That is what I did:> ./samba-collect-debug-info.sh?> kinit: Client 'Administrator at SAMDOM.EXAMPLE.COM' not found in Kerberos database while getting initial credentials?> Wrong password, exiting now.?On 15. August 2019 at 18:05:54, Rowland penny via samba (samba at lists.samba.org) wrote: On 15/08/2019 16:57, Alexander Harm via samba wrote:> Sorry, am not used to a list that has real sender addresses? > > > > Samba is configured with internal DNS. > > > > # /etc/krb5.conf > > [libdefaults] > > default_realm = SAMDOM.EXAMPLE.COM > > dns_lookup_realm = false > > dns_lookup_kdc = true > > > # /etc/ldap/ldap.conf > TLS_CACERT /etc/ssl/certs/ca-certificates.crt > TLS_REQCERT allow > > # /etc/resolv.conf > domain samdom.example.com > search samdom.example.com > nameserver 10.88.80.88 # windows dc > > > ./samba-collect-debug-info.sh > kinit: Client 'Administrator at SAMDOM.EXAMPLE.COM' not found in Kerberos database while getting initial credentials > Wrong password, exiting now. > > Never asks me for a password though... >can you please do what Louis asked, download this: https://raw.githubusercontent.com/thctlo/samba4/master/samba-collect-debug-info.sh Run it on your potential DC and post the output in a post, this list strips attachments. Rowland -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Also a lot of DNS errors in the logs [2019/08/15 18:19:02.269873, 0] ../lib/util/util_runcmd.c:327(samba_runcmd_io_handler) /usr/sbin/samba_dnsupdate: File ?/usr/lib/python2.7/dist-packages/samba/netcmd/__init__.py?, line 177, in _run [2019/08/15 18:19:02.269893, 0] ../lib/util/util_runcmd.c:327(samba_runcmd_io_handler) /usr/sbin/samba_dnsupdate: return self.run(args, kwargs) [2019/08/15 18:19:02.269911, 0] ../lib/util/util_runcmd.c:327(samba_runcmd_io_handler) /usr/sbin/samba_dnsupdate: File ?/usr/lib/python2.7/dist-packages/samba/netcmd/dns.py?, line 945, in run [2019/08/15 18:19:02.269930, 0] ../lib/util/util_runcmd.c:327(samba_runcmd_io_handler) /usr/sbin/samba_dnsupdate: raise e [2019/08/15 18:19:02.291146, 0] ../lib/util/util_runcmd.c:327(samba_runcmd_io_handler) /usr/sbin/samba_dnsupdate: ERROR(runtime): uncaught exception - (9711, ?WERR_DNS_ERROR_RECORD_ALREADY_EXISTS?) [2019/08/15 18:19:02.291238, 0] ../lib/util/util_runcmd.c:327(samba_runcmd_io_handler) /usr/sbin/samba_dnsupdate: File ?/usr/lib/python2.7/dist-packages/samba/netcmd/__init__.py?, line 177, in _run [2019/08/15 18:19:02.291258, 0] ../lib/util/util_runcmd.c:327(samba_runcmd_io_handler) /usr/sbin/samba_dnsupdate: return self.run(args, **kwargs) [2019/08/15 18:19:02.291276, 0] ../lib/util/util_runcmd.c:327(samba_runcmd_io_handler) /usr/sbin/samba_dnsupdate: File ?/usr/lib/python2.7/dist-packages/samba/netcmd/dns.py?, line 945, in run [2019/08/15 18:19:02.291295, 0] ../lib/util/util_runcmd.c:327(samba_runcmd_io_handler) /usr/sbin/samba_dnsupdate: raise e [2019/08/15 18:19:02.305360, 0] ../source4/dsdb/dns/dns_update.c:330(dnsupdate_nameupdate_done) ../source4/dsdb/dns/dns_update.c:330: Failed DNS update - with error code 29 On 15. August 2019 at 18:11:01, Alexander Harm (contact at aharm.de) wrote: That is what I did:> ./samba-collect-debug-info.sh?> kinit: Client 'Administrator at SAMDOM.EXAMPLE.COM' not found in Kerberos database while getting initial credentials?> Wrong password, exiting now.?On 15. August 2019 at 18:05:54, Rowland penny via samba (samba at lists.samba.org) wrote: On 15/08/2019 16:57, Alexander Harm via samba wrote:> Sorry, am not used to a list that has real sender addresses? > > > > Samba is configured with internal DNS. > > > > # /etc/krb5.conf > > [libdefaults] > > default_realm = SAMDOM.EXAMPLE.COM > > dns_lookup_realm = false > > dns_lookup_kdc = true > > > # /etc/ldap/ldap.conf > TLS_CACERT /etc/ssl/certs/ca-certificates.crt > TLS_REQCERT allow > > # /etc/resolv.conf > domain samdom.example.com > search samdom.example.com > nameserver 10.88.80.88 # windows dc > > > ./samba-collect-debug-info.sh > kinit: Client 'Administrator at SAMDOM.EXAMPLE.COM' not found in Kerberos database while getting initial credentials > Wrong password, exiting now. > > Never asks me for a password though... >can you please do what Louis asked, download this: https://raw.githubusercontent.com/thctlo/samba4/master/samba-collect-debug-info.sh Run it on your potential DC and post the output in a post, this list strips attachments. Rowland -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
On 15/08/2019 17:10, Alexander Harm via samba wrote:> That is what I did: > > > >> ./samba-collect-debug-info.sh >> >> kinit: Client 'Administrator at SAMDOM.EXAMPLE.COM' not found in Kerberos database while getting initial credentials >> >> Wrong password, exiting now.Congratulations, you have found a bug in the test script ;-) OK, can you open the script in your favourite editor, go to line 26 and comment it out i. e. make it look like this: ???? #exit 1 save and close the file and then run the script again. Rowland
Here you go: Collected config ?--- 2019-08-15-18:38 ----------- Hostname: ka-h9-dc01 DNS Domain: samdom.example.com FQDN: ka-h9-dc01.samdom.example.com ipaddress: 10.0.1.250 ----------- Samba is running as an AD DC ----------- ? ? ? ?Checking file: /etc/os-release PRETTY_NAME="Debian GNU/Linux 10 (buster)" NAME="Debian GNU/Linux" VERSION_ID="10" VERSION="10 (buster)" VERSION_CODENAME=buster ID=debian HOME_URL="https://www.debian.org/" SUPPORT_URL="https://www.debian.org/support" BUG_REPORT_URL="https://bugs.debian.org/" ----------- This computer is running Debian 10.0 x86_64 ----------- running command : ip a 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000 ? ? link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 ? ? inet 127.0.0.1/8 scope host lo ? ? inet6 ::1/128 scope host 2: ens192: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000 ? ? link/ether 00:0c:29:35:9c:84 brd ff:ff:ff:ff:ff:ff ? ? inet 10.0.1.250/24 brd 10.0.1.255 scope global ens192 ? ? inet6 fe80::20c:29ff:fe35:9c84/64 scope link ----------- ? ? ? ?Checking file: /etc/hosts 127.0.0.1 localhost 127.0.1.1 ka-h9-dc01.samdom.example.com ka-h9-dc01.example.com ka-h9-dc01 10.0.1.250 ka-h9-dc01.samdom.example.com ka-h9-dc01.example.com ka-h9-dc01 # The following lines are desirable for IPv6 capable hosts ::1 ? ? localhost ip6-localhost ip6-loopback ff02::1 ip6-allnodes ff02::2 ip6-allrouters ----------- ? ? ? ?Checking file: /etc/resolv.conf domain samdom.example.com search samdom.example.com nameserver 10.88.80.88 ----------- ? ? ? ?Checking file: /etc/krb5.conf [libdefaults] default_realm = SAMDOM.EXAMPLE.COM dns_lookup_realm = false dns_lookup_kdc = true ----------- ? ? ? ?Checking file: /etc/nsswitch.conf # /etc/nsswitch.conf # # Example configuration of GNU Name Service Switch functionality. # If you have the `glibc-doc-reference' and `info' packages installed, try: # `info libc "Name Service Switch"' for information about this file. passwd: ? ? ? ? files systemd group: ? ? ? ? ?files systemd shadow: ? ? ? ? files gshadow: ? ? ? ?files hosts: ? ? ? ? ?files dns networks: ? ? ? files protocols: ? ? ?db files services: ? ? ? db files ethers: ? ? ? ? db files rpc: ? ? ? ? ? ?db files netgroup: ? ? ? nis ----------- ? ? ? ?Checking file: /etc/samba/smb.conf # Global parameters [global] dns forwarder = 10.0.1.100 10.0.1.110 netbios name = KA-H9-DC01 realm = SAMDOM.EXAMPLE.COM server role = active directory domain controller workgroup = XYZ idmap_ldb:use rfc2307 = yes [netlogon] path = /var/lib/samba/sysvol/samdom.example.com/scripts read only = No [sysvol] path = /var/lib/samba/sysvol read only = No ----------- BIND_DLZ not detected in smb.conf ----------- Installed packages: ii ?attr ? ? ? ? ? ? ? ? ? ? ? ? ? 1:2.4.48-4 ? ? ? ? ? ? ? ? ?amd64 ? ? ? ?utilities for manipulating filesystem extended attributes ii ?krb5-config ? ? ? ? ? ? ? ? ? ?2.6 ? ? ? ? ? ? ? ? ? ? ? ? all ? ? ? ? ?Configuration files for Kerberos Version 5 ii ?krb5-locales ? ? ? ? ? ? ? ? ? 1.17-3 ? ? ? ? ? ? ? ? ? ? ?all ? ? ? ? ?internationalization support for MIT Kerberos ii ?krb5-user ? ? ? ? ? ? ? ? ? ? ?1.17-3 ? ? ? ? ? ? ? ? ? ? ?amd64 ? ? ? ?basic programs to authenticate using MIT Kerberos ii ?libacl1:amd64 ? ? ? ? ? ? ? ? ?2.2.53-4 ? ? ? ? ? ? ? ? ? ?amd64 ? ? ? ?access control list - shared library ii ?libattr1:amd64 ? ? ? ? ? ? ? ? 1:2.4.48-4 ? ? ? ? ? ? ? ? ?amd64 ? ? ? ?extended attribute handling - shared library ii ?libgssapi-krb5-2:amd64 ? ? ? ? 1.17-3 ? ? ? ? ? ? ? ? ? ? ?amd64 ? ? ? ?MIT Kerberos runtime libraries - krb5 GSS-API Mechanism ii ?libkrb5-3:amd64 ? ? ? ? ? ? ? ?1.17-3 ? ? ? ? ? ? ? ? ? ? ?amd64 ? ? ? ?MIT Kerberos runtime libraries ii ?libkrb5support0:amd64 ? ? ? ? ?1.17-3 ? ? ? ? ? ? ? ? ? ? ?amd64 ? ? ? ?MIT Kerberos runtime libraries - Support library ii ?libnss-winbind:amd64 ? ? ? ? ? 2:4.9.5+dfsg-5 ? ? ? ? ? ? ?amd64 ? ? ? ?Samba nameservice integration plugins ii ?libpam-krb5:amd64 ? ? ? ? ? ? ?4.8-2 ? ? ? ? ? ? ? ? ? ? ? amd64 ? ? ? ?PAM module for MIT Kerberos ii ?libpam-winbind:amd64 ? ? ? ? ? 2:4.9.5+dfsg-5 ? ? ? ? ? ? ?amd64 ? ? ? ?Windows domain authentication integration plugin ii ?libsmbclient:amd64 ? ? ? ? ? ? 2:4.9.5+dfsg-5 ? ? ? ? ? ? ?amd64 ? ? ? ?shared library for communication with SMB/CIFS servers ii ?libwbclient0:amd64 ? ? ? ? ? ? 2:4.9.5+dfsg-5 ? ? ? ? ? ? ?amd64 ? ? ? ?Samba winbind client library ii ?python-samba ? ? ? ? ? ? ? ? ? 2:4.9.5+dfsg-5 ? ? ? ? ? ? ?amd64 ? ? ? ?Python bindings for Samba ii ?samba ? ? ? ? ? ? ? ? ? ? ? ? ?2:4.9.5+dfsg-5 ? ? ? ? ? ? ?amd64 ? ? ? ?SMB/CIFS file, print, and login server for Unix ii ?samba-common ? ? ? ? ? ? ? ? ? 2:4.9.5+dfsg-5 ? ? ? ? ? ? ?all ? ? ? ? ?common files used by both the Samba server and client ii ?samba-common-bin ? ? ? ? ? ? ? 2:4.9.5+dfsg-5 ? ? ? ? ? ? ?amd64 ? ? ? ?Samba common files used by both the server and the client ii ?samba-dsdb-modules:amd64 ? ? ? 2:4.9.5+dfsg-5 ? ? ? ? ? ? ?amd64 ? ? ? ?Samba Directory Services Database ii ?samba-libs:amd64 ? ? ? ? ? ? ? 2:4.9.5+dfsg-5 ? ? ? ? ? ? ?amd64 ? ? ? ?Samba core libraries ii ?samba-vfs-modules:amd64 ? ? ? ?2:4.9.5+dfsg-5 ? ? ? ? ? ? ?amd64 ? ? ? ?Samba Virtual FileSystem plugins ii ?smbclient ? ? ? ? ? ? ? ? ? ? ?2:4.9.5+dfsg-5 ? ? ? ? ? ? ?amd64 ? ? ? ?command-line SMB/CIFS clients for Unix ii ?winbind ? ? ? ? ? ? ? ? ? ? ? ?2:4.9.5+dfsg-5 ? ? ? ? ? ? ?amd64 ? ? ? ?service to resolve user and group information from Windows NT servers ----------- On 15. August 2019 at 18:25:58, Rowland penny via samba (samba at lists.samba.org) wrote: On 15/08/2019 17:10, Alexander Harm via samba wrote:> That is what I did: > > > >> ./samba-collect-debug-info.sh >> >> kinit: Client 'Administrator at SAMDOM.EXAMPLE.COM' not found in Kerberos database while getting initial credentials >> >> Wrong password, exiting now.Congratulations, you have found a bug in the test script ;-) OK, can you open the script in your favourite editor, go to line 26 and comment it out i. e. make it look like this: ???? #exit 1 save and close the file and then run the script again. Rowland -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba