samba - Jan 2024 - Provisioning new AD Domain Controller

On Thu Jan 18 00:51:16 2024 Mark Foley via samba <samba at
lists.samba.org> wrote:
>
> Because of issues described in thread "Joining Windows 10 Domain
Member to Samba
> AD/DC", I'm trying to re-provision my DC with the curren/old
domain name
> mail.hprs.local instead of the newer, more correct dc1.hprs.locl.
>
> I've followed the steps in 
>
>
https://wiki.samba.org/index.php/Setting_up_Samba_as_an_Active_Directory_Domain_Controller
>
> regarding "Only Applicable if Samba was Previously Installed".
For the directory
> list:
>
> # smbd -b | egrep "LOCKDIR|STATEDIR|CACHEDIR|PRIVATE_DIR"
>    LOCKDIR: /var/cache/samba
>    STATEDIR: /var/lib/samba
>    CACHEDIR: /var/cache/samba
>    PRIVATE_DIR: /var/lib/samba/private
>
> I did 'rm -r /var/cache/samba* /var/lib/samba/*'. I then did the
provision step
> again:
>
> samba-tool domain provision --use-rfc2307 --realm=HPRS.LOCAL --domain=HPRS
\
>   --server-role=dc --dns-backend=SAMBA_INTERNAL
--option=interfaces="lo eth0" \
>   --option="bind interfaces only=yes" --adminpass=pw
>
> However, when I got to the 'samba-tool dns zonelist' step, I got:
>
> Password for [administrator at HPRS.LOCL]:
>
> Notice that it is asking for the supposedly purged realm HPRS.LOCL. There
must
> be more that needs to be removed other than just those egrep'ed
directories.
>
> /etc/hosts is:
>
> 127.0.0.1               localhost
> 192.168.1.60             mail.hprs.local mail
>
> /etc/HOSTNAME is:
>
> mail.hprs.local
>
> The generated smb.conf is:
>
> # Global parameters
> [global]
>         bind interfaces only = Yes
>         dns forwarder = 192.168.1.1
>         interfaces = lo eth0
>         netbios name = MAIL
>         realm = HPRS.LOCAL
>         server role = active directory domain controller
>         workgroup = HPRS
>         idmap_ldb:use rfc2307 = yes
>
> [sysvol]
>         path = /var/lib/samba/sysvol
>         read only = No
>
> [netlogon]
>         path = /var/lib/samba/sysvol/hprs.local/scripts
>         read only = No
>
>
> There are no other .tdb or .ldb files on the drive.
>
> Where is this old realm name lurking, why is it associated with the
> Administrator and how do I purge it and any remaining such vestigal
> references without scratch-installing Linux?
>
> Thanks --Mark
After again removing all .tdb and .ldb files, and grepping the whole /etc
directory for any files containing hprs.locl -- and not finding any -- and
reprovisioning again, I still get:

# samba-tool dns zonelist mail
Password for [administrator at HPRS.LOCL]:

So the previous domain name is still lurking somewhere, but not findable or
killable by me.

As no one has replied to this question, I'm going to go ahead and wipe the
drive
and reinsall Linux from scratch. That should eliminate any references to
HPRS.LOCL.

--Mark

hosts file? stale dns records?

On Thu, Jan 18, 2024 at 2:07?PM Mark Foley via samba
<samba at lists.samba.org> wrote:
>
> On Thu Jan 18 00:51:16 2024 Mark Foley via samba <samba at
lists.samba.org> wrote:
> >
> > Because of issues described in thread "Joining Windows 10 Domain
Member to Samba
> > AD/DC", I'm trying to re-provision my DC with the curren/old
domain name
> > mail.hprs.local instead of the newer, more correct dc1.hprs.locl.
> >
> > I've followed the steps in
> >
> >
https://wiki.samba.org/index.php/Setting_up_Samba_as_an_Active_Directory_Domain_Controller
> >
> > regarding "Only Applicable if Samba was Previously
Installed". For the directory
> > list:
> >
> > # smbd -b | egrep "LOCKDIR|STATEDIR|CACHEDIR|PRIVATE_DIR"
> >    LOCKDIR: /var/cache/samba
> >    STATEDIR: /var/lib/samba
> >    CACHEDIR: /var/cache/samba
> >    PRIVATE_DIR: /var/lib/samba/private
> >
> > I did 'rm -r /var/cache/samba* /var/lib/samba/*'. I then did
the provision step
> > again:
> >
> > samba-tool domain provision --use-rfc2307 --realm=HPRS.LOCAL
--domain=HPRS \
> >   --server-role=dc --dns-backend=SAMBA_INTERNAL
--option=interfaces="lo eth0" \
> >   --option="bind interfaces only=yes" --adminpass=pw
> >
> > However, when I got to the 'samba-tool dns zonelist' step, I
got:
> >
> > Password for [administrator at HPRS.LOCL]:
> >
> > Notice that it is asking for the supposedly purged realm HPRS.LOCL.
There must
> > be more that needs to be removed other than just those egrep'ed
directories.
> >
> > /etc/hosts is:
> >
> > 127.0.0.1               localhost
> > 192.168.1.60             mail.hprs.local mail
> >
> > /etc/HOSTNAME is:
> >
> > mail.hprs.local
> >
> > The generated smb.conf is:
> >
> > # Global parameters
> > [global]
> >         bind interfaces only = Yes
> >         dns forwarder = 192.168.1.1
> >         interfaces = lo eth0
> >         netbios name = MAIL
> >         realm = HPRS.LOCAL
> >         server role = active directory domain controller
> >         workgroup = HPRS
> >         idmap_ldb:use rfc2307 = yes
> >
> > [sysvol]
> >         path = /var/lib/samba/sysvol
> >         read only = No
> >
> > [netlogon]
> >         path = /var/lib/samba/sysvol/hprs.local/scripts
> >         read only = No
> >
> >
> > There are no other .tdb or .ldb files on the drive.
> >
> > Where is this old realm name lurking, why is it associated with the
> > Administrator and how do I purge it and any remaining such vestigal
> > references without scratch-installing Linux?
> >
> > Thanks --Mark
>
> After again removing all .tdb and .ldb files, and grepping the whole /etc
> directory for any files containing hprs.locl -- and not finding any -- and
> reprovisioning again, I still get:
>
> # samba-tool dns zonelist mail
> Password for [administrator at HPRS.LOCL]:
>
> So the previous domain name is still lurking somewhere, but not findable or
> killable by me.
>
> As no one has replied to this question, I'm going to go ahead and wipe
the drive
> and reinsall Linux from scratch. That should eliminate any references to
> HPRS.LOCL.
>
> --Mark
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba