L.P.H. van Belle
2020-Sep-14 10:30 UTC
[Samba] DNS problems when adding samba DC to win2008R2
Hai, See below.> -----Oorspronkelijk bericht----- > Van: samba [mailto:samba-bounces at lists.samba.org] Namens > Carlos Jesus via samba > Verzonden: maandag 14 september 2020 11:40 > Aan: Rowland penny > CC: sambalist > Onderwerp: Re: [Samba] DNS problems when adding samba DC to win2008R2 >....> > > > > grep: /etc/samba/smb.conf: No such file or directory > ./samba.sh: line 328: [: : integer expression expectedHmm, it does not find smb.conf ? Thats strange or was this a typo on your side? ( Ah, after some scrolling, its a self compiled samba ) ;-)> DC2:/home/carlos# more /tmp/samba-debug-info.txt > Collected config --- 2020-09-14-10:27 ----------- > > Hostname: DC2 > DNS Domain: MyDomain.lx.pt > FQDN: DC2.MyDomain.lx.pt > ipaddress: 192.168.59.112 > ----------- > Kerberos SRV _kerberos._tcp.MyDomain.lx.pt record verified ok, sample > output: > Server: 192.168.59.112 > Address: 192.168.59.112#53 > > _kerberos._tcp.MyDomain.lx.pt service = 0 100 88 > dc2.MyDomain.lx.pt.Here, if you have 2 DC's you should also see the 2 DC's. So where is DC1 ?> Samba is running as an AD DC > ----------- > Checking file: /etc/os-release > PRETTY_NAME="Debian GNU/Linux 10 (buster)" > NAME="Debian GNU/Linux" > VERSION_ID="10" > VERSION="10 (buster)" > VERSION_CODENAME=buster > ID=debian > HOME_URL="https://www.debian.org/" > SUPPORT_URL="https://www.debian.org/support" > BUG_REPORT_URL="https://bugs.debian.org/" > ----------- > > This computer is running Debian 10.5 x86_64 > ----------- > running command : ip a > 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state > UNKNOWN group > default qlen 1000 > link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 > inet 127.0.0.1/8 scope host lo > 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq > state UP group > default qlen 1000 > link/ether 00:15:5d:3b:6f:09 brd ff:ff:ff:ff:ff:ff > inet 192.168.59.112/24 brd 192.168.59.255 scope global eth0 > ----------- > Checking file: /etc/hosts > 127.0.0.1 localhost > 192.168.59.112 DC2.MyDomain.lx.pt DC2 > ----------- > Checking file: /etc/resolv.conf > domain MyDomain.lx.pt > search MyDomain.lx.pt > nameserver 192.168.59.112# AFter a join and a reboot, you can enable the DC1 Nameserver but add it below this server> nameserver 192.168.59.111> ----------- > Checking file: /etc/krb5.conf > [libdefaults] > default_realm = MyDomain.LX.PT > dns_lookup_realm = false > dns_lookup_kdc = true > ----------- > Checking file: /etc/nsswitch.conf > > passwd: files systemd winbind > group: files systemd winbind > shadow: files > gshadow: files > > hosts: files mdns4_minimal [NOTFOUND=return] dnshosts: files dns mdns4_minimal [NOTFOUND=return] Moved dns before mDNS (avahi-daemon)> networks: files > > protocols: db files > services: db files > ethers: db files > rpc: db files > > netgroup: nis > ----------- > Checking file: /usr/local/samba/etc/smb.conf > [global] > netbios name = DC2 > realm = MyDomain.LX.PT > server role = active directory domain controller > workgroup = MyDomain > idmap_ldb:use rfc2307 = yes > log level = 1 auth_json_audit:2@/var/log/samba/auth.log sam:2@ > /var/log/samba/sam.log > log file = /var/log/samba/samba.log > server services = -dns > > winbind nss info = template > template shell = /bin/bash > template homedir = /home/%U > server min protocol = SMB2 > > [sysvol] > path = /usr/local/samba/var/locks/sysvol > read only = No > > [netlogon] > path = > /usr/local/samba/var/locks/sysvol/MyDomain.lx.pt/scripts > read only = No > ----------- > Detected bind DLZ enabled.. > Checking file: /etc/bind/named.conf > > include "/etc/bind/named.conf.options"; > include "/etc/bind/named.conf.local"; > include "/etc/bind/named.conf.default-zones"; > include "/usr/local/samba/bind-dns/named.conf"; > ----------- > Checking file: /etc/bind/named.conf.options > acl internals { 127.0.0.0/8; 192.168.59.0/24; }; > > options { > directory "/var/cache/bind"; > version "Go Away 0.0.7"; > notify no; > empty-zones-enable no; > auth-nxdomain yes; > forwarders { 8.8.8.8; 8.8.4.4; }; > allow-transfer { none; }; > > dnssec-validation no; > dnssec-enable no; > dnssec-lookaside no; > listen-on-v6 { none; }; > listen-on port 53 { 192.168.59.112; 127.0.0.1; ::1; }; > > minimal-responses yes; > > allow-query { "internals"; }; > allow-query-cache { "internals"; }; > > recursion yes; > allow-recursion { "internals"; }; > > tkey-gssapi-keytab "/usr/local/samba/bind-dns/dns.keytab"; > }; > ----------- > Checking file: /etc/bind/named.conf.local > ----------- > Checking file: /etc/bind/named.conf.default-zones > zone "." { > type hint; > file "/usr/share/dns/root.hints"; > }; > > zone "localhost" { > type master; > file "/etc/bind/db.local"; > }; > > zone "127.in-addr.arpa" { > type master; > file "/etc/bind/db.127"; > }; > > zone "0.in-addr.arpa" { > type master; > file "/etc/bind/db.0"; > }; > > zone "255.in-addr.arpa" { > type master; > file "/etc/bind/db.255"; > }; > ----------- > Samba DNS zone list: 3 zone(s) found > > pszZoneName : 59.168.192.in-addr.arpa > Flags : DNS_RPC_ZONE_DSINTEGRATED > DNS_RPC_ZONE_UPDATE_SECURE > ZoneType : DNS_ZONE_TYPE_PRIMARY > Version : 50 > dwDpFlags : DNS_DP_AUTOCREATED > DNS_DP_DOMAIN_DEFAULT > DNS_DP_ENLISTED > pszDpFqdn : DomainDnsZones.MyDomain.lx.pt > > pszZoneName : MyDomain.lx.pt > Flags : DNS_RPC_ZONE_DSINTEGRATED > DNS_RPC_ZONE_UPDATE_SECURE > ZoneType : DNS_ZONE_TYPE_PRIMARY > Version : 50 > dwDpFlags : DNS_DP_AUTOCREATED > DNS_DP_DOMAIN_DEFAULT > DNS_DP_ENLISTED > pszDpFqdn : DomainDnsZones.MyDomain.lx.pt > > pszZoneName : _msdcs.MyDomain.lx.pt > Flags : DNS_RPC_ZONE_DSINTEGRATED > DNS_RPC_ZONE_UPDATE_SECURE > ZoneType : DNS_ZONE_TYPE_PRIMARY > Version : 50 > dwDpFlags : DNS_DP_AUTOCREATED > DNS_DP_FOREST_DEFAULT > DNS_DP_ENLISTED > pszDpFqdn : ForestDnsZones.MyDomain.lx.pt > > Samba DNS zone list Automated check : > zone : 59.168.192.in-addr.arpa ok, no Bind flat-files found > ----------- > zone : MyDomain.lx.pt ok, no Bind flat-files found > ----------- > zone : _msdcs.MyDomain.lx.pt ok, no Bind flat-files found > ----------- > Installed packages: > ii acl 2.2.53-4 > amd64 access control list - utilities > ii attr 1:2.4.48-4 > amd64 utilities for manipulating filesystem > extended attributes > ii bind9 1:9.11.5.P4+dfsg-5.1+deb10u2 > amd64 Internet Domain Name Server > ii bind9-host 1:9.11.5.P4+dfsg-5.1+deb10u2 > amd64 DNS lookup utility (deprecated) > ii bind9utils 1:9.11.5.P4+dfsg-5.1+deb10u2 > amd64 Utilities for BIND > ii fonts-quicksand 0.2016-2 > all sans-serif font with round attributes > ii krb5-config 2.6 > all Configuration files for Kerberos Version 5 > ii krb5-kdc 1.17-3 > amd64 MIT Kerberos key server (KDC) > ii krb5-locales 1.17-3 > all internationalization support for MIT Kerberos > ii krb5-multidev:amd64 1.17-3 > amd64 development files for MIT Kerberos without > Heimdal conflict > ii krb5-user 1.17-3 > amd64 basic programs to authenticate using MIT Kerberos > ii libacl1:amd64 2.2.53-4 > amd64 access control list - shared library > ii libacl1-dev:amd64 2.2.53-4 > amd64 access control list - static libraries and headers > ii libattr1:amd64 1:2.4.48-4 > amd64 extended attribute handling - shared library > ii libattr1-dev:amd64 1:2.4.48-4 > amd64 extended attributes handling - static > libraries and headers > ii libbind9-161:amd64 1:9.11.5.P4+dfsg-5.1+deb10u2 > amd64 BIND9 Shared Library used by BIND > ii libgssapi-krb5-2:amd64 1.17-3 > amd64 MIT Kerberos runtime libraries - krb5 GSS-API > Mechanism > ii libkrb5-26-heimdal:amd64 7.5.0+dfsg-3 > amd64 Heimdal Kerberos - libraries > ii libkrb5-3:amd64 1.17-3 > amd64 MIT Kerberos runtime libraries > ii libkrb5-dev:amd64 1.17-3 > amd64 headers and development libraries for MIT Kerberos > ii libkrb5support0:amd64 1.17-3 > amd64 MIT Kerberos runtime libraries - Support library > ii libsmbclient:amd64 2:4.9.5+dfsg-5+deb10u1 > amd64 shared library for communication with SMB/CIFS servers > ii libwbclient0:amd64 2:4.9.5+dfsg-5+deb10u1 > amd64 Samba winbind client library > ii python-attr 18.2.0-1 > all Attributes without boilerplate (Python 2) > ii python3-pyxattr 0.6.1-1 > amd64 module for manipulating filesystem extended attributes > (Python3) > ii samba-libs:amd64 2:4.9.5+dfsg-5+deb10u1 > amd64 Samba core libraries > -----------So, you have a self compiled samba, you did install or, did not remove some older parts. Like : libwbclient0:amd64 2:4.9.5+dfsg-5+deb10u1 So a choice to make, - Remove good and only use selfcompiled samba. Or - Install debian's Samba 4.9.5 - Or instal samba from my repo then install 4.12.6 Greetz, Louis
Hi Louis thanks for the help,> > Kerberos SRV _kerberos._tcp.MyDomain.lx.pt <http://tcp.mydomain.lx.pt/> record > verified ok, sample > > output: > > Server: 192.168.59.112 > > Address: 192.168.59.112#53 > > > > _kerberos._tcp.MyDomain.lx.pt <http://tcp.mydomain.lx.pt/> service > = 0 100 88 > > dc2.MyDomain.lx.pt <http://dc2.mydomain.lx.pt/>. > > Here, if you have 2 DC's you should also see the 2 DC's. > So where is DC1 ? >That must have been my fault. While sanitizing I must have deleted that line. The correct piece is: ______________________________________________________________ Kerberos SRV _kerberos._tcp.MyDomain.lx.pt record verified ok, sample output: Server: 192.168.59.112 Address: 192.168.59.112#53 _kerberos._tcp. MyDomain .lx.pt service = 0 100 88 server. MyDomain.lx.pt. _kerberos._tcp. MyDomain .lx.pt service = 0 100 88 dc2. MyDomain.lx.pt. Samba is running as an AD DC _______________________________________________________________ There is a "server" and a "DC2". Poor naming choices I guess.> > nameserver 192.168.59.112 > # AFter a join and a reboot, you can enable the DC1 Nameserver but add it > below this server > > nameserver 192.168.59.111 > > > > ----------- > > Checking file: /etc/krb5.conf > > [libdefaults] > > default_realm = MyDomain.LX.PT <http://mydomain.lx.pt/> > > dns_lookup_realm = false > > dns_lookup_kdc = true > > ----------- > > Checking file: /etc/nsswitch.conf > > > > passwd: files systemd winbind > > group: files systemd winbind > > shadow: files > > gshadow: files > > > > hosts: files mdns4_minimal [NOTFOUND=return] dns > > hosts: files dns mdns4_minimal [NOTFOUND=return] > Moved dns before mDNS (avahi-daemon) >Will do. Avahi is disabled/masked anyway. Hate the thing.> So, you have a self compiled samba, you did install or, did not remove > some older parts. > Like : libwbclient0:amd64 2:4.9.5+dfsg-5+deb10u1 > > There you got me. I dont really know where this comes from. This is afreshly installed VM/Debian/samba 4.12 running on Hyper-V over iSCSI. A few extra packages (htop, iftop, iperf...) but nothing fancy. I never had a previous version of samba installed (or anything else).> > So a choice to make, > - Remove good and only use selfcompiled samba. > Or > - Install debian's Samba 4.9.5 > - Or instal samba from my repo then install 4.12.6 > > Yeap. That was basically my last choice. Remove DC2, remove VM and startover.> Greetz, > > Louis >Best regards L.P.H. van Belle via samba <samba at lists.samba.org> escreveu no dia segunda, 14/09/2020 ?(s) 11:31:> Hai, > > See below. > > > -----Oorspronkelijk bericht----- > > Van: samba [mailto:samba-bounces at lists.samba.org] Namens > > Carlos Jesus via samba > > Verzonden: maandag 14 september 2020 11:40 > > Aan: Rowland penny > > CC: sambalist > > Onderwerp: Re: [Samba] DNS problems when adding samba DC to win2008R2 > > > .... > > > > > > > > grep: /etc/samba/smb.conf: No such file or directory > > ./samba.sh: line 328: [: : integer expression expected > > Hmm, it does not find smb.conf ? > Thats strange or was this a typo on your side? > ( Ah, after some scrolling, its a self compiled samba ) ;-) > > > > DC2:/home/carlos# more /tmp/samba-debug-info.txt > > Collected config --- 2020-09-14-10:27 ----------- > > > > Hostname: DC2 > > DNS Domain: MyDomain.lx.pt > > FQDN: DC2.MyDomain.lx.pt > > ipaddress: 192.168.59.112 > > ----------- > > Kerberos SRV _kerberos._tcp.MyDomain.lx.pt record verified ok, sample > > output: > > Server: 192.168.59.112 > > Address: 192.168.59.112#53 > > > > _kerberos._tcp.MyDomain.lx.pt service = 0 100 88 > > dc2.MyDomain.lx.pt. > > Here, if you have 2 DC's you should also see the 2 DC's. > So where is DC1 ? > > > > > Samba is running as an AD DC > > ----------- > > Checking file: /etc/os-release > > PRETTY_NAME="Debian GNU/Linux 10 (buster)" > > NAME="Debian GNU/Linux" > > VERSION_ID="10" > > VERSION="10 (buster)" > > VERSION_CODENAME=buster > > ID=debian > > HOME_URL="https://www.debian.org/" > > SUPPORT_URL="https://www.debian.org/support" > > BUG_REPORT_URL="https://bugs.debian.org/" > > ----------- > > > > This computer is running Debian 10.5 x86_64 > > ----------- > > running command : ip a > > 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state > > UNKNOWN group > > default qlen 1000 > > link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 > > inet 127.0.0.1/8 scope host lo > > 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq > > state UP group > > default qlen 1000 > > link/ether 00:15:5d:3b:6f:09 brd ff:ff:ff:ff:ff:ff > > inet 192.168.59.112/24 brd 192.168.59.255 scope global eth0 > > ----------- > > Checking file: /etc/hosts > > 127.0.0.1 localhost > > 192.168.59.112 DC2.MyDomain.lx.pt DC2 > > ----------- > > Checking file: /etc/resolv.conf > > domain MyDomain.lx.pt > > search MyDomain.lx.pt > > nameserver 192.168.59.112 > # AFter a join and a reboot, you can enable the DC1 Nameserver but add it > below this server > > nameserver 192.168.59.111 > > > > ----------- > > Checking file: /etc/krb5.conf > > [libdefaults] > > default_realm = MyDomain.LX.PT > > dns_lookup_realm = false > > dns_lookup_kdc = true > > ----------- > > Checking file: /etc/nsswitch.conf > > > > passwd: files systemd winbind > > group: files systemd winbind > > shadow: files > > gshadow: files > > > > hosts: files mdns4_minimal [NOTFOUND=return] dns > > hosts: files dns mdns4_minimal [NOTFOUND=return] > Moved dns before mDNS (avahi-daemon) > > > networks: files > > > > protocols: db files > > services: db files > > ethers: db files > > rpc: db files > > > > netgroup: nis > > ----------- > > Checking file: /usr/local/samba/etc/smb.conf > > [global] > > netbios name = DC2 > > realm = MyDomain.LX.PT > > server role = active directory domain controller > > workgroup = MyDomain > > idmap_ldb:use rfc2307 = yes > > log level = 1 auth_json_audit:2@/var/log/samba/auth.log sam:2@ > > /var/log/samba/sam.log > > log file = /var/log/samba/samba.log > > server services = -dns > > > > winbind nss info = template > > template shell = /bin/bash > > template homedir = /home/%U > > server min protocol = SMB2 > > > > [sysvol] > > path = /usr/local/samba/var/locks/sysvol > > read only = No > > > > [netlogon] > > path > > /usr/local/samba/var/locks/sysvol/MyDomain.lx.pt/scripts > > read only = No > > ----------- > > Detected bind DLZ enabled.. > > Checking file: /etc/bind/named.conf > > > > include "/etc/bind/named.conf.options"; > > include "/etc/bind/named.conf.local"; > > include "/etc/bind/named.conf.default-zones"; > > include "/usr/local/samba/bind-dns/named.conf"; > > ----------- > > Checking file: /etc/bind/named.conf.options > > acl internals { 127.0.0.0/8; 192.168.59.0/24; }; > > > > options { > > directory "/var/cache/bind"; > > version "Go Away 0.0.7"; > > notify no; > > empty-zones-enable no; > > auth-nxdomain yes; > > forwarders { 8.8.8.8; 8.8.4.4; }; > > allow-transfer { none; }; > > > > dnssec-validation no; > > dnssec-enable no; > > dnssec-lookaside no; > > listen-on-v6 { none; }; > > listen-on port 53 { 192.168.59.112; 127.0.0.1; ::1; }; > > > > minimal-responses yes; > > > > allow-query { "internals"; }; > > allow-query-cache { "internals"; }; > > > > recursion yes; > > allow-recursion { "internals"; }; > > > > tkey-gssapi-keytab "/usr/local/samba/bind-dns/dns.keytab"; > > }; > > ----------- > > Checking file: /etc/bind/named.conf.local > > ----------- > > Checking file: /etc/bind/named.conf.default-zones > > zone "." { > > type hint; > > file "/usr/share/dns/root.hints"; > > }; > > > > zone "localhost" { > > type master; > > file "/etc/bind/db.local"; > > }; > > > > zone "127.in-addr.arpa" { > > type master; > > file "/etc/bind/db.127"; > > }; > > > > zone "0.in-addr.arpa" { > > type master; > > file "/etc/bind/db.0"; > > }; > > > > zone "255.in-addr.arpa" { > > type master; > > file "/etc/bind/db.255"; > > }; > > ----------- > > Samba DNS zone list: 3 zone(s) found > > > > pszZoneName : 59.168.192.in-addr.arpa > > Flags : DNS_RPC_ZONE_DSINTEGRATED > > DNS_RPC_ZONE_UPDATE_SECURE > > ZoneType : DNS_ZONE_TYPE_PRIMARY > > Version : 50 > > dwDpFlags : DNS_DP_AUTOCREATED > > DNS_DP_DOMAIN_DEFAULT > > DNS_DP_ENLISTED > > pszDpFqdn : DomainDnsZones.MyDomain.lx.pt > > > > pszZoneName : MyDomain.lx.pt > > Flags : DNS_RPC_ZONE_DSINTEGRATED > > DNS_RPC_ZONE_UPDATE_SECURE > > ZoneType : DNS_ZONE_TYPE_PRIMARY > > Version : 50 > > dwDpFlags : DNS_DP_AUTOCREATED > > DNS_DP_DOMAIN_DEFAULT > > DNS_DP_ENLISTED > > pszDpFqdn : DomainDnsZones.MyDomain.lx.pt > > > > pszZoneName : _msdcs.MyDomain.lx.pt > > Flags : DNS_RPC_ZONE_DSINTEGRATED > > DNS_RPC_ZONE_UPDATE_SECURE > > ZoneType : DNS_ZONE_TYPE_PRIMARY > > Version : 50 > > dwDpFlags : DNS_DP_AUTOCREATED > > DNS_DP_FOREST_DEFAULT > > DNS_DP_ENLISTED > > pszDpFqdn : ForestDnsZones.MyDomain.lx.pt > > > > Samba DNS zone list Automated check : > > zone : 59.168.192.in-addr.arpa ok, no Bind flat-files found > > ----------- > > zone : MyDomain.lx.pt ok, no Bind flat-files found > > ----------- > > zone : _msdcs.MyDomain.lx.pt ok, no Bind flat-files found > > ----------- > > Installed packages: > > ii acl 2.2.53-4 > > amd64 access control list - utilities > > ii attr 1:2.4.48-4 > > amd64 utilities for manipulating filesystem > > extended attributes > > ii bind9 1:9.11.5.P4+dfsg-5.1+deb10u2 > > amd64 Internet Domain Name Server > > ii bind9-host 1:9.11.5.P4+dfsg-5.1+deb10u2 > > amd64 DNS lookup utility (deprecated) > > ii bind9utils 1:9.11.5.P4+dfsg-5.1+deb10u2 > > amd64 Utilities for BIND > > ii fonts-quicksand 0.2016-2 > > all sans-serif font with round attributes > > ii krb5-config 2.6 > > all Configuration files for Kerberos Version 5 > > ii krb5-kdc 1.17-3 > > amd64 MIT Kerberos key server (KDC) > > ii krb5-locales 1.17-3 > > all internationalization support for MIT Kerberos > > ii krb5-multidev:amd64 1.17-3 > > amd64 development files for MIT Kerberos without > > Heimdal conflict > > ii krb5-user 1.17-3 > > amd64 basic programs to authenticate using MIT Kerberos > > ii libacl1:amd64 2.2.53-4 > > amd64 access control list - shared library > > ii libacl1-dev:amd64 2.2.53-4 > > amd64 access control list - static libraries and headers > > ii libattr1:amd64 1:2.4.48-4 > > amd64 extended attribute handling - shared library > > ii libattr1-dev:amd64 1:2.4.48-4 > > amd64 extended attributes handling - static > > libraries and headers > > ii libbind9-161:amd64 1:9.11.5.P4+dfsg-5.1+deb10u2 > > amd64 BIND9 Shared Library used by BIND > > ii libgssapi-krb5-2:amd64 1.17-3 > > amd64 MIT Kerberos runtime libraries - krb5 GSS-API > > Mechanism > > ii libkrb5-26-heimdal:amd64 7.5.0+dfsg-3 > > amd64 Heimdal Kerberos - libraries > > ii libkrb5-3:amd64 1.17-3 > > amd64 MIT Kerberos runtime libraries > > ii libkrb5-dev:amd64 1.17-3 > > amd64 headers and development libraries for MIT Kerberos > > ii libkrb5support0:amd64 1.17-3 > > amd64 MIT Kerberos runtime libraries - Support library > > ii libsmbclient:amd64 2:4.9.5+dfsg-5+deb10u1 > > amd64 shared library for communication with SMB/CIFS servers > > ii libwbclient0:amd64 2:4.9.5+dfsg-5+deb10u1 > > amd64 Samba winbind client library > > ii python-attr 18.2.0-1 > > all Attributes without boilerplate (Python 2) > > ii python3-pyxattr 0.6.1-1 > > amd64 module for manipulating filesystem extended attributes > > (Python3) > > ii samba-libs:amd64 2:4.9.5+dfsg-5+deb10u1 > > amd64 Samba core libraries > > ----------- > > > So, you have a self compiled samba, you did install or, did not remove > some older parts. > Like : libwbclient0:amd64 2:4.9.5+dfsg-5+deb10u1 > > > So a choice to make, > - Remove good and only use selfcompiled samba. > Or > - Install debian's Samba 4.9.5 > - Or instal samba from my repo then install 4.12.6 > > Greetz, > > Louis > > > > > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba >
Some developments. libwbclient0:amd64 2:4.9.5+dfsg-5+deb10u1 is present on a freshly installed debian buster. Actually, dpkg -l|grep -i samba gives ii libwbclient0:amd64 2:4.9.5+dfsg-5+deb10u1 amd64 Samba winbind client library ii python3-smbc 1.0.15.6-1+b2 amd64 Python 3 bindings for the Samba client library ii samba-libs:amd64 2:4.9.5+dfsg-5+deb10u1 amd64 Samba core libraries Again, this is a freshly installed debian buster installed from https://cdimage.debian.org/debian-cd/current/amd64/iso-cd/debian-10.5.0-amd64-netinst.iso with only LXDE, SSH and standard utilities. I'll remove this packages (let's see how that goes), and try Louis repo (a first for me). Tomorrow I'll report back. Carlos Jesus <camjesus2 at gmail.com> escreveu no dia segunda, 14/09/2020 ?(s) 12:19:> Hi Louis thanks for the help, > >> > Kerberos SRV _kerberos._tcp.MyDomain.lx.pt <http://tcp.mydomain.lx.pt/> record >> verified ok, sample >> > output: >> > Server: 192.168.59.112 >> > Address: 192.168.59.112#53 >> > >> > _kerberos._tcp.MyDomain.lx.pt <http://tcp.mydomain.lx.pt/> service >> = 0 100 88 >> > dc2.MyDomain.lx.pt <http://dc2.mydomain.lx.pt/>. >> >> Here, if you have 2 DC's you should also see the 2 DC's. >> So where is DC1 ? >> > That must have been my fault. While sanitizing I must have deleted that > line. The correct piece is: > ______________________________________________________________ > Kerberos SRV _kerberos._tcp.MyDomain.lx.pt record verified ok, sample > output: > Server: 192.168.59.112 > Address: 192.168.59.112#53 > > _kerberos._tcp. MyDomain .lx.pt service = 0 100 88 server. > MyDomain.lx.pt. > _kerberos._tcp. MyDomain .lx.pt service = 0 100 88 dc2. MyDomain.lx.pt > . > Samba is running as an AD DC > _______________________________________________________________ > There is a "server" and a "DC2". Poor naming choices I guess. > >> > nameserver 192.168.59.112 >> # AFter a join and a reboot, you can enable the DC1 Nameserver but add it >> below this server >> > nameserver 192.168.59.111 >> >> >> > ----------- >> > Checking file: /etc/krb5.conf >> > [libdefaults] >> > default_realm = MyDomain.LX.PT <http://mydomain.lx.pt/> >> > dns_lookup_realm = false >> > dns_lookup_kdc = true >> > ----------- >> > Checking file: /etc/nsswitch.conf >> > >> > passwd: files systemd winbind >> > group: files systemd winbind >> > shadow: files >> > gshadow: files >> > >> > hosts: files mdns4_minimal [NOTFOUND=return] dns >> >> hosts: files dns mdns4_minimal [NOTFOUND=return] >> Moved dns before mDNS (avahi-daemon) >> > Will do. Avahi is disabled/masked anyway. Hate the thing. > >> So, you have a self compiled samba, you did install or, did not remove >> some older parts. >> Like : libwbclient0:amd64 2:4.9.5+dfsg-5+deb10u1 >> >> There you got me. I dont really know where this comes from. This is a > freshly installed VM/Debian/samba 4.12 running on Hyper-V over iSCSI. A few > extra packages (htop, iftop, iperf...) but nothing fancy. I never had a > previous version of samba installed (or anything else). > >> >> So a choice to make, >> - Remove good and only use selfcompiled samba. >> Or >> - Install debian's Samba 4.9.5 >> - Or instal samba from my repo then install 4.12.6 >> >> Yeap. That was basically my last choice. Remove DC2, remove VM and start > over. > >> Greetz, >> >> Louis >> > Best regards > > L.P.H. van Belle via samba <samba at lists.samba.org> escreveu no dia > segunda, 14/09/2020 ?(s) 11:31: > >> Hai, >> >> See below. >> >> > -----Oorspronkelijk bericht----- >> > Van: samba [mailto:samba-bounces at lists.samba.org] Namens >> > Carlos Jesus via samba >> > Verzonden: maandag 14 september 2020 11:40 >> > Aan: Rowland penny >> > CC: sambalist >> > Onderwerp: Re: [Samba] DNS problems when adding samba DC to win2008R2 >> > >> .... >> > > >> > > >> > grep: /etc/samba/smb.conf: No such file or directory >> > ./samba.sh: line 328: [: : integer expression expected >> >> Hmm, it does not find smb.conf ? >> Thats strange or was this a typo on your side? >> ( Ah, after some scrolling, its a self compiled samba ) ;-) >> >> >> > DC2:/home/carlos# more /tmp/samba-debug-info.txt >> > Collected config --- 2020-09-14-10:27 ----------- >> > >> > Hostname: DC2 >> > DNS Domain: MyDomain.lx.pt >> > FQDN: DC2.MyDomain.lx.pt >> > ipaddress: 192.168.59.112 >> > ----------- >> > Kerberos SRV _kerberos._tcp.MyDomain.lx.pt record verified ok, sample >> > output: >> > Server: 192.168.59.112 >> > Address: 192.168.59.112#53 >> > >> > _kerberos._tcp.MyDomain.lx.pt service = 0 100 88 >> > dc2.MyDomain.lx.pt. >> >> Here, if you have 2 DC's you should also see the 2 DC's. >> So where is DC1 ? >> >> >> >> > Samba is running as an AD DC >> > ----------- >> > Checking file: /etc/os-release >> > PRETTY_NAME="Debian GNU/Linux 10 (buster)" >> > NAME="Debian GNU/Linux" >> > VERSION_ID="10" >> > VERSION="10 (buster)" >> > VERSION_CODENAME=buster >> > ID=debian >> > HOME_URL="https://www.debian.org/" >> > SUPPORT_URL="https://www.debian.org/support" >> > BUG_REPORT_URL="https://bugs.debian.org/" >> > ----------- >> > >> > This computer is running Debian 10.5 x86_64 >> > ----------- >> > running command : ip a >> > 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state >> > UNKNOWN group >> > default qlen 1000 >> > link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 >> > inet 127.0.0.1/8 scope host lo >> > 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq >> > state UP group >> > default qlen 1000 >> > link/ether 00:15:5d:3b:6f:09 brd ff:ff:ff:ff:ff:ff >> > inet 192.168.59.112/24 brd 192.168.59.255 scope global eth0 >> > ----------- >> > Checking file: /etc/hosts >> > 127.0.0.1 localhost >> > 192.168.59.112 DC2.MyDomain.lx.pt DC2 >> > ----------- >> > Checking file: /etc/resolv.conf >> > domain MyDomain.lx.pt >> > search MyDomain.lx.pt >> > nameserver 192.168.59.112 >> # AFter a join and a reboot, you can enable the DC1 Nameserver but add it >> below this server >> > nameserver 192.168.59.111 >> >> >> > ----------- >> > Checking file: /etc/krb5.conf >> > [libdefaults] >> > default_realm = MyDomain.LX.PT >> > dns_lookup_realm = false >> > dns_lookup_kdc = true >> > ----------- >> > Checking file: /etc/nsswitch.conf >> > >> > passwd: files systemd winbind >> > group: files systemd winbind >> > shadow: files >> > gshadow: files >> > >> > hosts: files mdns4_minimal [NOTFOUND=return] dns >> >> hosts: files dns mdns4_minimal [NOTFOUND=return] >> Moved dns before mDNS (avahi-daemon) >> >> > networks: files >> > >> > protocols: db files >> > services: db files >> > ethers: db files >> > rpc: db files >> > >> > netgroup: nis >> > ----------- >> > Checking file: /usr/local/samba/etc/smb.conf >> > [global] >> > netbios name = DC2 >> > realm = MyDomain.LX.PT >> > server role = active directory domain controller >> > workgroup = MyDomain >> > idmap_ldb:use rfc2307 = yes >> > log level = 1 auth_json_audit:2@/var/log/samba/auth.log sam:2@ >> > /var/log/samba/sam.log >> > log file = /var/log/samba/samba.log >> > server services = -dns >> > >> > winbind nss info = template >> > template shell = /bin/bash >> > template homedir = /home/%U >> > server min protocol = SMB2 >> > >> > [sysvol] >> > path = /usr/local/samba/var/locks/sysvol >> > read only = No >> > >> > [netlogon] >> > path >> > /usr/local/samba/var/locks/sysvol/MyDomain.lx.pt/scripts >> > read only = No >> > ----------- >> > Detected bind DLZ enabled.. >> > Checking file: /etc/bind/named.conf >> > >> > include "/etc/bind/named.conf.options"; >> > include "/etc/bind/named.conf.local"; >> > include "/etc/bind/named.conf.default-zones"; >> > include "/usr/local/samba/bind-dns/named.conf"; >> > ----------- >> > Checking file: /etc/bind/named.conf.options >> > acl internals { 127.0.0.0/8; 192.168.59.0/24; }; >> > >> > options { >> > directory "/var/cache/bind"; >> > version "Go Away 0.0.7"; >> > notify no; >> > empty-zones-enable no; >> > auth-nxdomain yes; >> > forwarders { 8.8.8.8; 8.8.4.4; }; >> > allow-transfer { none; }; >> > >> > dnssec-validation no; >> > dnssec-enable no; >> > dnssec-lookaside no; >> > listen-on-v6 { none; }; >> > listen-on port 53 { 192.168.59.112; 127.0.0.1; ::1; }; >> > >> > minimal-responses yes; >> > >> > allow-query { "internals"; }; >> > allow-query-cache { "internals"; }; >> > >> > recursion yes; >> > allow-recursion { "internals"; }; >> > >> > tkey-gssapi-keytab "/usr/local/samba/bind-dns/dns.keytab"; >> > }; >> > ----------- >> > Checking file: /etc/bind/named.conf.local >> > ----------- >> > Checking file: /etc/bind/named.conf.default-zones >> > zone "." { >> > type hint; >> > file "/usr/share/dns/root.hints"; >> > }; >> > >> > zone "localhost" { >> > type master; >> > file "/etc/bind/db.local"; >> > }; >> > >> > zone "127.in-addr.arpa" { >> > type master; >> > file "/etc/bind/db.127"; >> > }; >> > >> > zone "0.in-addr.arpa" { >> > type master; >> > file "/etc/bind/db.0"; >> > }; >> > >> > zone "255.in-addr.arpa" { >> > type master; >> > file "/etc/bind/db.255"; >> > }; >> > ----------- >> > Samba DNS zone list: 3 zone(s) found >> > >> > pszZoneName : 59.168.192.in-addr.arpa >> > Flags : DNS_RPC_ZONE_DSINTEGRATED >> > DNS_RPC_ZONE_UPDATE_SECURE >> > ZoneType : DNS_ZONE_TYPE_PRIMARY >> > Version : 50 >> > dwDpFlags : DNS_DP_AUTOCREATED >> > DNS_DP_DOMAIN_DEFAULT >> > DNS_DP_ENLISTED >> > pszDpFqdn : DomainDnsZones.MyDomain.lx.pt >> > >> > pszZoneName : MyDomain.lx.pt >> > Flags : DNS_RPC_ZONE_DSINTEGRATED >> > DNS_RPC_ZONE_UPDATE_SECURE >> > ZoneType : DNS_ZONE_TYPE_PRIMARY >> > Version : 50 >> > dwDpFlags : DNS_DP_AUTOCREATED >> > DNS_DP_DOMAIN_DEFAULT >> > DNS_DP_ENLISTED >> > pszDpFqdn : DomainDnsZones.MyDomain.lx.pt >> > >> > pszZoneName : _msdcs.MyDomain.lx.pt >> > Flags : DNS_RPC_ZONE_DSINTEGRATED >> > DNS_RPC_ZONE_UPDATE_SECURE >> > ZoneType : DNS_ZONE_TYPE_PRIMARY >> > Version : 50 >> > dwDpFlags : DNS_DP_AUTOCREATED >> > DNS_DP_FOREST_DEFAULT >> > DNS_DP_ENLISTED >> > pszDpFqdn : ForestDnsZones.MyDomain.lx.pt >> > >> > Samba DNS zone list Automated check : >> > zone : 59.168.192.in-addr.arpa ok, no Bind flat-files found >> > ----------- >> > zone : MyDomain.lx.pt ok, no Bind flat-files found >> > ----------- >> > zone : _msdcs.MyDomain.lx.pt ok, no Bind flat-files found >> > ----------- >> > Installed packages: >> > ii acl 2.2.53-4 >> > amd64 access control list - utilities >> > ii attr 1:2.4.48-4 >> > amd64 utilities for manipulating filesystem >> > extended attributes >> > ii bind9 1:9.11.5.P4+dfsg-5.1+deb10u2 >> > amd64 Internet Domain Name Server >> > ii bind9-host 1:9.11.5.P4+dfsg-5.1+deb10u2 >> > amd64 DNS lookup utility (deprecated) >> > ii bind9utils 1:9.11.5.P4+dfsg-5.1+deb10u2 >> > amd64 Utilities for BIND >> > ii fonts-quicksand 0.2016-2 >> > all sans-serif font with round attributes >> > ii krb5-config 2.6 >> > all Configuration files for Kerberos Version 5 >> > ii krb5-kdc 1.17-3 >> > amd64 MIT Kerberos key server (KDC) >> > ii krb5-locales 1.17-3 >> > all internationalization support for MIT Kerberos >> > ii krb5-multidev:amd64 1.17-3 >> > amd64 development files for MIT Kerberos without >> > Heimdal conflict >> > ii krb5-user 1.17-3 >> > amd64 basic programs to authenticate using MIT Kerberos >> > ii libacl1:amd64 2.2.53-4 >> > amd64 access control list - shared library >> > ii libacl1-dev:amd64 2.2.53-4 >> > amd64 access control list - static libraries and headers >> > ii libattr1:amd64 1:2.4.48-4 >> > amd64 extended attribute handling - shared library >> > ii libattr1-dev:amd64 1:2.4.48-4 >> > amd64 extended attributes handling - static >> > libraries and headers >> > ii libbind9-161:amd64 1:9.11.5.P4+dfsg-5.1+deb10u2 >> > amd64 BIND9 Shared Library used by BIND >> > ii libgssapi-krb5-2:amd64 1.17-3 >> > amd64 MIT Kerberos runtime libraries - krb5 GSS-API >> > Mechanism >> > ii libkrb5-26-heimdal:amd64 7.5.0+dfsg-3 >> > amd64 Heimdal Kerberos - libraries >> > ii libkrb5-3:amd64 1.17-3 >> > amd64 MIT Kerberos runtime libraries >> > ii libkrb5-dev:amd64 1.17-3 >> > amd64 headers and development libraries for MIT Kerberos >> > ii libkrb5support0:amd64 1.17-3 >> > amd64 MIT Kerberos runtime libraries - Support library >> > ii libsmbclient:amd64 2:4.9.5+dfsg-5+deb10u1 >> > amd64 shared library for communication with SMB/CIFS servers >> > ii libwbclient0:amd64 2:4.9.5+dfsg-5+deb10u1 >> > amd64 Samba winbind client library >> > ii python-attr 18.2.0-1 >> > all Attributes without boilerplate (Python 2) >> > ii python3-pyxattr 0.6.1-1 >> > amd64 module for manipulating filesystem extended attributes >> > (Python3) >> > ii samba-libs:amd64 2:4.9.5+dfsg-5+deb10u1 >> > amd64 Samba core libraries >> > ----------- >> >> >> So, you have a self compiled samba, you did install or, did not remove >> some older parts. >> Like : libwbclient0:amd64 2:4.9.5+dfsg-5+deb10u1 >> >> >> So a choice to make, >> - Remove good and only use selfcompiled samba. >> Or >> - Install debian's Samba 4.9.5 >> - Or instal samba from my repo then install 4.12.6 >> >> Greetz, >> >> Louis >> >> >> >> >> >> -- >> To unsubscribe from this list go to the following URL and read the >> instructions: https://lists.samba.org/mailman/options/samba >> >
Rowland penny
2020-Sep-14 21:34 UTC
[Samba] DNS problems when adding samba DC to win2008R2
On 14/09/2020 21:11, Carlos Jesus wrote:> Hi rowland thanks for the tip. > Even though I'm trying to add a DC not a domain member, your > instructions are easily adapted.oops, sorry I sent you the wrong one :-[> I followed your procedure using Louis' repo up to the point of joining > the domain. > Then I issued samba-tool domain join samdom.example.com > <http://samdom.example.com> DC -U"SAMDOM\administrator" > I got basically the same as before: > Password for [EKRIOR\administrator]: > INFO 2020-09-14 20:50:28,706 pid:791 > /usr/lib/python3/dist-packages/samba/join.py #1542: workgroup is EKRIOR > INFO 2020-09-14 20:50:28,707 pid:791 > /usr/lib/python3/dist-packages/samba/join.py #1545: realm is > ekrior.lx.pt <http://ekrior.lx.pt> > Adding CN=SERVER2,OU=Domain Controllers,DC=ekrior,DC=lx,DC=pt > Adding > CN=SERVER2,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=ekrior,DC=lx,DC=pt > Adding CN=NTDS > Settings,CN=SERVER2,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=ekrior,DC=lx,DC=pt > Adding SPNs to CN=SERVER2,OU=Domain Controllers,DC=ekrior,DC=lx,DC=pt > Setting account password for SERVER2$ > Enabling account > Calling bare provision > INFO 2020-09-14 20:50:29,605 pid:791 > /usr/lib/python3/dist-packages/samba/provision/__init__.py #2133: > Looking up IPv4 addre ? ? ? ? ? ? ? ? ? ? ? ? ?sses > INFO 2020-09-14 20:50:29,606 pid:791 > /usr/lib/python3/dist-packages/samba/provision/__init__.py #2150: > Looking up IPv6 addre ? ? ? ? ? ? ? ? ? ? ? ? ?sses > INFO 2020-09-14 20:50:30,099 pid:791 > /usr/lib/python3/dist-packages/samba/provision/__init__.py #2305: > Setting up secrets.ld ? ? ? ? ? ? ? ? ? ? ? ? ?b > INFO 2020-09-14 20:50:31,063 pid:791 > /usr/lib/python3/dist-packages/samba/provision/__init__.py #2311: > Setting up the regist ? ? ? ? ? ? ? ? ? ? ? ? ?ry > INFO 2020-09-14 20:50:31,467 pid:791 > /usr/lib/python3/dist-packages/samba/provision/__init__.py #2314: > Setting up the privil ? ? ? ? ? ? ? ? ? ? ? ? ?eges database > INFO 2020-09-14 20:50:32,628 pid:791 > /usr/lib/python3/dist-packages/samba/provision/__init__.py #2317: > Setting up idmap db > INFO 2020-09-14 20:50:33,378 pid:791 > /usr/lib/python3/dist-packages/samba/provision/__init__.py #2324: > Setting up SAM db > INFO 2020-09-14 20:50:33,512 pid:791 > /usr/lib/python3/dist-packages/samba/provision/__init__.py #897: > Setting up sam.ldb par ?titions and settings > INFO 2020-09-14 20:50:33,515 pid:791 > /usr/lib/python3/dist-packages/samba/provision/__init__.py #909: > Setting up sam.ldb roo ? ? ? ? ? ? ? ? ? ? ? ? ?tDSE > INFO 2020-09-14 20:50:33,615 pid:791 > /usr/lib/python3/dist-packages/samba/provision/__init__.py #1338: > Pre-loading the Samba ? ? ? ? ? ? ? ? ? ? ? ? ? 4 and AD schema > Unable to determine the DomainSID, can not enforce uniqueness > constraint on local domainSIDs > > INFO 2020-09-14 20:50:33,924 pid:791 > /usr/lib/python3/dist-packages/samba/provision/__init__.py #2377: A > Kerberos configurat ? ? ? ? ? ? ? ? ? ? ? ? ?ion suitable for Samba AD > has been generated at /var/lib/samba/private/krb5.conf > INFO 2020-09-14 20:50:33,925 pid:791 > /usr/lib/python3/dist-packages/samba/provision/__init__.py #2378: > Merge the contents of ? ? ? ? ? ? ? ? ? ? ? ? ? this file with your > system krb5.conf or replace it with this one. Do not create a symlink! > Provision OK for domain DN DC=ekrior,DC=lx,DC=pt > Starting replication > Schema-DN[CN=Schema,CN=Configuration,DC=ekrior,DC=lx,DC=pt] > objects[402/2139] linked_values[0/0] > Schema-DN[CN=Schema,CN=Configuration,DC=ekrior,DC=lx,DC=pt] > objects[804/2139] linked_values[0/0] > Schema-DN[CN=Schema,CN=Configuration,DC=ekrior,DC=lx,DC=pt] > objects[1206/2139] linked_values[0/0] > Schema-DN[CN=Schema,CN=Configuration,DC=ekrior,DC=lx,DC=pt] > objects[1553/2139] linked_values[0/0] > Analyze and apply schema objects > Partition[CN=Configuration,DC=ekrior,DC=lx,DC=pt] objects[402/3175] > linked_values[0/27] > Partition[CN=Configuration,DC=ekrior,DC=lx,DC=pt] objects[804/3175] > linked_values[0/27] > Partition[CN=Configuration,DC=ekrior,DC=lx,DC=pt] objects[1206/3175] > linked_values[0/27] > Partition[CN=Configuration,DC=ekrior,DC=lx,DC=pt] objects[1608/3175] > linked_values[12/27] > Partition[CN=Configuration,DC=ekrior,DC=lx,DC=pt] objects[1767/3175] > linked_values[27/27] > dsdb_replicated_objects_convert: Ignoring object outside partition > aa197b50-8188-44d9-87bc-42765ee82c2d CN=Schema,CN=Configu > ?ration,DC=ekrior,DC=lx,DC=pt: WERR_DS_ADD_REPLICA_INHIBITED > Replicating critical objects from the base DN of the domain > Partition[DC=ekrior,DC=lx,DC=pt] objects[102/102] linked_values[33/37] > Partition[DC=ekrior,DC=lx,DC=pt] objects[337/2958] linked_values[37/37] > dsdb_replicated_objects_convert: Ignoring object outside partition > 7fa2c15a-9cfe-49e8-b0aa-3ae54bdaeb13 CN=Configuration,DC= > ?ekrior,DC=lx,DC=pt: WERR_DS_ADD_REPLICA_INHIBITED > dsdb_replicated_objects_convert: Ignoring object outside partition > e78debc5-95f3-4061-b22f-06a0f2af1494 DC=DomainDnsZones,DC > ?=ekrior,DC=lx,DC=pt: WERR_DS_ADD_REPLICA_INHIBITED > Partition[DC=ekrior,DC=lx,DC=pt] objects[353/2958] linked_values[37/37] > dsdb_replicated_objects_convert: Ignoring object outside partition > ff5a9921-9a3e-41d1-9553-5a565da5fb6a DC=ForestDnsZones,DC > ?=ekrior,DC=lx,DC=pt: WERR_DS_ADD_REPLICA_INHIBITED > Done with always replicated NC (base, config, schema) > Replicating DC=DomainDnsZones,DC=ekrior,DC=lx,DC=pt > Partition[DC=DomainDnsZones,DC=ekrior,DC=lx,DC=pt] objects[254/249] > linked_values[0/0] > Replicating DC=ForestDnsZones,DC=ekrior,DC=lx,DC=pt > Partition[DC=ForestDnsZones,DC=ekrior,DC=lx,DC=pt] objects[146/130] > linked_values[0/0] > Exop on[CN=RID Manager$,CN=System,DC=ekrior,DC=lx,DC=pt] objects[3] > linked_values[0] > Committing SAM database > Repacking database from v1 to v2 format (first record > CN=Allowed-Attributes-Effective,CN=Schema,CN=Configuration,DC=ekrior,D > ? ? ? ? ? ? ? ? ? ? ? ? ?C=lx,DC=pt) > Repack: re-packed 10000 records so far > Repacking database from v1 to v2 format (first record > CN=subnetContainer-Display,CN=41D,CN=DisplaySpecifiers,CN=Configuratio > ? ? ? ? ? ? ? ? ? ? ? ? ?n,DC=ekrior,DC=lx,DC=pt) > Repacking database from v1 to v2 format (first record > DC=_ldap._tcp.dc\0ADEL:4e387902-3b67-43cf-a656-01c66df52385,CN=Deleted > Objects,DC=DomainDnsZones,DC=ekrior,DC=lx,DC=pt) > Repacking database from v1 to v2 format (first record > DC=server\0ADEL:4853b891-8611-4159-9947-7ef72ab3660f,CN=Deleted Object > ?s,DC=ForestDnsZones,DC=ekrior,DC=lx,DC=pt) > Repacking database from v1 to v2 format (first record CN=Distributed > COM Users,CN=Builtin,DC=ekrior,DC=lx,DC=pt) > INFO 2020-09-14 20:50:59,594 pid:791 > /usr/lib/python3/dist-packages/samba/join.py #1116: Adding 2 remote > DNS records for SER VER2.ekrior.lx.pt <http://VER2.ekrior.lx.pt> > Join failed - cleaning upYou can ignore anything from here on, it is just backwash from the failure.> Deleted CN=RID Set,CN=SERVER2,OU=Domain Controllers,DC=ekrior,DC=lx,DC=pt > Deleted CN=SERVER2,OU=Domain Controllers,DC=ekrior,DC=lx,DC=pt > Deleted CN=NTDS > Settings,CN=SERVER2,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=ekrior,DC=lx,DC=pt > Deleted > CN=SERVER2,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=ekrior,DC=lx,DC=pt > ERROR(runtime): uncaught exception - (3221225485, 'An invalid > parameter was passed to a service or function.') > ? File "/usr/lib/python3/dist-packages/samba/netcmd/__init__.py", line > 186, in _run > ? ? return self.run(*args, **kwargs) > ? File "/usr/lib/python3/dist-packages/samba/netcmd/domain.py", line > 671, in run > ? ? backend_store_size=backend_store_size) > ? File "/usr/lib/python3/dist-packages/samba/join.py", line 1558, in > join_DC > ? ? ctx.do_join() > ? File "/usr/lib/python3/dist-packages/samba/join.py", line 1455, in > do_join > ? ? ctx.join_add_dns_records() > ? File "/usr/lib/python3/dist-packages/samba/join.py", line 1144, in > join_add_dns_records > ? ? None) > tomorrow I'll try to move on > > Best regards >Are you sure this wasn't an upgrade from an earlier version of Windows, I have seen this before when the domain started as a W2000K domain. Or is the exchange schema involved ?