Am 19.07.2018 um 10:03 schrieb Rowland Penny via samba:> On Wed, 18 Jul 2018 23:21:41 +0200 > Anton Blau via samba <samba at lists.samba.org> wrote: > >> Am 18.07.2018 um 14:17 schrieb Rowland Penny via samba: >> > It is touched on here: > > https://wiki.samba.org/index.php/Setting_up_Samba_as_an_Active_Directory_Domain_Controller#Parameter_Explanation > > It is quite simple, the realm is the DNS domain name in uppercase, so > in your case, the DNS domain appears to be 'duck', so the realm must be > 'DUCK' > > You don't appear to have provisioned with the realm 'DUCK', so it will > probably be easier to re-provision. > > Rowland > >Sorry - but I suppose I'm stupid. If I try to re-provision with realm "DUCK" I get a new error. I tried it with realm "DUCK" + domain "DUCK" and "FILE" -> provisioning fails. If I try it with realm "DUCK" + domain "FILE.DUCK" provisioning runns, but I got the error What I am doing wrong? root at file:~# rm /etc/samba/smb.conf root at file:~# samba-tool domain provision --use-rfc2307 --interactive Realm [DUCK]: Domain [DUCK]: Server Role (dc, member, standalone) [dc]: DNS backend (SAMBA_INTERNAL, BIND9_FLATFILE, BIND9_DLZ, NONE) [SAMBA_INTERNAL]: DNS forwarder IP address (write 'none' to disable forwarding) [192.168.1.254]: Administrator password: Retype password: ERROR(<class 'samba.provision.ProvisioningError'>): Provision failed - ProvisioningError: guess_names: Realm 'DUCK' must not be equal to short domain name 'DUCK'! File "/usr/lib/python2.7/dist-packages/samba/netcmd/domain.py", line 434, in run nosync=ldap_backend_nosync, ldap_dryrun_mode=ldap_dryrun_mode) File "/usr/lib/python2.7/dist-packages/samba/provision/__init__.py", line 2022, in provision sitename=sitename, rootdn=rootdn, domain_names_forced=(samdb_fill == FILL_DRS)) File "/usr/lib/python2.7/dist-packages/samba/provision/__init__.py", line 638, in guess_names raise ProvisioningError("guess_names: Realm '%s' must not be equal to short domain name '%s'!" % (realm, domain)) root at file:~# rm /etc/samba/smb.conf root at file:~# samba-tool domain provision --use-rfc2307 --interactive Realm [DUCK]: Domain [DUCK]: FILE Server Role (dc, member, standalone) [dc]: DNS backend (SAMBA_INTERNAL, BIND9_FLATFILE, BIND9_DLZ, NONE) [SAMBA_INTERNAL]: DNS forwarder IP address (write 'none' to disable forwarding) [192.168.1.254]: Administrator password: Retype password: ERROR(<class 'samba.provision.ProvisioningError'>): Provision failed - ProvisioningError: guess_names: Domain 'FILE' must not be equal to short host name 'FILE'! File "/usr/lib/python2.7/dist-packages/samba/netcmd/domain.py", line 434, in run nosync=ldap_backend_nosync, ldap_dryrun_mode=ldap_dryrun_mode) File "/usr/lib/python2.7/dist-packages/samba/provision/__init__.py", line 2022, in provision sitename=sitename, rootdn=rootdn, domain_names_forced=(samdb_fill == FILL_DRS)) File "/usr/lib/python2.7/dist-packages/samba/provision/__init__.py", line 624, in guess_names raise ProvisioningError("guess_names: Domain '%s' must not be equal to short host name '%s'!" % (domain, netbiosname)) samba-tool domain provision --use-rfc2307 --interactive Realm [DUCK]: Domain [DUCK]: DOMCON.DUCK Server Role (dc, member, standalone) [dc]: DNS backend (SAMBA_INTERNAL, BIND9_FLATFILE, BIND9_DLZ, NONE) [SAMBA_INTERNAL]: DNS forwarder IP address (write 'none' to disable forwarding) [192.168.1.254]: Administrator password: Invalid administrator password. Administrator password: Retype password: Looking up IPv4 addresses Looking up IPv6 addresses No IPv6 address will be assigned Setting up secrets.ldb Setting up the registry Setting up the privileges database Setting up idmap db Setting up SAM db Setting up sam.ldb partitions and settings Setting up sam.ldb rootDSE Pre-loading the Samba 4 and AD schema Adding DomainDN: DC=duck Adding configuration container Setting up sam.ldb schema Setting up sam.ldb configuration data Setting up display specifiers Modifying display specifiers Adding users container Modifying users container Adding computers container Modifying computers container Setting up sam.ldb data Setting up well known security principals Setting up sam.ldb users and groups Setting up self join Adding DNS accounts Creating CN=MicrosoftDNS,CN=System,DC=duck Creating DomainDnsZones and ForestDnsZones partitions Populating DomainDnsZones and ForestDnsZones partitions Setting up sam.ldb rootDSE marking as synchronized Fixing provision GUIDs A Kerberos configuration suitable for Samba 4 has been generated at /var/lib/samba/private/krb5.conf Setting up fake yp server settings Once the above files are installed, your Samba4 server will be ready to use Server Role: active directory domain controller Hostname: domcon NetBIOS Domain: DOMCON.DUCK DNS Domain: duck DOMAIN SID: S-1-5-21-2872781360-2334468414-1341116025 /var/log/syslog: Jul 19 15:29:22 domcon smbd[1979]: STATUS=daemon 'smbd' finished starting up and ready to serve connections Jul 19 15:29:22 domcon winbindd[1991]: [2018/07/19 15:29:22.827717, 0] ../lib/util/become_daemon.c:124(daemon_ready) Jul 19 15:29:22 domcon winbindd[1991]: STATUS=daemon 'winbindd' finished starting up and ready to serve connections Jul 19 15:29:23 domcon samba[1989]: [2018/07/19 15:29:23.039362, 0] ../lib/util/util_runcmd.c:324(samba_runcmd_io_handler) Jul 19 15:29:23 domcon samba[1989]: /usr/sbin/samba_dnsupdate: Traceback (most recent call last): Jul 19 15:29:23 domcon samba[1989]: [2018/07/19 15:29:23.039515, 0] ../lib/util/util_runcmd.c:324(samba_runcmd_io_handler) Jul 19 15:29:23 domcon samba[1989]: /usr/sbin/samba_dnsupdate: File "/usr/sbin/samba_dnsupdate", line 614, in <module> Jul 19 15:29:23 domcon samba[1989]: [2018/07/19 15:29:23.039687, 0] ../lib/util/util_runcmd.c:324(samba_runcmd_io_handler) Jul 19 15:29:23 domcon samba[1989]: /usr/sbin/samba_dnsupdate: get_credentials(lp) Jul 19 15:29:23 domcon samba[1989]: [2018/07/19 15:29:23.039776, 0] ../lib/util/util_runcmd.c:324(samba_runcmd_io_handler) Jul 19 15:29:23 domcon samba[1989]: /usr/sbin/samba_dnsupdate: File "/usr/sbin/samba_dnsupdate", line 125, in get_credentials Jul 19 15:29:23 domcon samba[1989]: [2018/07/19 15:29:23.039878, 0] ../lib/util/util_runcmd.c:324(samba_runcmd_io_handler) Jul 19 15:29:23 domcon samba[1989]: /usr/sbin/samba_dnsupdate: raise e Jul 19 15:29:23 domcon samba[1989]: [2018/07/19 15:29:23.039976, 0] ../lib/util/util_runcmd.c:324(samba_runcmd_io_handler) Jul 19 15:29:23 domcon samba[1989]: /usr/sbin/samba_dnsupdate: RuntimeError: kinit for DOMCON$@DUCK failed (Cannot contact any KDC for requested realm) Jul 19 15:29:23 domcon samba[1989]: [2018/07/19 15:29:23.040049, 0] ../lib/util/util_runcmd.c:324(samba_runcmd_io_handler) Jul 19 15:29:23 domcon samba[1989]: /usr/sbin/samba_dnsupdate:
On Thu, 19 Jul 2018 17:33:46 +0200 Anton Blau via samba <samba at lists.samba.org> wrote:> Am 19.07.2018 um 10:03 schrieb Rowland Penny via samba: > > On Wed, 18 Jul 2018 23:21:41 +0200 > > Anton Blau via samba <samba at lists.samba.org> wrote: > > > >> Am 18.07.2018 um 14:17 schrieb Rowland Penny via samba: > >> > > It is touched on here: > > > > https://wiki.samba.org/index.php/Setting_up_Samba_as_an_Active_Directory_Domain_Controller#Parameter_Explanation > > > > It is quite simple, the realm is the DNS domain name in uppercase, > > so in your case, the DNS domain appears to be 'duck', so the realm > > must be 'DUCK' > > > > You don't appear to have provisioned with the realm 'DUCK', so it > > will probably be easier to re-provision. > > > > Rowland > > > > > Sorry - but I suppose I'm stupid. If I try to re-provision with realm > "DUCK" I get a new error. > > I tried it with realm "DUCK" + domain "DUCK" and "FILE" -> > provisioning fails. > > If I try it with realm "DUCK" + domain "FILE.DUCK" provisioning > runns, but I got the error > > What I am doing wrong? > > > > root at file:~# rm /etc/samba/smb.conf > root at file:~# samba-tool domain provision --use-rfc2307 --interactive > Realm [DUCK]: > Domain [DUCK]: > Server Role (dc, member, standalone) [dc]: > DNS backend (SAMBA_INTERNAL, BIND9_FLATFILE, BIND9_DLZ, NONE) > [SAMBA_INTERNAL]: > DNS forwarder IP address (write 'none' to disable forwarding) > [192.168.1.254]: > Administrator password: > Retype password: > ERROR(<class 'samba.provision.ProvisioningError'>): Provision failed > - ProvisioningError: guess_names: Realm 'DUCK' must not be equal to > short domain name 'DUCK'!The above shows the problem, you cannot use the realm name for the netbios domain name (aka workgroup), or to put it another way, your netbios domain name 'DUCK' cannot be the same as your realm 'DUCK'. Is your dns domain really just 'duck' ? If so, I think you need to consider changing it. I suggest you read this: https://wiki.samba.org/index.php/Active_Directory_Naming_FAQ You could use something like 'duck.tld', just don't use the TLD '.local' Rowland
Am 19.07.2018 um 17:50 schrieb Rowland Penny via samba:> On Thu, 19 Jul 2018 17:33:46 +0200 > Anton Blau via samba <samba at lists.samba.org> wrote: > >> Am 19.07.2018 um 10:03 schrieb Rowland Penny via samba: >>> On Wed, 18 Jul 2018 23:21:41 +0200 >>> Anton Blau via samba <samba at lists.samba.org> wrote: >>> >>>> Am 18.07.2018 um 14:17 schrieb Rowland Penny via samba: >>>> >>> > The above shows the problem, you cannot use the realm name for the > netbios domain name (aka workgroup), or to put it another way, your > netbios domain name 'DUCK' cannot be the same as your realm 'DUCK'. > > Is your dns domain really just 'duck' ? > If so, I think you need to consider changing it. > I suggest you read this: > > https://wiki.samba.org/index.php/Active_Directory_Naming_FAQ > > You could use something like 'duck.tld', just don't use the TLD '.local' >O. K. Thank you. Now a new trial: samba-tool domain provision --use-rfc2307 --interactive Realm [DUCK.TLD]: DOMCON.DUCK.TLD Domain [DOMCON]: DUCK.TLD Server Role (dc, member, standalone) [dc]: DNS backend (SAMBA_INTERNAL, BIND9_FLATFILE, BIND9_DLZ, NONE) [SAMBA_INTERNAL]: DNS forwarder IP address (write 'none' to disable forwarding) [192.168.1.254]: Administrator password: Retype password: Looking up IPv4 addresses Looking up IPv6 addresses No IPv6 address will be assigned Setting up secrets.ldb Setting up the registry Setting up the privileges database Setting up idmap db Setting up SAM db Setting up sam.ldb partitions and settings Setting up sam.ldb rootDSE Pre-loading the Samba 4 and AD schema Adding DomainDN: DC=domcon,DC=duck,DC=tld Adding configuration container Setting up sam.ldb schema Setting up sam.ldb configuration data Setting up display specifiers Modifying display specifiers Adding users container Modifying users container Adding computers container Modifying computers container Setting up sam.ldb data Setting up well known security principals Setting up sam.ldb users and groups Setting up self join Adding DNS accounts Creating CN=MicrosoftDNS,CN=System,DC=domcon,DC=duck,DC=tld Creating DomainDnsZones and ForestDnsZones partitions Populating DomainDnsZones and ForestDnsZones partitions Setting up sam.ldb rootDSE marking as synchronized Fixing provision GUIDs A Kerberos configuration suitable for Samba 4 has been generated at /var/lib/samba/private/krb5.conf Setting up fake yp server settings Once the above files are installed, your Samba4 server will be ready to use Server Role: active directory domain controller Hostname: domcon NetBIOS Domain: DUCK.TLD DNS Domain: domcon.duck.tld DOMAIN SID: S-1-5-21-2320560232-2299116025-3491239596 But I get no running SAMBA4: /var/log/syslog: Jul 23 20:49:36 domcon samba[1513]: samba version 4.2.14-Debian started. Jul 23 20:49:36 domcon samba[1513]: Copyright Andrew Tridgell and the Samba Team 1992-2014 Jul 23 20:49:37 domcon samba[1554]: [2018/07/23 20:49:37.084452, 0] ../source4/smbd/server.c:488(binary_smbd_main) Jul 23 20:49:37 domcon samba[1554]: samba: using 'standard' process model Jul 23 20:49:37 domcon samba[1554]: [2018/07/23 20:49:37.094546, 0] ../lib/util/become_daemon.c:124(daemon_ready) Jul 23 20:49:37 domcon samba[1554]: STATUS=daemon 'samba' finished starting up and ready to serve connections Jul 23 20:49:37 domcon winbindd[1621]: [2018/07/23 20:49:37.232947, 0] ../source3/winbindd/winbindd_cache.c:3235(initialize_winbindd_cache) Jul 23 20:49:37 domcon winbindd[1621]: initialize_winbindd_cache: clearing cache and re-creating with version number 2 Jul 23 20:49:37 domcon winbindd[1621]: [2018/07/23 20:49:37.592355, 0] ../lib/util/become_daemon.c:124(daemon_ready) Jul 23 20:49:37 domcon winbindd[1621]: STATUS=daemon 'winbindd' finished starting up and ready to serve connections Jul 23 20:49:37 domcon smbd[1609]: [2018/07/23 20:49:37.973506, 0] ../lib/util/become_daemon.c:124(daemon_ready) Jul 23 20:49:37 domcon smbd[1609]: STATUS=daemon 'smbd' finished starting up and ready to serve connections Jul 23 20:49:38 domcon samba[1619]: [2018/07/23 20:49:38.865881, 0] ../lib/util/util_runcmd.c:324(samba_runcmd_io_handler) Jul 23 20:49:38 domcon samba[1619]: /usr/sbin/samba_dnsupdate: Traceback (most recent call last): Jul 23 20:49:38 domcon samba[1619]: [2018/07/23 20:49:38.865968, 0] ../lib/util/util_runcmd.c:324(samba_runcmd_io_handler) Jul 23 20:49:38 domcon samba[1619]: /usr/sbin/samba_dnsupdate: File "/usr/sbin/samba_dnsupdate", line 614, in <module> Jul 23 20:49:38 domcon samba[1619]: [2018/07/23 20:49:38.866000, 0] ../lib/util/util_runcmd.c:324(samba_runcmd_io_handler) Jul 23 20:49:38 domcon samba[1619]: /usr/sbin/samba_dnsupdate: get_credentials(lp) Jul 23 20:49:38 domcon samba[1619]: [2018/07/23 20:49:38.866026, 0] ../lib/util/util_runcmd.c:324(samba_runcmd_io_handler) Jul 23 20:49:38 domcon samba[1619]: /usr/sbin/samba_dnsupdate: File "/usr/sbin/samba_dnsupdate", line 125, in get_credentials Jul 23 20:49:38 domcon samba[1619]: [2018/07/23 20:49:38.866046, 0] ../lib/util/util_runcmd.c:324(samba_runcmd_io_handler) Jul 23 20:49:38 domcon samba[1619]: /usr/sbin/samba_dnsupdate: raise e Jul 23 20:49:38 domcon samba[1619]: [2018/07/23 20:49:38.866072, 0] ../lib/util/util_runcmd.c:324(samba_runcmd_io_handler) Jul 23 20:49:38 domcon samba[1619]: /usr/sbin/samba_dnsupdate: RuntimeError: kinit for DOMCON$@WORKGROUP failed (Cannot contact any KDC for requested realm) Jul 23 20:49:38 domcon samba[1619]: [2018/07/23 20:49:38.866229, 0] ../lib/util/util_runcmd.c:324(samba_runcmd_io_handler) Jul 23 20:49:38 domcon samba[1619]: /usr/sbin/samba_dnsupdate: Jul 23 20:55:49 domcon smbd[1630]: [2018/07/23 20:55:49.027185, 0] ../lib/util/pidfile.c:153(pidfile_unlink) Jul 23 20:55:49 domcon smbd[1630]: Failed to delete pidfile /var/run/samba/smbd.pid. Error was No such file or directory Jul 23 20:55:49 domcon samba[1607]: [2018/07/23 20:55:49.028182, 0] ../file_server/file_server.c:48(file_server_smbd_done) Jul 23 20:55:49 domcon samba[1607]: file_server smbd daemon exited normally Jul 23 20:55:49 domcon samba[1554]: [2018/07/23 20:55:49.043272, 0] ../source4/smbd/server.c:211(samba_terminate) Jul 23 20:55:49 domcon samba[1554]: samba_terminate: smbd child process exited Jul 23 20:59:37 domcon winbindd[1626]: [2018/07/23 20:59:37.694999, 0] ../source3/winbindd/winbindd_cm.c:1670(wb_open_internal_pipe) Jul 23 20:59:37 domcon winbindd[1626]: open_internal_pipe: Could not connect to lsarpc pipe: NT_STATUS_UNSUCCESSFUL Jul 23 21:04:37 domcon winbindd[1626]: [2018/07/23 21:04:37.695289, 0] ../source3/winbindd/winbindd_cm.c:1670(wb_open_internal_pipe) Jul 23 21:04:37 domcon winbindd[1626]: open_internal_pipe: Could not connect to lsarpc pipe: NT_STATUS_UNSUCCESSFUL Jul 23 21:06:01 domcon CRON[2406]: (root) CMD ( cd / && run-parts --report /etc/cron.hourly)