On 2023-03-29 03:25, Rowland Penny via samba wrote:>
>
> On 29/03/2023 04:34, Gary Dale via samba wrote:
>
>> I'm not sure what the current relationship is between samba and
>> winbind. The wiki installation talks about it. I'd have to go back
to
>> see whether it needs to be installed. I only use samba for some
>> virtual machines so I haven't kept pace with the changes...
>
> You need winbind on a DC, see the list of packages I posted earlier,
> install those and you will get all the required packages.
>
> Rowland
>
Following the advice of
https://wiki.samba.org/index.php/Distribution-specific_Package_Installation,
below the installation report after I did a more thorough purging of
Samba-related stuff. I took the further advice and changed the realm to
HOME.RAHIM-DALE-ORG. The DC remains TheLibrarian.
# apt install acl attr samba samba-dsdb-modules samba-vfs-modules
winbind libpam-winbind libnss-win bind krb5-config krb5-user dnsutils
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
acl is already the newest version (2.2.53-10).
attr is already the newest version (1:2.4.48-6).
samba-dsdb-modules is already the newest version
(2:4.13.13+dfsg-1~deb11u5).
samba-vfs-modules is already the newest version (2:4.13.13+dfsg-1~deb11u5).
The following additional packages will be installed:
?bind9-dnsutils libkadm5srv-mit12 libkdb5-10 samba-common
samba-common-bin tdb-tools
Suggested packages:
?krb5-k5tls krb5-doc bind9 bind9utils ctdb smbldap-tools ufw
heimdal-clients
The following NEW packages will be installed:
?bind9-dnsutils dnsutils krb5-config krb5-user libkadm5srv-mit12
libkdb5-10 libnss-winbind libpam-winbind samba
?samba-common samba-common-bin tdb-tools winbind
0 upgraded, 13 newly installed, 0 to remove and 0 not upgraded.
Need to get 858 kB/3,883 kB of archives.
After this operation, 23.4 MB of additional disk space will be used.
Do you want to continue? [Y/n] y
Get:1 http://ftp.ca.debian.org/debian stable/main amd64 winbind amd64
2:4.13.13+dfsg-1~deb11u5 [570 kB]
Get:2 http://ftp.ca.debian.org/debian stable/main amd64 libnss-winbind
amd64 2:4.13.13+dfsg-1~deb11u5 [123 kB]
Get:3 http://ftp.ca.debian.org/debian stable/main amd64 libpam-winbind
amd64 2:4.13.13+dfsg-1~deb11u5 [141 kB]
Get:4 http://ftp.ca.debian.org/debian stable/main amd64 krb5-config all
2.6+nmu1 [23.6 kB]
Fetched 858 kB in 0s (2,975 kB/s)
Preconfiguring packages ...
Selecting previously unselected package samba-common.
(Reading database ... 140248 files and directories currently installed.)
Preparing to unpack
.../00-samba-common_2%3a4.13.13+dfsg-1~deb11u5_all.deb ...
Unpacking samba-common (2:4.13.13+dfsg-1~deb11u5) ...
Selecting previously unselected package samba-common-bin.
Preparing to unpack
.../01-samba-common-bin_2%3a4.13.13+dfsg-1~deb11u5_amd64.deb ...
Unpacking samba-common-bin (2:4.13.13+dfsg-1~deb11u5) ...
Selecting previously unselected package winbind.
Preparing to unpack .../02-winbind_2%3a4.13.13+dfsg-1~deb11u5_amd64.deb ...
Unpacking winbind (2:4.13.13+dfsg-1~deb11u5) ...
Selecting previously unselected package libnss-winbind:amd64.
Preparing to unpack
.../03-libnss-winbind_2%3a4.13.13+dfsg-1~deb11u5_amd64.deb ...
Unpacking libnss-winbind:amd64 (2:4.13.13+dfsg-1~deb11u5) ...
Selecting previously unselected package libpam-winbind:amd64.
Preparing to unpack
.../04-libpam-winbind_2%3a4.13.13+dfsg-1~deb11u5_amd64.deb ...
Unpacking libpam-winbind:amd64 (2:4.13.13+dfsg-1~deb11u5) ...
Selecting previously unselected package tdb-tools.
Preparing to unpack .../05-tdb-tools_1.4.3-1+b1_amd64.deb ...
Unpacking tdb-tools (1.4.3-1+b1) ...
Selecting previously unselected package samba.
Preparing to unpack .../06-samba_2%3a4.13.13+dfsg-1~deb11u5_amd64.deb ...
Unpacking samba (2:4.13.13+dfsg-1~deb11u5) ...
Selecting previously unselected package bind9-dnsutils.
Preparing to unpack
.../07-bind9-dnsutils_1%3a9.16.33-1~deb11u1_amd64.deb ...
Unpacking bind9-dnsutils (1:9.16.33-1~deb11u1) ...
Selecting previously unselected package dnsutils.
Preparing to unpack .../08-dnsutils_1%3a9.16.33-1~deb11u1_all.deb ...
Unpacking dnsutils (1:9.16.33-1~deb11u1) ...
Selecting previously unselected package krb5-config.
Preparing to unpack .../09-krb5-config_2.6+nmu1_all.deb ...
Unpacking krb5-config (2.6+nmu1) ...
Selecting previously unselected package libkdb5-10:amd64.
Preparing to unpack .../10-libkdb5-10_1.18.3-6+deb11u3_amd64.deb ...
Unpacking libkdb5-10:amd64 (1.18.3-6+deb11u3) ...
Selecting previously unselected package libkadm5srv-mit12:amd64.
Preparing to unpack .../11-libkadm5srv-mit12_1.18.3-6+deb11u3_amd64.deb ...
Unpacking libkadm5srv-mit12:amd64 (1.18.3-6+deb11u3) ...
Selecting previously unselected package krb5-user.
Preparing to unpack .../12-krb5-user_1.18.3-6+deb11u3_amd64.deb ...
Unpacking krb5-user (1.18.3-6+deb11u3) ...
Setting up libkdb5-10:amd64 (1.18.3-6+deb11u3) ...
Setting up samba-common (2:4.13.13+dfsg-1~deb11u5) ...
Creating config file /etc/samba/smb.conf with new version
Setting up krb5-config (2.6+nmu1) ...
Setting up tdb-tools (1.4.3-1+b1) ...
update-alternatives: using /usr/bin/tdbbackup.tdbtools to provide
/usr/bin/tdbbackup (tdbbackup) in auto mode
Setting up samba-common-bin (2:4.13.13+dfsg-1~deb11u5) ...
Checking smb.conf with testparm
Load smb config files from /etc/samba/smb.conf
Loaded services file OK.
Weak crypto is allowed
Server role: ROLE_STANDALONE
Done
Setting up libkadm5srv-mit12:amd64 (1.18.3-6+deb11u3) ...
Setting up bind9-dnsutils (1:9.16.33-1~deb11u1) ...
Setting up samba (2:4.13.13+dfsg-1~deb11u5) ...
Samba is not being run as an AD Domain Controller: Masking
samba-ad-dc.service
Please ignore the following error about deb-systemd-helper not finding
those services.
(samba-ad-dc.service masked)
insserv: script rpcbind: service portmap already provided!
insserv: script rpcbind: service portmap already provided!
insserv: script rpcbind: service portmap already provided!
Failed to preset unit: Unit file /etc/systemd/system/nmbd.service is
masked.
/usr/bin/deb-systemd-helper: error: systemctl preset failed on
nmbd.service: No such file or directory
Created symlink
/etc/systemd/system/multi-user.target.wants/samba-ad-dc.service ?
/lib/systemd/system/samba-ad-dc.serv
ice.
Failed to preset unit: Unit file /etc/systemd/system/smbd.service is
masked.
/usr/bin/deb-systemd-helper: error: systemctl preset failed on
smbd.service: No such file or directory
nmbd.service is a disabled or a static unit, not starting it.
smbd.service is a disabled or a static unit, not starting it.
Job for samba-ad-dc.service failed because the control process exited
with error code.
See "systemctl status samba-ad-dc.service" and "journalctl
-xe" for
details.
Setting up winbind (2:4.13.13+dfsg-1~deb11u5) ...
mkdir: created directory '/var/lib/samba/winbindd_privileged'
changed group of '/var/lib/samba/winbindd_privileged' from root to
winbindd_priv
mode of '/var/lib/samba/winbindd_privileged' changed from 0755
(rwxr-xr-x) to 0750 (rwxr-x---)
insserv: script rpcbind: service portmap already provided!
Failed to preset unit: Unit file /etc/systemd/system/winbind.service is
masked.
/usr/bin/deb-systemd-helper: error: systemctl preset failed on
winbind.service: No such file or directory
winbind.service is a disabled or a static unit, not starting it.
Setting up dnsutils (1:9.16.33-1~deb11u1) ...
Setting up libnss-winbind:amd64 (2:4.13.13+dfsg-1~deb11u5) ...
Setting up krb5-user (1.18.3-6+deb11u3) ...
Setting up libpam-winbind:amd64 (2:4.13.13+dfsg-1~deb11u5) ...
Processing triggers for man-db (2.9.4-2) ...
Processing triggers for libc-bin (2.31-13+deb11u5) ...
The reported errors seem to be due to further configuration being needed
for a DC.
Next I continued with the wiki at
https://wiki.samba.org/index.php/Setting_up_Samba_as_an_Active_Directory_Domain_Controller
First I verified that /etc/resolv.conf was correct then I updated
/etc/hosts to reflect the new realm name.
Next I ran: samba-tool domain provision --use-rfc2307 --interactive
This failed with an error:
ERROR(<class 'samba.provision.ProvisioningError'>): Provision
failed -
ProvisioningError: guess_names: 'realm =' was not specified in supplied
/etc/samba/smb.conf.? Please remove the smb.conf file and let provision
generate it
? File "/usr/lib/python3/dist-packages/samba/netcmd/domain.py", line
487, in run
??? result = provision(self.logger,
? File "/usr/lib/python3/dist-packages/samba/provision/__init__.py",
line 2245, in provision
??? names = guess_names(lp=lp, hostname=hostname, domain=domain,
? File "/usr/lib/python3/dist-packages/samba/provision/__init__.py",
line 642, in guess_names
??? raise ProvisioningError("guess_names: 'realm =' was not
specified
in supplied %s.? Please remove the smb.conf file and let provision
generate it" % lp.configfile)
So I removed the smb.conf and ran it again. This time I got:
INFO 2023-03-29 15:01:07,831 pid:17352
/usr/lib/python3/dist-packages/samba/provision/__init__.py #2122:
Looking up IPv4 addresses
INFO 2023-03-29 15:01:07,832 pid:17352
/usr/lib/python3/dist-packages/samba/provision/__init__.py #2139:
Looking up IPv6 addresses
WARNING 2023-03-29 15:01:07,833 pid:17352
/usr/lib/python3/dist-packages/samba/provision/__init__.py #2146: No
IPv6 address will be assigned
Error: Unable to parse dn
'CN=Schema,CN=Configuration,DC=home,DC=rahim-dale,DC=org,'
ERROR(runtime): uncaught exception - (87, 'WERR_INVALID_PARAMETER')
? File "/usr/lib/python3/dist-packages/samba/netcmd/__init__.py",
line
186, in _run
??? return self.run(*args, **kwargs)
? File "/usr/lib/python3/dist-packages/samba/netcmd/domain.py", line
487, in run
??? result = provision(self.logger,
? File "/usr/lib/python3/dist-packages/samba/provision/__init__.py",
line 2278, in provision
??? schema = Schema(domainsid, invocationid=invocationid,
? File "/usr/lib/python3/dist-packages/samba/schema.py", line 147, in
__init__
??? self.set_from_ldif(prefixmap_ldif, self.schema_data, self.schemadn)
? File "/usr/lib/python3/dist-packages/samba/schema.py", line 160, in
set_from_ldif
??? dsdb._dsdb_set_schema_from_ldif(self.ldb, pf, df, dn)
I'm not sure what is causing this error. The only samba log is named
log.%m and it has nothing from the time of running samba-tool either time.