Viktor Trojanovic
2019-May-26 17:17 UTC
[Samba] Please help with Samba AD DC after restore from backup
I just did a restore of a backed up Samba DC and as feared, I'm running into issues that have kept me for hours on this already. Everything seems fine at first sight. The daemon (samba-ad-dc, 4.10, on Ubuntu Bionic) starts properly and without error messages in any log, even with increased level 3. Most of the typical testing and troubleshooting commands give the correct output. Specifically, all the host commands mentioned in the wiki work, so (internal) DNS seems to work fine. kinit and klist work, too, so I guess Kerberos is set up correctly. What doesn't seem to work fully, however, is the file server. I can run smbclient -L DC1 -U% just fine. But when I switch DC1 for localhost, I get an error message. Connection to localhost failed (Error NT_STATUS_CONNECTION_REFUSED) I'm not sure if it matters, but no matter if I choose localhost or DC1, it also says "Unable to initialize messaging context". I couldn't find a clear reference as to what this means. What I further noticed is that I cannot seem to access "DC1" from other stations. I can ping the address 192.168.1.1, but running "nslookup DC1" gives an error ** server can't find dc1: SERVFAIL It seems to me as if most of the DC is working fine but one element is screwed up. Hopefully someone can guide me in the right direction to solve this. /etc/samba/smb.conf [global] workgroup = SAMDOM realm = SAMDOM.EXAMPLE.COM netbios name = DC1 server role = active directory domain controller dns forwarder = 8.8.8.8 idmap_ldb:use rfc2307 = yes interfaces = eth0 bind interfaces only = Yes tls enabled = no log level = 3 [netlogon] path = /var/lib/samba/sysvol/samdom.example.com/scripts read only = No acl_xattr:ignore system acls = yes [sysvol] path = /var/lib/samba/sysvol read only = No acl_xattr:ignore system acls = yes /etc/hosts 127.0.0.1 localhost 192.168.1.1 dc1.samdom.example.com dc1 /etc/hostname DC1 /etc/resolv.conf nameserver 192.168.1.1 search samdom.example.com
Viktor Trojanovic
2019-May-26 17:28 UTC
[Samba] Please help with Samba AD DC after restore from backup
Small update: I added "lo" to the interfaces in smb.conf, now smbclient works also on localhost. But both the other problems remain as described for now. On Sun, 26 May 2019 at 19:17, Viktor Trojanovic <viktor at troja.ch> wrote:> I just did a restore of a backed up Samba DC and as feared, I'm running > into issues that have kept me for hours on this already. > > Everything seems fine at first sight. The daemon (samba-ad-dc, 4.10, on > Ubuntu Bionic) starts properly and without error messages in any log, even > with increased level 3. Most of the typical testing and troubleshooting > commands give the correct output. > > Specifically, all the host commands mentioned in the wiki work, so > (internal) DNS seems to work fine. kinit and klist work, too, so I guess > Kerberos is set up correctly. What doesn't seem to work fully, however, is > the file server. > > I can run > > smbclient -L DC1 -U% > > just fine. But when I switch DC1 for localhost, I get an error message. > > Connection to localhost failed (Error NT_STATUS_CONNECTION_REFUSED) > > I'm not sure if it matters, but no matter if I choose localhost or DC1, it > also says "Unable to initialize messaging context". I couldn't find a clear > reference as to what this means. > > What I further noticed is that I cannot seem to access "DC1" from other > stations. I can ping the address 192.168.1.1, but running "nslookup DC1" > gives an error > > ** server can't find dc1: SERVFAIL > > It seems to me as if most of the DC is working fine but one element is > screwed up. Hopefully someone can guide me in the right direction to solve > this. > > /etc/samba/smb.conf > [global] > workgroup = SAMDOM > realm = SAMDOM.EXAMPLE.COM > netbios name = DC1 > server role = active directory domain controller > dns forwarder = 8.8.8.8 > idmap_ldb:use rfc2307 = yes > interfaces = eth0 > bind interfaces only = Yes > tls enabled = no > log level = 3 > > [netlogon] > path = /var/lib/samba/sysvol/samdom.example.com/scripts > read only = No > acl_xattr:ignore system acls = yes > > [sysvol] > path = /var/lib/samba/sysvol > read only = No > acl_xattr:ignore system acls = yes > > /etc/hosts > 127.0.0.1 localhost > 192.168.1.1 dc1.samdom.example.com dc1 > > /etc/hostname > DC1 > > /etc/resolv.conf > nameserver 192.168.1.1 > search samdom.example.com > > >
Rowland penny
2019-May-26 17:53 UTC
[Samba] Please help with Samba AD DC after restore from backup
On 26/05/2019 18:28, Viktor Trojanovic via samba wrote:> Small update: I added "lo" to the interfaces in smb.conf, now smbclient > works also on localhost. But both the other problems remain as described > for now. > > On Sun, 26 May 2019 at 19:17, Viktor Trojanovic <viktor at troja.ch> wrote: > >> I just did a restore of a backed up Samba DC and as feared, I'm running >> into issues that have kept me for hours on this already. >> >> Everything seems fine at first sight. The daemon (samba-ad-dc, 4.10, on >> Ubuntu Bionic) starts properly and without error messages in any log, even >> with increased level 3. Most of the typical testing and troubleshooting >> commands give the correct output. >> >> Specifically, all the host commands mentioned in the wiki work, so >> (internal) DNS seems to work fine. kinit and klist work, too, so I guess >> Kerberos is set up correctly. What doesn't seem to work fully, however, is >> the file server. >> >> I can run >> >> smbclient -L DC1 -U% >> >> just fine. But when I switch DC1 for localhost, I get an error message. >> >> Connection to localhost failed (Error NT_STATUS_CONNECTION_REFUSED) >> >> I'm not sure if it matters, but no matter if I choose localhost or DC1, it >> also says "Unable to initialize messaging context". I couldn't find a clear >> reference as to what this means. >> >> What I further noticed is that I cannot seem to access "DC1" from other >> stations. I can ping the address 192.168.1.1, but running "nslookup DC1" >> gives an error >> >> ** server can't find dc1: SERVFAIL >> >> It seems to me as if most of the DC is working fine but one element is >> screwed up. Hopefully someone can guide me in the right direction to solve >> this. >> >> /etc/samba/smb.conf >> [global] >> workgroup = SAMDOM >> realm = SAMDOM.EXAMPLE.COM >> netbios name = DC1 >> server role = active directory domain controller >> dns forwarder = 8.8.8.8 >> idmap_ldb:use rfc2307 = yes >> interfaces = eth0 >> bind interfaces only = Yes >> tls enabled = no >> log level = 3 >> >> [netlogon] >> path = /var/lib/samba/sysvol/samdom.example.com/scripts >> read only = No >> acl_xattr:ignore system acls = yes >> >> [sysvol] >> path = /var/lib/samba/sysvol >> read only = No >> acl_xattr:ignore system acls = yes >> >> /etc/hosts >> 127.0.0.1 localhost >> 192.168.1.1 dc1.samdom.example.com dc1 >> >> /etc/hostname >> DC1 >> >> /etc/resolv.conf >> nameserver 192.168.1.1 >> search samdom.example.com >> >> >>Everything looks okay, just a few thoughts/comments You get 'Unable to initialize messaging context' if you are not root when running smbclient. Is the time on the DC correct ? Why do you have 'tls enabled = no' ? I know you have restored Samba from a backup, but what about the OS, is everything exactly the same as before you needed to restore ? Have you checked if the dns server is actually running on port 53 and if something is, that it is the DC and not something else ? Rowland
Seemingly Similar Threads
- Please help with Samba AD DC after restore from backup
- Please help with Samba AD DC after restore from backup
- I can't get Win10 clients to sync time with the DC
- Please help with Samba AD DC after restore from backup
- After upgrade to 4.9.4, internal DNS no longer working