Am 19.07.2018 um 17:50 schrieb Rowland Penny via samba:> On Thu, 19 Jul 2018 17:33:46 +0200 > Anton Blau via samba <samba at lists.samba.org> wrote: > >> Am 19.07.2018 um 10:03 schrieb Rowland Penny via samba: >>> On Wed, 18 Jul 2018 23:21:41 +0200 >>> Anton Blau via samba <samba at lists.samba.org> wrote: >>> >>>> Am 18.07.2018 um 14:17 schrieb Rowland Penny via samba: >>>> >>> > The above shows the problem, you cannot use the realm name for the > netbios domain name (aka workgroup), or to put it another way, your > netbios domain name 'DUCK' cannot be the same as your realm 'DUCK'. > > Is your dns domain really just 'duck' ? > If so, I think you need to consider changing it. > I suggest you read this: > > https://wiki.samba.org/index.php/Active_Directory_Naming_FAQ > > You could use something like 'duck.tld', just don't use the TLD '.local' >O. K. Thank you. Now a new trial: samba-tool domain provision --use-rfc2307 --interactive Realm [DUCK.TLD]: DOMCON.DUCK.TLD Domain [DOMCON]: DUCK.TLD Server Role (dc, member, standalone) [dc]: DNS backend (SAMBA_INTERNAL, BIND9_FLATFILE, BIND9_DLZ, NONE) [SAMBA_INTERNAL]: DNS forwarder IP address (write 'none' to disable forwarding) [192.168.1.254]: Administrator password: Retype password: Looking up IPv4 addresses Looking up IPv6 addresses No IPv6 address will be assigned Setting up secrets.ldb Setting up the registry Setting up the privileges database Setting up idmap db Setting up SAM db Setting up sam.ldb partitions and settings Setting up sam.ldb rootDSE Pre-loading the Samba 4 and AD schema Adding DomainDN: DC=domcon,DC=duck,DC=tld Adding configuration container Setting up sam.ldb schema Setting up sam.ldb configuration data Setting up display specifiers Modifying display specifiers Adding users container Modifying users container Adding computers container Modifying computers container Setting up sam.ldb data Setting up well known security principals Setting up sam.ldb users and groups Setting up self join Adding DNS accounts Creating CN=MicrosoftDNS,CN=System,DC=domcon,DC=duck,DC=tld Creating DomainDnsZones and ForestDnsZones partitions Populating DomainDnsZones and ForestDnsZones partitions Setting up sam.ldb rootDSE marking as synchronized Fixing provision GUIDs A Kerberos configuration suitable for Samba 4 has been generated at /var/lib/samba/private/krb5.conf Setting up fake yp server settings Once the above files are installed, your Samba4 server will be ready to use Server Role: active directory domain controller Hostname: domcon NetBIOS Domain: DUCK.TLD DNS Domain: domcon.duck.tld DOMAIN SID: S-1-5-21-2320560232-2299116025-3491239596 But I get no running SAMBA4: /var/log/syslog: Jul 23 20:49:36 domcon samba[1513]: samba version 4.2.14-Debian started. Jul 23 20:49:36 domcon samba[1513]: Copyright Andrew Tridgell and the Samba Team 1992-2014 Jul 23 20:49:37 domcon samba[1554]: [2018/07/23 20:49:37.084452, 0] ../source4/smbd/server.c:488(binary_smbd_main) Jul 23 20:49:37 domcon samba[1554]: samba: using 'standard' process model Jul 23 20:49:37 domcon samba[1554]: [2018/07/23 20:49:37.094546, 0] ../lib/util/become_daemon.c:124(daemon_ready) Jul 23 20:49:37 domcon samba[1554]: STATUS=daemon 'samba' finished starting up and ready to serve connections Jul 23 20:49:37 domcon winbindd[1621]: [2018/07/23 20:49:37.232947, 0] ../source3/winbindd/winbindd_cache.c:3235(initialize_winbindd_cache) Jul 23 20:49:37 domcon winbindd[1621]: initialize_winbindd_cache: clearing cache and re-creating with version number 2 Jul 23 20:49:37 domcon winbindd[1621]: [2018/07/23 20:49:37.592355, 0] ../lib/util/become_daemon.c:124(daemon_ready) Jul 23 20:49:37 domcon winbindd[1621]: STATUS=daemon 'winbindd' finished starting up and ready to serve connections Jul 23 20:49:37 domcon smbd[1609]: [2018/07/23 20:49:37.973506, 0] ../lib/util/become_daemon.c:124(daemon_ready) Jul 23 20:49:37 domcon smbd[1609]: STATUS=daemon 'smbd' finished starting up and ready to serve connections Jul 23 20:49:38 domcon samba[1619]: [2018/07/23 20:49:38.865881, 0] ../lib/util/util_runcmd.c:324(samba_runcmd_io_handler) Jul 23 20:49:38 domcon samba[1619]: /usr/sbin/samba_dnsupdate: Traceback (most recent call last): Jul 23 20:49:38 domcon samba[1619]: [2018/07/23 20:49:38.865968, 0] ../lib/util/util_runcmd.c:324(samba_runcmd_io_handler) Jul 23 20:49:38 domcon samba[1619]: /usr/sbin/samba_dnsupdate: File "/usr/sbin/samba_dnsupdate", line 614, in <module> Jul 23 20:49:38 domcon samba[1619]: [2018/07/23 20:49:38.866000, 0] ../lib/util/util_runcmd.c:324(samba_runcmd_io_handler) Jul 23 20:49:38 domcon samba[1619]: /usr/sbin/samba_dnsupdate: get_credentials(lp) Jul 23 20:49:38 domcon samba[1619]: [2018/07/23 20:49:38.866026, 0] ../lib/util/util_runcmd.c:324(samba_runcmd_io_handler) Jul 23 20:49:38 domcon samba[1619]: /usr/sbin/samba_dnsupdate: File "/usr/sbin/samba_dnsupdate", line 125, in get_credentials Jul 23 20:49:38 domcon samba[1619]: [2018/07/23 20:49:38.866046, 0] ../lib/util/util_runcmd.c:324(samba_runcmd_io_handler) Jul 23 20:49:38 domcon samba[1619]: /usr/sbin/samba_dnsupdate: raise e Jul 23 20:49:38 domcon samba[1619]: [2018/07/23 20:49:38.866072, 0] ../lib/util/util_runcmd.c:324(samba_runcmd_io_handler) Jul 23 20:49:38 domcon samba[1619]: /usr/sbin/samba_dnsupdate: RuntimeError: kinit for DOMCON$@WORKGROUP failed (Cannot contact any KDC for requested realm) Jul 23 20:49:38 domcon samba[1619]: [2018/07/23 20:49:38.866229, 0] ../lib/util/util_runcmd.c:324(samba_runcmd_io_handler) Jul 23 20:49:38 domcon samba[1619]: /usr/sbin/samba_dnsupdate: Jul 23 20:55:49 domcon smbd[1630]: [2018/07/23 20:55:49.027185, 0] ../lib/util/pidfile.c:153(pidfile_unlink) Jul 23 20:55:49 domcon smbd[1630]: Failed to delete pidfile /var/run/samba/smbd.pid. Error was No such file or directory Jul 23 20:55:49 domcon samba[1607]: [2018/07/23 20:55:49.028182, 0] ../file_server/file_server.c:48(file_server_smbd_done) Jul 23 20:55:49 domcon samba[1607]: file_server smbd daemon exited normally Jul 23 20:55:49 domcon samba[1554]: [2018/07/23 20:55:49.043272, 0] ../source4/smbd/server.c:211(samba_terminate) Jul 23 20:55:49 domcon samba[1554]: samba_terminate: smbd child process exited Jul 23 20:59:37 domcon winbindd[1626]: [2018/07/23 20:59:37.694999, 0] ../source3/winbindd/winbindd_cm.c:1670(wb_open_internal_pipe) Jul 23 20:59:37 domcon winbindd[1626]: open_internal_pipe: Could not connect to lsarpc pipe: NT_STATUS_UNSUCCESSFUL Jul 23 21:04:37 domcon winbindd[1626]: [2018/07/23 21:04:37.695289, 0] ../source3/winbindd/winbindd_cm.c:1670(wb_open_internal_pipe) Jul 23 21:04:37 domcon winbindd[1626]: open_internal_pipe: Could not connect to lsarpc pipe: NT_STATUS_UNSUCCESSFUL Jul 23 21:06:01 domcon CRON[2406]: (root) CMD ( cd / && run-parts --report /etc/cron.hourly)
On Mon, 23 Jul 2018 23:09:58 +0200 Anton Blau via samba <samba at lists.samba.org> wrote:> Am 19.07.2018 um 17:50 schrieb Rowland Penny via samba: > > On Thu, 19 Jul 2018 17:33:46 +0200 > > Anton Blau via samba <samba at lists.samba.org> wrote: > > > >> Am 19.07.2018 um 10:03 schrieb Rowland Penny via samba: > >>> On Wed, 18 Jul 2018 23:21:41 +0200 > >>> Anton Blau via samba <samba at lists.samba.org> wrote: > >>> > >>>> Am 18.07.2018 um 14:17 schrieb Rowland Penny via samba: > >>>> > >>> > > The above shows the problem, you cannot use the realm name for the > > netbios domain name (aka workgroup), or to put it another way, your > > netbios domain name 'DUCK' cannot be the same as your realm 'DUCK'. > > > > Is your dns domain really just 'duck' ? > > If so, I think you need to consider changing it. > > I suggest you read this: > > > > https://wiki.samba.org/index.php/Active_Directory_Naming_FAQ > > > > You could use something like 'duck.tld', just don't use the TLD > > '.local' > > > > O. K. Thank you. Now a new trial: > > samba-tool domain provision --use-rfc2307 --interactive > Realm [DUCK.TLD]: DOMCON.DUCK.TLD > Domain [DOMCON]: DUCK.TLD > Server Role (dc, member, standalone) [dc]: > DNS backend (SAMBA_INTERNAL, BIND9_FLATFILE, BIND9_DLZ, NONE) > [SAMBA_INTERNAL]: > DNS forwarder IP address (write 'none' to disable forwarding) > [192.168.1.254]: > Administrator password: > Retype password: > Looking up IPv4 addresses > Looking up IPv6 addresses > No IPv6 address will be assigned > Setting up secrets.ldb > Setting up the registry > Setting up the privileges database > Setting up idmap db > Setting up SAM db > Setting up sam.ldb partitions and settings > Setting up sam.ldb rootDSE > Pre-loading the Samba 4 and AD schema > Adding DomainDN: DC=domcon,DC=duck,DC=tld > Adding configuration container > Setting up sam.ldb schema > Setting up sam.ldb configuration data > Setting up display specifiers > Modifying display specifiers > Adding users container > Modifying users container > Adding computers container > Modifying computers container > Setting up sam.ldb data > Setting up well known security principals > Setting up sam.ldb users and groups > Setting up self join > Adding DNS accounts > Creating CN=MicrosoftDNS,CN=System,DC=domcon,DC=duck,DC=tld > Creating DomainDnsZones and ForestDnsZones partitions > Populating DomainDnsZones and ForestDnsZones partitions > Setting up sam.ldb rootDSE marking as synchronized > Fixing provision GUIDs > A Kerberos configuration suitable for Samba 4 has been generated at > /var/lib/samba/private/krb5.conf > Setting up fake yp server settings > Once the above files are installed, your Samba4 server will be ready > to use Server Role: active directory domain controller > Hostname: domcon > NetBIOS Domain: DUCK.TLD > DNS Domain: domcon.duck.tld > DOMAIN SID: S-1-5-21-2320560232-2299116025-3491239596 > > But I get no running SAMBA4: > > /var/log/syslog: > > Jul 23 20:49:36 domcon samba[1513]: samba version 4.2.14-Debian > started. Jul 23 20:49:36 domcon samba[1513]: Copyright Andrew > Tridgell and the Samba Team 1992-2014 > Jul 23 20:49:37 domcon samba[1554]: [2018/07/23 20:49:37.084452, 0] > ../source4/smbd/server.c:488(binary_smbd_main) > Jul 23 20:49:37 domcon samba[1554]: samba: using 'standard' process > model Jul 23 20:49:37 domcon samba[1554]: [2018/07/23 > 20:49:37.094546, 0] ../lib/util/become_daemon.c:124(daemon_ready) > Jul 23 20:49:37 domcon samba[1554]: STATUS=daemon 'samba' finished > starting up and ready to serve connections > Jul 23 20:49:37 domcon winbindd[1621]: [2018/07/23 20:49:37.232947, > 0] ../source3/winbindd/winbindd_cache.c:3235(initialize_winbindd_cache) > Jul 23 20:49:37 domcon winbindd[1621]: initialize_winbindd_cache: > clearing cache and re-creating with version number 2 > Jul 23 20:49:37 domcon winbindd[1621]: [2018/07/23 20:49:37.592355, > 0] ../lib/util/become_daemon.c:124(daemon_ready) > Jul 23 20:49:37 domcon winbindd[1621]: STATUS=daemon 'winbindd' > finished starting up and ready to serve connections > Jul 23 20:49:37 domcon smbd[1609]: [2018/07/23 20:49:37.973506, 0] > ../lib/util/become_daemon.c:124(daemon_ready) > Jul 23 20:49:37 domcon smbd[1609]: STATUS=daemon 'smbd' finished > starting up and ready to serve connections > Jul 23 20:49:38 domcon samba[1619]: [2018/07/23 20:49:38.865881, 0] > ../lib/util/util_runcmd.c:324(samba_runcmd_io_handler) > Jul 23 20:49:38 domcon samba[1619]: /usr/sbin/samba_dnsupdate: > Traceback (most recent call last): > Jul 23 20:49:38 domcon samba[1619]: [2018/07/23 20:49:38.865968, 0] > ../lib/util/util_runcmd.c:324(samba_runcmd_io_handler) > Jul 23 20:49:38 domcon samba[1619]: /usr/sbin/samba_dnsupdate: File > "/usr/sbin/samba_dnsupdate", line 614, in <module> > Jul 23 20:49:38 domcon samba[1619]: [2018/07/23 20:49:38.866000, 0] > ../lib/util/util_runcmd.c:324(samba_runcmd_io_handler) > Jul 23 20:49:38 domcon samba[1619]: /usr/sbin/samba_dnsupdate: > get_credentials(lp) > Jul 23 20:49:38 domcon samba[1619]: [2018/07/23 20:49:38.866026, 0] > ../lib/util/util_runcmd.c:324(samba_runcmd_io_handler) > Jul 23 20:49:38 domcon samba[1619]: /usr/sbin/samba_dnsupdate: File > "/usr/sbin/samba_dnsupdate", line 125, in get_credentials > Jul 23 20:49:38 domcon samba[1619]: [2018/07/23 20:49:38.866046, 0] > ../lib/util/util_runcmd.c:324(samba_runcmd_io_handler) > Jul 23 20:49:38 domcon samba[1619]: /usr/sbin/samba_dnsupdate: > raise e Jul 23 20:49:38 domcon samba[1619]: [2018/07/23 > 20:49:38.866072, > 0] ../lib/util/util_runcmd.c:324(samba_runcmd_io_handler) Jul 23 > 20:49:38 domcon samba[1619]: /usr/sbin/samba_dnsupdate: > RuntimeError: kinit for DOMCON$@WORKGROUP failed (Cannot contact any > KDC for requested realm) Jul 23 20:49:38 domcon samba[1619]: > [2018/07/23 20:49:38.866229, > 0] ../lib/util/util_runcmd.c:324(samba_runcmd_io_handler) Jul 23 > 20:49:38 domcon samba[1619]: /usr/sbin/samba_dnsupdate: Jul 23 > 20:55:49 domcon smbd[1630]: [2018/07/23 20:55:49.027185, > 0] ../lib/util/pidfile.c:153(pidfile_unlink) Jul 23 20:55:49 domcon > smbd[1630]: Failed to delete pidfile /var/run/samba/smbd.pid. Error > was No such file or directory Jul 23 20:55:49 domcon samba[1607]: > [2018/07/23 20:55:49.028182, > 0] ../file_server/file_server.c:48(file_server_smbd_done) Jul 23 > 20:55:49 domcon samba[1607]: file_server smbd daemon exited normally > Jul 23 20:55:49 domcon samba[1554]: [2018/07/23 20:55:49.043272, 0] > ../source4/smbd/server.c:211(samba_terminate) > Jul 23 20:55:49 domcon samba[1554]: samba_terminate: smbd child > process exited > Jul 23 20:59:37 domcon winbindd[1626]: [2018/07/23 20:59:37.694999, > 0] ../source3/winbindd/winbindd_cm.c:1670(wb_open_internal_pipe) > Jul 23 20:59:37 domcon winbindd[1626]: open_internal_pipe: Could > not connect to lsarpc pipe: NT_STATUS_UNSUCCESSFUL > Jul 23 21:04:37 domcon winbindd[1626]: [2018/07/23 21:04:37.695289, > 0] ../source3/winbindd/winbindd_cm.c:1670(wb_open_internal_pipe) > Jul 23 21:04:37 domcon winbindd[1626]: open_internal_pipe: Could > not connect to lsarpc pipe: NT_STATUS_UNSUCCESSFUL > Jul 23 21:06:01 domcon CRON[2406]: (root) CMD ( cd / && run-parts > --report /etc/cron.hourly) > > >Is there some reason why you are using an EOL version of Samba ? Not saying this is your problem, but you stand more chance of getting help if you use a much more recent version of Samba. As you seem to be using Debian, you can a very recent version here: http://apt.van-belle.nl/ You know seem to be able to provision Samba correctly, but is the OS set up correctly to use it ? can you post: /etc/hosts /etc/hostname /etc/resolv.conf /etc/krb5.conf /etc/samba/smb.conf Rowland
Am 23.07.2018 um 23:27 schrieb Rowland Penny via samba:> On Mon, 23 Jul 2018 23:09:58 +0200 > Anton Blau via samba <samba at lists.samba.org> wrote: > >> Am 19.07.2018 um 17:50 schrieb Rowland Penny via samba: >>> On Thu, 19 Jul 2018 17:33:46 +0200 >>> Anton Blau via samba <samba at lists.samba.org> wrote: >>> >>>> Am 19.07.2018 um 10:03 schrieb Rowland Penny via samba: >>>>> On Wed, 18 Jul 2018 23:21:41 +0200 >>>>> Anton Blau via samba <samba at lists.samba.org> wrote: >>>>> >>>>>> Am 18.07.2018 um 14:17 schrieb Rowland Penny via samba: >>>>>> >>>>> > Is there some reason why you are using an EOL version of Samba ? > Not saying this is your problem, but you stand more chance of getting > help if you use a much more recent version of Samba. > As you seem to be using Debian, you can a very recent version here: > > http://apt.van-belle.nl/O. K. I updated sambe with theese packages.> You know seem to be able to provision Samba correctly, but is the OS > set up correctly to use it ? > > can you post: > /etc/hosts127.0.0.1 localhost 127.0.1.1 domain-controller #Required for IPv6 capable hosts ::1 ip6-localhost ip6-loopback fe00::0 ip6-localnet ff00::0 ip6-mcastprefix ff02::1 ip6-allnodes ff02::2 ip6-allrouters ff02::3 ip6-allhosts # --- BEGIN PVE --- 192.168.1.221 domcon.duck.tld domcon # --- END PVE ---> /etc/hostnamedomcon> /etc/resolv.conf# --- BEGIN PVE --- search duck nameserver 192.168.1.254 # --- END PVE ---> /etc/krb5.conf[libdefaults] default_realm = DOMCON.DUCK.TLD dns_lookup_realm = false dns_lookup_kdc = true> /etc/samba/smb.conf# Global parameters [global] workgroup = DUCK.TLD realm = DOMCON.DUCK.TLD netbios name = DOMCON server role = active directory domain controller dns forwarder = 192.168.1.254 idmap_ldb:use rfc2307 = yes [netlogon] path = /var/lib/samba/sysvol/domcon.duck.tld/scripts read only = No [sysvol] path = /var/lib/samba/sysvol read only = No /var/log/syslog: Jul 24 21:17:21 domcon samba[2339]: samba version 4.5.12-Debian started. Jul 24 21:17:21 domcon samba[2339]: Copyright Andrew Tridgell and the Samba Team 1992-2016 Jul 24 21:17:21 domcon samba[2340]: [2018/07/24 21:17:21.205327, 0] ../source4/smbd/server.c:479(binary_smbd_main) Jul 24 21:17:21 domcon samba[2340]: samba: using 'standard' process model Jul 24 21:17:21 domcon samba[2340]: [2018/07/24 21:17:21.219655, 0] ../lib/util/become_daemon.c:124(daemon_ready) Jul 24 21:17:21 domcon samba[2340]: STATUS=daemon 'samba' finished starting up and ready to serve connections Jul 24 21:17:21 domcon winbindd[2384]: [2018/07/24 21:17:21.317117, 0] ../source3/winbindd/winbindd_cache.c:3244(initialize_winbindd_cache) Jul 24 21:17:21 domcon winbindd[2384]: initialize_winbindd_cache: clearing cache and re-creating with version number 2 Jul 24 21:17:21 domcon winbindd[2384]: [2018/07/24 21:17:21.502653, 0] ../lib/util/become_daemon.c:124(daemon_ready) Jul 24 21:17:21 domcon winbindd[2384]: STATUS=daemon 'winbindd' finished starting up and ready to serve connections Jul 24 21:17:21 domcon smbd[2372]: [2018/07/24 21:17:21.606980, 0] ../lib/util/become_daemon.c:124(daemon_ready) Jul 24 21:17:21 domcon smbd[2372]: STATUS=daemon 'smbd' finished starting up and ready to serve connections Jul 24 21:17:21 domcon samba[2382]: [2018/07/24 21:17:21.994630, 0] ../lib/util/util_runcmd.c:316(samba_runcmd_io_handler) Jul 24 21:17:21 domcon samba[2382]: /usr/sbin/samba_dnsupdate: ERROR: Record already exists Jul 24 21:17:22 domcon samba[2382]: [2018/07/24 21:17:22.003849, 0] ../lib/util/util_runcmd.c:316(samba_runcmd_io_handler) Jul 24 21:17:22 domcon samba[2382]: /usr/sbin/samba_dnsupdate: ERROR: Record already exists Jul 24 21:17:22 domcon samba[2382]: [2018/07/24 21:17:22.014071, 0] ../lib/util/util_runcmd.c:316(samba_runcmd_io_handler) Jul 24 21:17:22 domcon samba[2382]: /usr/sbin/samba_dnsupdate: ERROR: Record already exists Jul 24 21:17:22 domcon samba[2382]: [2018/07/24 21:17:22.023499, 0] ../lib/util/util_runcmd.c:316(samba_runcmd_io_handler) Jul 24 21:17:22 domcon samba[2382]: /usr/sbin/samba_dnsupdate: ERROR: Record already exists Jul 24 21:17:22 domcon samba[2382]: [2018/07/24 21:17:22.033289, 0] ../lib/util/util_runcmd.c:316(samba_runcmd_io_handler) Jul 24 21:17:22 domcon samba[2382]: /usr/sbin/samba_dnsupdate: ERROR: Record already exists Jul 24 21:17:22 domcon samba[2382]: [2018/07/24 21:17:22.043316, 0] ../lib/util/util_runcmd.c:316(samba_runcmd_io_handler) Jul 24 21:17:22 domcon samba[2382]: /usr/sbin/samba_dnsupdate: ERROR: Record already exists Jul 24 21:17:22 domcon samba[2382]: [2018/07/24 21:17:22.050817, 0] ../lib/util/util_runcmd.c:316(samba_runcmd_io_handler) Jul 24 21:17:22 domcon samba[2382]: /usr/sbin/samba_dnsupdate: ERROR: Record already exists