On 29/03/2023 20:06, Gary Dale via samba wrote:>> > Following the advice of > https://wiki.samba.org/index.php/Distribution-specific_Package_Installation, below the installation report after I did a more thorough purging of Samba-related stuff. I took the further advice and changed the realm to HOME.RAHIM-DALE-ORG. The DC remains TheLibrarian. > > # apt install acl attr samba samba-dsdb-modules samba-vfs-modules > winbind libpam-winbind libnss-win bind krb5-config krb5-user dnsutilsI have updated that list.> > Creating config file /etc/samba/smb.conf with new versionThis is why you need to remove the smb.conf, the package install creates one for a standalone server.> > > The reported errors seem to be due to further configuration being needed > for a DC. > > Next I continued with the wiki at > https://wiki.samba.org/index.php/Setting_up_Samba_as_an_Active_Directory_Domain_ControllerI have updated that wikipage slightly.> > First I verified that /etc/resolv.conf was correct then I updated > /etc/hosts to reflect the new realm name. > > Next I ran: samba-tool domain provision --use-rfc2307 --interactive > > This failed with an error: > > ERROR(<class 'samba.provision.ProvisioningError'>): Provision failed - > ProvisioningError: guess_names: 'realm =' was not specified in supplied > /etc/samba/smb.conf.? Please remove the smb.conf file and let provision > generate itI moved the deletion on the wikipage, from where it was, it sounded like you only had to remove the smb.conf if the provision had run successfully.> > So I removed the smb.conf and ran it again. This time I got: > > INFO 2023-03-29 15:01:07,831 pid:17352 > /usr/lib/python3/dist-packages/samba/provision/__init__.py #2122: > Looking up IPv4 addresses > INFO 2023-03-29 15:01:07,832 pid:17352 > /usr/lib/python3/dist-packages/samba/provision/__init__.py #2139: > Looking up IPv6 addresses > WARNING 2023-03-29 15:01:07,833 pid:17352 > /usr/lib/python3/dist-packages/samba/provision/__init__.py #2146: No > IPv6 address will be assigned > Error: Unable to parse dn > 'CN=Schema,CN=Configuration,DC=home,DC=rahim-dale,DC=org,'I know you updated /etc/hosts, but did the computer pick this up, does it think it is in the home.rahim-dale.org dns domain ?> I'm not sure what is causing this error. The only samba log is named > log.%m and it has nothing from the time of running samba-tool either time.There wouldn't be anything in the logs at this point, Samba hasn't started, though thinking about it, did you stop any running Samba processes before the provision. I can assure this does work, to test it, I setup Debian 11 in a VM and created a new domain, the only real difference is that I used Samba from backports. I really suggest you use backports, even the Debian Samba maintainer (Michael Tokarev) is telling you to use backports. If it helps I can send you my notes. Rowland
On 2023-03-29 15:50, Rowland Penny via samba wrote:> > > On 29/03/2023 20:06, Gary Dale via samba wrote: >>> >> Following the advice of >> https://wiki.samba.org/index.php/Distribution-specific_Package_Installation, >> below the installation report after I did a more thorough purging of >> Samba-related stuff. I took the further advice and changed the realm >> to HOME.RAHIM-DALE-ORG. The DC remains TheLibrarian. >> >> # apt install acl attr samba samba-dsdb-modules samba-vfs-modules >> winbind libpam-winbind libnss-win bind krb5-config krb5-user dnsutils > > I have updated that list. > >> >> Creating config file /etc/samba/smb.conf with new version > > This is why you need to remove the smb.conf, the package install > creates one for a standalone server. > >> >> >> The reported errors seem to be due to further configuration being >> needed for a DC. >> >> Next I continued with the wiki at >> https://wiki.samba.org/index.php/Setting_up_Samba_as_an_Active_Directory_Domain_Controller > > I have updated that wikipage slightly. > >> >> First I verified that /etc/resolv.conf was correct then I updated >> /etc/hosts to reflect the new realm name. >> >> Next I ran: samba-tool domain provision --use-rfc2307 --interactive >> >> This failed with an error: >> >> ERROR(<class 'samba.provision.ProvisioningError'>): Provision failed >> - ProvisioningError: guess_names: 'realm =' was not specified in >> supplied /etc/samba/smb.conf.? Please remove the smb.conf file and >> let provision generate it > > I moved the deletion on the wikipage, from where it was, it sounded > like you only had to remove the smb.conf if the provision had run > successfully. > >> >> So I removed the smb.conf and ran it again. This time I got: >> >> INFO 2023-03-29 15:01:07,831 pid:17352 >> /usr/lib/python3/dist-packages/samba/provision/__init__.py #2122: >> Looking up IPv4 addresses >> INFO 2023-03-29 15:01:07,832 pid:17352 >> /usr/lib/python3/dist-packages/samba/provision/__init__.py #2139: >> Looking up IPv6 addresses >> WARNING 2023-03-29 15:01:07,833 pid:17352 >> /usr/lib/python3/dist-packages/samba/provision/__init__.py #2146: No >> IPv6 address will be assigned >> Error: Unable to parse dn >> 'CN=Schema,CN=Configuration,DC=home,DC=rahim-dale,DC=org,' > > I know you updated /etc/hosts, but did the computer pick this up, does > it think it is in the home.rahim-dale.org dns domain ?The computer should query /etc/hosts each time. The actual problem was a typo in the file - I put a comma in when it only allows spaces to separate the names.> >> I'm not sure what is causing this error. The only samba log is named >> log.%m and it has nothing from the time of running samba-tool either >> time. > > There wouldn't be anything in the logs at this point, Samba hasn't > started, though thinking about it, did you stop any running Samba > processes before the provision. > > I can assure this does work, to test it, I setup Debian 11 in a VM and > created a new domain, the only real difference is that I used Samba > from backports. > > I really suggest you use backports, even the Debian Samba maintainer > (Michael Tokarev) is telling you to use backports.Baokports are for people who need something that the stable version doesn't provide. That's not me. I run Debian/Stable on my servers for a reason. I run Testing on my workstation because I want to help test things. And I run it my new laptop because it requires drivers that aren't available in Stable. Debian does update stable when a serious issue is found that can't be patched. However that is a vector for breakage - it wasn't that long ago that an update to ghostscript broke a lot programs in Stable that used it to produce PDFs. We had to choose between a security flaw or a lack of functionality. I'll wait until Bookworm becomes Stable to get the Samba upgrade.> > If it helps I can send you my notes. > > Rowland >
On 2023-03-29 15:50, Rowland Penny via samba wrote:> > > On 29/03/2023 20:06, Gary Dale via samba wrote: >>> >> Following the advice of >> https://wiki.samba.org/index.php/Distribution-specific_Package_Installation, >> below the installation report after I did a more thorough purging of >> Samba-related stuff. I took the further advice and changed the realm >> to HOME.RAHIM-DALE-ORG. The DC remains TheLibrarian. >> >> # apt install acl attr samba samba-dsdb-modules samba-vfs-modules >> winbind libpam-winbind libnss-win bind krb5-config krb5-user dnsutils > > I have updated that list. > >> >> Creating config file /etc/samba/smb.conf with new version > > This is why you need to remove the smb.conf, the package install > creates one for a standalone server. > >> >> >> The reported errors seem to be due to further configuration being >> needed for a DC. >> >> Next I continued with the wiki at >> https://wiki.samba.org/index.php/Setting_up_Samba_as_an_Active_Directory_Domain_Controller > > I have updated that wikipage slightly. > >> >> First I verified that /etc/resolv.conf was correct then I updated >> /etc/hosts to reflect the new realm name. >> >> Next I ran: samba-tool domain provision --use-rfc2307 --interactive >> >> This failed with an error: >> >> ERROR(<class 'samba.provision.ProvisioningError'>): Provision failed >> - ProvisioningError: guess_names: 'realm =' was not specified in >> supplied /etc/samba/smb.conf.? Please remove the smb.conf file and >> let provision generate it > > I moved the deletion on the wikipage, from where it was, it sounded > like you only had to remove the smb.conf if the provision had run > successfully. > >> >> So I removed the smb.conf and ran it again. This time I got: >> >> INFO 2023-03-29 15:01:07,831 pid:17352 >> /usr/lib/python3/dist-packages/samba/provision/__init__.py #2122: >> Looking up IPv4 addresses >> INFO 2023-03-29 15:01:07,832 pid:17352 >> /usr/lib/python3/dist-packages/samba/provision/__init__.py #2139: >> Looking up IPv6 addresses >> WARNING 2023-03-29 15:01:07,833 pid:17352 >> /usr/lib/python3/dist-packages/samba/provision/__init__.py #2146: No >> IPv6 address will be assigned >> Error: Unable to parse dn >> 'CN=Schema,CN=Configuration,DC=home,DC=rahim-dale,DC=org,' > > I know you updated /etc/hosts, but did the computer pick this up, does > it think it is in the home.rahim-dale.org dns domain ?The computer should query /etc/hosts each time. The actual problem was a typo in the file - I put a comma in when it only allows spaces to separate the names.> >> I'm not sure what is causing this error. The only samba log is named >> log.%m and it has nothing from the time of running samba-tool either >> time. > > There wouldn't be anything in the logs at this point, Samba hasn't > started, though thinking about it, did you stop any running Samba > processes before the provision. > > I can assure this does work, to test it, I setup Debian 11 in a VM and > created a new domain, the only real difference is that I used Samba > from backports. > > I really suggest you use backports, even the Debian Samba maintainer > (Michael Tokarev) is telling you to use backports.Baokports are for people who need something that the stable version doesn't provide. That's not me. I run Debian/Stable on my servers for a reason. I run Testing on my workstation because I want to help test things. And I run it my new laptop because it requires drivers that aren't available in Stable. Debian does update stable when a serious issue is found that can't be patched. However that is a vector for breakage - it wasn't that long ago that an update to ghostscript broke a lot programs in Stable that used it to produce PDFs. We had to choose between a security flaw or a lack of functionality. I'll wait until Bookworm becomes Stable to get the Samba upgrade.> > If it helps I can send you my notes. > > Rowland >BTW: After I fixed /etc/hosts, removed the /etc/samba/smb.conf and re-ran provisioning, I was able to start samba. I connected my VM to the new domain and I have almost everything working (for some reason I've lost the E: drive letter for network mapping). Thanks for your help! Greatly appreciated.