Turritopsis Dohrnii Teo En Ming
2020-Feb-15 06:14 UTC
[Samba] Teo En Ming's Manual for Setting Up Samba 4.11.6 and CentOS 8.1 (1911) Linux Server QEMU/KVM Virtual Machine as an Active Directory Domain Controller (AD DC)
Subject: Teo En Ming's Manual for Setting Up Samba 4.11.6 and CentOS 8.1
(1911) Linux Server QEMU/KVM Virtual Machine as an Active Directory Domain
Controller (AD DC)
Subject: Teo En Ming's Manual for Setting Up Samba 4.11.6 and CentOS 8.1
(1911) Linux Server QEMU/KVM Virtual Machine as an Active Directory Domain
Controller (AD DC)
PUBLISHED 15 FEB 2020 SATURDAY, SINGAPORE, SINGAPORE, SINGAPORE
This manual/guide is meant for small and medium businesses (SMB) which do not
want to spend a lot of money on Windows Server 2016/2019 licensing.
REFERENCE GUIDE
==============
Guide: Setting up Samba as an Active Directory Domain Controller
Link:
https://wiki.samba.org/index.php/Setting_up_Samba_as_an_Active_Directory_Domain_Controller
EXTREMELY DETAILED INSTRUCTIONS OF TEO EN MING'S MANUAL
======================================================
Starting CentOS 8.1 (1911) Linux Server QEMU/KVM Virtual Machine on Ubuntu
18.04.3 LTS Desktop Host
==================================================================================================
Virtual Machine Manager (virt-manager) depends on libvirtd service.
$ sudo systemctl start libvirtd.service
Start the Virtual Machine Manager.
$ sudo virt-manager
Select the CentOS 8.1 QEMU/KVM virtual machine and click "Power on the
virtual machine".
REFERENCE GUIDE
==============
Guide: ENABLING HOST-GUEST NETWORKING WITH KVM, MACVLAN AND MACVTAP
Link:
https://www.furorteutonicus.eu/2013/08/04/enabling-host-guest-networking-with-kvm-macvlan-and-macvtap/
Still on the Ubuntu 18.04.3 LTS Desktop host.
$ nano /home/teo-en-ming/macvlan.sh
#!/bin/bash
# Adapted by Teo En Ming on 14 Feb 2020 Friday (Valentine's Day in
Singapore).
# let host and guests talk to each other over macvlan
# configures a macvlan interface on the hypervisor
# run this on the hypervisor (e.g. in /etc/rc.local)
# made for IPv4; need modification for IPv6
# meant for a simple network setup with only eth0 or enp5s0 on the host,
# and a static (manual) ip config
# Original Author: Evert Mouw, 2013 (European Union)
#HWLINK=eth0
HWLINK=enp5s0
MACVLN=macvlan0
TESTHOST=www.google.com
# ------------
# wait for network availability
# ------------
# IPv4 pings only
while ! ping -4 -q -c 1 $TESTHOST > /dev/null
do
echo "$0: Cannot ping $TESTHOST, waiting another 5 secs..."
sleep 5
done
# ------------
# get network config
# ------------
IP=$(ip address show dev $HWLINK | grep "inet " | awk '{print
$2}')
NETWORK=$(ip -o route | grep $HWLINK | grep -v default | grep -v 169 | awk
'{print $1}')
GATEWAY=$(ip -o route | grep default | awk '{print $3}')
# ------------
# setting up $MACVLN interface
# ------------
ip link add link $HWLINK $MACVLN type macvlan mode bridge
ip address add $IP dev $MACVLN
ip link set dev $MACVLN up
# ------------
# routing table
# ------------
# empty routes
ip route flush dev $HWLINK
ip route flush dev $MACVLN
# add routes
ip route add $NETWORK dev $MACVLN metric 0
# add the default gateway
ip route add default via $GATEWAY
===END OF LINUX SHELL SCRIPT==
$ sudo chmod +x /home/teo-en-ming/macvlan.sh
$ sudo /home/teo-en-ming/macvlan.sh
192.168.1.122 is the IP address (DHCP auto configuration) of the CentOS 8.1
Linux Server.
ssh into the CentOS 8.1 Linux Server.
ssh teo-en-ming at 192.168.1.122
PREPARING THE INSTALLATION ON CENTOS 8.1 LINUX SERVER
====================================================
Setting hostname of CentOS 8.1 Linux Server.
===========================================
# hostnamectl set-hostname dc1
To see the hostname:
# hostnamectl
Output:
Static hostname: dc1
Icon name: computer-vm
Chassis: vm
Machine ID: 668fdf5de7214d56be0ef8b65f7166e9
Boot ID: 5691a1a2dacd41c4ab5871d25885e138
Virtualization: kvm
Operating System: CentOS Linux 8 (Core)
CPE OS Name: cpe:/o:centos:centos:8
Kernel: Linux 4.18.0-147.el8.x86_64
Architecture: x86-64
How to set static IP address 192.168.1.10 on CentOS 8.1 Linux Server
===================================================================
# cd /etc/sysconfig/network-scripts/
# nano ifcfg-ens3
TYPE="Ethernet"
PROXY_METHOD="none"
BROWSER_ONLY="no"
BOOTPROTO="static"
DEFROUTE="yes"
IPV4_FAILURE_FATAL="no"
IPV6INIT="yes"
IPV6_AUTOCONF="yes"
IPV6_DEFROUTE="yes"
IPV6_FAILURE_FATAL="no"
IPV6_ADDR_GEN_MODE="stable-privacy"
NAME="ens3"
UUID="8e179c97-1388-48ee-a8be-d173ee3ff40c"
DEVICE="ens3"
ONBOOT="yes"
IPADDR="192.168.1.10"
PREFIX="24"
GATEWAY="192.168.1.1"
DNS1="8.8.8.8" ===>>> (IF YOU USE THIS LINE, NETWORK MANAGER
WILL ALWAYS OVERWRITE /etc/resolv.conf, which is undesirable)
# reboot
ssh into CentOS 8.1 Linux Server with static IP address 192.168.1.10.
$ ssh teo-en-ming at 192.168.1.10
Check if Samba processes are running:
# ps ax | egrep "samba|smbd|nmbd|winbindd"
# nano /etc/hosts
Contents of file:
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
192.168.1.10 dc1.teo-en-ming.corp dc1
Backup the original /etc/krb5.conf
# mv /etc/krb5.conf /etc/krb5.conf.bak
INSTALLING SAMBA 4.11.6 ON CENTOS 8.1 LINUX SERVER QEMU/KVM VIRTUAL MACHINE
==========================================================================
REFERENCE GUIDE
==============
Guide: Build Samba from Source
Link: https://wiki.samba.org/index.php/Build_Samba_from_Source
Installing package dependencies before building Samba on CentOS 8.1 Linux
Server.
# yum -y install dnf-plugins-core
# yum config-manager --set-enabled PowerTools
# yum install docbook-style-xsl gcc gdb gnutls-devel gpgme-devel jansson-devel
# yum install keyutils-libs-devel krb5-workstation libacl-devel libaio-devel
# yum install libarchive-devel libattr-devel libblkid-devel libtasn1
libtasn1-tools
# yum install libxml2-devel libxslt openldap-devel pam-devel perl
# yum install perl-ExtUtils-MakeMaker perl-Parse-Yapp popt-devel
python3-cryptography
# yum install python3-dns python3-gpg python36-devel readline-devel rpcgen
systemd-devel
# yum install tar zlib-devel
Compulsory Packages NOT installed at the moment:
lmdb-devel
Download Samba current stable release 4.11.6.
# wget https://download.samba.org/pub/samba/stable/samba-4.11.6.tar.gz
# tar -zxf samba-4.11.6.tar.gz
# cd samba-4.11.6/
# ./configure
Output:
Samba AD DC and --enable-selftest requires lmdb 0.9.16 or later
# yum install
https://dl.fedoraproject.org/pub/epel/epel-release-latest-8.noarch.rpm
# yum install lmdb-devel
Run ./configure again.
# ./configure
Output:
'configure' finished successfully (42.262s)
Make full use of all 4 cores on my AMD Ryzen 3 3200G processor.
# make -j 4
Output:
Waf: Leaving directory `/root/samba-4.11.6/bin/default'
'build' finished successfully (9m24.396s)
# make install
Output:
Waf: Leaving directory `/root/samba-4.11.6/bin/default'
'install' finished successfully (2m58.171s)
# nano /etc/profile
Append the following line:
export PATH=$PATH:/usr/local/samba/bin/:/usr/local/samba/sbin/
PROVISIONING A SAMBA ACTIVE DIRECTORY DOMAIN CONTROLLER
======================================================
Provisioning Samba AD DC in Interactive Mode.
The original intention was to use SAMBA_INTERNAL DNS backend.
# samba-tool domain provision --use-rfc2307 --interactive
Output:
Realm [TEO-EN-MING.CORP]: TEO-EN-MING.CORP
Domain [TEO-EN-MING]: TEO-EN-MING
Server Role (dc, member, standalone) [dc]: dc
DNS backend (SAMBA_INTERNAL, BIND9_FLATFILE, BIND9_DLZ, NONE) [SAMBA_INTERNAL]:
SAMBA_INTERNAL
DNS forwarder IP address (write 'none' to disable forwarding) [8.8.8.8]:
8.8.8.8
Administrator password:
Retype password:
INFO 2020-02-14 22:56:13,700 pid:2609
/usr/local/samba/lib64/python3.6/site-packages/samba/provision/__init__.py
#2128: Looking up IPv4 addresses
WARNING 2020-02-14 22:56:13,702 pid:2609
/usr/local/samba/lib64/python3.6/site-packages/samba/provision/__init__.py
#2134: More than one IPv4 address found. Using 192.168.1.10
INFO 2020-02-14 22:56:13,702 pid:2609
/usr/local/samba/lib64/python3.6/site-packages/samba/provision/__init__.py
#2145: Looking up IPv6 addresses
WARNING 2020-02-14 22:56:13,702 pid:2609
/usr/local/samba/lib64/python3.6/site-packages/samba/provision/__init__.py
#2150: More than one IPv6 address found. Using 2401:7400:c802:de67::14c2
INFO 2020-02-14 22:56:14,152 pid:2609
/usr/local/samba/lib64/python3.6/site-packages/samba/provision/__init__.py
#2319: Setting up share.ldb
INFO 2020-02-14 22:56:14,595 pid:2609
/usr/local/samba/lib64/python3.6/site-packages/samba/provision/__init__.py
#2323: Setting up secrets.ldb
INFO 2020-02-14 22:56:14,848 pid:2609
/usr/local/samba/lib64/python3.6/site-packages/samba/provision/__init__.py
#2329: Setting up the registry
INFO 2020-02-14 22:56:16,031 pid:2609
/usr/local/samba/lib64/python3.6/site-packages/samba/provision/__init__.py
#2332: Setting up the privileges database
INFO 2020-02-14 22:56:16,721 pid:2609
/usr/local/samba/lib64/python3.6/site-packages/samba/provision/__init__.py
#2335: Setting up idmap db
INFO 2020-02-14 22:56:17,155 pid:2609
/usr/local/samba/lib64/python3.6/site-packages/samba/provision/__init__.py
#2342: Setting up SAM db
INFO 2020-02-14 22:56:17,263 pid:2609
/usr/local/samba/lib64/python3.6/site-packages/samba/provision/__init__.py #898:
Setting up sam.ldb partitions and settings
INFO 2020-02-14 22:56:17,266 pid:2609
/usr/local/samba/lib64/python3.6/site-packages/samba/provision/__init__.py #910:
Setting up sam.ldb rootDSE
INFO 2020-02-14 22:56:17,331 pid:2609
/usr/local/samba/lib64/python3.6/site-packages/samba/provision/__init__.py
#1339: Pre-loading the Samba 4 and AD schema
Unable to determine the DomainSID, can not enforce uniqueness constraint on
local domainSIDs
INFO 2020-02-14 22:56:17,548 pid:2609
/usr/local/samba/lib64/python3.6/site-packages/samba/provision/__init__.py
#1417: Adding DomainDN: DC=teo-en-ming,DC=corp
INFO 2020-02-14 22:56:17,646 pid:2609
/usr/local/samba/lib64/python3.6/site-packages/samba/provision/__init__.py
#1449: Adding configuration container
INFO 2020-02-14 22:56:17,722 pid:2609
/usr/local/samba/lib64/python3.6/site-packages/samba/provision/__init__.py
#1464: Setting up sam.ldb schema
INFO 2020-02-14 22:56:21,121 pid:2609
/usr/local/samba/lib64/python3.6/site-packages/samba/provision/__init__.py
#1482: Setting up sam.ldb configuration data
INFO 2020-02-14 22:56:21,263 pid:2609
/usr/local/samba/lib64/python3.6/site-packages/samba/provision/__init__.py
#1523: Setting up display specifiers
INFO 2020-02-14 22:56:23,502 pid:2609
/usr/local/samba/lib64/python3.6/site-packages/samba/provision/__init__.py
#1531: Modifying display specifiers and extended rights
INFO 2020-02-14 22:56:23,543 pid:2609
/usr/local/samba/lib64/python3.6/site-packages/samba/provision/__init__.py
#1538: Adding users container
INFO 2020-02-14 22:56:23,545 pid:2609
/usr/local/samba/lib64/python3.6/site-packages/samba/provision/__init__.py
#1544: Modifying users container
INFO 2020-02-14 22:56:23,547 pid:2609
/usr/local/samba/lib64/python3.6/site-packages/samba/provision/__init__.py
#1547: Adding computers container
INFO 2020-02-14 22:56:23,549 pid:2609
/usr/local/samba/lib64/python3.6/site-packages/samba/provision/__init__.py
#1553: Modifying computers container
INFO 2020-02-14 22:56:23,550 pid:2609
/usr/local/samba/lib64/python3.6/site-packages/samba/provision/__init__.py
#1557: Setting up sam.ldb data
INFO 2020-02-14 22:56:23,695 pid:2609
/usr/local/samba/lib64/python3.6/site-packages/samba/provision/__init__.py
#1587: Setting up well known security principals
INFO 2020-02-14 22:56:23,760 pid:2609
/usr/local/samba/lib64/python3.6/site-packages/samba/provision/__init__.py
#1601: Setting up sam.ldb users and groups
INFO 2020-02-14 22:56:24,075 pid:2609
/usr/local/samba/lib64/python3.6/site-packages/samba/provision/__init__.py
#1609: Setting up self join
Repacking database from v1 to v2 format (first record
CN=ms-DS-Replication-Notify-First-DSA-Delay,CN=Schema,CN=Configuration,DC=teo-en-ming,DC=corp)
Repack: re-packed 10000 records so far
Repacking database from v1 to v2 format (first record
CN=interSiteTransport-Display,CN=405,CN=DisplaySpecifiers,CN=Configuration,DC=teo-en-ming,DC=corp)
Repacking database from v1 to v2 format (first record
CN=6bcd567f-8314-11d6-977b-00c04f613221,CN=Operations,CN=DomainUpdates,CN=System,DC=teo-en-ming,DC=corp)
INFO 2020-02-14 22:56:27,001 pid:2609
/usr/local/samba/lib64/python3.6/site-packages/samba/provision/sambadns.py
#1138: Adding DNS accounts
INFO 2020-02-14 22:56:27,377 pid:2609
/usr/local/samba/lib64/python3.6/site-packages/samba/provision/sambadns.py
#1172: Creating CN=MicrosoftDNS,CN=System,DC=teo-en-ming,DC=corp
INFO 2020-02-14 22:56:27,401 pid:2609
/usr/local/samba/lib64/python3.6/site-packages/samba/provision/sambadns.py
#1185: Creating DomainDnsZones and ForestDnsZones partitions
INFO 2020-02-14 22:56:27,620 pid:2609
/usr/local/samba/lib64/python3.6/site-packages/samba/provision/sambadns.py
#1190: Populating DomainDnsZones and ForestDnsZones partitions
Repacking database from v1 to v2 format (first record
DC=f.root-servers.net,DC=RootDNSServers,CN=MicrosoftDNS,DC=DomainDnsZones,DC=teo-en-ming,DC=corp)
Repacking database from v1 to v2 format (first record
DC=_ldap._tcp.dc,DC=_msdcs.teo-en-ming.corp,CN=MicrosoftDNS,DC=ForestDnsZones,DC=teo-en-ming,DC=corp)
INFO 2020-02-14 22:56:28,660 pid:2609
/usr/local/samba/lib64/python3.6/site-packages/samba/provision/__init__.py
#2032: Setting up sam.ldb rootDSE marking as synchronized
INFO 2020-02-14 22:56:28,734 pid:2609
/usr/local/samba/lib64/python3.6/site-packages/samba/provision/__init__.py
#2037: Fixing provision GUIDs
INFO 2020-02-14 22:56:29,720 pid:2609
/usr/local/samba/lib64/python3.6/site-packages/samba/provision/__init__.py
#2395: A Kerberos configuration suitable for Samba AD has been generated at
/usr/local/samba/private/krb5.conf
INFO 2020-02-14 22:56:29,720 pid:2609
/usr/local/samba/lib64/python3.6/site-packages/samba/provision/__init__.py
#2396: Merge the contents of this file with your system krb5.conf or replace it
with this one. Do not create a symlink!
INFO 2020-02-14 22:56:30,078 pid:2609
/usr/local/samba/lib64/python3.6/site-packages/samba/provision/__init__.py
#2102: Setting up fake yp server settings
INFO 2020-02-14 22:56:30,277 pid:2609
/usr/local/samba/lib64/python3.6/site-packages/samba/provision/__init__.py #491:
Once the above files are installed, your Samba AD server will be ready to use
INFO 2020-02-14 22:56:30,277 pid:2609
/usr/local/samba/lib64/python3.6/site-packages/samba/provision/__init__.py #495:
Server Role: active directory domain controller
INFO 2020-02-14 22:56:30,278 pid:2609
/usr/local/samba/lib64/python3.6/site-packages/samba/provision/__init__.py #496:
Hostname: dc1
INFO 2020-02-14 22:56:30,278 pid:2609
/usr/local/samba/lib64/python3.6/site-packages/samba/provision/__init__.py #497:
NetBIOS Domain: TEO-EN-MING
INFO 2020-02-14 22:56:30,278 pid:2609
/usr/local/samba/lib64/python3.6/site-packages/samba/provision/__init__.py #498:
DNS Domain: teo-en-ming.corp
INFO 2020-02-14 22:56:30,278 pid:2609
/usr/local/samba/lib64/python3.6/site-packages/samba/provision/__init__.py #499:
DOMAIN SID: S-1-5-21-3028196010-72872391-2123559056
Configuring the DNS Resolver. Network Manager will keep overwriting
/etc/resolv.conf. This problem will be resolved later.
# nano /etc/resolv.conf
Contents of file:
search teo-en-ming.corp
nameserver 192.168.1.10
REFERENCE GUIDE
==============
Guide: Managing the Samba AD DC Service Using Systemd
Link:
https://wiki.samba.org/index.php/Managing_the_Samba_AD_DC_Service_Using_Systemd
# systemctl mask smbd nmbd winbind
# systemctl disable smbd nmbd winbind
# nano /etc/systemd/system/samba-ad-dc.service
Contents of file:
[Unit]
Description=Samba Active Directory Domain Controller
After=network.target remote-fs.target nss-lookup.target
[Service]
Type=forking
ExecStart=/usr/local/samba/sbin/samba -D
PIDFile=/usr/local/samba/var/run/samba.pid
ExecReload=/bin/kill -HUP $MAINPID
[Install]
WantedBy=multi-user.target
# systemctl daemon-reload
# systemctl enable samba-ad-dc
# systemctl start samba-ad-dc
Output:
Job for samba-ad-dc.service failed because the control process exited with error
code.
See "systemctl status samba-ad-dc.service" and "journalctl
-xe" for details.
The SAMBA AD DC service cannot start because SELINUX is enabled on CentOS 8.1.
We will see later.
# systemctl status samba-ad-dc
Output:
? samba-ad-dc.service - Samba Active Directory Domain Controller
Loaded: loaded (/etc/systemd/system/samba-ad-dc.service; enabled; vendor
preset: disabled)
Active: failed (Result: exit-code) since Sat 2020-02-15 08:39:58 +08; 46s ago
Process: 6967 ExecStart=/usr/local/samba/sbin/samba -D (code=exited,
status=203/EXEC)
Main PID: 1595 (code=exited, status=203/EXEC)
Feb 15 08:39:58 dc1 systemd[1]: Starting Samba Active Directory Domain
Controller...
Feb 15 08:39:58 dc1 systemd[1]: samba-ad-dc.service: Control process exited,
code=exited status=203
Feb 15 08:39:58 dc1 systemd[1]: samba-ad-dc.service: Failed with result
'exit-code'.
Feb 15 08:39:58 dc1 systemd[1]: Failed to start Samba Active Directory Domain
Controller.
SAMBA AD DC service cannot start because SELINUX is enabled on CentOS 8.1.
We will see later.
# reboot
Start Samba AD DC manually.
# samba -D
Create a reverse zone in Samba Internal DNS Backend.
# samba-tool dns zonecreate 192.168.1.10 1.168.192.in-addr.arpa -U administrator
Output:
Password for [TEO-EN-MING\administrator]:
Zone 1.168.192.in-addr.arpa created successfully
Configuring Kerberos
===================
cp /usr/local/samba/private/krb5.conf /etc/krb5.conf
Starting Samba AD DC Manually.
# samba -D
Verifying the File Server.
=========================
$ smbclient -L localhost -U%
Output:
Sharename Type Comment
--------- ---- -------
sysvol Disk
netlogon Disk
IPC$ IPC IPC Service (Samba 4.11.6)
SMB1 disabled -- no workgroup available
$ smbclient //localhost/netlogon -UAdministrator -c 'ls'
Output:
Enter TEO-EN-MING\Administrator's password:
. D 0 Fri Feb 14 22:56:17 2020
.. D 0 Fri Feb 14 22:56:24 2020
17811456 blocks of size 1024. 12025652 blocks available
Verifying DNS (Failed)
=====================
# killall dnsmasq
$ host -t SRV _ldap._tcp.teo-en-ming.corp.
Output:
Host _ldap._tcp.teo-en-ming.corp. not found: 3(NXDOMAIN)
$ host -t SRV _kerberos._udp.teo-en-ming.corp.
Output:
Host _kerberos._udp.teo-en-ming.corp. not found: 3(NXDOMAIN)
$ host -t A dc1.teo-en-ming.corp.
Output:
Host dc1.teo-en-ming.corp. not found: 3(NXDOMAIN)
I am unable to find the above DNS records because Network Manager keeps
overwriting /etc/resolv.conf
As a result, I am always looking up the WRONG DNS server.
Verifying Kerberos
=================
$ kinit administrator
Output:
kinit: Cannot find KDC for realm "TEO-EN-MING.CORP" while getting
initial credentials
The above problem is also due to Network Manager keeps overwriting
/etc/resolv.conf.
As a result, I am always looking up the WRONG DNS server.
TROUBLESHOOTING: DISABLE SELINUX ON CENTOS 8.1
=============================================
$ sestatus
Output:
SELinux status: enabled
SELinuxfs mount: /sys/fs/selinux
SELinux root directory: /etc/selinux
Loaded policy name: targeted
Current mode: enforcing
Mode from config file: enforcing
Policy MLS status: enabled
Policy deny_unknown status: allowed
Memory protection checking: actual (secure)
Max kernel policy version: 31
# nano /etc/sysconfig/selinux
Change from SELINUX=enforcing to SELINUX=disabled
# reboot
$ sestatus
SELinux status: disabled
After disabling SELINUX, now we can start Samba AD DC successfully.
# systemctl status samba-ad-dc
Output:
? samba-ad-dc.service - Samba Active Directory Domain Controller
Loaded: loaded (/etc/systemd/system/samba-ad-dc.service; enabled; vendor
preset: disabled)
Active: active (running) since Sat 2020-02-15 08:50:22 +08; 1min 0s ago
Process: 1084 ExecStart=/usr/local/samba/sbin/samba -D (code=exited,
status=0/SUCCESS)
Main PID: 1131 (samba)
Tasks: 44 (limit: 23972)
Memory: 261.8M
CGroup: /system.slice/samba-ad-dc.service
??1131 /usr/local/samba/sbin/samba -D
??1375 /usr/local/samba/sbin/samba -D
??1376 /usr/local/samba/sbin/samba -D
??1377 /usr/local/samba/sbin/samba -D
??1379 /usr/local/samba/sbin/samba -D
??1380 /usr/local/samba/sbin/samba -D
??1387 /usr/local/samba/sbin/smbd -D --option=server role
check:inhibit=yes --foreground
??1389 /usr/local/samba/sbin/samba -D
??1391 /usr/local/samba/sbin/samba -D
??1392 /usr/local/samba/sbin/samba -D
??1393 /usr/local/samba/sbin/samba -D
??1396 /usr/local/samba/sbin/samba -D
??1398 /usr/local/samba/sbin/samba -D
??1399 /usr/local/samba/sbin/samba -D
??1403 /usr/local/samba/sbin/samba -D
??1404 /usr/local/samba/sbin/samba -D
??1407 /usr/local/samba/sbin/samba -D
??1408 /usr/local/samba/sbin/samba -D
??1409 /usr/local/samba/sbin/samba -D
??1411 /usr/local/samba/sbin/samba -D
??1412 /usr/local/samba/sbin/samba -D
??1413 /usr/local/samba/sbin/samba -D
??1415 /usr/local/samba/sbin/samba -D
??1416 /usr/local/samba/sbin/samba -D
??1418 /usr/local/samba/sbin/samba -D
??1419 /usr/local/samba/sbin/samba -D
??1420 /usr/local/samba/sbin/samba -D
??1422 /usr/local/samba/sbin/samba -D
??1423 /usr/local/samba/sbin/samba -D
??1424 /usr/local/samba/sbin/winbindd -D --option=server role
check:inhibit=yes --foreground
??1426 /usr/local/samba/sbin/samba -D
??1427 /usr/local/samba/sbin/samba -D
??1429 /usr/local/samba/sbin/samba -D
??1464 /usr/local/samba/sbin/smbd -D --option=server role
check:inhibit=yes --foreground
??1465 /usr/local/samba/sbin/smbd -D --option=server role
check:inhibit=yes --foreground
??1469 /usr/local/samba/sbin/smbd -D --option=server role
check:inhibit=yes --foreground
??1490 /usr/local/samba/sbin/samba -D
??1492 /usr/local/samba/sbin/samba -D
??1493 /usr/local/samba/sbin/samba -D
??1495 /usr/local/samba/sbin/samba -D
??1496 /usr/local/samba/sbin/samba -D
??1498 /usr/local/samba/sbin/samba -D
??1499 /usr/local/samba/sbin/samba -D
??1501 /usr/local/samba/sbin/samba -D
Feb 15 08:50:25 dc1 samba[1131]: [2020/02/15 08:50:25.778777, 0]
../../source4/smbd/process_prefork.c:512(prefork_child_pipe_handler)
Feb 15 08:50:25 dc1 samba[1131]: prefork_child_pipe_handler: Parent 1131,
Child 1406 exited with status 0
Feb 15 08:50:27 dc1 smbd[1387]: [2020/02/15 08:50:27.634592, 0]
../../lib/util/become_daemon.c:136(daemon_ready)
Feb 15 08:50:27 dc1 smbd[1387]: daemon_ready: daemon 'smbd' finished
starting up and ready to serve connections
Feb 15 08:50:27 dc1 winbindd[1424]: [2020/02/15 08:50:27.761081, 0]
../../source3/winbindd/winbindd_cache.c:3166(initialize_winbindd_cache)
Feb 15 08:50:27 dc1 winbindd[1424]: initialize_winbindd_cache: clearing cache
and re-creating with version number 2
Feb 15 08:50:27 dc1 winbindd[1424]: [2020/02/15 08:50:27.770049, 0]
../../lib/util/become_daemon.c:136(daemon_ready)
Feb 15 08:50:27 dc1 winbindd[1424]: daemon_ready: daemon 'winbindd'
finished starting up and ready to serve connections
Feb 15 08:50:27 dc1 samba[1426]: [2020/02/15 08:50:27.870385, 0]
../../lib/util/util_runcmd.c:352(samba_runcmd_io_handler)
Feb 15 08:50:27 dc1 samba[1426]: /usr/local/samba/sbin/samba_dnsupdate:
WARNING: no network interfaces found
We need to kill dnsmasq so that Samba's internal DNS server can start.
# killall dnsmasq
# systemctl restart samba-ad-dc
# systemctl status samba-ad-dc
? samba-ad-dc.service - Samba Active Directory Domain Controller
Loaded: loaded (/etc/systemd/system/samba-ad-dc.service; enabled; vendor
preset: disabled)
Active: active (running) since Sat 2020-02-15 08:53:28 +08; 21s ago
Process: 2512 ExecStart=/usr/local/samba/sbin/samba -D (code=exited,
status=0/SUCCESS)
Main PID: 2514 (samba)
Tasks: 58 (limit: 23972)
Memory: 215.6M
CGroup: /system.slice/samba-ad-dc.service
??2514 /usr/local/samba/sbin/samba -D
??2516 /usr/local/samba/sbin/samba -D
??2517 /usr/local/samba/sbin/samba -D
??2518 /usr/local/samba/sbin/samba -D
??2519 /usr/local/samba/sbin/samba -D
??2520 /usr/local/samba/sbin/samba -D
??2521 /usr/local/samba/sbin/samba -D
??2522 /usr/local/samba/sbin/smbd -D --option=server role
check:inhibit=yes --foreground
??2523 /usr/local/samba/sbin/samba -D
??2524 /usr/local/samba/sbin/samba -D
??2525 /usr/local/samba/sbin/samba -D
??2526 /usr/local/samba/sbin/samba -D
??2527 /usr/local/samba/sbin/samba -D
??2528 /usr/local/samba/sbin/samba -D
??2529 /usr/local/samba/sbin/samba -D
??2530 /usr/local/samba/sbin/samba -D
??2531 /usr/local/samba/sbin/samba -D
??2532 /usr/local/samba/sbin/samba -D
??2533 /usr/local/samba/sbin/samba -D
??2534 /usr/local/samba/sbin/samba -D
??2535 /usr/local/samba/sbin/samba -D
??2536 /usr/local/samba/sbin/samba -D
??2537 /usr/local/samba/sbin/samba -D
??2538 /usr/local/samba/sbin/samba -D
??2539 /usr/local/samba/sbin/samba -D
??2540 /usr/local/samba/sbin/samba -D
??2541 /usr/local/samba/sbin/samba -D
??2542 /usr/local/samba/sbin/samba -D
??2543 /usr/local/samba/sbin/samba -D
??2544 /usr/local/samba/sbin/samba -D
??2545 /usr/local/samba/sbin/samba -D
??2546 /usr/local/samba/sbin/samba -D
??2547 /usr/local/samba/sbin/samba -D
??2548 /usr/local/samba/sbin/samba -D
??2549 /usr/local/samba/sbin/samba -D
??2550 /usr/local/samba/sbin/samba -D
??2551 /usr/local/samba/sbin/samba -D
??2552 /usr/local/samba/sbin/samba -D
??2553 /usr/local/samba/sbin/winbindd -D --option=server role
check:inhibit=yes --foreground
??2554 /usr/local/samba/sbin/samba -D
??2555 /usr/local/samba/sbin/samba -D
??2556 /usr/local/samba/sbin/samba -D
??2557 /usr/local/samba/sbin/samba -D
??2558 /usr/local/samba/sbin/samba -D
??2559 /usr/local/samba/sbin/samba -D
??2560 /usr/local/samba/sbin/samba -D
??2562 /usr/local/samba/sbin/samba -D
??2569 /usr/local/samba/sbin/smbd -D --option=server role
check:inhibit=yes --foreground
??2570 /usr/local/samba/sbin/smbd -D --option=server role
check:inhibit=yes --foreground
??2571 /usr/local/samba/sbin/smbd -D --option=server role
check:inhibit=yes --foreground
??2572 /usr/local/samba/sbin/samba -D
??2573 /usr/local/samba/sbin/samba -D
??2574 /usr/local/samba/sbin/samba -D
??2575 /usr/local/samba/sbin/samba -D
??2576 /usr/local/samba/sbin/samba -D
??2577 /usr/local/samba/sbin/samba -D
??2578 /usr/local/samba/sbin/samba -D
??2579 /usr/local/samba/sbin/samba -D
Feb 15 08:53:38 dc1 samba[2556]: [2020/02/15 08:53:38.742774, 0]
../../lib/util/util_runcmd.c:352(samba_runcmd_io_handler)
Feb 15 08:53:38 dc1 samba[2556]: /usr/local/samba/sbin/samba_dnsupdate: File
"/usr/local/samba/lib64/python3.6/site-packages/samba/netcmd/dns.py",
line 945, in run
Feb 15 08:53:38 dc1 samba[2556]: [2020/02/15 08:53:38.742787, 0]
../../lib/util/util_runcmd.c:352(samba_runcmd_io_handler)
Feb 15 08:53:38 dc1 samba[2556]: /usr/local/samba/sbin/samba_dnsupdate:
raise e
Feb 15 08:53:38 dc1 samba[2556]: [2020/02/15 08:53:38.742800, 0]
../../lib/util/util_runcmd.c:352(samba_runcmd_io_handler)
Feb 15 08:53:38 dc1 samba[2556]: /usr/local/samba/sbin/samba_dnsupdate: File
"/usr/local/samba/lib64/python3.6/site-packages/samba/netcmd/dns.py",
line 941, in run
Feb 15 08:53:38 dc1 samba[2556]: [2020/02/15 08:53:38.742813, 0]
../../lib/util/util_runcmd.c:352(samba_runcmd_io_handler)
Feb 15 08:53:38 dc1 samba[2556]: /usr/local/samba/sbin/samba_dnsupdate: 0,
server, zone, name, add_rec_buf, None)
Feb 15 08:53:38 dc1 samba[2556]: [2020/02/15 08:53:38.767521, 0]
../../source4/dsdb/dns/dns_update.c:331(dnsupdate_nameupdate_done)
Feb 15 08:53:38 dc1 samba[2556]: dnsupdate_nameupdate_done: Failed DNS update
with exit code 39
Testing your Samba AD DC
=======================
# killall dnsmasq
# systemctl restart samba-ad-dc
Verifying the File Server
========================
$ smbclient -L localhost -U%
Output:
Sharename Type Comment
--------- ---- -------
sysvol Disk
netlogon Disk
IPC$ IPC IPC Service (Samba 4.11.6)
SMB1 disabled -- no workgroup available
$ smbclient //localhost/netlogon -UAdministrator -c 'ls'
Output:
Enter TEO-EN-MING\Administrator's password:
. D 0 Fri Feb 14 22:56:17 2020
.. D 0 Fri Feb 14 22:56:24 2020
17811456 blocks of size 1024. 12018876 blocks available
Verifying DNS (Failed again)
===========================
$ host -t SRV _ldap._tcp.teo-en-ming.corp.
Output:
Host _ldap._tcp.teo-en-ming.corp. not found: 3(NXDOMAIN)
Unable to find above DNS record because Network Manager is always overwriting
/etc/resolv.conf
As a result, I am always looking up the WRONG DNS server.
# systemctl stop samba-ad-dc
TROUBLESHOOTING AGAIN
====================
Re-provisioning the Samba AD DC, using Samba Internal DNS Backend again.
# samba-tool domain provision --use-rfc2307 --interactive
Output:
Realm [TEO-EN-MING.CORP]:
Domain [TEO-EN-MING]:
Server Role (dc, member, standalone) [dc]:
DNS backend (SAMBA_INTERNAL, BIND9_FLATFILE, BIND9_DLZ, NONE) [SAMBA_INTERNAL]:
DNS forwarder IP address (write 'none' to disable forwarding) [8.8.8.8]:
Administrator password:
Retype password:
INFO 2020-02-15 09:01:10,638 pid:2672
/usr/local/samba/lib64/python3.6/site-packages/samba/provision/__init__.py
#2128: Looking up IPv4 addresses
WARNING 2020-02-15 09:01:10,638 pid:2672
/usr/local/samba/lib64/python3.6/site-packages/samba/provision/__init__.py
#2134: More than one IPv4 address found. Using 192.168.1.10
INFO 2020-02-15 09:01:10,638 pid:2672
/usr/local/samba/lib64/python3.6/site-packages/samba/provision/__init__.py
#2145: Looking up IPv6 addresses
WARNING 2020-02-15 09:01:10,639 pid:2672
/usr/local/samba/lib64/python3.6/site-packages/samba/provision/__init__.py
#2150: More than one IPv6 address found. Using 2401:7400:c802:de67::14c2
INFO 2020-02-15 09:01:11,057 pid:2672
/usr/local/samba/lib64/python3.6/site-packages/samba/provision/__init__.py
#2323: Setting up secrets.ldb
INFO 2020-02-15 09:01:11,436 pid:2672
/usr/local/samba/lib64/python3.6/site-packages/samba/provision/__init__.py
#2329: Setting up the registry
INFO 2020-02-15 09:01:11,620 pid:2672
/usr/local/samba/lib64/python3.6/site-packages/samba/provision/__init__.py
#2332: Setting up the privileges database
INFO 2020-02-15 09:01:12,200 pid:2672
/usr/local/samba/lib64/python3.6/site-packages/samba/provision/__init__.py
#2335: Setting up idmap db
INFO 2020-02-15 09:01:12,667 pid:2672
/usr/local/samba/lib64/python3.6/site-packages/samba/provision/__init__.py
#2342: Setting up SAM db
INFO 2020-02-15 09:01:12,817 pid:2672
/usr/local/samba/lib64/python3.6/site-packages/samba/provision/__init__.py #898:
Setting up sam.ldb partitions and settings
INFO 2020-02-15 09:01:12,820 pid:2672
/usr/local/samba/lib64/python3.6/site-packages/samba/provision/__init__.py #910:
Setting up sam.ldb rootDSE
INFO 2020-02-15 09:01:12,893 pid:2672
/usr/local/samba/lib64/python3.6/site-packages/samba/provision/__init__.py
#1339: Pre-loading the Samba 4 and AD schema
Unable to determine the DomainSID, can not enforce uniqueness constraint on
local domainSIDs
INFO 2020-02-15 09:01:13,093 pid:2672
/usr/local/samba/lib64/python3.6/site-packages/samba/provision/__init__.py
#1417: Adding DomainDN: DC=teo-en-ming,DC=corp
INFO 2020-02-15 09:01:13,201 pid:2672
/usr/local/samba/lib64/python3.6/site-packages/samba/provision/__init__.py
#1449: Adding configuration container
INFO 2020-02-15 09:01:13,342 pid:2672
/usr/local/samba/lib64/python3.6/site-packages/samba/provision/__init__.py
#1464: Setting up sam.ldb schema
INFO 2020-02-15 09:01:16,649 pid:2672
/usr/local/samba/lib64/python3.6/site-packages/samba/provision/__init__.py
#1482: Setting up sam.ldb configuration data
INFO 2020-02-15 09:01:16,794 pid:2672
/usr/local/samba/lib64/python3.6/site-packages/samba/provision/__init__.py
#1523: Setting up display specifiers
INFO 2020-02-15 09:01:19,013 pid:2672
/usr/local/samba/lib64/python3.6/site-packages/samba/provision/__init__.py
#1531: Modifying display specifiers and extended rights
INFO 2020-02-15 09:01:19,053 pid:2672
/usr/local/samba/lib64/python3.6/site-packages/samba/provision/__init__.py
#1538: Adding users container
INFO 2020-02-15 09:01:19,056 pid:2672
/usr/local/samba/lib64/python3.6/site-packages/samba/provision/__init__.py
#1544: Modifying users container
INFO 2020-02-15 09:01:19,057 pid:2672
/usr/local/samba/lib64/python3.6/site-packages/samba/provision/__init__.py
#1547: Adding computers container
INFO 2020-02-15 09:01:19,060 pid:2672
/usr/local/samba/lib64/python3.6/site-packages/samba/provision/__init__.py
#1553: Modifying computers container
INFO 2020-02-15 09:01:19,061 pid:2672
/usr/local/samba/lib64/python3.6/site-packages/samba/provision/__init__.py
#1557: Setting up sam.ldb data
INFO 2020-02-15 09:01:19,199 pid:2672
/usr/local/samba/lib64/python3.6/site-packages/samba/provision/__init__.py
#1587: Setting up well known security principals
INFO 2020-02-15 09:01:19,261 pid:2672
/usr/local/samba/lib64/python3.6/site-packages/samba/provision/__init__.py
#1601: Setting up sam.ldb users and groups
INFO 2020-02-15 09:01:19,564 pid:2672
/usr/local/samba/lib64/python3.6/site-packages/samba/provision/__init__.py
#1609: Setting up self join
Repacking database from v1 to v2 format (first record
CN=MSMQ-Sign-Certificates-Mig,CN=Schema,CN=Configuration,DC=teo-en-ming,DC=corp)
Repack: re-packed 10000 records so far
Repacking database from v1 to v2 format (first record
CN=lostAndFound-Display,CN=411,CN=DisplaySpecifiers,CN=Configuration,DC=teo-en-ming,DC=corp)
Repacking database from v1 to v2 format (first record
CN=5e1574f6-55df-493e-a671-aaeffca6a100,CN=Operations,CN=DomainUpdates,CN=System,DC=teo-en-ming,DC=corp)
INFO 2020-02-15 09:01:21,879 pid:2672
/usr/local/samba/lib64/python3.6/site-packages/samba/provision/sambadns.py
#1138: Adding DNS accounts
INFO 2020-02-15 09:01:22,122 pid:2672
/usr/local/samba/lib64/python3.6/site-packages/samba/provision/sambadns.py
#1172: Creating CN=MicrosoftDNS,CN=System,DC=teo-en-ming,DC=corp
INFO 2020-02-15 09:01:22,144 pid:2672
/usr/local/samba/lib64/python3.6/site-packages/samba/provision/sambadns.py
#1185: Creating DomainDnsZones and ForestDnsZones partitions
INFO 2020-02-15 09:01:22,393 pid:2672
/usr/local/samba/lib64/python3.6/site-packages/samba/provision/sambadns.py
#1190: Populating DomainDnsZones and ForestDnsZones partitions
Repacking database from v1 to v2 format (first record
DC=l.root-servers.net,DC=RootDNSServers,CN=MicrosoftDNS,DC=DomainDnsZones,DC=teo-en-ming,DC=corp)
Repacking database from v1 to v2 format (first record
DC=gc,DC=_msdcs.teo-en-ming.corp,CN=MicrosoftDNS,DC=ForestDnsZones,DC=teo-en-ming,DC=corp)
INFO 2020-02-15 09:01:23,163 pid:2672
/usr/local/samba/lib64/python3.6/site-packages/samba/provision/__init__.py
#2032: Setting up sam.ldb rootDSE marking as synchronized
INFO 2020-02-15 09:01:23,213 pid:2672
/usr/local/samba/lib64/python3.6/site-packages/samba/provision/__init__.py
#2037: Fixing provision GUIDs
INFO 2020-02-15 09:01:24,265 pid:2672
/usr/local/samba/lib64/python3.6/site-packages/samba/provision/__init__.py
#2395: A Kerberos configuration suitable for Samba AD has been generated at
/usr/local/samba/private/krb5.conf
INFO 2020-02-15 09:01:24,265 pid:2672
/usr/local/samba/lib64/python3.6/site-packages/samba/provision/__init__.py
#2396: Merge the contents of this file with your system krb5.conf or replace it
with this one. Do not create a symlink!
INFO 2020-02-15 09:01:24,581 pid:2672
/usr/local/samba/lib64/python3.6/site-packages/samba/provision/__init__.py
#2102: Setting up fake yp server settings
INFO 2020-02-15 09:01:24,772 pid:2672
/usr/local/samba/lib64/python3.6/site-packages/samba/provision/__init__.py #491:
Once the above files are installed, your Samba AD server will be ready to use
INFO 2020-02-15 09:01:24,772 pid:2672
/usr/local/samba/lib64/python3.6/site-packages/samba/provision/__init__.py #495:
Server Role: active directory domain controller
INFO 2020-02-15 09:01:24,772 pid:2672
/usr/local/samba/lib64/python3.6/site-packages/samba/provision/__init__.py #496:
Hostname: dc1
INFO 2020-02-15 09:01:24,773 pid:2672
/usr/local/samba/lib64/python3.6/site-packages/samba/provision/__init__.py #497:
NetBIOS Domain: TEO-EN-MING
INFO 2020-02-15 09:01:24,773 pid:2672
/usr/local/samba/lib64/python3.6/site-packages/samba/provision/__init__.py #498:
DNS Domain: teo-en-ming.corp
INFO 2020-02-15 09:01:24,773 pid:2672
/usr/local/samba/lib64/python3.6/site-packages/samba/provision/__init__.py #499:
DOMAIN SID: S-1-5-21-3427788993-2190856266-1509719656
# systemctl start samba-ad-dc
Verifying DNS (Failed again)
============
host -t SRV _ldap._tcp.teo-en-ming.corp.
Output:
Host _ldap._tcp.teo-en-ming.corp. not found: 3(NXDOMAIN)
Unable to find above DNS record because Network Manager is always overwriting
/etc/resolv.conf
As a result, I am always looking up the WRONG DNS server.
Installing BIND DNS Server and Using it as the DNS Backend for Samba
===================================================================
# yum install bind
# systemctl stop samba-ad-dc
We are going to use BIND9 as the Samba DNS backend this time.
I changed my mind. I decided not to use Samba's Internal DNS backend.
# samba-tool domain provision --use-rfc2307 --interactive
Output:
Realm [TEO-EN-MING.CORP]:
Domain [TEO-EN-MING]:
Server Role (dc, member, standalone) [dc]:
DNS backend (SAMBA_INTERNAL, BIND9_FLATFILE, BIND9_DLZ, NONE) [SAMBA_INTERNAL]:
BIND9_DLZ
Administrator password:
Retype password:
INFO 2020-02-15 09:13:53,976 pid:3479
/usr/local/samba/lib64/python3.6/site-packages/samba/provision/__init__.py
#2128: Looking up IPv4 addresses
WARNING 2020-02-15 09:13:53,976 pid:3479
/usr/local/samba/lib64/python3.6/site-packages/samba/provision/__init__.py
#2134: More than one IPv4 address found. Using 192.168.1.10
INFO 2020-02-15 09:13:53,976 pid:3479
/usr/local/samba/lib64/python3.6/site-packages/samba/provision/__init__.py
#2145: Looking up IPv6 addresses
WARNING 2020-02-15 09:13:53,977 pid:3479
/usr/local/samba/lib64/python3.6/site-packages/samba/provision/__init__.py
#2150: More than one IPv6 address found. Using 2401:7400:c802:de67::14c2
INFO 2020-02-15 09:13:54,381 pid:3479
/usr/local/samba/lib64/python3.6/site-packages/samba/provision/__init__.py
#2323: Setting up secrets.ldb
INFO 2020-02-15 09:13:54,704 pid:3479
/usr/local/samba/lib64/python3.6/site-packages/samba/provision/__init__.py
#2329: Setting up the registry
INFO 2020-02-15 09:13:54,888 pid:3479
/usr/local/samba/lib64/python3.6/site-packages/samba/provision/__init__.py
#2332: Setting up the privileges database
INFO 2020-02-15 09:13:55,478 pid:3479
/usr/local/samba/lib64/python3.6/site-packages/samba/provision/__init__.py
#2335: Setting up idmap db
INFO 2020-02-15 09:13:55,819 pid:3479
/usr/local/samba/lib64/python3.6/site-packages/samba/provision/__init__.py
#2342: Setting up SAM db
INFO 2020-02-15 09:13:55,886 pid:3479
/usr/local/samba/lib64/python3.6/site-packages/samba/provision/__init__.py #898:
Setting up sam.ldb partitions and settings
INFO 2020-02-15 09:13:55,888 pid:3479
/usr/local/samba/lib64/python3.6/site-packages/samba/provision/__init__.py #910:
Setting up sam.ldb rootDSE
INFO 2020-02-15 09:13:55,945 pid:3479
/usr/local/samba/lib64/python3.6/site-packages/samba/provision/__init__.py
#1339: Pre-loading the Samba 4 and AD schema
Unable to determine the DomainSID, can not enforce uniqueness constraint on
local domainSIDs
INFO 2020-02-15 09:13:56,187 pid:3479
/usr/local/samba/lib64/python3.6/site-packages/samba/provision/__init__.py
#1417: Adding DomainDN: DC=teo-en-ming,DC=corp
INFO 2020-02-15 09:13:56,362 pid:3479
/usr/local/samba/lib64/python3.6/site-packages/samba/provision/__init__.py
#1449: Adding configuration container
INFO 2020-02-15 09:13:56,518 pid:3479
/usr/local/samba/lib64/python3.6/site-packages/samba/provision/__init__.py
#1464: Setting up sam.ldb schema
INFO 2020-02-15 09:13:59,846 pid:3479
/usr/local/samba/lib64/python3.6/site-packages/samba/provision/__init__.py
#1482: Setting up sam.ldb configuration data
INFO 2020-02-15 09:13:59,991 pid:3479
/usr/local/samba/lib64/python3.6/site-packages/samba/provision/__init__.py
#1523: Setting up display specifiers
INFO 2020-02-15 09:14:02,238 pid:3479
/usr/local/samba/lib64/python3.6/site-packages/samba/provision/__init__.py
#1531: Modifying display specifiers and extended rights
INFO 2020-02-15 09:14:02,279 pid:3479
/usr/local/samba/lib64/python3.6/site-packages/samba/provision/__init__.py
#1538: Adding users container
INFO 2020-02-15 09:14:02,280 pid:3479
/usr/local/samba/lib64/python3.6/site-packages/samba/provision/__init__.py
#1544: Modifying users container
INFO 2020-02-15 09:14:02,282 pid:3479
/usr/local/samba/lib64/python3.6/site-packages/samba/provision/__init__.py
#1547: Adding computers container
INFO 2020-02-15 09:14:02,283 pid:3479
/usr/local/samba/lib64/python3.6/site-packages/samba/provision/__init__.py
#1553: Modifying computers container
INFO 2020-02-15 09:14:02,284 pid:3479
/usr/local/samba/lib64/python3.6/site-packages/samba/provision/__init__.py
#1557: Setting up sam.ldb data
INFO 2020-02-15 09:14:02,425 pid:3479
/usr/local/samba/lib64/python3.6/site-packages/samba/provision/__init__.py
#1587: Setting up well known security principals
INFO 2020-02-15 09:14:02,489 pid:3479
/usr/local/samba/lib64/python3.6/site-packages/samba/provision/__init__.py
#1601: Setting up sam.ldb users and groups
INFO 2020-02-15 09:14:02,777 pid:3479
/usr/local/samba/lib64/python3.6/site-packages/samba/provision/__init__.py
#1609: Setting up self join
Repacking database from v1 to v2 format (first record
CN=MS-TS-Property02,CN=Schema,CN=Configuration,DC=teo-en-ming,DC=corp)
Repack: re-packed 10000 records so far
Repacking database from v1 to v2 format (first record
CN=localPolicy-Display,CN=C0A,CN=DisplaySpecifiers,CN=Configuration,DC=teo-en-ming,DC=corp)
Repacking database from v1 to v2 format (first record
CN=PolicyType,CN=WMIPolicy,CN=System,DC=teo-en-ming,DC=corp)
INFO 2020-02-15 09:14:05,299 pid:3479
/usr/local/samba/lib64/python3.6/site-packages/samba/provision/sambadns.py
#1138: Adding DNS accounts
INFO 2020-02-15 09:14:05,558 pid:3479
/usr/local/samba/lib64/python3.6/site-packages/samba/provision/sambadns.py
#1172: Creating CN=MicrosoftDNS,CN=System,DC=teo-en-ming,DC=corp
INFO 2020-02-15 09:14:05,587 pid:3479
/usr/local/samba/lib64/python3.6/site-packages/samba/provision/sambadns.py
#1185: Creating DomainDnsZones and ForestDnsZones partitions
INFO 2020-02-15 09:14:05,778 pid:3479
/usr/local/samba/lib64/python3.6/site-packages/samba/provision/sambadns.py
#1190: Populating DomainDnsZones and ForestDnsZones partitions
Repacking database from v1 to v2 format (first record
DC=_ldap._tcp.DomainDnsZones,DC=teo-en-ming.corp,CN=MicrosoftDNS,DC=DomainDnsZones,DC=teo-en-ming,DC=corp)
Repacking database from v1 to v2 format (first record
CN=MicrosoftDNS,DC=ForestDnsZones,DC=teo-en-ming,DC=corp)
INFO 2020-02-15 09:14:07,207 pid:3479
/usr/local/samba/lib64/python3.6/site-packages/samba/provision/sambadns.py
#1272: See /usr/local/samba/bind-dns/named.conf for an example configuration
include file for BIND
INFO 2020-02-15 09:14:07,207 pid:3479
/usr/local/samba/lib64/python3.6/site-packages/samba/provision/sambadns.py
#1274: and /usr/local/samba/bind-dns/named.txt for further documentation
required for secure DNS updates
INFO 2020-02-15 09:14:07,333 pid:3479
/usr/local/samba/lib64/python3.6/site-packages/samba/provision/__init__.py
#2032: Setting up sam.ldb rootDSE marking as synchronized
INFO 2020-02-15 09:14:07,383 pid:3479
/usr/local/samba/lib64/python3.6/site-packages/samba/provision/__init__.py
#2037: Fixing provision GUIDs
INFO 2020-02-15 09:14:08,576 pid:3479
/usr/local/samba/lib64/python3.6/site-packages/samba/provision/__init__.py
#2395: A Kerberos configuration suitable for Samba AD has been generated at
/usr/local/samba/private/krb5.conf
INFO 2020-02-15 09:14:08,576 pid:3479
/usr/local/samba/lib64/python3.6/site-packages/samba/provision/__init__.py
#2396: Merge the contents of this file with your system krb5.conf or replace it
with this one. Do not create a symlink!
INFO 2020-02-15 09:14:09,009 pid:3479
/usr/local/samba/lib64/python3.6/site-packages/samba/provision/__init__.py
#2102: Setting up fake yp server settings
INFO 2020-02-15 09:14:09,200 pid:3479
/usr/local/samba/lib64/python3.6/site-packages/samba/provision/__init__.py #491:
Once the above files are installed, your Samba AD server will be ready to use
INFO 2020-02-15 09:14:09,201 pid:3479
/usr/local/samba/lib64/python3.6/site-packages/samba/provision/__init__.py #495:
Server Role: active directory domain controller
INFO 2020-02-15 09:14:09,201 pid:3479
/usr/local/samba/lib64/python3.6/site-packages/samba/provision/__init__.py #496:
Hostname: dc1
INFO 2020-02-15 09:14:09,201 pid:3479
/usr/local/samba/lib64/python3.6/site-packages/samba/provision/__init__.py #497:
NetBIOS Domain: TEO-EN-MING
INFO 2020-02-15 09:14:09,201 pid:3479
/usr/local/samba/lib64/python3.6/site-packages/samba/provision/__init__.py #498:
DNS Domain: teo-en-ming.corp
INFO 2020-02-15 09:14:09,201 pid:3479
/usr/local/samba/lib64/python3.6/site-packages/samba/provision/__init__.py #499:
DOMAIN SID: S-1-5-21-3153339276-3256266220-4030185391
# nano /etc/named.conf
Append the following line:
include "/usr/local/samba/bind-dns/named.conf";
# named -v
Output:
BIND 9.11.4-P2-RedHat-9.11.4-26.P2.el8 (Extended Support Version)
<id:7107deb>
# nano /usr/local/samba/bind-dns/named.conf
Contents of file:
# This DNS configuration is for BIND 9.8.0 or later with dlz_dlopen support.
#
# This file should be included in your main BIND configuration file
#
# For example with
# include "/usr/local/samba/bind-dns/named.conf";
#
# This configures dynamically loadable zones (DLZ) from AD schema
# Uncomment only single database line, depending on your BIND version
#
dlz "AD DNS Zone" {
# For BIND 9.8.x
# database "dlopen /usr/local/samba/lib/bind9/dlz_bind9.so";
# For BIND 9.9.x
# database "dlopen /usr/local/samba/lib/bind9/dlz_bind9_9.so";
# For BIND 9.10.x
# database "dlopen /usr/local/samba/lib/bind9/dlz_bind9_10.so";
# For BIND 9.11.x
database "dlopen /usr/local/samba/lib/bind9/dlz_bind9_11.so";
# For BIND 9.12.x
# database "dlopen /usr/local/samba/lib/bind9/dlz_bind9_12.so";
};
Setting up BIND9 options and keytab for Kerberos
===============================================
# nano /etc/named.conf
Add the following to the options {} section of your main BIND named.conf file.
For example:
options {
[...]
tkey-gssapi-keytab "/usr/local/samba/private/dns.keytab";
minimal-responses yes;
};
Verify that your /etc/krb5.conf Kerberos client configuration file is readable
by your BIND user. For example:
# ls -l /etc/krb5.conf
Output:
-rw-r--r--. 1 root root 97 Feb 15 00:49 /etc/krb5.conf
# chown root:named /etc/krb5.conf
Verify that the nsupdate utility exists on your domain controller (DC):
# which nsupdate
/usr/bin/nsupdate
Starting the BIND DNS Service
============================
# named-checkconf
# systemctl enable named.service
# systemctl start named.service
# systemctl status named.service
Output:
? named.service - Berkeley Internet Name Domain (DNS)
Loaded: loaded (/usr/lib/systemd/system/named.service; enabled; vendor
preset: disabled)
Active: active (running) since Sat 2020-02-15 09:28:54 +08; 26s ago
Process: 3670 ExecStart=/usr/sbin/named -u named -c ${NAMEDCONF} $OPTIONS
(code=exited, status=0/SUCCESS)
Process: 3667 ExecStartPre=/bin/bash -c if [ !
"$DISABLE_ZONE_CHECKING" == "yes" ]; then
/usr/sbin/named-checkconf -z "$NAMEDCONF"; else echo "Checking of
zone files is disab>
Main PID: 3673 (named)
Tasks: 4 (limit: 23972)
Memory: 73.1M
CGroup: /system.slice/named.service
??3673 /usr/sbin/named -u named -c /etc/named.conf
Feb 15 09:28:54 dc1 named[3673]: zone 0.in-addr.arpa/IN: loaded serial 0
Feb 15 09:28:54 dc1 named[3673]: zone localhost/IN: loaded serial 0
Feb 15 09:28:54 dc1 named[3673]: zone 1.0.0.127.in-addr.arpa/IN: loaded serial 0
Feb 15 09:28:54 dc1 named[3673]: zone localhost.localdomain/IN: loaded serial 0
Feb 15 09:28:54 dc1 named[3673]: zone
1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa/IN:
loaded serial 0
Feb 15 09:28:54 dc1 named[3673]: all zones loaded
Feb 15 09:28:54 dc1 named[3673]: running
Feb 15 09:28:54 dc1 systemd[1]: Started Berkeley Internet Name Domain (DNS).
Feb 15 09:29:04 dc1 named[3673]: managed-keys-zone: Unable to fetch DNSKEY set
'.': timed out
Feb 15 09:29:04 dc1 named[3673]: resolver priming query complete
I still cannot find the mandatory DNS records. Re-provisioning Samba AD DC
again.
# cd /usr/local/samba/etc
# mv smb.conf smb.conf.bak
# samba-tool domain provision --use-rfc2307 --interactive
Realm [TEO-EN-MING.CORP]:
Domain [TEO-EN-MING]:
Server Role (dc, member, standalone) [dc]:
DNS backend (SAMBA_INTERNAL, BIND9_FLATFILE, BIND9_DLZ, NONE) [SAMBA_INTERNAL]:
BIND9_DLZ
Administrator password:
Retype password:
INFO 2020-02-15 09:34:24,411 pid:3873
/usr/local/samba/lib64/python3.6/site-packages/samba/provision/__init__.py
#2128: Looking up IPv4 addresses
WARNING 2020-02-15 09:34:24,411 pid:3873
/usr/local/samba/lib64/python3.6/site-packages/samba/provision/__init__.py
#2134: More than one IPv4 address found. Using 192.168.1.10
INFO 2020-02-15 09:34:24,411 pid:3873
/usr/local/samba/lib64/python3.6/site-packages/samba/provision/__init__.py
#2145: Looking up IPv6 addresses
WARNING 2020-02-15 09:34:24,412 pid:3873
/usr/local/samba/lib64/python3.6/site-packages/samba/provision/__init__.py
#2150: More than one IPv6 address found. Using 2401:7400:c802:de67::14c2
INFO 2020-02-15 09:34:24,817 pid:3873
/usr/local/samba/lib64/python3.6/site-packages/samba/provision/__init__.py
#2323: Setting up secrets.ldb
INFO 2020-02-15 09:34:25,101 pid:3873
/usr/local/samba/lib64/python3.6/site-packages/samba/provision/__init__.py
#2329: Setting up the registry
INFO 2020-02-15 09:34:25,269 pid:3873
/usr/local/samba/lib64/python3.6/site-packages/samba/provision/__init__.py
#2332: Setting up the privileges database
INFO 2020-02-15 09:34:25,783 pid:3873
/usr/local/samba/lib64/python3.6/site-packages/samba/provision/__init__.py
#2335: Setting up idmap db
INFO 2020-02-15 09:34:26,233 pid:3873
/usr/local/samba/lib64/python3.6/site-packages/samba/provision/__init__.py
#2342: Setting up SAM db
INFO 2020-02-15 09:34:26,316 pid:3873
/usr/local/samba/lib64/python3.6/site-packages/samba/provision/__init__.py #898:
Setting up sam.ldb partitions and settings
INFO 2020-02-15 09:34:26,317 pid:3873
/usr/local/samba/lib64/python3.6/site-packages/samba/provision/__init__.py #910:
Setting up sam.ldb rootDSE
INFO 2020-02-15 09:34:26,367 pid:3873
/usr/local/samba/lib64/python3.6/site-packages/samba/provision/__init__.py
#1339: Pre-loading the Samba 4 and AD schema
Unable to determine the DomainSID, can not enforce uniqueness constraint on
local domainSIDs
INFO 2020-02-15 09:34:26,551 pid:3873
/usr/local/samba/lib64/python3.6/site-packages/samba/provision/__init__.py
#1417: Adding DomainDN: DC=teo-en-ming,DC=corp
INFO 2020-02-15 09:34:26,684 pid:3873
/usr/local/samba/lib64/python3.6/site-packages/samba/provision/__init__.py
#1449: Adding configuration container
INFO 2020-02-15 09:34:26,791 pid:3873
/usr/local/samba/lib64/python3.6/site-packages/samba/provision/__init__.py
#1464: Setting up sam.ldb schema
INFO 2020-02-15 09:34:30,087 pid:3873
/usr/local/samba/lib64/python3.6/site-packages/samba/provision/__init__.py
#1482: Setting up sam.ldb configuration data
INFO 2020-02-15 09:34:30,230 pid:3873
/usr/local/samba/lib64/python3.6/site-packages/samba/provision/__init__.py
#1523: Setting up display specifiers
INFO 2020-02-15 09:34:32,425 pid:3873
/usr/local/samba/lib64/python3.6/site-packages/samba/provision/__init__.py
#1531: Modifying display specifiers and extended rights
INFO 2020-02-15 09:34:32,465 pid:3873
/usr/local/samba/lib64/python3.6/site-packages/samba/provision/__init__.py
#1538: Adding users container
INFO 2020-02-15 09:34:32,467 pid:3873
/usr/local/samba/lib64/python3.6/site-packages/samba/provision/__init__.py
#1544: Modifying users container
INFO 2020-02-15 09:34:32,467 pid:3873
/usr/local/samba/lib64/python3.6/site-packages/samba/provision/__init__.py
#1547: Adding computers container
INFO 2020-02-15 09:34:32,469 pid:3873
/usr/local/samba/lib64/python3.6/site-packages/samba/provision/__init__.py
#1553: Modifying computers container
INFO 2020-02-15 09:34:32,470 pid:3873
/usr/local/samba/lib64/python3.6/site-packages/samba/provision/__init__.py
#1557: Setting up sam.ldb data
INFO 2020-02-15 09:34:32,608 pid:3873
/usr/local/samba/lib64/python3.6/site-packages/samba/provision/__init__.py
#1587: Setting up well known security principals
INFO 2020-02-15 09:34:32,667 pid:3873
/usr/local/samba/lib64/python3.6/site-packages/samba/provision/__init__.py
#1601: Setting up sam.ldb users and groups
INFO 2020-02-15 09:34:32,967 pid:3873
/usr/local/samba/lib64/python3.6/site-packages/samba/provision/__init__.py
#1609: Setting up self join
Repacking database from v1 to v2 format (first record
CN=userPKCS12,CN=Schema,CN=Configuration,DC=teo-en-ming,DC=corp)
Repack: re-packed 10000 records so far
Repacking database from v1 to v2 format (first record
CN=pKICertificateTemplate-Display,CN=406,CN=DisplaySpecifiers,CN=Configuration,DC=teo-en-ming,DC=corp)
Repacking database from v1 to v2 format (first record
CN=4dfbb973-8a62-4310-a90c-776e00f83222,CN=Operations,CN=DomainUpdates,CN=System,DC=teo-en-ming,DC=corp)
INFO 2020-02-15 09:34:35,720 pid:3873
/usr/local/samba/lib64/python3.6/site-packages/samba/provision/sambadns.py
#1138: Adding DNS accounts
INFO 2020-02-15 09:34:35,963 pid:3873
/usr/local/samba/lib64/python3.6/site-packages/samba/provision/sambadns.py
#1172: Creating CN=MicrosoftDNS,CN=System,DC=teo-en-ming,DC=corp
INFO 2020-02-15 09:34:35,982 pid:3873
/usr/local/samba/lib64/python3.6/site-packages/samba/provision/sambadns.py
#1185: Creating DomainDnsZones and ForestDnsZones partitions
INFO 2020-02-15 09:34:36,248 pid:3873
/usr/local/samba/lib64/python3.6/site-packages/samba/provision/sambadns.py
#1190: Populating DomainDnsZones and ForestDnsZones partitions
Repacking database from v1 to v2 format (first record
DC=l.root-servers.net,DC=RootDNSServers,CN=MicrosoftDNS,DC=DomainDnsZones,DC=teo-en-ming,DC=corp)
Repacking database from v1 to v2 format (first record
CN=MicrosoftDNS,DC=ForestDnsZones,DC=teo-en-ming,DC=corp)
INFO 2020-02-15 09:34:37,633 pid:3873
/usr/local/samba/lib64/python3.6/site-packages/samba/provision/sambadns.py
#1272: See /usr/local/samba/bind-dns/named.conf for an example configuration
include file for BIND
INFO 2020-02-15 09:34:37,633 pid:3873
/usr/local/samba/lib64/python3.6/site-packages/samba/provision/sambadns.py
#1274: and /usr/local/samba/bind-dns/named.txt for further documentation
required for secure DNS updates
INFO 2020-02-15 09:34:37,763 pid:3873
/usr/local/samba/lib64/python3.6/site-packages/samba/provision/__init__.py
#2032: Setting up sam.ldb rootDSE marking as synchronized
INFO 2020-02-15 09:34:37,804 pid:3873
/usr/local/samba/lib64/python3.6/site-packages/samba/provision/__init__.py
#2037: Fixing provision GUIDs
INFO 2020-02-15 09:34:38,781 pid:3873
/usr/local/samba/lib64/python3.6/site-packages/samba/provision/__init__.py
#2395: A Kerberos configuration suitable for Samba AD has been generated at
/usr/local/samba/private/krb5.conf
INFO 2020-02-15 09:34:38,781 pid:3873
/usr/local/samba/lib64/python3.6/site-packages/samba/provision/__init__.py
#2396: Merge the contents of this file with your system krb5.conf or replace it
with this one. Do not create a symlink!
INFO 2020-02-15 09:34:39,223 pid:3873
/usr/local/samba/lib64/python3.6/site-packages/samba/provision/__init__.py
#2102: Setting up fake yp server settings
INFO 2020-02-15 09:34:39,438 pid:3873
/usr/local/samba/lib64/python3.6/site-packages/samba/provision/__init__.py #491:
Once the above files are installed, your Samba AD server will be ready to use
INFO 2020-02-15 09:34:39,439 pid:3873
/usr/local/samba/lib64/python3.6/site-packages/samba/provision/__init__.py #495:
Server Role: active directory domain controller
INFO 2020-02-15 09:34:39,439 pid:3873
/usr/local/samba/lib64/python3.6/site-packages/samba/provision/__init__.py #496:
Hostname: dc1
INFO 2020-02-15 09:34:39,439 pid:3873
/usr/local/samba/lib64/python3.6/site-packages/samba/provision/__init__.py #497:
NetBIOS Domain: TEO-EN-MING
INFO 2020-02-15 09:34:39,439 pid:3873
/usr/local/samba/lib64/python3.6/site-packages/samba/provision/__init__.py #498:
DNS Domain: teo-en-ming.corp
INFO 2020-02-15 09:34:39,439 pid:3873
/usr/local/samba/lib64/python3.6/site-packages/samba/provision/__init__.py #499:
DOMAIN SID: S-1-5-21-2121330042-1058780221-1881093528
# cat /usr/local/samba/etc/smb.conf
# Global parameters
[global]
netbios name = DC1
realm = TEO-EN-MING.CORP
server role = active directory domain controller
server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc, drepl, winbindd,
ntp_signd, kcc, dnsupdate
workgroup = TEO-EN-MING
idmap_ldb:use rfc2307 = yes
[sysvol]
path = /usr/local/samba/var/locks/sysvol
read only = No
[netlogon]
path = /usr/local/samba/var/locks/sysvol/teo-en-ming.corp/scripts
read only = No
# systemctl start samba-ad-dc
TROUBLESHOOTING SAMBA INSTALLATION BY RE-COMPILING SAMBA FROM SOURCE AGAIN
=========================================================================
I was afraid that SELINUX might affect the previous build of Samba from source.
# cd /root
# rm -rf samba-4.11.6
# systemctl stop samba-ad-dc
# cd /usr/local
# rm -rf samba/
# cd /root
# tar xfvz samba-4.11.6.tar.gz
# cd samba-4.11.6/
# ./configure
# make -j 4
Output:
Waf: Leaving directory `/root/samba-4.11.6/bin/default'
'build' finished successfully (9m21.630s)
# make install
Output:
Waf: Leaving directory `/root/samba-4.11.6/bin/default'
'install' finished successfully (2m47.846s)
Provisioning Samba AD DC from scratch after rebuilding Samba from source.
# samba-tool domain provision --use-rfc2307 --interactive
Realm [TEO-EN-MING.CORP]:
Domain [TEO-EN-MING]:
Server Role (dc, member, standalone) [dc]:
DNS backend (SAMBA_INTERNAL, BIND9_FLATFILE, BIND9_DLZ, NONE) [SAMBA_INTERNAL]:
BIND9_DLZ
Administrator password:
Retype password:
INFO 2020-02-15 10:00:20,082 pid:28453
/usr/local/samba/lib64/python3.6/site-packages/samba/provision/__init__.py
#2128: Looking up IPv4 addresses
WARNING 2020-02-15 10:00:20,083 pid:28453
/usr/local/samba/lib64/python3.6/site-packages/samba/provision/__init__.py
#2134: More than one IPv4 address found. Using 192.168.1.10
INFO 2020-02-15 10:00:20,083 pid:28453
/usr/local/samba/lib64/python3.6/site-packages/samba/provision/__init__.py
#2145: Looking up IPv6 addresses
WARNING 2020-02-15 10:00:20,083 pid:28453
/usr/local/samba/lib64/python3.6/site-packages/samba/provision/__init__.py
#2150: More than one IPv6 address found. Using 2401:7400:c802:de67::14c2
INFO 2020-02-15 10:00:20,505 pid:28453
/usr/local/samba/lib64/python3.6/site-packages/samba/provision/__init__.py
#2319: Setting up share.ldb
INFO 2020-02-15 10:00:20,871 pid:28453
/usr/local/samba/lib64/python3.6/site-packages/samba/provision/__init__.py
#2323: Setting up secrets.ldb
INFO 2020-02-15 10:00:21,131 pid:28453
/usr/local/samba/lib64/python3.6/site-packages/samba/provision/__init__.py
#2329: Setting up the registry
INFO 2020-02-15 10:00:22,314 pid:28453
/usr/local/samba/lib64/python3.6/site-packages/samba/provision/__init__.py
#2332: Setting up the privileges database
INFO 2020-02-15 10:00:22,838 pid:28453
/usr/local/samba/lib64/python3.6/site-packages/samba/provision/__init__.py
#2335: Setting up idmap db
INFO 2020-02-15 10:00:23,230 pid:28453
/usr/local/samba/lib64/python3.6/site-packages/samba/provision/__init__.py
#2342: Setting up SAM db
INFO 2020-02-15 10:00:23,322 pid:28453
/usr/local/samba/lib64/python3.6/site-packages/samba/provision/__init__.py #898:
Setting up sam.ldb partitions and settings
INFO 2020-02-15 10:00:23,324 pid:28453
/usr/local/samba/lib64/python3.6/site-packages/samba/provision/__init__.py #910:
Setting up sam.ldb rootDSE
INFO 2020-02-15 10:00:23,398 pid:28453
/usr/local/samba/lib64/python3.6/site-packages/samba/provision/__init__.py
#1339: Pre-loading the Samba 4 and AD schema
Unable to determine the DomainSID, can not enforce uniqueness constraint on
local domainSIDs
INFO 2020-02-15 10:00:23,573 pid:28453
/usr/local/samba/lib64/python3.6/site-packages/samba/provision/__init__.py
#1417: Adding DomainDN: DC=teo-en-ming,DC=corp
INFO 2020-02-15 10:00:23,653 pid:28453
/usr/local/samba/lib64/python3.6/site-packages/samba/provision/__init__.py
#1449: Adding configuration container
INFO 2020-02-15 10:00:23,749 pid:28453
/usr/local/samba/lib64/python3.6/site-packages/samba/provision/__init__.py
#1464: Setting up sam.ldb schema
INFO 2020-02-15 10:00:27,115 pid:28453
/usr/local/samba/lib64/python3.6/site-packages/samba/provision/__init__.py
#1482: Setting up sam.ldb configuration data
INFO 2020-02-15 10:00:27,261 pid:28453
/usr/local/samba/lib64/python3.6/site-packages/samba/provision/__init__.py
#1523: Setting up display specifiers
INFO 2020-02-15 10:00:29,491 pid:28453
/usr/local/samba/lib64/python3.6/site-packages/samba/provision/__init__.py
#1531: Modifying display specifiers and extended rights
INFO 2020-02-15 10:00:29,531 pid:28453
/usr/local/samba/lib64/python3.6/site-packages/samba/provision/__init__.py
#1538: Adding users container
INFO 2020-02-15 10:00:29,532 pid:28453
/usr/local/samba/lib64/python3.6/site-packages/samba/provision/__init__.py
#1544: Modifying users container
INFO 2020-02-15 10:00:29,533 pid:28453
/usr/local/samba/lib64/python3.6/site-packages/samba/provision/__init__.py
#1547: Adding computers container
INFO 2020-02-15 10:00:29,534 pid:28453
/usr/local/samba/lib64/python3.6/site-packages/samba/provision/__init__.py
#1553: Modifying computers container
INFO 2020-02-15 10:00:29,535 pid:28453
/usr/local/samba/lib64/python3.6/site-packages/samba/provision/__init__.py
#1557: Setting up sam.ldb data
INFO 2020-02-15 10:00:29,674 pid:28453
/usr/local/samba/lib64/python3.6/site-packages/samba/provision/__init__.py
#1587: Setting up well known security principals
INFO 2020-02-15 10:00:29,735 pid:28453
/usr/local/samba/lib64/python3.6/site-packages/samba/provision/__init__.py
#1601: Setting up sam.ldb users and groups
INFO 2020-02-15 10:00:30,058 pid:28453
/usr/local/samba/lib64/python3.6/site-packages/samba/provision/__init__.py
#1609: Setting up self join
Repacking database from v1 to v2 format (first record
CN=rpc-Ns-Bindings,CN=Schema,CN=Configuration,DC=teo-en-ming,DC=corp)
Repack: re-packed 10000 records so far
Repacking database from v1 to v2 format (first record
CN=nTFRSSubscriber-Display,CN=40C,CN=DisplaySpecifiers,CN=Configuration,DC=teo-en-ming,DC=corp)
Repacking database from v1 to v2 format (first record CN=Incoming Forest Trust
Builders,CN=Builtin,DC=teo-en-ming,DC=corp)
INFO 2020-02-15 10:00:33,052 pid:28453
/usr/local/samba/lib64/python3.6/site-packages/samba/provision/sambadns.py
#1138: Adding DNS accounts
INFO 2020-02-15 10:00:33,285 pid:28453
/usr/local/samba/lib64/python3.6/site-packages/samba/provision/sambadns.py
#1172: Creating CN=MicrosoftDNS,CN=System,DC=teo-en-ming,DC=corp
INFO 2020-02-15 10:00:33,305 pid:28453
/usr/local/samba/lib64/python3.6/site-packages/samba/provision/sambadns.py
#1185: Creating DomainDnsZones and ForestDnsZones partitions
INFO 2020-02-15 10:00:33,511 pid:28453
/usr/local/samba/lib64/python3.6/site-packages/samba/provision/sambadns.py
#1190: Populating DomainDnsZones and ForestDnsZones partitions
Repacking database from v1 to v2 format (first record
DC=@,DC=teo-en-ming.corp,CN=MicrosoftDNS,DC=DomainDnsZones,DC=teo-en-ming,DC=corp)
Repacking database from v1 to v2 format (first record
DC=_ldap._tcp.Default-First-Site-Name._sites.gc,DC=_msdcs.teo-en-ming.corp,CN=MicrosoftDNS,DC=ForestDnsZones,DC=teo-en-ming,DC=corp)
INFO 2020-02-15 10:00:34,921 pid:28453
/usr/local/samba/lib64/python3.6/site-packages/samba/provision/sambadns.py
#1272: See /usr/local/samba/bind-dns/named.conf for an example configuration
include file for BIND
INFO 2020-02-15 10:00:34,921 pid:28453
/usr/local/samba/lib64/python3.6/site-packages/samba/provision/sambadns.py
#1274: and /usr/local/samba/bind-dns/named.txt for further documentation
required for secure DNS updates
INFO 2020-02-15 10:00:35,045 pid:28453
/usr/local/samba/lib64/python3.6/site-packages/samba/provision/__init__.py
#2032: Setting up sam.ldb rootDSE marking as synchronized
INFO 2020-02-15 10:00:35,095 pid:28453
/usr/local/samba/lib64/python3.6/site-packages/samba/provision/__init__.py
#2037: Fixing provision GUIDs
INFO 2020-02-15 10:00:36,238 pid:28453
/usr/local/samba/lib64/python3.6/site-packages/samba/provision/__init__.py
#2395: A Kerberos configuration suitable for Samba AD has been generated at
/usr/local/samba/private/krb5.conf
INFO 2020-02-15 10:00:36,238 pid:28453
/usr/local/samba/lib64/python3.6/site-packages/samba/provision/__init__.py
#2396: Merge the contents of this file with your system krb5.conf or replace it
with this one. Do not create a symlink!
INFO 2020-02-15 10:00:36,771 pid:28453
/usr/local/samba/lib64/python3.6/site-packages/samba/provision/__init__.py
#2102: Setting up fake yp server settings
INFO 2020-02-15 10:00:37,012 pid:28453
/usr/local/samba/lib64/python3.6/site-packages/samba/provision/__init__.py #491:
Once the above files are installed, your Samba AD server will be ready to use
INFO 2020-02-15 10:00:37,013 pid:28453
/usr/local/samba/lib64/python3.6/site-packages/samba/provision/__init__.py #495:
Server Role: active directory domain controller
INFO 2020-02-15 10:00:37,013 pid:28453
/usr/local/samba/lib64/python3.6/site-packages/samba/provision/__init__.py #496:
Hostname: dc1
INFO 2020-02-15 10:00:37,013 pid:28453
/usr/local/samba/lib64/python3.6/site-packages/samba/provision/__init__.py #497:
NetBIOS Domain: TEO-EN-MING
INFO 2020-02-15 10:00:37,013 pid:28453
/usr/local/samba/lib64/python3.6/site-packages/samba/provision/__init__.py #498:
DNS Domain: teo-en-ming.corp
INFO 2020-02-15 10:00:37,013 pid:28453
/usr/local/samba/lib64/python3.6/site-packages/samba/provision/__init__.py #499:
DOMAIN SID: S-1-5-21-4032533190-753116703-2394070240
# systemctl start samba-ad-dc
TROUBLESHOOTING THE BIND9_DLZ BACKEND
====================================
# samba_upgradedns --dns-backend=BIND9_DLZ
Output:
Reading domain information
DNS accounts already exist
No zone file /usr/local/samba/bind-dns/dns/TEO-EN-MING.CORP.zone
DNS records will be automatically created
DNS partitions already exist
dns-dc1 account already exists
See /usr/local/samba/bind-dns/named.conf for an example configuration include
file for BIND
and /usr/local/samba/bind-dns/named.txt for further documentation required for
secure DNS updates
Finished upgrading DNS
TROUBLESHOOTING "MISSING" MANDATORY SAMBA DNS RECORDS
====================================================
REFERENCE
========
Finally! I found the problem and discovered the solution.
Guide: CentOS 7 NetworkManager Keeps Overwriting /etc/resolv.conf
Link:
https://ma.ttias.be/centos-7-networkmanager-keeps-overwriting-etcresolv-conf/
To prevent Network Manager to overwrite your resolv.conf changes, remove the
DNS1, DNS2, ? lines from /etc/sysconfig/network-scripts/ifcfg-*.
# cd /etc/sysconfig/network-scripts/
# nano ifcfg-ens3
Remove DNS1 entry.
To make BIND listen on all interfaces
====================================
# nano /etc/named.conf
Change the following entry:
listen-on port 53 { any; };
# systemctl restart named
# netstat -anp | grep -v unix | grep LISTEN
tcp 0 0 0.0.0.0:111 0.0.0.0:* LISTEN
1/systemd
tcp 0 0 0.0.0.0:464 0.0.0.0:* LISTEN
28855/samba
tcp 0 0 192.168.122.1:53 0.0.0.0:* LISTEN
29436/named
tcp 0 0 192.168.1.10:53 0.0.0.0:* LISTEN
29436/named
tcp 0 0 127.0.0.1:53 0.0.0.0:* LISTEN
29436/named
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN
1090/sshd
tcp 0 0 127.0.0.1:631 0.0.0.0:* LISTEN
1087/cupsd
tcp 0 0 0.0.0.0:88 0.0.0.0:* LISTEN
28855/samba
tcp 0 0 127.0.0.1:953 0.0.0.0:* LISTEN
29436/named
tcp 0 0 0.0.0.0:636 0.0.0.0:* LISTEN
28847/samba
tcp 0 0 0.0.0.0:445 0.0.0.0:* LISTEN
28839/smbd
tcp 0 0 0.0.0.0:49152 0.0.0.0:* LISTEN
28837/samba
tcp 0 0 0.0.0.0:49153 0.0.0.0:* LISTEN
28845/samba
tcp 0 0 0.0.0.0:49154 0.0.0.0:* LISTEN
28845/samba
tcp 0 0 0.0.0.0:3268 0.0.0.0:* LISTEN
28847/samba
tcp 0 0 0.0.0.0:3269 0.0.0.0:* LISTEN
28847/samba
tcp 0 0 0.0.0.0:389 0.0.0.0:* LISTEN
28847/samba
tcp 0 0 0.0.0.0:135 0.0.0.0:* LISTEN
28845/samba
tcp 0 0 0.0.0.0:139 0.0.0.0:* LISTEN
28839/smbd
tcp 0 0 0.0.0.0:5355 0.0.0.0:* LISTEN
1597/systemd-resolv
tcp6 0 0 :::111 :::* LISTEN
1/systemd
tcp6 0 0 :::464 :::* LISTEN
28855/samba
tcp6 0 0 ::1:53 :::* LISTEN
29436/named
tcp6 0 0 :::22 :::* LISTEN
1090/sshd
tcp6 0 0 ::1:631 :::* LISTEN
1087/cupsd
tcp6 0 0 :::88 :::* LISTEN
28855/samba
tcp6 0 0 ::1:953 :::* LISTEN
29436/named
tcp6 0 0 :::636 :::* LISTEN
28847/samba
tcp6 0 0 :::445 :::* LISTEN
28839/smbd
tcp6 0 0 :::49152 :::* LISTEN
28837/samba
tcp6 0 0 :::49153 :::* LISTEN
28845/samba
tcp6 0 0 :::49154 :::* LISTEN
28845/samba
tcp6 0 0 :::3268 :::* LISTEN
28847/samba
tcp6 0 0 :::3269 :::* LISTEN
28847/samba
tcp6 0 0 :::389 :::* LISTEN
28847/samba
tcp6 0 0 :::135 :::* LISTEN
28845/samba
tcp6 0 0 :::5355 :::* LISTEN
1597/systemd-resolv
tcp6 0 0 :::139 :::* LISTEN
28839/smbd
Modify /etc/resolv.conf again. This is the crux of the problem.
# nano /etc/resolv.conf
search teo-en-ming.corp
nameserver 192.168.1.10
Verifying DNS (Successful this time)
===================================
$ host -t SRV _ldap._tcp.teo-en-ming.corp.
Output:
_ldap._tcp.teo-en-ming.corp has SRV record 0 100 389 dc1.teo-en-ming.corp.
$ host -t SRV _kerberos._udp.teo-en-ming.corp.
Output:
_kerberos._udp.teo-en-ming.corp has SRV record 0 100 88 dc1.teo-en-ming.corp.
$ host -t A dc1.teo-en-ming.corp.
Output:
dc1.teo-en-ming.corp has address 192.168.122.1
dc1.teo-en-ming.corp has address 192.168.1.10
Verifying Kerberos (Successful this time)
========================================
# kninit administrator
Output:
Password for administrator at TEO-EN-MING.CORP:
Warning: Your password will expire in 41 days on Sat 28 Mar 2020 10:00:30 AM +08
# klist
Output:
Ticket cache: FILE:/tmp/krb5cc_0
Default principal: administrator at TEO-EN-MING.CORP
Valid starting Expires Service principal
02/15/2020 10:56:56 02/15/2020 20:56:56 krbtgt/TEO-EN-MING.CORP at
TEO-EN-MING.CORP
renew until 02/16/2020 10:56:53
OVERWHELMING SUCCESS!
====================
Joining Domain from Windows 10 Pro QEMU/KVM virtual machine
==========================================================
Install Windows 10 Pro version 1909 as a QEMU/KVM virtual machine.
Ping Samba AD DC from Windows.
ping 192.168.1.10
SUCCESS!
Configure Preferred DNS Server as 192.168.1.10 for your virtual NIC.
Alternate DNS Server: 8.8.8.8 (Compulsory for internet access)
REFERENCE GUIDE
==============
Guide: DNS Administration
Link: https://wiki.samba.org/index.php/DNS_Administration
Listing zone records
===================
# samba-tool dns query 192.168.1.10 teo-en-ming.corp @ ALL -U administrator
Output:
Password for [TEO-EN-MING\administrator]:
Name=, Records=6, Children=0
SOA: serial=241, refresh=900, retry=600, expire=86400, minttl=3600,
ns=dc1.teo-en-ming.corp., email=hostmaster.teo-en-ming.corp. (flags=600000f0,
serial=241, ttl=3600)
NS: dc1.teo-en-ming.corp. (flags=600000f0, serial=1, ttl=900)
A: 192.168.1.10 (flags=600000f0, serial=1, ttl=900)
AAAA: 2401:7400:c802:de67:0000:0000:0000:14c2 (flags=600000f0, serial=1,
ttl=900)
A: 192.168.122.1 (flags=600000f0, serial=26, ttl=900)
AAAA: 2401:7400:c802:de67:0d19:690d:f659:ad40 (flags=600000f0, serial=27,
ttl=900)
Name=_msdcs, Records=0, Children=0
Name=_sites, Records=0, Children=1
Name=_tcp, Records=0, Children=4
Name=_udp, Records=0, Children=2
Name=dc1, Records=4, Children=0
A: 192.168.1.10 (flags=f0, serial=1, ttl=900)
AAAA: 2401:7400:c802:de67:0000:0000:0000:14c2 (flags=f0, serial=1, ttl=900)
A: 192.168.122.1 (flags=f0, serial=24, ttl=900)
AAAA: 2401:7400:c802:de67:0d19:690d:f659:ad40 (flags=f0, serial=25, ttl=900)
Name=DomainDnsZones, Records=0, Children=2
Name=ForestDnsZones, Records=0, Children=2
Disable IPv6 on Windows 10 Pro QEMU/KVM virtual machine.
Deleting Unneccessary DNS Records (OPTIONAL TASK)
================================================
# samba-tool dns delete 192.168.1.10 teo-en-ming.corp teo-en-ming.corp A
192.168.122.1 -U administrator
# samba-tool dns delete 192.168.1.10 teo-en-ming.corp teo-en-ming.corp AAAA
2401:7400:c802:de67:0000:0000:0000:14c2 -U administrator
# samba-tool dns delete 192.168.1.10 teo-en-ming.corp teo-en-ming.corp AAAA
2401:7400:c802:de67:0d19:690d:f659:ad40 -U administrator
# samba-tool dns delete 192.168.1.10 teo-en-ming.corp dc1 A 192.168.122.1 -U
administrator
# samba-tool dns delete 192.168.1.10 teo-en-ming.corp dc1 AAAA
2401:7400:c802:de67:0000:0000:0000:14c2 -U administrator
# samba-tool dns delete 192.168.1.10 teo-en-ming.corp dc1 AAAA
2401:7400:c802:de67:0d19:690d:f659:ad40 -U administrator
Disabling the Firewall on CentOS 8.1
====================================
# systemctl stop firewalld
# systemctl disable firewalld
Join Domain from Windows 10 Pro QEMU/KVM Virtual Machine
=======================================================
Domain: teo-en-ming.corp
Welcome to the teo-en-ming.corp domain.
Download and install Microsoft Remote Server Administration Tools (RSAT) for
Windows 10.
Restart Windows 10 Pro QEMU/KVM virtual machine.
Login as domain administrator.
User: TEO-EN-MING\administrator
Password: Unknown
Open Active Directory Users and Computers.
Final Success!
=============
AUTHOR: MR. TURRITOPSIS DOHRNII TEO EN MING, SINGAPORE
-----BEGIN EMAIL SIGNATURE-----
The Gospel for all Targeted Individuals (TIs):
[The New York Times] Microwave Weapons Are Prime Suspect in Ills of
U.S. Embassy Workers
Link:
https://www.nytimes.com/2018/09/01/science/sonic-attack-cuba-microwave.html
********************************************************************************************
Singaporean Mr. Turritopsis Dohrnii Teo En Ming's Academic
Qualifications as at 14 Feb 2019 and refugee seeking attempts at the United
Nations Refugee Agency Bangkok (21 Mar 2017), in Taiwan (5 Aug 2019) and
Australia (25 Dec 2019 to 9 Jan 2020):
[1] https://tdtemcerts.wordpress.com/
[2] https://tdtemcerts.blogspot.sg/
[3] https://www.scribd.com/user/270125049/Teo-En-Ming
-----END EMAIL SIGNATURE-----
Seemingly Similar Threads
Wisdom of the Ancients
