This is brand new. Created following Louis' instructions (although in my install of Ubuntu 20.04, it gets a little tricky with installing packages because it claims one or more don't exist after adding Louis' repository and doing an apt update). Totally separate network from my Zentyal installs, on a ProxMox virtual server, if that makes any difference. I know the admin password, I just removed it from this email, I just cannot figure out why I can't initiate a kticket. I can wipe it and start again, that's not a problem at all. I was just so close... On Fri, Sep 4, 2020, 1:22 AM Rowland penny via samba <samba at lists.samba.org> wrote:> On 04/09/2020 09:11, L.P.H. van Belle via samba wrote: > > I would have added an extra DC.. > > Move FSMO > > Removed old server from AD, > > Cleanup AD. > > > > Install new server with new ip's. > > And Add CNAMEs where needed, > > Move FSMO back. > > Remove extra DC. > > > > ;-) > > > You evidently haven't been following this thread, Peter has been there > and done that, it didn't work ;-) > > I am beginning to hate zentyal :D > > Rowland > > > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba >
On 04/09/2020 15:05, Peter Pollock wrote:> This is brand new. Created following Louis' instructions (although in > my install of Ubuntu 20.04, it gets a little tricky with installing > packages because it claims one or more don't exist after adding Louis' > repository and doing an apt update).Please don't do that, say something doesn't exist without telling us what 'something' is ;-)> > Totally separate network from my Zentyal installs, on a ProxMox > virtual server, if that makes any difference.No, good idea really, it doesn't matter if it is separate, it allows you to destroy it easily if need be.> > I know the admin password, I just removed it from this email, I just > cannot figure out why I can't initiate a kticket.OK, if you know the password, no need to start again, but kinit should work. Did you check if the first nameserver in /etc/resolv.conf is the DC's IP ? did you run the kinit command as root and like this 'kinit Administrator' ?> > I can wipe it and start again, that's not a?problem at all. I was just > so close...No, there is no need, it was just the lack of the Administrator password that was throwing me ;-) Rowland
sudo kinit Administrator sudo kinit Administrator at INTERNAL.KCS First nameserver is DC's IP. I'll wipe it and try again. My plan is to build this, build DC02 and join it, test joining some workstations (which oddly don't see the server, but I'm sure that's a DNS problem I need to fix) build a Fileserver, test all three servers with multiple workstations and users then wipe my production servers, rebuild them and add them to this new domain, have them take over the FSMO roles and put them back into production, then wipe these virtuals and create a new test domain to try things on in the future. On Fri, Sep 4, 2020 at 7:20 AM Rowland penny <rpenny at samba.org> wrote:> On 04/09/2020 15:05, Peter Pollock wrote: > > This is brand new. Created following Louis' instructions (although in > > my install of Ubuntu 20.04, it gets a little tricky with installing > > packages because it claims one or more don't exist after adding Louis' > > repository and doing an apt update). > Please don't do that, say something doesn't exist without telling us > what 'something' is ;-) > > > > Totally separate network from my Zentyal installs, on a ProxMox > > virtual server, if that makes any difference. > No, good idea really, it doesn't matter if it is separate, it allows you > to destroy it easily if need be. > > > > I know the admin password, I just removed it from this email, I just > > cannot figure out why I can't initiate a kticket. > OK, if you know the password, no need to start again, but kinit should > work. Did you check if the first nameserver in /etc/resolv.conf is the > DC's IP ? did you run the kinit command as root and like this 'kinit > Administrator' ? > > > > I can wipe it and start again, that's not a problem at all. I was just > > so close... > > No, there is no need, it was just the lack of the Administrator password > that was throwing me ;-) > > Rowland > > >
OK.. after school ended today, I poked around and found nothing so I
started all over again. Followed Louis' instructions at
https://github.com/thctlo/samba4/blob/master/full-howto-Ubuntu18.04-samba-AD_DC.txt
all the way through but at the end, the resolver is not working - and kinit
cannot find a KDC (I'm guessing because the resolver is not working!)
This is the only server on the network and has an IP address of 192.168.4.5
(the gateway is at 192.168.4.1)
"Service named status" gives me:
? named.service - BIND Domain Name Server
Loaded: loaded (/lib/systemd/system/named.service; enabled; vendor
preset: enabled)
Active: active (running) since Fri 2020-09-04 21:41:41 PDT; 10min ago
Docs: man:named(8)
Main PID: 528 (named)
Tasks: 14 (limit: 2282)
Memory: 61.9M
CGroup: /system.slice/named.service
??528 /usr/sbin/named -f -u bind
Sep 04 21:52:22 dc01 named[528]: network unreachable resolving
'kcs/DS/IN':
2001:500:2d::d#53
Sep 04 21:52:22 dc01 named[528]: network unreachable resolving
'kcs/DS/IN':
2001:500:1::53#53
Sep 04 21:52:22 dc01 named[528]: network unreachable resolving
'kcs/DS/IN':
2001:500:9f::42#53
Sep 04 21:52:22 dc01 named[528]: network unreachable resolving
'kcs/DS/IN':
2001:503:ba3e::2:30#53
Sep 04 21:52:22 dc01 named[528]: network unreachable resolving
'kcs/DS/IN':
2001:500:a8::e#53
Sep 04 21:52:22 dc01 named[528]: network unreachable resolving
'kcs/DS/IN':
2001:500:200::b#53
Sep 04 21:52:22 dc01 named[528]: network unreachable resolving
'kcs/DS/IN':
2001:500:2f::f#53
Sep 04 21:52:22 dc01 named[528]: network unreachable resolving
'kcs/DS/IN':
2001:503:c27::2:30#53
Sep 04 21:52:22 dc01 named[528]: broken trust chain resolving
'dc01.internal.kcs/A/IN': 8.8.8.8#53
Sep 04 21:52:22 dc01 named[528]: broken trust chain resolving
'_ldap._tcp.dc01.internal.kcs/SRV/IN': 8.8.8.8#53
I do not know where to start.
I took copious notes as I followed Louis' walkthrough, which I'll send
if
they interest you, but it's many pages!
On Fri, Sep 4, 2020 at 7:20 AM Rowland penny <rpenny at samba.org> wrote:
> On 04/09/2020 15:05, Peter Pollock wrote:
> > This is brand new. Created following Louis' instructions (although
in
> > my install of Ubuntu 20.04, it gets a little tricky with installing
> > packages because it claims one or more don't exist after adding
Louis'
> > repository and doing an apt update).
> Please don't do that, say something doesn't exist without telling
us
> what 'something' is ;-)
> >
> > Totally separate network from my Zentyal installs, on a ProxMox
> > virtual server, if that makes any difference.
> No, good idea really, it doesn't matter if it is separate, it allows
you
> to destroy it easily if need be.
> >
> > I know the admin password, I just removed it from this email, I just
> > cannot figure out why I can't initiate a kticket.
> OK, if you know the password, no need to start again, but kinit should
> work. Did you check if the first nameserver in /etc/resolv.conf is the
> DC's IP ? did you run the kinit command as root and like this
'kinit
> Administrator' ?
> >
> > I can wipe it and start again, that's not a problem at all. I was
just
> > so close...
>
> No, there is no need, it was just the lack of the Administrator password
> that was throwing me ;-)
>
> Rowland
>
>
>