Hi Rowland, thank you for your help. I've added the include "/var/lib/samba/bind-dns/named.conf in /etc/bind/named.conf instead of named.conf.options. As for the link, here it goes. https://lists.samba.org/archive/samba/2019-July/224546.html Best regards Rowland penny via samba <samba at lists.samba.org> escreveu no dia domingo, 13/09/2020 ?(s) 17:11:> On 13/09/2020 16:46, Carlos Jesus via samba wrote: > > Hello all,I'm trying to add a self compiled samba 4.12 DC to a Windows > > 2008R2 domain.Adding the samba DC was troublesome but successful (I had > to > > modify join.py as I swa in another thread "Join Samba to a Windows AD > > ERR_DS_NO_CROSSREF_FOR_NC". After that I could join the samba DC and > > everything seemed ok. > Could you provide a link to that thread ? > > my named.conf.options: > > acl internals { 127.0.0.0/8; 192.168.59.0/24; }; > > options { > > directory "/var/cache/bind"; > > version "Go Away 0.0.7"; > > notify no; > > empty-zones-enable no; > > auth-nxdomain yes; > > forwarders { 8.8.8.8; 8.8.4.4; }; > > allow-transfer { none; }; > > listen-on-v6 { none; }; > > listen-on port 53 { 192.168.59.112; 127.0.0.1; ::1; }; > > > > dnssec-validation no; > > dnssec-enable no; > > dnssec-lookaside no; > > minimal-responses yes; > > > > allow-query { > > 127.0.0.1; > > 192.168.59.0/24; > > }; > > allow-query-cache { > > 127.0.0.1; > > 192.168.59.0/24; > > }; > > recursion yes; > > allow-recursion { > > 127.0.0.1; > > 192.168.59.0/24; > > }; > > tkey-gssapi-keytab "/usr/local/samba/bind-dns/dns.keytab"; > > }; > > > > zone "." { > > type hint; > > file "named.root"; > > }; > > zone "localhost" { > > type master; > > file "master/localhost.zone"; > > }; > > zone "0.0.127.in-addr.arpa" { > > type master; > > file "master/0.0.127.zone"; > > }; > > You are missing "include "/var/lib/samba/bind-dns/named.conf";" in your > named.conf file. > > Rowland > > > > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba >
Rowland penny
2020-Sep-14 07:42 UTC
[Samba] DNS problems when adding samba DC to win2008R2
On 13/09/2020 22:40, Carlos Jesus wrote:> Hi Rowland, thank you for your help. > I've added the include "/var/lib/samba/bind-dns/named.conf in > /etc/bind/named.conf instead of named.conf.options.Please don't do that, it isn't a good idea, use an 'include', that way if something changes, it will still work.> > As for the link, here it goes. > https://lists.samba.org/archive/samba/2019-July/224546.htmlYes and that didn't end successfully :-\ What did the Windows DC start out as ? 2008R2 or was it an earlier version ? What was the full command you used to join the Samba DC to the Windows domain ? Did you get any errors during the successful join ? Can you go here: https://github.com/thctlo/samba4/blob/master/samba-collect-debug-info.sh Download the script and run it on your Samba DC. sanitise the outpost and post it to this list. Rowland
> > On 13/09/2020 22:40, Carlos Jesus wrote: > > Hi Rowland, thank you for your help. > > I've added the include "/var/lib/samba/bind-dns/named.conf in > > /etc/bind/named.conf instead of named.conf.options. > Please don't do that, it isn't a good idea, use an 'include', that way > if something changes, it will still work. > >It IS an include. In named.conf with the other includes, but I've changed it.>> As for the link, here it goes. > > https://lists.samba.org/archive/samba/2019-July/224546.html > > Yes and that didn't end successfully :-\ > > Yeap. I noticed but still...> What did the Windows DC start out as ? 2008R2 or was it an earlier version > ? > > Straight Windows 2008R2> What was the full command you used to join the Samba DC to the Windows > domain ? > > I basically followedhttps://wiki.samba.org/index.php/Joining_a_Samba_DC_to_an_Existing_Active_Directory . The command was samba-tool domain join MyDomain.lx.pt DC -U"MyDomain\administrator"> Did you get any errors during the successful join ? > > Not after changing join.py> Can you go here: > https://github.com/thctlo/samba4/blob/master/samba-collect-debug-info.sh > > Download the script and run it on your Samba DC. > > sanitise the outpost and post it to this list.> >grep: /etc/samba/smb.conf: No such file or directory ./samba.sh: line 328: [: : integer expression expected DC2:/home/carlos# more /tmp/samba-debug-info.txt Collected config --- 2020-09-14-10:27 ----------- Hostname: DC2 DNS Domain: MyDomain.lx.pt FQDN: DC2.MyDomain.lx.pt ipaddress: 192.168.59.112 ----------- Kerberos SRV _kerberos._tcp.MyDomain.lx.pt record verified ok, sample output: Server: 192.168.59.112 Address: 192.168.59.112#53 _kerberos._tcp.MyDomain.lx.pt service = 0 100 88 dc2.MyDomain.lx.pt. Samba is running as an AD DC ----------- Checking file: /etc/os-release PRETTY_NAME="Debian GNU/Linux 10 (buster)" NAME="Debian GNU/Linux" VERSION_ID="10" VERSION="10 (buster)" VERSION_CODENAME=buster ID=debian HOME_URL="https://www.debian.org/" SUPPORT_URL="https://www.debian.org/support" BUG_REPORT_URL="https://bugs.debian.org/" ----------- This computer is running Debian 10.5 x86_64 ----------- running command : ip a 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000 link/ether 00:15:5d:3b:6f:09 brd ff:ff:ff:ff:ff:ff inet 192.168.59.112/24 brd 192.168.59.255 scope global eth0 ----------- Checking file: /etc/hosts 127.0.0.1 localhost 192.168.59.112 DC2.MyDomain.lx.pt DC2 ----------- Checking file: /etc/resolv.conf domain MyDomain.lx.pt search MyDomain.lx.pt #nameserver 192.168.59.111 nameserver 192.168.59.112 ----------- Checking file: /etc/krb5.conf [libdefaults] default_realm = MyDomain.LX.PT dns_lookup_realm = false dns_lookup_kdc = true ----------- Checking file: /etc/nsswitch.conf passwd: files systemd winbind group: files systemd winbind shadow: files gshadow: files hosts: files mdns4_minimal [NOTFOUND=return] dns networks: files protocols: db files services: db files ethers: db files rpc: db files netgroup: nis ----------- Checking file: /usr/local/samba/etc/smb.conf [global] netbios name = DC2 realm = MyDomain.LX.PT server role = active directory domain controller workgroup = MyDomain idmap_ldb:use rfc2307 = yes log level = 1 auth_json_audit:2@/var/log/samba/auth.log sam:2@ /var/log/samba/sam.log log file = /var/log/samba/samba.log server services = -dns winbind nss info = template template shell = /bin/bash template homedir = /home/%U server min protocol = SMB2 [sysvol] path = /usr/local/samba/var/locks/sysvol read only = No [netlogon] path = /usr/local/samba/var/locks/sysvol/MyDomain.lx.pt/scripts read only = No ----------- Detected bind DLZ enabled.. Checking file: /etc/bind/named.conf include "/etc/bind/named.conf.options"; include "/etc/bind/named.conf.local"; include "/etc/bind/named.conf.default-zones"; include "/usr/local/samba/bind-dns/named.conf"; ----------- Checking file: /etc/bind/named.conf.options acl internals { 127.0.0.0/8; 192.168.59.0/24; }; options { directory "/var/cache/bind"; version "Go Away 0.0.7"; notify no; empty-zones-enable no; auth-nxdomain yes; forwarders { 8.8.8.8; 8.8.4.4; }; allow-transfer { none; }; dnssec-validation no; dnssec-enable no; dnssec-lookaside no; listen-on-v6 { none; }; listen-on port 53 { 192.168.59.112; 127.0.0.1; ::1; }; minimal-responses yes; allow-query { "internals"; }; allow-query-cache { "internals"; }; recursion yes; allow-recursion { "internals"; }; tkey-gssapi-keytab "/usr/local/samba/bind-dns/dns.keytab"; }; ----------- Checking file: /etc/bind/named.conf.local ----------- Checking file: /etc/bind/named.conf.default-zones zone "." { type hint; file "/usr/share/dns/root.hints"; }; zone "localhost" { type master; file "/etc/bind/db.local"; }; zone "127.in-addr.arpa" { type master; file "/etc/bind/db.127"; }; zone "0.in-addr.arpa" { type master; file "/etc/bind/db.0"; }; zone "255.in-addr.arpa" { type master; file "/etc/bind/db.255"; }; ----------- Samba DNS zone list: 3 zone(s) found pszZoneName : 59.168.192.in-addr.arpa Flags : DNS_RPC_ZONE_DSINTEGRATED DNS_RPC_ZONE_UPDATE_SECURE ZoneType : DNS_ZONE_TYPE_PRIMARY Version : 50 dwDpFlags : DNS_DP_AUTOCREATED DNS_DP_DOMAIN_DEFAULT DNS_DP_ENLISTED pszDpFqdn : DomainDnsZones.MyDomain.lx.pt pszZoneName : MyDomain.lx.pt Flags : DNS_RPC_ZONE_DSINTEGRATED DNS_RPC_ZONE_UPDATE_SECURE ZoneType : DNS_ZONE_TYPE_PRIMARY Version : 50 dwDpFlags : DNS_DP_AUTOCREATED DNS_DP_DOMAIN_DEFAULT DNS_DP_ENLISTED pszDpFqdn : DomainDnsZones.MyDomain.lx.pt pszZoneName : _msdcs.MyDomain.lx.pt Flags : DNS_RPC_ZONE_DSINTEGRATED DNS_RPC_ZONE_UPDATE_SECURE ZoneType : DNS_ZONE_TYPE_PRIMARY Version : 50 dwDpFlags : DNS_DP_AUTOCREATED DNS_DP_FOREST_DEFAULT DNS_DP_ENLISTED pszDpFqdn : ForestDnsZones.MyDomain.lx.pt Samba DNS zone list Automated check : zone : 59.168.192.in-addr.arpa ok, no Bind flat-files found ----------- zone : MyDomain.lx.pt ok, no Bind flat-files found ----------- zone : _msdcs.MyDomain.lx.pt ok, no Bind flat-files found ----------- Installed packages: ii acl 2.2.53-4 amd64 access control list - utilities ii attr 1:2.4.48-4 amd64 utilities for manipulating filesystem extended attributes ii bind9 1:9.11.5.P4+dfsg-5.1+deb10u2 amd64 Internet Domain Name Server ii bind9-host 1:9.11.5.P4+dfsg-5.1+deb10u2 amd64 DNS lookup utility (deprecated) ii bind9utils 1:9.11.5.P4+dfsg-5.1+deb10u2 amd64 Utilities for BIND ii fonts-quicksand 0.2016-2 all sans-serif font with round attributes ii krb5-config 2.6 all Configuration files for Kerberos Version 5 ii krb5-kdc 1.17-3 amd64 MIT Kerberos key server (KDC) ii krb5-locales 1.17-3 all internationalization support for MIT Kerberos ii krb5-multidev:amd64 1.17-3 amd64 development files for MIT Kerberos without Heimdal conflict ii krb5-user 1.17-3 amd64 basic programs to authenticate using MIT Kerberos ii libacl1:amd64 2.2.53-4 amd64 access control list - shared library ii libacl1-dev:amd64 2.2.53-4 amd64 access control list - static libraries and headers ii libattr1:amd64 1:2.4.48-4 amd64 extended attribute handling - shared library ii libattr1-dev:amd64 1:2.4.48-4 amd64 extended attributes handling - static libraries and headers ii libbind9-161:amd64 1:9.11.5.P4+dfsg-5.1+deb10u2 amd64 BIND9 Shared Library used by BIND ii libgssapi-krb5-2:amd64 1.17-3 amd64 MIT Kerberos runtime libraries - krb5 GSS-API Mechanism ii libkrb5-26-heimdal:amd64 7.5.0+dfsg-3 amd64 Heimdal Kerberos - libraries ii libkrb5-3:amd64 1.17-3 amd64 MIT Kerberos runtime libraries ii libkrb5-dev:amd64 1.17-3 amd64 headers and development libraries for MIT Kerberos ii libkrb5support0:amd64 1.17-3 amd64 MIT Kerberos runtime libraries - Support library ii libsmbclient:amd64 2:4.9.5+dfsg-5+deb10u1 amd64 shared library for communication with SMB/CIFS servers ii libwbclient0:amd64 2:4.9.5+dfsg-5+deb10u1 amd64 Samba winbind client library ii python-attr 18.2.0-1 all Attributes without boilerplate (Python 2) ii python3-pyxattr 0.6.1-1 amd64 module for manipulating filesystem extended attributes (Python3) ii samba-libs:amd64 2:4.9.5+dfsg-5+deb10u1 amd64 Samba core libraries ----------- Rowland penny via samba <samba at lists.samba.org> escreveu no dia segunda, 14/09/2020 ?(s) 08:43:> On 13/09/2020 22:40, Carlos Jesus wrote: > > Hi Rowland, thank you for your help. > > I've added the include "/var/lib/samba/bind-dns/named.conf in > > /etc/bind/named.conf instead of named.conf.options. > Please don't do that, it isn't a good idea, use an 'include', that way > if something changes, it will still work. > > > > As for the link, here it goes. > > https://lists.samba.org/archive/samba/2019-July/224546.html > > Yes and that didn't end successfully :-\ > > What did the Windows DC start out as ? 2008R2 or was it an earlier version > ? > > What was the full command you used to join the Samba DC to the Windows > domain ? > > Did you get any errors during the successful join ? > > Can you go here: > https://github.com/thctlo/samba4/blob/master/samba-collect-debug-info.sh > > Download the script and run it on your Samba DC. > > sanitise the outpost and post it to this list. > > Rowland > > > > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba >
L.P.H. van Belle
2020-Sep-14 10:30 UTC
[Samba] DNS problems when adding samba DC to win2008R2
Hai, See below.> -----Oorspronkelijk bericht----- > Van: samba [mailto:samba-bounces at lists.samba.org] Namens > Carlos Jesus via samba > Verzonden: maandag 14 september 2020 11:40 > Aan: Rowland penny > CC: sambalist > Onderwerp: Re: [Samba] DNS problems when adding samba DC to win2008R2 >....> > > > > grep: /etc/samba/smb.conf: No such file or directory > ./samba.sh: line 328: [: : integer expression expectedHmm, it does not find smb.conf ? Thats strange or was this a typo on your side? ( Ah, after some scrolling, its a self compiled samba ) ;-)> DC2:/home/carlos# more /tmp/samba-debug-info.txt > Collected config --- 2020-09-14-10:27 ----------- > > Hostname: DC2 > DNS Domain: MyDomain.lx.pt > FQDN: DC2.MyDomain.lx.pt > ipaddress: 192.168.59.112 > ----------- > Kerberos SRV _kerberos._tcp.MyDomain.lx.pt record verified ok, sample > output: > Server: 192.168.59.112 > Address: 192.168.59.112#53 > > _kerberos._tcp.MyDomain.lx.pt service = 0 100 88 > dc2.MyDomain.lx.pt.Here, if you have 2 DC's you should also see the 2 DC's. So where is DC1 ?> Samba is running as an AD DC > ----------- > Checking file: /etc/os-release > PRETTY_NAME="Debian GNU/Linux 10 (buster)" > NAME="Debian GNU/Linux" > VERSION_ID="10" > VERSION="10 (buster)" > VERSION_CODENAME=buster > ID=debian > HOME_URL="https://www.debian.org/" > SUPPORT_URL="https://www.debian.org/support" > BUG_REPORT_URL="https://bugs.debian.org/" > ----------- > > This computer is running Debian 10.5 x86_64 > ----------- > running command : ip a > 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state > UNKNOWN group > default qlen 1000 > link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 > inet 127.0.0.1/8 scope host lo > 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq > state UP group > default qlen 1000 > link/ether 00:15:5d:3b:6f:09 brd ff:ff:ff:ff:ff:ff > inet 192.168.59.112/24 brd 192.168.59.255 scope global eth0 > ----------- > Checking file: /etc/hosts > 127.0.0.1 localhost > 192.168.59.112 DC2.MyDomain.lx.pt DC2 > ----------- > Checking file: /etc/resolv.conf > domain MyDomain.lx.pt > search MyDomain.lx.pt > nameserver 192.168.59.112# AFter a join and a reboot, you can enable the DC1 Nameserver but add it below this server> nameserver 192.168.59.111> ----------- > Checking file: /etc/krb5.conf > [libdefaults] > default_realm = MyDomain.LX.PT > dns_lookup_realm = false > dns_lookup_kdc = true > ----------- > Checking file: /etc/nsswitch.conf > > passwd: files systemd winbind > group: files systemd winbind > shadow: files > gshadow: files > > hosts: files mdns4_minimal [NOTFOUND=return] dnshosts: files dns mdns4_minimal [NOTFOUND=return] Moved dns before mDNS (avahi-daemon)> networks: files > > protocols: db files > services: db files > ethers: db files > rpc: db files > > netgroup: nis > ----------- > Checking file: /usr/local/samba/etc/smb.conf > [global] > netbios name = DC2 > realm = MyDomain.LX.PT > server role = active directory domain controller > workgroup = MyDomain > idmap_ldb:use rfc2307 = yes > log level = 1 auth_json_audit:2@/var/log/samba/auth.log sam:2@ > /var/log/samba/sam.log > log file = /var/log/samba/samba.log > server services = -dns > > winbind nss info = template > template shell = /bin/bash > template homedir = /home/%U > server min protocol = SMB2 > > [sysvol] > path = /usr/local/samba/var/locks/sysvol > read only = No > > [netlogon] > path = > /usr/local/samba/var/locks/sysvol/MyDomain.lx.pt/scripts > read only = No > ----------- > Detected bind DLZ enabled.. > Checking file: /etc/bind/named.conf > > include "/etc/bind/named.conf.options"; > include "/etc/bind/named.conf.local"; > include "/etc/bind/named.conf.default-zones"; > include "/usr/local/samba/bind-dns/named.conf"; > ----------- > Checking file: /etc/bind/named.conf.options > acl internals { 127.0.0.0/8; 192.168.59.0/24; }; > > options { > directory "/var/cache/bind"; > version "Go Away 0.0.7"; > notify no; > empty-zones-enable no; > auth-nxdomain yes; > forwarders { 8.8.8.8; 8.8.4.4; }; > allow-transfer { none; }; > > dnssec-validation no; > dnssec-enable no; > dnssec-lookaside no; > listen-on-v6 { none; }; > listen-on port 53 { 192.168.59.112; 127.0.0.1; ::1; }; > > minimal-responses yes; > > allow-query { "internals"; }; > allow-query-cache { "internals"; }; > > recursion yes; > allow-recursion { "internals"; }; > > tkey-gssapi-keytab "/usr/local/samba/bind-dns/dns.keytab"; > }; > ----------- > Checking file: /etc/bind/named.conf.local > ----------- > Checking file: /etc/bind/named.conf.default-zones > zone "." { > type hint; > file "/usr/share/dns/root.hints"; > }; > > zone "localhost" { > type master; > file "/etc/bind/db.local"; > }; > > zone "127.in-addr.arpa" { > type master; > file "/etc/bind/db.127"; > }; > > zone "0.in-addr.arpa" { > type master; > file "/etc/bind/db.0"; > }; > > zone "255.in-addr.arpa" { > type master; > file "/etc/bind/db.255"; > }; > ----------- > Samba DNS zone list: 3 zone(s) found > > pszZoneName : 59.168.192.in-addr.arpa > Flags : DNS_RPC_ZONE_DSINTEGRATED > DNS_RPC_ZONE_UPDATE_SECURE > ZoneType : DNS_ZONE_TYPE_PRIMARY > Version : 50 > dwDpFlags : DNS_DP_AUTOCREATED > DNS_DP_DOMAIN_DEFAULT > DNS_DP_ENLISTED > pszDpFqdn : DomainDnsZones.MyDomain.lx.pt > > pszZoneName : MyDomain.lx.pt > Flags : DNS_RPC_ZONE_DSINTEGRATED > DNS_RPC_ZONE_UPDATE_SECURE > ZoneType : DNS_ZONE_TYPE_PRIMARY > Version : 50 > dwDpFlags : DNS_DP_AUTOCREATED > DNS_DP_DOMAIN_DEFAULT > DNS_DP_ENLISTED > pszDpFqdn : DomainDnsZones.MyDomain.lx.pt > > pszZoneName : _msdcs.MyDomain.lx.pt > Flags : DNS_RPC_ZONE_DSINTEGRATED > DNS_RPC_ZONE_UPDATE_SECURE > ZoneType : DNS_ZONE_TYPE_PRIMARY > Version : 50 > dwDpFlags : DNS_DP_AUTOCREATED > DNS_DP_FOREST_DEFAULT > DNS_DP_ENLISTED > pszDpFqdn : ForestDnsZones.MyDomain.lx.pt > > Samba DNS zone list Automated check : > zone : 59.168.192.in-addr.arpa ok, no Bind flat-files found > ----------- > zone : MyDomain.lx.pt ok, no Bind flat-files found > ----------- > zone : _msdcs.MyDomain.lx.pt ok, no Bind flat-files found > ----------- > Installed packages: > ii acl 2.2.53-4 > amd64 access control list - utilities > ii attr 1:2.4.48-4 > amd64 utilities for manipulating filesystem > extended attributes > ii bind9 1:9.11.5.P4+dfsg-5.1+deb10u2 > amd64 Internet Domain Name Server > ii bind9-host 1:9.11.5.P4+dfsg-5.1+deb10u2 > amd64 DNS lookup utility (deprecated) > ii bind9utils 1:9.11.5.P4+dfsg-5.1+deb10u2 > amd64 Utilities for BIND > ii fonts-quicksand 0.2016-2 > all sans-serif font with round attributes > ii krb5-config 2.6 > all Configuration files for Kerberos Version 5 > ii krb5-kdc 1.17-3 > amd64 MIT Kerberos key server (KDC) > ii krb5-locales 1.17-3 > all internationalization support for MIT Kerberos > ii krb5-multidev:amd64 1.17-3 > amd64 development files for MIT Kerberos without > Heimdal conflict > ii krb5-user 1.17-3 > amd64 basic programs to authenticate using MIT Kerberos > ii libacl1:amd64 2.2.53-4 > amd64 access control list - shared library > ii libacl1-dev:amd64 2.2.53-4 > amd64 access control list - static libraries and headers > ii libattr1:amd64 1:2.4.48-4 > amd64 extended attribute handling - shared library > ii libattr1-dev:amd64 1:2.4.48-4 > amd64 extended attributes handling - static > libraries and headers > ii libbind9-161:amd64 1:9.11.5.P4+dfsg-5.1+deb10u2 > amd64 BIND9 Shared Library used by BIND > ii libgssapi-krb5-2:amd64 1.17-3 > amd64 MIT Kerberos runtime libraries - krb5 GSS-API > Mechanism > ii libkrb5-26-heimdal:amd64 7.5.0+dfsg-3 > amd64 Heimdal Kerberos - libraries > ii libkrb5-3:amd64 1.17-3 > amd64 MIT Kerberos runtime libraries > ii libkrb5-dev:amd64 1.17-3 > amd64 headers and development libraries for MIT Kerberos > ii libkrb5support0:amd64 1.17-3 > amd64 MIT Kerberos runtime libraries - Support library > ii libsmbclient:amd64 2:4.9.5+dfsg-5+deb10u1 > amd64 shared library for communication with SMB/CIFS servers > ii libwbclient0:amd64 2:4.9.5+dfsg-5+deb10u1 > amd64 Samba winbind client library > ii python-attr 18.2.0-1 > all Attributes without boilerplate (Python 2) > ii python3-pyxattr 0.6.1-1 > amd64 module for manipulating filesystem extended attributes > (Python3) > ii samba-libs:amd64 2:4.9.5+dfsg-5+deb10u1 > amd64 Samba core libraries > -----------So, you have a self compiled samba, you did install or, did not remove some older parts. Like : libwbclient0:amd64 2:4.9.5+dfsg-5+deb10u1 So a choice to make, - Remove good and only use selfcompiled samba. Or - Install debian's Samba 4.9.5 - Or instal samba from my repo then install 4.12.6 Greetz, Louis