On 07/25/2019 10:10 AM, Rowland penny via samba wrote:> How are you logging in to the DC and who as ? > > If I login as the user 'rowland' to one of my DCs I get this prompt: > > SAMDOM\rowland at dc4:~$ > > If I login as root, I get this: > > root at dc4:~# > > Your prompt is: > > athena:~# > > Which I think means you are doing this as 'root', so you should be > able to kinit as Administrator and get this response:Yes, I'm logged in as root.> > root at dc4:~# kinit Administrator > Password for Administrator at SAMDOM.EXAMPLE.COM: > root at dc4:~# samba-tool dns serverinfo dc4 > ? dwVersion?????????????????? : 0xece0205 > ? fBootMethod???????????????? : DNS_BOOT_METHOD_DIRECTORY > ? fAdminConfigured??????????? : FALSE > ? fAllowUpdate??????????????? : TRUE > ? fDsAvailable??????????????? : TRUE > ? ............................... > ? ..................... > ? .............. > ? ..........Every time I do kinit Administrator I get prompted for a password and then nothing returns. If I do klist I get this: athena:~# klist Ticket cache: FILE:/tmp/krb5cc_0 Default principal: Administrator at EDM-INC.COM Valid starting?????? Expires????????????? Service principal 07/25/2019 10:23:36? 07/25/2019 20:23:36 krbtgt/EDM-INC.COM at EDM-INC.COM ??????? renew until 07/26/2019 10:23:30> > If you run, on 'athena': > > getent passwd Administrator > > You should get something similar to this (if you have set up the > libnns-winbind links): > > SAMDOM\administrator:*:0:10000::/home/SAMDOM/administrator:/bin/false > > The first '0' is the important item, if it isn't '0', then > 'Administrator' is just a normal user, as far as Unix is concerned.If I run getent passwd Administrator nothing returns. -- Bob Wooldridge EDM Incorporated
On 25/07/2019 16:26, Robert A Wooldridge via samba wrote:> Every time I do kinit Administrator I get prompted for a password and > then nothing returns.That is correct, it doesn't return anything except on error> If I do klist I get this: > athena:~# klist > Ticket cache: FILE:/tmp/krb5cc_0 > Default principal: Administrator at EDM-INC.COM > > Valid starting?????? Expires????????????? Service principal > 07/25/2019 10:23:36? 07/25/2019 20:23:36 krbtgt/EDM-INC.COM at EDM-INC.COM > ??????? renew until 07/26/2019 10:23:30Again that looks okay, note the trailing '0' on 'krb5cc_0' this indicates the users Unix UID, which is for 'root' and Administrator is mapped to 'root'.> If I run getent passwd Administrator nothing returns.This probably means that you do not have the libnss-winbind links and/or /etc/nsswitch.conf set up to return AD users (this is not required on a DC, only if you want to use the DC as a fileserver). Rowland
On 07/25/2019 10:36 AM, Rowland penny via samba wrote:> This probably means that you do not have the libnss-winbind links > and/or /etc/nsswitch.conf set up to return AD users (this is not > required on a DC, only if you want to use the DC as a fileserver).Not using it as a file server.? So back to the original question which is why am I getting a serverinfo error: athena:~# samba-tool dns serverinfo athena ERROR(runtime): uncaught exception - (9717, 'WERR_DNS_ERROR_DS_UNAVAILABLE') ? File "/usr/lib/python2.7/dist-packages/samba/netcmd/__init__.py", line 177, in _run ??? return self.run(*args, **kwargs) ? File "/usr/lib/python2.7/dist-packages/samba/netcmd/dns.py", line 564, in run ??? None, 'ServerInfo') -- Bob Wooldridge EDM Incorporated