On Mon, 6 May 2019 09:47:44 +0000 Praveen Ghimire via samba <samba at lists.samba.org> wrote:> Hi Louis, > > Thank you for that. > > I don’t have a /var/lib/samba/bind-dns/dns/ , only > have /var/lib/samba/private/dns. > > Apparmor is now stopped and masked. I had masked the smbd and nmbd > post the migration, have masked the winbind now. > > Have edited samba and bind as per your suggestion, changed the > named.conf.options and krb5.conf > > Rebooted the server post the changes and tried to join a windows 7 > machine again, same message in the logs. I used my account this time > > I suspect an issue here, especially the last line. This is from the > log.192.168.14.153 (samba log) > > Adding homes service for user 'LIN\pghimire' using home directory: > '/home/LIN/pghimire' get_auth_event_server: Failed to find > 'auth_event' registered on the message bus to send JSON > authentication events to: NT_STATUS_OBJECT_NAME_NOT_FOUND [2019/05/06 > 09:39:15.172941, > 2] ../source3/modules/vfs_acl_xattr.c:236(connect_acl_xattr) > connect_acl_xattr: setting 'inherit acls = true' 'dos filemode > true' and 'force unknown acl user = true' for service IPC$ > [2019/05/06 09:39:15.174415, > 4] ../source3/smbd/sec_ctx.c:320(set_sec_ctx_internal) setting sec > ctx (1153, 100) - sec_ctx_stack_ndx = 0 [2019/05/06 09:39:15.174700, > 0] ../source3/lib/util.c:815(smb_panic_s3) PANIC (pid 351): > sys_setgroups failed > >You originally posted you are using Ubuntu 18.04, was this a typo: Samba Version 4.6.7 Should it have been 4.7.6 ? You shouldn't be getting a panic, is anything getting in the way ? I would stop Aparmor and any firewall, double check you have all the required packages installed. You mentioned that you started this as a migration, but from what ? Did you run the classicupgrade tool and if so how ? Did you provision a new domain and if so how ? Did you do something else ?? Rowland
Hi Rowland, Sorry about the confusion. It is Ubuntu 18.04 with Samba 4.7.6 I have a script that installs the following apt-get install -y acl attr autoconf bind9utils bison build-essential \ debhelper dnsutils docbook-xml docbook-xsl flex gdb libjansson-dev \ libacl1-dev libaio-dev libarchive-dev libattr1-dev libblkid-dev libbsd-dev \ libcap-dev libcups2-dev libgnutls28-dev libjson-perl \ libldap2-dev libncurses5-dev libpam0g-dev libparse-yapp-perl \ libpopt-dev libreadline-dev nettle-dev perl perl-modules pkg-config \ python-all-dev python-crypto python-dbg python-dev python-dnspython \ python3-dnspython python-markdown python3-markdown \ python3-dev xsltproc zlib1g-dev liblmdb-dev lmdb-utils libnss-winbind apt-get install -y krb5-user apt-get install -y python-gpgme python3-gpgme I found that the python-gpgme and pythom3-gpgme gave error about dependencies. Apart from I am just installing samba, samba-common and bind9 The current production server (non-AD) is running Ubuntu 16.04 (Samba 4.3.11). Our plan is to run up a new Ubuntu 18.04 server ,transfer the config. Then let the server run for a few days to make sure everything works fine pre-migration. Then migrate to AD I have been testing the above in an Ubuntu 18.04 environment. It seems to work i.e. joining machines to domain, accessing shares etc. I then run the classicupgrade. The issues I've highlighted is post the classicupgrade. To classicupgrade, I followed the document about the upgrade. Basically check duplicate RIDs, remove well know group etc. Then run the following https://wiki.samba.org/index.php/Migrating_a_Samba_NT4_Domain_to_Samba_AD_(Classic_Upgrade) samba-tool domain classicupgrade --dbdir=/var/lib/samba.PDC/dbdir ....... choosing BIND_DLZ I've stopped UFW and disabled apparmor Regards, Praveen Ghimire -----Original Message----- From: samba [mailto:samba-bounces at lists.samba.org] On Behalf Of Rowland Penny via samba Sent: Monday, 6 May 2019 8:26 PM To: samba at lists.samba.org Subject: Re: [Samba] Doman join issues On Mon, 6 May 2019 09:47:44 +0000 Praveen Ghimire via samba <samba at lists.samba.org> wrote:> Hi Louis, > > Thank you for that. > > I don’t have a /var/lib/samba/bind-dns/dns/ , only have > /var/lib/samba/private/dns. > > Apparmor is now stopped and masked. I had masked the smbd and nmbd > post the migration, have masked the winbind now. > > Have edited samba and bind as per your suggestion, changed the > named.conf.options and krb5.conf > > Rebooted the server post the changes and tried to join a windows 7 > machine again, same message in the logs. I used my account this time > > I suspect an issue here, especially the last line. This is from the > log.192.168.14.153 (samba log) > > Adding homes service for user 'LIN\pghimire' using home directory: > '/home/LIN/pghimire' get_auth_event_server: Failed to find > 'auth_event' registered on the message bus to send JSON authentication > events to: NT_STATUS_OBJECT_NAME_NOT_FOUND [2019/05/06 > 09:39:15.172941, 2] > ../source3/modules/vfs_acl_xattr.c:236(connect_acl_xattr) > connect_acl_xattr: setting 'inherit acls = true' 'dos filemode = true' > and 'force unknown acl user = true' for service IPC$ > [2019/05/06 09:39:15.174415, > 4] ../source3/smbd/sec_ctx.c:320(set_sec_ctx_internal) setting sec ctx > (1153, 100) - sec_ctx_stack_ndx = 0 [2019/05/06 09:39:15.174700, 0] > ../source3/lib/util.c:815(smb_panic_s3) PANIC (pid 351): > sys_setgroups failed > >You originally posted you are using Ubuntu 18.04, was this a typo: Samba Version 4.6.7 Should it have been 4.7.6 ? You shouldn't be getting a panic, is anything getting in the way ? I would stop Aparmor and any firewall, double check you have all the required packages installed. You mentioned that you started this as a migration, but from what ? Did you run the classicupgrade tool and if so how ? Did you provision a new domain and if so how ? Did you do something else ?? Rowland -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba ______________________________________________________________________ This email has been scanned by the Symantec Email Security.cloud service. For more information please visit http://www.symanteccloud.com ______________________________________________________________________
Hai Praveen, Why are you installing the needed build set to build samba while your installing packages. Thats an overkill in packages. All you need is this for AD DC with bind9_DLZ and time service: apt install samba winbind ntp bind9 binutils ldb-tools krb5-user libnss-winbind libpam-winbind If this is the base for a new AD-DC setup/network, then i say format it. ( yes sorry.. ) Start over. Now, read : https://github.com/thctlo/samba4/blob/master/full-howto-Ubuntu18.04-samba-AD_DC.txt That works and is well tested. And if you hit an error, mail the list, i'll have a look at it. Greetz, Louis> -----Oorspronkelijk bericht----- > Van: samba [mailto:samba-bounces at lists.samba.org] Namens > Praveen Ghimire via samba > Verzonden: maandag 6 mei 2019 13:12 > Aan: 'Rowland Penny' > CC: samba at lists.samba.org > Onderwerp: Re: [Samba] Doman join issues > > Hi Rowland, > > Sorry about the confusion. It is Ubuntu 18.04 with Samba 4.7.6 > > I have a script that installs the following > > apt-get install -y acl attr autoconf bind9utils bison > build-essential \ > debhelper dnsutils docbook-xml docbook-xsl flex gdb libjansson-dev \ > libacl1-dev libaio-dev libarchive-dev libattr1-dev > libblkid-dev libbsd-dev \ > libcap-dev libcups2-dev libgnutls28-dev libjson-perl \ > libldap2-dev libncurses5-dev libpam0g-dev libparse-yapp-perl \ > libpopt-dev libreadline-dev nettle-dev perl perl-modules > pkg-config \ > python-all-dev python-crypto python-dbg python-dev > python-dnspython \ > python3-dnspython python-markdown python3-markdown \ > python3-dev xsltproc zlib1g-dev liblmdb-dev lmdb-utils > libnss-winbind > apt-get install -y krb5-user > apt-get install -y python-gpgme python3-gpgme > > I found that the python-gpgme and pythom3-gpgme gave error > about dependencies. Apart from I am just installing samba, > samba-common and bind9 > > The current production server (non-AD) is running Ubuntu > 16.04 (Samba 4.3.11). Our plan is to run up a new Ubuntu > 18.04 server ,transfer the config. Then let the server run > for a few days to make sure everything works fine > pre-migration. Then migrate to AD > > I have been testing the above in an Ubuntu 18.04 environment. > It seems to work i.e. joining machines to domain, accessing > shares etc. I then run the classicupgrade. The issues I've > highlighted is post the classicupgrade. > > To classicupgrade, I followed the document about the upgrade. > Basically check duplicate RIDs, remove well know group etc. > Then run the following > https://wiki.samba.org/index.php/Migrating_a_Samba_NT4_Domain_to_Samba_AD_(Classic_Upgrade)> > > samba-tool domain classicupgrade > --dbdir=/var/lib/samba.PDC/dbdir ....... choosing BIND_DLZ > > I've stopped UFW and disabled apparmor > > > Regards, > Praveen Ghimire > > > > > > > > > > > > -----Original Message----- > From: samba [mailto:samba-bounces at lists.samba.org] On Behalf > Of Rowland Penny via samba > Sent: Monday, 6 May 2019 8:26 PM > To: samba at lists.samba.org > Subject: Re: [Samba] Doman join issues > > On Mon, 6 May 2019 09:47:44 +0000 > Praveen Ghimire via samba <samba at lists.samba.org> wrote: > > > Hi Louis, > > > > Thank you for that. > > > > I don’t have a /var/lib/samba/bind-dns/dns/ , only have > > /var/lib/samba/private/dns. > > > > Apparmor is now stopped and masked. I had masked the smbd and nmbd > > post the migration, have masked the winbind now. > > > > Have edited samba and bind as per your suggestion, changed the > > named.conf.options and krb5.conf > > > > Rebooted the server post the changes and tried to join a windows 7 > > machine again, same message in the logs. I used my account this time > > > > I suspect an issue here, especially the last line. This is from the > > log.192.168.14.153 (samba log) > > > > Adding homes service for user 'LIN\pghimire' using home directory: > > '/home/LIN/pghimire' get_auth_event_server: Failed to find > > 'auth_event' registered on the message bus to send JSON > authentication > > events to: NT_STATUS_OBJECT_NAME_NOT_FOUND [2019/05/06 > > 09:39:15.172941, 2] > > ../source3/modules/vfs_acl_xattr.c:236(connect_acl_xattr) > > connect_acl_xattr: setting 'inherit acls = true' 'dos > filemode = true' > > and 'force unknown acl user = true' for service IPC$ > > [2019/05/06 09:39:15.174415, > > 4] ../source3/smbd/sec_ctx.c:320(set_sec_ctx_internal) > setting sec ctx > > (1153, 100) - sec_ctx_stack_ndx = 0 [2019/05/06 09:39:15.174700, 0] > > ../source3/lib/util.c:815(smb_panic_s3) PANIC (pid 351): > > sys_setgroups failed > > > > > > You originally posted you are using Ubuntu 18.04, was this a typo: > > Samba Version 4.6.7 > > Should it have been 4.7.6 ? > > You shouldn't be getting a panic, is anything getting in the way ? > I would stop Aparmor and any firewall, double check you have > all the required packages installed. > You mentioned that you started this as a migration, but from what ? > Did you run the classicupgrade tool and if so how ? > Did you provision a new domain and if so how ? > Did you do something else ?? > > Rowland > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba > > ______________________________________________________________________ > This email has been scanned by the Symantec Email > Security.cloud service. > For more information please visit > http://www.symanteccloud.com > ______________________________________________________________________ > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba > >
On Mon, 6 May 2019 11:12:17 +0000 Praveen Ghimire <PGhimire at sundata.com.au> wrote:> Hi Rowland, > > Sorry about the confusion. It is Ubuntu 18.04 with Samba 4.7.6 > > I have a script that installs the following > > apt-get install -y acl attr autoconf bind9utils bison build-essential > \ debhelper dnsutils docbook-xml docbook-xsl flex gdb libjansson-dev \ > libacl1-dev libaio-dev libarchive-dev libattr1-dev libblkid-dev > libbsd-dev \ libcap-dev libcups2-dev libgnutls28-dev libjson-perl \ > libldap2-dev libncurses5-dev libpam0g-dev libparse-yapp-perl \ > libpopt-dev libreadline-dev nettle-dev perl perl-modules pkg-config > \ python-all-dev python-crypto python-dbg python-dev python-dnspython > \ python3-dnspython python-markdown python3-markdown \ > python3-dev xsltproc zlib1g-dev liblmdb-dev lmdb-utils > libnss-winbind apt-get install -y krb5-user > apt-get install -y python-gpgme python3-gpgme > > I found that the python-gpgme and pythom3-gpgme gave error about > dependencies. Apart from I am just installing samba, samba-common and > bind9Big problems there, you are installing the packages to build Samba and you have installed python3 packages, you do not need these for 4.7.6, you need python2> > The current production server (non-AD) is running Ubuntu 16.04 (Samba > 4.3.11). Our plan is to run up a new Ubuntu 18.04 server ,transfer > the config. Then let the server run for a few days to make sure > everything works fine pre-migration. Then migrate to AD > > I have been testing the above in an Ubuntu 18.04 environment. It > seems to work i.e. joining machines to domain, accessing shares etc. > I then run the classicupgrade. The issues I've highlighted is post > the classicupgrade.I personally would have stuck with 16.04 to do the classicupgrade, then, after the upgrade, join a new 18.04 AD DC to that, transfer the FSMO roles and demote the 16.04 DC. Rowland