep
"samba|winbind|krb5|smb|acl|xattr"
ii acl 2.2.52-3 armhf
Access control list utilities
ii krb5-config 2.6 all
Configuration files for Kerberos Version 5
ii krb5-user 1.15-1+deb9u1 armhf
basic programs to authenticate using MIT Kerberos
ii libacl1:armhf 2.2.52-3 armhf
Access control list shared library
ii libgssapi-krb5-2:armhf 1.15-1+deb9u1 armhf
MIT Kerberos runtime libraries - krb5 GSS-API Mechanism
ii libkrb5-3:armhf 1.15-1+deb9u1 armhf
MIT Kerberos runtime libraries
ii libkrb5support0:armhf 1.15-1+deb9u1 armhf
MIT Kerberos runtime libraries - Support library
ii libsmbclient:armhf 2:4.5.12+dfsg-2+deb9u1 armhf
shared library for communication with SMB/CIFS servers
ii libwbclient0:armhf 2:4.5.12+dfsg-2+deb9u1 armhf
Samba winbind client library
ii python-samba 2:4.5.12+dfsg-2+deb9u1 armhf
Python bindings for Samba
ii samba 2:4.5.12+dfsg-2+deb9u1 armhf
SMB/CIFS file, print, and login server for Unix
ii samba-common 2:4.5.12+dfsg-2+deb9u1 all
common files used by both the Samba server and client
ii samba-common-bin 2:4.5.12+dfsg-2+deb9u1 armhf
Samba common files used by both the server and the client
ii samba-dsdb-modules 2:4.5.12+dfsg-2+deb9u1 armhf
Samba Directory Services Database
ii samba-libs:armhf 2:4.5.12+dfsg-2+deb9u1 armhf
Samba core libraries
ii samba-vfs-modules 2:4.5.12+dfsg-2+deb9u1 armhf
Samba Virtual FileSystem plugins
ii smbclient 2:4.5.12+dfsg-2+deb9u1 armhf
command-line SMB/CIFS clients for Unix
ii winbind 2:4.5.12+dfsg-2+deb9u1 armhf
service to resolve user and group information from Windows NT servers
-----------
On 13. 12. 2017 11:00, Rowland Penny via samba wrote:> See inline comments:
>
> On Wed, 13 Dec 2017 10:13:52 +0100
> Jiří Knotek via samba <samba at lists.samba.org> wrote:
>
>> Hello Rowland,
>>
>> thank you for advice. I reconfigure both AC-DCs again with new
>> data and send updated data. Unfortunately, the result is the same.
>> I'm also sending a listing from
>>
>> samba-setup-checkup.sh.
>>
>> * Linux: Raspbian, debian stretch lite
>> * Samba version 4.5.12-Debian
>> * DNS: BIND9_DLZ 9.10.x
>> * Installed packages: ntp ntpdate samba smbclient winbind libcups2
>> samba-common cups ldb-tools bind9 bind9utils dnsutils krb5-user
>>
>> *root at ry11citdc:/home/pi/Ry11# samba-tool drs replicate ry11citsdc
>> ry11citdc dc=ry11cit,dc=lan*
>> Replicate from ry11citdc to ry11citsdc was successful.
>>
>> *root at ry11citdc:/home/pi/Ry11# samba-tool drs replicate ry11citdc
>> ry11citsdc dc=ry11cit,dc=lan*
>> ERROR(<class 'samba.drs_utils.drsException'>):
DsReplicaSync failed -
>> drsException: DsReplicaSync failed (2, 'WERR_BADFILE')
>> File
"/usr/lib/python2.7/dist-packages/samba/netcmd/drs.py", line
>> 368, in run
>> drs_utils.sendDsReplicaSync(server_bind, server_bind_handle,
>> source_dsa_guid, NC, req_options)
>> File
"/usr/lib/python2.7/dist-packages/samba/drs_utils.py", line
>> 83, in sendDsReplicaSync
>> raise drsException("DsReplicaSync failed %s" % estr)
>>
>>
>> *root at ry11citdc:/home/pi/Ry11# bash samba-setup-checkup.sh*
>> Check hostnames : Mismatch in hostname definitions
>> please check :
>> HOST_NAME_SHORT: ry11citdc
>> HOST_NAME_DOMAIN:
>> HOST_NAME_FQDN: ry11citdc
>> HOST_IP1: 10.44.1.10
>> HOST_IP2: Only one interface detected
>> HOST_GATEWAY: 10.44.1.1
>> HOST_PRIMARY_INTERFACE: 10.44.1.1
>> eth0
>> HOST_RESOLV_DOMAIN: domain ry11cit.lan
>> HOST_RESOLV_SEARCH: search ry11cit.lan
>> HOST_RESOLV_NAMESERV1: 10.44.1.10
>> HOST_RESOLV_NAMESERV2: 10.44.1.9
>> HOST_RESOLV_NAMESERV3:
>> Possible error detected in /etc/hosts, mismatch FQDN and detected IP
>> 10.44.1.10 for the host.
>> expected was : 10.44.1.10 ry11citdc ry11citdc
>> Checking detected host ipnumbers from resolv.conf and default gateway
>> Ping gateway ip : 10.44.1.1 : Error
>> ping nameserver1: 10.44.1.10 : Ok
>> ping nameserver2: 10.44.1.9 : Ok
>> Check ping google dns : 8.8.8.8 : Error
>> Checking file owner..
>> -rw-r--r-- pi pi /etc/samba/smb.conf
>> Checking file owner..
>> -rw-r--r-- pi pi /etc/samba/lmhosts
>> Checking file owner..
>> Missing file /etc/samba/smbpasswd
>> drwxr-xr-x root root /usr/bin
>> drwxr-xr-x root root /var/cache/samba
>> drwxr-xr-x root root /usr/lib/arm-linux-gnueabihf
>> drwxr-xr-x root root /var/run/samba
>> drwxr-x--- root adm /var/log/samba
>> drwxr-xr-x root root /usr/lib/arm-linux-gnueabihf/samba
>> drwxr-xr-x root root /var/run/samba
>> drwxr-xr-x root root /var/lib/samba/private
>> drwxr-xr-x root root /usr/sbin
>> drwxr-xr-x root root /var/lib/samba
>> DCS 2(SERVFAIL
>> DC1 2(SERVFAIL
>> DC2
>> ERROR: Invalid IP address '2(SERVFAIL'!
>> Samba AD DC info: = detected (command and where to look)
>> This server hostname = ry11citdc (hostname -s and /etc/hosts
>> and DNS server)
>> This server FQDN (hostname) = ry11citdc (hostname -f and /etc/hosts
>> and DNS server)
>> This server primary dnsdomain = (hostname -d and /etc/resolv.conf
>> and DNS server)
>> This server IP address(ses) = 10.44.1.10 Only one interface
>> detected (hostname -i (-I) and /etc/networking/interfaces and DNS
>> server The DC with FSMO roles = RY11CITDC (samba-tool fsmo
>> show) The DC (with FSMO) Site name = Default-First-Site-Name
>> (samba-tool fsmo show)
>> The Default Naming Context = DC=ry11cit,DC=lan (samba-tool fsmo
>> show) The Kerberos REALM name used = RY11CIT.LAN (kinit
>> and /etc/krb5.conf and resolving)
>> The Ipadres of DC 2(SERVFAIL = 2(SERVFAIL)
>> SAMBA_SERVER_ROLE: active directory domain controller
>> SAMBA_SERVER_SERVICES: s3fs, rpc, nbt, wrepl, ldap, cldap, kdc,
>> drepl, winbindd, ntp_signd, kcc, dnsupdate
>> SAMBA_DCERPC_ENDPOINT_SERVERS: epmapper, wkssvc, rpcecho, samr,
>> netlogon, lsarpc, drsuapi, dssetup, unixinfo, browser, eventlog6,
>> backupkey, dnsserver
>>
>>
>> *I did not come to the way the hostname -d command would return the
>> domain name. How can I do that? In addition, there are host, lmhost,
>> resolv.conf, and so on**
>> *
>>
>> Please help, I don 't know the advice.
>>
>> System integrator Jiří Knotek
>>
>>
>> "Primary" Active Directory Domain
>>
Controler:---------------------------------------------------------------------------------------------------
>>
>>
-----------------------------------------------------------------------------------------------------------------------------------------------------
>>
>>
>> hostname:-----------------
>> ry11citdc.ry11cit.lan
> This should be just the short hostname
> In this case 'ry11citdc'
somewhere I've seen this, but of course I'll fix
it>
>> hosts:---------------
>> 127.0.0.1 localhost localhost.localdomain
>> 10.44.1.10 ry11citdc ry11citdc.ry11cit.lan
>> 10.44.1.9 ry11citsdc ry11citsdc.ry11cit.lan
> This should be:
>
> 127.0.0.1 localhost
> 10.44.1.10 ry11citdc.ry11cit.lan ry11citdc
OK>
>> resolv.conf.head:-------------------
>> domain ry11cit.lan
>> search ry11cit.lan
> What is 'resolv.conf.head' ?
> Do you have the resolvconf package installed ?
> if so, remove it and the create an /etc/resolv.conf file with this
> content:
>
> search ry11cit.lan
> nameserver 10.44.1.10
resolv.conf.head is for manual records to withstand restart.
resolv.conf is compiled by the program resolvconf , nameserver is from
dhcpcd.conf, see the generated file resolv.conf:
# Generated by resolvconf
domain ry11cit.lan
search ry11cit.lan
nameserver 10.44.1.10
nameserver 10.44.1.9
OK, i will change
>
>> systemctl.conf"--------------------
>> net.ipv4.ip_forward=1
>> net.ipv6.conf.all.disable_ipv6=1
>>
>>
>>
>> krb5.conf:------------
>>
>> [libdefaults]
>> default_realm = RY11CIT.LAN
>> dns_lookup_realm = false
>> dns_lookup_kdc = true
>>
>> named.conf:------------------------
>>
>> include "/etc/bind/named.conf.options";
>> include "/etc/bind/named.conf.local";
>> include "/etc/bind/named.conf.default-zones";
>> include "/var/lib/samba/private/named.conf";
>>
>> named.conf.options:-----------------------
>>
>> options {
>> directory "/var/cache/bind";
>>
>> dnssec-validation auto;
>>
>> auth-nxdomain no; # conform to RFC1035
>> listen-on-v6 { none; };
>> tkey-gssapi-keytab "/var/lib/samba/private/dns.keytab";
>> };
>>
>> lmhost:--------------------------
>> 127.0.0.1 localhost
>> 10.44.1.10 ry11citdc
>> 10.44.1.9 ry11citsdc
>>
> not required
I placed it for warning v samba-setup-checkup.sh
>
>> smb.conf:------------------------------
>>
>> # Global parameters
>> [global]
>> netbios name = RY11CITDC
>> realm = RY11CIT.LAN
>> server services = -dns
>> workgroup = RY11CIT
>> server role = active directory domain controller
>>
>> [netlogon]
>> path = /var/lib/samba/sysvol/ry11cit.lan/scripts
>> read only = No
>>
>> [sysvol]
>> path = /var/lib/samba/sysvol
>> read only = No
>>
>> Samba Provision---------------:
>>
>> samba-tool domain provision --realm=RY11CIT.LAN --domain=RY11CIT
>> --server-role=dc --dns-backend=BIND9_DLZ --adminpass='.....'
>>
>> "Backup / Standby" Active Directory Domain
>>
Controler:---------------------------------------------------------------------------------------------------
>>
>>
>>
-----------------------------------------------------------------------------------------------------------------------------------------------------
>>
>>
>> hostname:-----------------
>> ry11citsdc.ry11cit.lan
> should be just 'ry11citsdc'
OK>
>> hosts:---------------
>> 127.0.0.1 localhost localhost.localdomain
>> 10.44.1.10 ry11citdc ry11citdc.ry11cit.lan
>> 10.44.1.9 ry11citsdc ry11citsdc.ry11cit.lan
> should be:
>
> 127.0.0.1 localhost
> 10.44.1.9 ry11citsdc.ry11cit.lan ry11citsdc
OK>
>> resolv.conf.head:-------------------
>> domain ry11cit.lan
>> search ry11cit.lan
>>
> /etc/resolv.conf should be:
>
> search ry11cit.lan
> nameserver 10.44.1.9
>
>> systemctl.conf"--------------------
>> net.ipv4.ip_forward=1
>> net.ipv6.conf.all.disable_ipv6=1
>>
>>
>>
>> krb5.conf:------------
>>
>> [libdefaults]
>> default_realm = RY11CIT.LAN
>> dns_lookup_realm = false
>> dns_lookup_kdc = true
>>
>> named.conf:------------------------
>>
>> include "/etc/bind/named.conf.options";
>> include "/etc/bind/named.conf.local";
>> include "/etc/bind/named.conf.default-zones";
>> include "/var/lib/samba/private/named.conf";
>>
>> named.conf.options:-----------------------
>>
>> options {
>> directory "/var/cache/bind";
>>
>> dnssec-validation auto;
>>
>> auth-nxdomain no; # conform to RFC1035
>> listen-on-v6 { none; };
>> tkey-gssapi-keytab "/var/lib/samba/private/dns.keytab";
>> };
>>
>> lmhost:--------------------------
>> 127.0.0.1 localhost
>> 10.44.1.10 ry11citdc
>> 10.44.1.9 ry11citsdc
>>
> Not required
>
>> smb.conf:------------------------------
>>
>> # Global parameters
>> [global]
>> netbios name = RY11CITSDC
>> realm = RY11CIT.LAN
>> server services = -dns
>> workgroup = RY11CIT
>> server role = active directory domain controller
>>
>> [netlogon]
>> path = /var/lib/samba/sysvol/ry11cit.lan/scripts
>> read only = No
>>
>> [sysvol]
>> path = /var/lib/samba/sysvol
>> read only = No
>>
>> Samba join---------------:
>>
>> samba-tool domain join RY11CIT DC -Uadministrator
>> --realm=RY11CIT.LAN --dns-backend=BIND9_DLZ --adminpass='.....'
>>
> You haven't provisioned with '--use-rfc2307'
> I suggest you go and read this:
> https://wiki.samba.org/index.php/Setting_up_RFC2307_in_AD
That might be useful, I will try later. But without this I can manage
domain users by windows tools.
> Rowland
>
>
Thanks Jiri Knotek
--
*Ing. Jiří Knotek*
programátor
*GEMA s.r.o. Automatizace technologických procesů*
Doubravice 13, Pardubice 19, 53353
Tel: +420604570127
E-mail: jiri.knotek at gemapce.cz <mailto:jiri.knotek at gemapce.cz>
Web:www.gemapce.cz <http://www.gemapce.cz/>
Hello Rowland,
A small change has been made and replication works in both directions:
dhcpcd.conf requires both dns servers in reverse order.
RY11CITDC, /etc/dhcpcd.conf
--------------------------------------------------------------
.....
interface eth0
static ip_address=10.44.1.10/16
static routers=10.44.1.1
static domain_name_servers=10.44.1.9 10.44.1.10
RY11CITDC, /etc/dhcpcd.conf
--------------------------------------------------------------
......
interface eth0
static ip_address=10.44.1.9/16
static routers=10.44.1.1
static domain_name_servers=10.44.1.10 10.44.1.9
I hope this is the right solution and not just a happy mistake. Thank
you very much for explaining the basic configuration, I was in the
confusion.
Thanks Jiri Knotek
Hello Rowland,
See inline comments:
If I did not make a mistake somewhere, it's even worse. Additionally,
replication does not work ry11citdc to ry11citsdc executed from ry11citdc:
---------------------------------------------------------------------------------------------------------------
root at ry11citdc:~# samba-tool drs replicate ry11citsdc ry11citdc
dc=ry11cit,dc=lan
ERROR(<class 'samba.drs_utils.drsException'>): DRS connection to
ry11citsdc failed - drsException: DRS connection to ry11citsdc failed:
(-1073741643, '{Device Timeout} The specified I/O operation on %hs was not
completed before the time-out period expired.')
File "/usr/lib/python2.7/dist-packages/samba/netcmd/drs.py", line
41, in drsuapi_connect
(ctx.drsuapi, ctx.drsuapi_handle, ctx.bind_supported_extensions) =
drs_utils.drsuapi_connect(ctx.server, ctx.lp, ctx.creds)
File "/usr/lib/python2.7/dist-packages/samba/drs_utils.py", line
54, in drsuapi_connect
raise drsException("DRS connection to %s failed: %s" % (server,
e))
----------------------------------------------------------------------------------------------------------------
root at ry11citdc:~# bash /home/pi/Ry11/samba-setup-checkup.sh
/home/pi/Ry11/samba-setup-checkup.sh: line 134: HOST_: command not found
Check hostnames : Ok
Checking detected host ipnumbers from resolv.conf and default gateway
Ping gateway ip : 10.44.1.1 : Error
Warning, no ping to gateway, this might be firewalled.
check you internet connection, AD DNS might need it.
ping nameserver1: 10.44.1.10 : Ok
Check ping google dns : 8.8.8.8 : Error
Warning, no ping to internet dns 8.8.8.8, this might be firewalled.
Check you internet connection, AD DNS might need it.
Checking file owner..
-rw-r--r-- pi pi /etc/samba/smb.conf
Checking file owner..
Missing file /etc/samba/lmhosts
Checking file owner..
Missing file /etc/samba/smbpasswd
drwxr-xr-x root root /usr/bin
drwxr-xr-x root root /var/cache/samba
drwxr-xr-x root root /usr/lib/arm-linux-gnueabihf
drwxr-xr-x root root /var/run/samba
drwxr-x--- root adm /var/log/samba
drwxr-xr-x root root /usr/lib/arm-linux-gnueabihf/samba
drwxr-xr-x root root /var/run/samba
drwxr-xr-x root root /var/lib/samba/private
drwxr-xr-x root root /usr/sbin
drwxr-xr-x root root /var/lib/samba
DCS ry11citdc.ry11cit.lan
DC1 ry11citdc.ry11cit.lan
DC2
Samba AD DC info: = detected (command and where to look)
This server hostname = ry11citdc (hostname -s and /etc/hosts and DNS
server)
This server FQDN (hostname) = ry11citdc.ry11cit.lan (hostname -f and
/etc/hosts and DNS server)
This server primary dnsdomain = ry11cit.lan (hostname -d and /etc/resolv.conf
and DNS server)
This server IP address(ses) = 10.44.1.10 Only one interface detected
(hostname -i (-I) and /etc/networking/interfaces and DNS server
The DC with FSMO roles = RY11CITDC (samba-tool fsmo show)
The DC (with FSMO) Site name = Default-First-Site-Name (samba-tool fsmo show)
The Default Naming Context = DC=ry11cit,DC=lan (samba-tool fsmo show)
The Kerberos REALM name used = RY11CIT.LAN (kinit and /etc/krb5.conf and
resolving)
The Ipadres of DC ry11citdc.ry11cit.lan = 10.44.1.10
SAMBA_SERVER_ROLE: active directory domain controller
SAMBA_SERVER_SERVICES: s3fs, rpc, nbt, wrepl, ldap, cldap, kdc, drepl, winbindd,
ntp_signd, kcc, dnsupdate
SAMBA_DCERPC_ENDPOINT_SERVERS: epmapper, wkssvc, rpcecho, samr, netlogon,
lsarpc, drsuapi, dssetup, unixinfo, browser, eventlog6, backupkey, dnsserver
----------------------------------------------------------------------------------------------------------------------
Collected config --- 2017-12-13-15:16 -----------
Hostname: ry11citdc
DNS Domain: ry11cit.lan
FQDN: ry11citdc.ry11cit.lan
ipaddress: 10.44.1.10
-----------
Samba is running as an AD DC
Checking file: /etc/os-release
PRETTY_NAME="Raspbian GNU/Linux 9 (stretch)"
NAME="Raspbian GNU/Linux"
VERSION_ID="9"
VERSION="9 (stretch)"
ID=raspbian
ID_LIKE=debian
HOME_URL="http://www.raspbian.org/"
SUPPORT_URL="http://www.raspbian.org/RaspbianForums"
BUG_REPORT_URL="http://www.raspbian.org/RaspbianBugs"
-----------
Warning, /etc/devuan_version does not exist
-----------
running command : ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group
default qlen 1
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state
UP group default qlen 1000
link/ether b8:27:eb:69:ac:e4 brd ff:ff:ff:ff:ff:ff
inet 10.44.1.10/16 brd 10.44.255.255 scope global eth0
-----------
Checking file: /etc/hosts
127.0.0.1 localhost
10.44.1.10 ry11citdc.ry11cit.lan ry11citdc
-----------
Checking file: /etc/krb5.conf
[libdefaults]
default_realm = RY11CIT.LAN
dns_lookup_realm = false
dns_lookup_kdc = true
-----------
Checking file: /etc/nsswitch.conf
# /etc/nsswitch.conf
#
# Example configuration of GNU Name Service Switch functionality.
# If you have the `glibc-doc-reference' and `info' packages installed,
try:
# `info libc "Name Service Switch"' for information about this
file.
passwd: compat winbind
group: compat winbind
shadow: compat
gshadow: files
hosts: files dns mdns4_minimal [NOTFOUND=return]
networks: files
protocols: db files
services: db files
ethers: db files
rpc: db files
netgroup: nis
-----------
Checking file: /etc/samba/smb.conf
# Global parameters
[global]
netbios name = RY11CITDC
realm = RY11CIT.LAN
server services = -dns
workgroup = RY11CIT
server role = active directory domain controller
[netlogon]
path = /var/lib/samba/sysvol/ry11cit.lan/scripts
read only = No
[sysvol]
path = /var/lib/samba/sysvol
read only = No
-----------
No username map detected.
-----------
Detected bind DLZ enabled..
Checking file: /etc/bind/named.conf
// This is the primary configuration file for the BIND DNS server named.
//
// Please read /usr/share/doc/bind9/README.Debian.gz for information on the
// structure of BIND configuration files in Debian, *BEFORE* you customize
// this configuration file.
//
// If you are just adding zones, please do that in /etc/bind/named.conf.local
include "/etc/bind/named.conf.options";
include "/etc/bind/named.conf.local";
include "/etc/bind/named.conf.default-zones";
include "/var/lib/samba/private/named.conf";
-----------
Checking file: /etc/bind/named.conf.options
options {
directory "/var/cache/bind";
// If there is a firewall between you and nameservers you want
// to talk to, you may need to fix the firewall to allow multiple
// ports to talk. Seehttp://www.kb.cert.org/vuls/id/800113
// If your ISP provided one or more IP addresses for stable
// nameservers, you probably want to use them as forwarders.
// Uncomment the following block, and insert the addresses replacing
// the all-0's placeholder.
// forwarders {
// 0.0.0.0;
// };
//=======================================================================
// If BIND logs error messages about the root key being expired,
// you will need to update your keys. Seehttps://www.isc.org/bind-keys
//=======================================================================
dnssec-validation auto;
auth-nxdomain no; # conform to RFC1035
listen-on-v6 { none; };
tkey-gssapi-keytab "/var/lib/samba/private/dns.keytab";
};
-----------
Checking file: /etc/bind/named.conf.local
//
// Do any local configuration here
//
// Consider adding the 1918 zones here, if they are not used in your
// organization
//include "/etc/bind/zones.rfc1918";
-----------
Checking file: /etc/bind/named.conf.default-zones
// prime the server with knowledge of the root servers
zone "." {
type hint;
file "/etc/bind/db.root";
};
// be authoritative for the localhost forward and reverse zones, and for
// broadcast zones as per RFC 1912
zone "localhost" {
type master;
file "/etc/bind/db.local";
};
zone "127.in-addr.arpa" {
type master;
file "/etc/bind/db.127";
};
zone "0.in-addr.arpa" {
type master;
file "/etc/bind/db.0";
};
zone "255.in-addr.arpa" {
type master;
file "/etc/bind/db.255";
};
-----------
Installed packages, running: dpkg -l | egrep
"samba|winbind|krb5|smb|acl|xattr"
ii acl 2.2.52-3 armhf
Access control list utilities
ii krb5-config 2.6 all
Configuration files for Kerberos Version 5
ii krb5-user 1.15-1+deb9u1 armhf
basic programs to authenticate using MIT Kerberos
ii libacl1:armhf 2.2.52-3 armhf
Access control list shared library
ii libgssapi-krb5-2:armhf 1.15-1+deb9u1 armhf
MIT Kerberos runtime libraries - krb5 GSS-API Mechanism
ii libkrb5-3:armhf 1.15-1+deb9u1 armhf
MIT Kerberos runtime libraries
ii libkrb5support0:armhf 1.15-1+deb9u1 armhf
MIT Kerberos runtime libraries - Support library
ii libsmbclient:armhf 2:4.5.12+dfsg-2+deb9u1 armhf
shared library for communication with SMB/CIFS servers
ii libwbclient0:armhf 2:4.5.12+dfsg-2+deb9u1 armhf
Samba winbind client library
ii python-samba 2:4.5.12+dfsg-2+deb9u1 armhf
Python bindings for Samba
ii samba 2:4.5.12+dfsg-2+deb9u1 armhf
SMB/CIFS file, print, and login server for Unix
ii samba-common 2:4.5.12+dfsg-2+deb9u1 all
common files used by both the Samba server and client
ii samba-common-bin 2:4.5.12+dfsg-2+deb9u1 armhf
Samba common files used by both the server and the client
ii samba-dsdb-modules 2:4.5.12+dfsg-2+deb9u1 armhf
Samba Directory Services Database
ii samba-libs:armhf 2:4.5.12+dfsg-2+deb9u1 armhf
Samba core libraries
ii samba-vfs-modules 2:4.5.12+dfsg-2+deb9u1 armhf
Samba Virtual FileSystem plugins
ii smbclient 2:4.5.12+dfsg-2+deb9u1 armhf
command-line SMB/CIFS clients for Unix
ii winbind 2:4.5.12+dfsg-2+deb9u1 armhf
service to resolve user and group information from Windows NT servers
-----------
RY11CITSDC:
---------------------------------------------------------------------------------------------------------------------
--------------------------------------------------------------------------------------------------------------------------
root at ry11citsdc:~# samba-tool drs replicate ry11citdc ry11citsdc
dc=ry11cit,dc=lan
ERROR(<class 'samba.drs_utils.drsException'>): DsReplicaSync
failed - drsException: DsReplicaSync failed (2, 'WERR_BADFILE')
File "/usr/lib/python2.7/dist-packages/samba/netcmd/drs.py", line
368, in run
drs_utils.sendDsReplicaSync(server_bind, server_bind_handle,
source_dsa_guid, NC, req_options)
File "/usr/lib/python2.7/dist-packages/samba/drs_utils.py", line
83, in sendDsReplicaSync
raise drsException("DsReplicaSync failed %s" % estr)
-------------------------------------------------------------------------------------------------------------------
root at ry11citsdc:~# bash /home/pi/Ry11/samba-setup-checkup.sh
/home/pi/Ry11/samba-setup-checkup.sh: line 134: HOST_: command not found
Check hostnames : Ok
Checking detected host ipnumbers from resolv.conf and default gateway
Ping gateway ip : 10.44.1.1 : Error
Warning, no ping to gateway, this might be firewalled.
check you internet connection, AD DNS might need it.
ping nameserver1: 10.44.1.9 : Ok
Check ping google dns : 8.8.8.8 : Error
Warning, no ping to internet dns 8.8.8.8, this might be firewalled.
Check you internet connection, AD DNS might need it.
Checking file owner..
-rw-r--r-- pi pi /etc/samba/smb.conf
Checking file owner..
Missing file /etc/samba/lmhosts
Checking file owner..
Missing file /etc/samba/smbpasswd
drwxr-xr-x root root /usr/bin
drwxr-xr-x root root /var/cache/samba
drwxr-xr-x root root /usr/lib/arm-linux-gnueabihf
drwxr-xr-x root root /var/run/samba
drwxr-x--- root adm /var/log/samba
drwxr-xr-x root root /usr/lib/arm-linux-gnueabihf/samba
drwxr-xr-x root root /var/run/samba
drwxr-xr-x root root /var/lib/samba/private
drwxr-xr-x root root /usr/sbin
drwxr-xr-x root root /var/lib/samba
DCS ry11citsdc.ry11cit.lan
ry11citdc.ry11cit.lan
DC1 ry11citsdc.ry11cit.lan
DC2 ry11citdc.ry11cit.lan
Samba AD DC info: = detected (command and where to look)
This server hostname = ry11citsdc (hostname -s and /etc/hosts and DNS
server)
This server FQDN (hostname) = ry11citsdc.ry11cit.lan (hostname -f and
/etc/hosts and DNS server)
This server primary dnsdomain = ry11cit.lan (hostname -d and /etc/resolv.conf
and DNS server)
This server IP address(ses) = 10.44.1.9 Only one interface detected (hostname
-i (-I) and /etc/networking/interfaces and DNS server
The DC with FSMO roles = RY11CITDC (samba-tool fsmo show)
The DC (with FSMO) Site name = Default-First-Site-Name (samba-tool fsmo show)
The Default Naming Context = DC=ry11cit,DC=lan (samba-tool fsmo show)
The Kerberos REALM name used = RY11CIT.LAN (kinit and /etc/krb5.conf and
resolving)
The Ipadres of DC ry11citsdc.ry11cit.lan = 10.44.1.9
The Ipadres of DC ry11citdc.ry11cit.lan = 10.44.1.10
SAMBA_SERVER_ROLE: active directory domain controller
SAMBA_SERVER_SERVICES: s3fs, rpc, nbt, wrepl, ldap, cldap, kdc, drepl, winbindd,
ntp_signd, kcc, dnsupdate
SAMBA_DCERPC_ENDPOINT_SERVERS: epmapper, wkssvc, rpcecho, samr, netlogon,
lsarpc, drsuapi, dssetup, unixinfo, browser, eventlog6, backupkey, dnsserver
-----------------------------------------------------------------------------------------------------------------------
Collected config --- 2017-12-13-15:22 -----------
Hostname: ry11citsdc
DNS Domain: ry11cit.lan
FQDN: ry11citsdc.ry11cit.lan
ipaddress: 10.44.1.9
-----------
Samba is running as an AD DC
Checking file: /etc/os-release
PRETTY_NAME="Raspbian GNU/Linux 9 (stretch)"
NAME="Raspbian GNU/Linux"
VERSION_ID="9"
VERSION="9 (stretch)"
ID=raspbian
ID_LIKE=debian
HOME_URL="http://www.raspbian.org/"
SUPPORT_URL="http://www.raspbian.org/RaspbianForums"
BUG_REPORT_URL="http://www.raspbian.org/RaspbianBugs"
-----------
Warning, /etc/devuan_version does not exist
-----------
running command : ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group
default qlen 1
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state
UP group default qlen 1000
link/ether b8:27:eb:9d:64:eb brd ff:ff:ff:ff:ff:ff
inet 10.44.1.9/16 brd 10.44.255.255 scope global eth0
3: wlan0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast
state DOWN group default qlen 1000
link/ether b8:27:eb:c8:31:be brd ff:ff:ff:ff:ff:ff
-----------
Checking file: /etc/hosts
127.0.0.1 localhost
10.44.1.9 ry11citsdc.ry11cit.lan ry11citsdc
-----------
Checking file: /etc/krb5.conf
[libdefaults]
default_realm = RY11CIT.LAN
dns_lookup_realm = false
dns_lookup_kdc = true
-----------
Checking file: /etc/nsswitch.conf
# /etc/nsswitch.conf
#
# Example configuration of GNU Name Service Switch functionality.
# If you have the `glibc-doc-reference' and `info' packages installed,
try:
# `info libc "Name Service Switch"' for information about this
file.
passwd: compat winbind
group: compat winbind
shadow: compat
gshadow: files
hosts: files dns mdns4_minimal [NOTFOUND=return]
networks: files
protocols: db files
services: db files
ethers: db files
rpc: db files
netgroup: nis
-----------
Checking file: /etc/samba/smb.conf
# Global parameters
[global]
netbios name = RY11CITSDC
realm = RY11CIT.LAN
server services = -dns
workgroup = RY11CIT
server role = active directory domain controller
[netlogon]
path = /var/lib/samba/sysvol/ry11cit.lan/scripts
read only = No
[sysvol]
path = /var/lib/samba/sysvol
read only = No
-----------
No username map detected.
-----------
Detected bind DLZ enabled..
Checking file: /etc/bind/named.conf
// This is the primary configuration file for the BIND DNS server named.
//
// Please read /usr/share/doc/bind9/README.Debian.gz for information on the
// structure of BIND configuration files in Debian, *BEFORE* you customize
// this configuration file.
//
// If you are just adding zones, please do that in /etc/bind/named.conf.local
include "/etc/bind/named.conf.options";
include "/etc/bind/named.conf.local";
include "/etc/bind/named.conf.default-zones";
include "/var/lib/samba/private/named.conf";
-----------
Checking file: /etc/bind/named.conf.options
options {
directory "/var/cache/bind";
// If there is a firewall between you and nameservers you want
// to talk to, you may need to fix the firewall to allow multiple
// ports to talk. Seehttp://www.kb.cert.org/vuls/id/800113
// If your ISP provided one or more IP addresses for stable
// nameservers, you probably want to use them as forwarders.
// Uncomment the following block, and insert the addresses replacing
// the all-0's placeholder.
// forwarders {
// 0.0.0.0;
// };
//=======================================================================
// If BIND logs error messages about the root key being expired,
// you will need to update your keys. Seehttps://www.isc.org/bind-keys
//=======================================================================
dnssec-validation auto;
auth-nxdomain no; # conform to RFC1035
listen-on-v6 { none; };
tkey-gssapi-keytab "/var/lib/samba/private/dns.keytab";
};
-----------
Checking file: /etc/bind/named.conf.local
//
// Do any local configuration here
//
// Consider adding the 1918 zones here, if they are not used in your
// organization
//include "/etc/bind/zones.rfc1918";
-----------
Checking file: /etc/bind/named.conf.default-zones
// prime the server with knowledge of the root servers
zone "." {
type hint;
file "/etc/bind/db.root";
};
// be authoritative for the localhost forward and reverse zones, and for
// broadcast zones as per RFC 1912
zone "localhost" {
type master;
file "/etc/bind/db.local";
};
zone "127.in-addr.arpa" {
type master;
file "/etc/bind/db.127";
};
zone "0.in-addr.arpa" {
type master;
file "/etc/bind/db.0";
};
zone "255.in-addr.arpa" {
type master;
file "/etc/bind/db.255";
};
-----------
Installed packages, running: dpkg -l | egrep
"samba|winbind|krb5|smb|acl|xattr"
ii acl 2.2.52-3 armhf
Access control list utilities
ii krb5-config 2.6 all
Configuration files for Kerberos Version 5
ii krb5-user 1.15-1+deb9u1 armhf
basic programs to authenticate using MIT Kerberos
ii libacl1:armhf 2.2.52-3 armhf
Access control list shared library
ii libgssapi-krb5-2:armhf 1.15-1+deb9u1 armhf
MIT Kerberos runtime libraries - krb5 GSS-API Mechanism
ii libkrb5-3:armhf 1.15-1+deb9u1 armhf
MIT Kerberos runtime libraries
ii libkrb5support0:armhf 1.15-1+deb9u1 armhf
MIT Kerberos runtime libraries - Support library
ii libsmbclient:armhf 2:4.5.12+dfsg-2+deb9u1 armhf
shared library for communication with SMB/CIFS servers
ii libwbclient0:armhf 2:4.5.12+dfsg-2+deb9u1 armhf
Samba winbind client library
ii python-samba 2:4.5.12+dfsg-2+deb9u1 armhf
Python bindings for Samba
ii samba 2:4.5.12+dfsg-2+deb9u1 armhf
SMB/CIFS file, print, and login server for Unix
ii samba-common 2:4.5.12+dfsg-2+deb9u1 all
common files used by both the Samba server and client
ii samba-common-bin 2:4.5.12+dfsg-2+deb9u1 armhf
Samba common files used by both the server and the client
ii samba-dsdb-modules 2:4.5.12+dfsg-2+deb9u1 armhf
Samba Directory Services Database
ii samba-libs:armhf 2:4.5.12+dfsg-2+deb9u1 armhf
Samba core libraries
ii samba-vfs-modules 2:4.5.12+dfsg-2+deb9u1 armhf
Samba Virtual FileSystem plugins
ii smbclient 2:4.5.12+dfsg-2+deb9u1 armhf
command-line SMB/CIFS clients for Unix
ii winbind 2:4.5.12+dfsg-2+deb9u1 armhf
service to resolve user and group information from Windows NT servers
-----------
On 13. 12. 2017 11:00, Rowland Penny via samba wrote:> See inline comments:
>
> On Wed, 13 Dec 2017 10:13:52 +0100
> Jiří Knotek via samba<samba at lists.samba.org> wrote:
>
>> Hello Rowland,
>>
>> thank you for advice. I reconfigure both AC-DCs again with new
>> data and send updated data. Unfortunately, the result is the same.
>> I'm also sending a listing from
>>
>> samba-setup-checkup.sh.
>>
>> * Linux: Raspbian, debian stretch lite
>> * Samba version 4.5.12-Debian
>> * DNS: BIND9_DLZ 9.10.x
>> * Installed packages: ntp ntpdate samba smbclient winbind libcups2
>> samba-common cups ldb-tools bind9 bind9utils dnsutils krb5-user
>>
>> *root at ry11citdc:/home/pi/Ry11# samba-tool drs replicate ry11citsdc
>> ry11citdc dc=ry11cit,dc=lan*
>> Replicate from ry11citdc to ry11citsdc was successful.
>>
>> *root at ry11citdc:/home/pi/Ry11# samba-tool drs replicate ry11citdc
>> ry11citsdc dc=ry11cit,dc=lan*
>> ERROR(<class 'samba.drs_utils.drsException'>):
DsReplicaSync failed -
>> drsException: DsReplicaSync failed (2, 'WERR_BADFILE')
>> File
"/usr/lib/python2.7/dist-packages/samba/netcmd/drs.py", line
>> 368, in run
>> drs_utils.sendDsReplicaSync(server_bind, server_bind_handle,
>> source_dsa_guid, NC, req_options)
>> File
"/usr/lib/python2.7/dist-packages/samba/drs_utils.py", line
>> 83, in sendDsReplicaSync
>> raise drsException("DsReplicaSync failed %s" % estr)
>>
>>
>> *root at ry11citdc:/home/pi/Ry11# bash samba-setup-checkup.sh*
>> Check hostnames : Mismatch in hostname definitions
>> please check :
>> HOST_NAME_SHORT: ry11citdc
>> HOST_NAME_DOMAIN:
>> HOST_NAME_FQDN: ry11citdc
>> HOST_IP1: 10.44.1.10
>> HOST_IP2: Only one interface detected
>> HOST_GATEWAY: 10.44.1.1
>> HOST_PRIMARY_INTERFACE: 10.44.1.1
>> eth0
>> HOST_RESOLV_DOMAIN: domain ry11cit.lan
>> HOST_RESOLV_SEARCH: search ry11cit.lan
>> HOST_RESOLV_NAMESERV1: 10.44.1.10
>> HOST_RESOLV_NAMESERV2: 10.44.1.9
>> HOST_RESOLV_NAMESERV3:
>> Possible error detected in /etc/hosts, mismatch FQDN and detected IP
>> 10.44.1.10 for the host.
>> expected was : 10.44.1.10 ry11citdc ry11citdc
>> Checking detected host ipnumbers from resolv.conf and default gateway
>> Ping gateway ip : 10.44.1.1 : Error
>> ping nameserver1: 10.44.1.10 : Ok
>> ping nameserver2: 10.44.1.9 : Ok
>> Check ping google dns : 8.8.8.8 : Error
>> Checking file owner..
>> -rw-r--r-- pi pi /etc/samba/smb.conf
>> Checking file owner..
>> -rw-r--r-- pi pi /etc/samba/lmhosts
>> Checking file owner..
>> Missing file /etc/samba/smbpasswd
>> drwxr-xr-x root root /usr/bin
>> drwxr-xr-x root root /var/cache/samba
>> drwxr-xr-x root root /usr/lib/arm-linux-gnueabihf
>> drwxr-xr-x root root /var/run/samba
>> drwxr-x--- root adm /var/log/samba
>> drwxr-xr-x root root /usr/lib/arm-linux-gnueabihf/samba
>> drwxr-xr-x root root /var/run/samba
>> drwxr-xr-x root root /var/lib/samba/private
>> drwxr-xr-x root root /usr/sbin
>> drwxr-xr-x root root /var/lib/samba
>> DCS 2(SERVFAIL
>> DC1 2(SERVFAIL
>> DC2
>> ERROR: Invalid IP address '2(SERVFAIL'!
>> Samba AD DC info: = detected (command and where to look)
>> This server hostname = ry11citdc (hostname -s and /etc/hosts
>> and DNS server)
>> This server FQDN (hostname) = ry11citdc (hostname -f and /etc/hosts
>> and DNS server)
>> This server primary dnsdomain = (hostname -d and /etc/resolv.conf
>> and DNS server)
>> This server IP address(ses) = 10.44.1.10 Only one interface
>> detected (hostname -i (-I) and /etc/networking/interfaces and DNS
>> server The DC with FSMO roles = RY11CITDC (samba-tool fsmo
>> show) The DC (with FSMO) Site name = Default-First-Site-Name
>> (samba-tool fsmo show)
>> The Default Naming Context = DC=ry11cit,DC=lan (samba-tool fsmo
>> show) The Kerberos REALM name used = RY11CIT.LAN (kinit
>> and /etc/krb5.conf and resolving)
>> The Ipadres of DC 2(SERVFAIL = 2(SERVFAIL)
>> SAMBA_SERVER_ROLE: active directory domain controller
>> SAMBA_SERVER_SERVICES: s3fs, rpc, nbt, wrepl, ldap, cldap, kdc,
>> drepl, winbindd, ntp_signd, kcc, dnsupdate
>> SAMBA_DCERPC_ENDPOINT_SERVERS: epmapper, wkssvc, rpcecho, samr,
>> netlogon, lsarpc, drsuapi, dssetup, unixinfo, browser, eventlog6,
>> backupkey, dnsserver
>>
>>
>> *I did not come to the way the hostname -d command would return the
>> domain name. How can I do that? In addition, there are host, lmhost,
>> resolv.conf, and so on**
>> *
>>
>> Please help, I don 't know the advice.
>>
>> System integrator Jiří Knotek
>>
>>
>> "Primary" Active Directory Domain
>>
Controler:---------------------------------------------------------------------------------------------------
>>
>>
-----------------------------------------------------------------------------------------------------------------------------------------------------
>>
>>
>> hostname:-----------------
>> ry11citdc.ry11cit.lan
> This should be just the short hostname
> In this case 'ry11citdc'
somewhere I've seen this, but of course I'll fix
it>> hosts:---------------
>> 127.0.0.1 localhost localhost.localdomain
>> 10.44.1.10 ry11citdc ry11citdc.ry11cit.lan
>> 10.44.1.9 ry11citsdc ry11citsdc.ry11cit.lan
> This should be:
>
> 127.0.0.1 localhost
> 10.44.1.10 ry11citdc.ry11cit.lan ry11citdc
OK>> resolv.conf.head:-------------------
>> domain ry11cit.lan
>> search ry11cit.lan
> What is 'resolv.conf.head' ?
> Do you have the resolvconf package installed ?
> if so, remove it and the create an /etc/resolv.conf file with this
> content:
>
> search ry11cit.lan
> nameserver 10.44.1.10
resolv.conf.head is for manual records to withstand restart.
resolv.conf is compiled by the program resolvconf , nameserver is from
dhcpcd.conf, see the generated file resolv.conf:
# Generated by resolvconf
domain ry11cit.lan
search ry11cit.lan
nameserver 10.44.1.10
nameserver 10.44.1.9
OK, i will change
>> systemctl.conf"--------------------
>> net.ipv4.ip_forward=1
>> net.ipv6.conf.all.disable_ipv6=1
>>
>>
>>
>> krb5.conf:------------
>>
>> [libdefaults]
>> default_realm = RY11CIT.LAN
>> dns_lookup_realm = false
>> dns_lookup_kdc = true
>>
>> named.conf:------------------------
>>
>> include "/etc/bind/named.conf.options";
>> include "/etc/bind/named.conf.local";
>> include "/etc/bind/named.conf.default-zones";
>> include "/var/lib/samba/private/named.conf";
>>
>> named.conf.options:-----------------------
>>
>> options {
>> directory "/var/cache/bind";
>>
>> dnssec-validation auto;
>>
>> auth-nxdomain no; # conform to RFC1035
>> listen-on-v6 { none; };
>> tkey-gssapi-keytab "/var/lib/samba/private/dns.keytab";
>> };
>>
>> lmhost:--------------------------
>> 127.0.0.1 localhost
>> 10.44.1.10 ry11citdc
>> 10.44.1.9 ry11citsdc
>>
> not required
I placed it for warning v samba-setup-checkup.sh
>> smb.conf:------------------------------
>>
>> # Global parameters
>> [global]
>> netbios name = RY11CITDC
>> realm = RY11CIT.LAN
>> server services = -dns
>> workgroup = RY11CIT
>> server role = active directory domain controller
>>
>> [netlogon]
>> path = /var/lib/samba/sysvol/ry11cit.lan/scripts
>> read only = No
>>
>> [sysvol]
>> path = /var/lib/samba/sysvol
>> read only = No
>>
>> Samba Provision---------------:
>>
>> samba-tool domain provision --realm=RY11CIT.LAN --domain=RY11CIT
>> --server-role=dc --dns-backend=BIND9_DLZ --adminpass='.....'
>>
>> "Backup / Standby" Active Directory Domain
>>
Controler:---------------------------------------------------------------------------------------------------
>>
>>
>>
-----------------------------------------------------------------------------------------------------------------------------------------------------
>>
>>
>> hostname:-----------------
>> ry11citsdc.ry11cit.lan
> should be just 'ry11citsdc'
OK>> hosts:---------------
>> 127.0.0.1 localhost localhost.localdomain
>> 10.44.1.10 ry11citdc ry11citdc.ry11cit.lan
>> 10.44.1.9 ry11citsdc ry11citsdc.ry11cit.lan
> should be:
>
> 127.0.0.1 localhost
> 10.44.1.9 ry11citsdc.ry11cit.lan ry11citsdc
OK>> resolv.conf.head:-------------------
>> domain ry11cit.lan
>> search ry11cit.lan
>>
> /etc/resolv.conf should be:
>
> search ry11cit.lan
> nameserver 10.44.1.9
>
>> systemctl.conf"--------------------
>> net.ipv4.ip_forward=1
>> net.ipv6.conf.all.disable_ipv6=1
>>
>>
>>
>> krb5.conf:------------
>>
>> [libdefaults]
>> default_realm = RY11CIT.LAN
>> dns_lookup_realm = false
>> dns_lookup_kdc = true
>>
>> named.conf:------------------------
>>
>> include "/etc/bind/named.conf.options";
>> include "/etc/bind/named.conf.local";
>> include "/etc/bind/named.conf.default-zones";
>> include "/var/lib/samba/private/named.conf";
>>
>> named.conf.options:-----------------------
>>
>> options {
>> directory "/var/cache/bind";
>>
>> dnssec-validation auto;
>>
>> auth-nxdomain no; # conform to RFC1035
>> listen-on-v6 { none; };
>> tkey-gssapi-keytab "/var/lib/samba/private/dns.keytab";
>> };
>>
>> lmhost:--------------------------
>> 127.0.0.1 localhost
>> 10.44.1.10 ry11citdc
>> 10.44.1.9 ry11citsdc
>>
> Not required
>
>> smb.conf:------------------------------
>>
>> # Global parameters
>> [global]
>> netbios name = RY11CITSDC
>> realm = RY11CIT.LAN
>> server services = -dns
>> workgroup = RY11CIT
>> server role = active directory domain controller
>>
>> [netlogon]
>> path = /var/lib/samba/sysvol/ry11cit.lan/scripts
>> read only = No
>>
>> [sysvol]
>> path = /var/lib/samba/sysvol
>> read only = No
>>
>> Samba join---------------:
>>
>> samba-tool domain join RY11CIT DC -Uadministrator
>> --realm=RY11CIT.LAN --dns-backend=BIND9_DLZ --adminpass='.....'
>>
> You haven't provisioned with '--use-rfc2307'
> I suggest you go and read this:
> https://wiki.samba.org/index.php/Setting_up_RFC2307_in_AD
That might be useful, I will try later. But without this I can manage
domain users by windows tools.
> Rowland
>
>
Thanks Jiri Knotek
--
*Ing. Jiří Knotek*
programátor
*GEMA s.r.o. Automatizace technologických procesů*
Doubravice 13, Pardubice 19, 53353
Tel: +420604570127
E-mail: jiri.knotek at gemapce.cz <mailto:jiri.knotek at gemapce.cz>
Web:www.gemapce.cz <http://www.gemapce.cz/>