samba - May 2024 - Joining Linux Domain Member to Samba DC, issues

On Sun, 19 May 2024 15:26:03 -0400
Mark Foley via samba <samba at lists.samba.org> wrote:
> I've successfully joined several Linux hosts as Domain Members thus
> far; except for this one particular host that seems to fail in a
> different way each time I try -- I've even scratch-installed this
> host from installation DVD.
> 
> All the tests listed in 
> https://wiki.samba.org/index.php/Setting_up_Samba_as_a_Domain_Member 
> work. My latest attempt is as follows:
> 
> # net ads join -U administrator
> Password for [HPRS\administrator]:
> ldb: unable to dlopen /usr/lib64/ldb/local_password.so : 
> /usr/lib64/libsamdb-common-samba4.so: version `SAMBA_4.6.16' not
> found (required by /usr/lib64/ldb/local_password.so)
> ldb: unable to dlopen /usr/lib64/ldb/simple_dn.so : 
> /usr/lib64/libdsdb-module-samba4.so: version `SAMBA_4.6.16' not found 
> (required by /usr/lib64/ldb/simple_dn.so)
> ldb: unable to dlopen /usr/lib64/ldb/simple_ldap_map.so : 
> /usr/lib64/libsamdb-common-samba4.so: version `SAMBA_4.6.16' not
> found (required by /usr/lib64/ldb/simple_ldap_map.so)
> Using short domain name -- HPRS
> Joined 'WEBSERVER' to dns domain 'hprs.local'
> DNS Update for webserver.hprs.local failed: ERROR_DNS_UPDATE_FAILED
> DNS update failed: NT_STATUS_UNSUCCESSFUL
> 
> # samba --version
> Version 4.18.9
> 
> A couple of points of interest: neither the Domain Controller nor the 
> other Linux Domain Member on this LAN have the file 
> /usr/lib64/ldb/local_password.so. On this problem child, that file is 
> dated 11/28/2018. Two other files in that directory have the same
> date: simple_dn.so and simple_ldap_map.so. All the rest of the files
> in that directory have the same dates as the Domain Controller and
> the other Domain Member, 11/30/2023.
> 
> My current Samba Version on all three of these computers is 4.18.9.
> The old samba version before upgrading was 4.6.16 -- the very version
> listed above as "SAMBA_4.16.16" not found.
> 
> Before I do something stupid, I was to bounce a thought off the 
> sambaList experts. I'm theorizing that the previous version of Samba 
> (4.6.16) was not completely removed and left some files (like 
> local_password.so) laying around.
> 
> My proposed solution is to completely uninstall Samba and any and all 
> vestiges thereof, and reinstall from scratch.
> 
> Does that sound reasonable, or could I just delete these 3 old files
> and try again? Note that this host works fine doing samba shares.
> 
> Thanks --Mark
I haven't seen this for a few years, either your upgrade hasn't
upgraded everything or the upgrade hasn't removed files that it
should. Either way, I would backup any data you need from the computer
and then blow it away and start afresh.

Rowland

On 5/19/2024 3:50 PM, Rowland Penny via samba wrote:
> On Sun, 19 May 2024 15:26:03 -0400
> Mark Foley via samba <samba at lists.samba.org> wrote:
>
>> I've successfully joined several Linux hosts as Domain Members thus
>> far; except for this one particular host that seems to fail in a
>> different way each time I try -- I've even scratch-installed this
>> host from installation DVD.
>>
>> All the tests listed in
>> https://wiki.samba.org/index.php/Setting_up_Samba_as_a_Domain_Member
>> work. My latest attempt is as follows:
>>
>> # net ads join -U administrator
>> Password for [HPRS\administrator]:
>> ldb: unable to dlopen /usr/lib64/ldb/local_password.so :
>> /usr/lib64/libsamdb-common-samba4.so: version `SAMBA_4.6.16' not
>> found (required by /usr/lib64/ldb/local_password.so)
>> ldb: unable to dlopen /usr/lib64/ldb/simple_dn.so :
>> /usr/lib64/libdsdb-module-samba4.so: version `SAMBA_4.6.16' not
found
>> (required by /usr/lib64/ldb/simple_dn.so)
>> ldb: unable to dlopen /usr/lib64/ldb/simple_ldap_map.so :
>> /usr/lib64/libsamdb-common-samba4.so: version `SAMBA_4.6.16' not
>> found (required by /usr/lib64/ldb/simple_ldap_map.so)
>> Using short domain name -- HPRS
>> Joined 'WEBSERVER' to dns domain 'hprs.local'
>> DNS Update for webserver.hprs.local failed: ERROR_DNS_UPDATE_FAILED
>> DNS update failed: NT_STATUS_UNSUCCESSFUL
>>
>> # samba --version
>> Version 4.18.9
>>
>> A couple of points of interest: neither the Domain Controller nor the
>> other Linux Domain Member on this LAN have the file
>> /usr/lib64/ldb/local_password.so. On this problem child, that file is
>> dated 11/28/2018. Two other files in that directory have the same
>> date: simple_dn.so and simple_ldap_map.so. All the rest of the files
>> in that directory have the same dates as the Domain Controller and
>> the other Domain Member, 11/30/2023.
>>
>> My current Samba Version on all three of these computers is 4.18.9.
>> The old samba version before upgrading was 4.6.16 -- the very version
>> listed above as "SAMBA_4.16.16" not found.
>>
>> Before I do something stupid, I was to bounce a thought off the
>> sambaList experts. I'm theorizing that the previous version of
Samba
>> (4.6.16) was not completely removed and left some files (like
>> local_password.so) laying around.
>>
>> My proposed solution is to completely uninstall Samba and any and all
>> vestiges thereof, and reinstall from scratch.
>>
>> Does that sound reasonable, or could I just delete these 3 old files
>> and try again? Note that this host works fine doing samba shares.
>>
>> Thanks --Mark
> I haven't seen this for a few years, either your upgrade hasn't
> upgraded everything or the upgrade hasn't removed files that it
> should. Either way, I would backup any data you need from the computer
> and then blow it away and start afresh.
>
> Rowland
OK, I'm going to try baby-steps working back to a wipe/reinstall if 
necessary. First, I removed the three old 2018 files: local_password.so, 
simple_dn.so and simple_ldap_map.so. Then I attempted to re-join the 
domain. I got:

# net ads join -U administrator
Password for [HPRS\administrator]:
Using short domain name -- HPRS
Joined 'WEBSERVER' to dns domain 'hprs.local'
DNS Update for webserver.hprs.local failed: ERROR_DNS_UPDATE_FAILED
DNS update failed: NT_STATUS_UNSUCCESSFUL

I'm guessing (hoping) the DNS errors were because WEBSERVER already had 
an A record configured. I did the following to verify there was a A record:

# samba-tool dns query mail.hprs.local hprs.local webserver.hprs.local A 
-Uadministrator
 ? Name=, Records=1, Children=0
 ??? A: 192.168.0.3 (flags=f0, serial=119, ttl=900)

Which looks like it worked. I further verified that WEBSERVER was a 
domain member (on the DC):

# ldbsearch -H /var/lib/samba/private/sam.ldb '(objectclass=computer)'
dn
# record 13
dn: CN=WEBSERVER,CN=Computers,DC=hprs,DC=local

So, I *think* the join worked. I now have the following smb.conf, adding 
a share (xfer):

[global]
 ??????? max log size = 10000
 ??????? realm = HPRS.LOCAL
 ??????? security = ADS
 ??????? server role = member server
 ??????? server string = HPRS WEBSERVER server
 ??????? template homedir = /home/%U
 ??????? template shell = /bin/bash
 ??????? workgroup = HPRS
 ??????? idmap config hprs : range = 10000-999999
 ??????? idmap config hprs : backend = rid
 ??????? idmap config * : range = 3000-7999
 ??????? idmap config * : backend = tdb

vfs objects = acl_xattr
map acl inherit = yes

load printers = no
printing = bsd
printcap name = /dev/null
disable spoolss = yes

[xfer]
path = /home/ohprs/xfer
public = yes
readonly = no
locking = yes
printable = no
create mask = 0660
directory mask = 0771

I updated nsswitch.conf to add winbind to passwd: and group: then fired 
up smbd, nmbd and winbindd -- and it worked! I can map the xfer share 
from Windows which silently uses domain credentials. I added several 
more shares and was able to map them all! I may have to tweak 
permissions somewhere, but that should be a minor problem.

Thus far it seems that simply removing those old files did the trick 
without having to uninstall/reinstall Samba, or wipe/install the whole 
system. I'll keep my fingers crossed on this one.

Thanks --Mark