similar to: Samba-4.11 AD DC provisioning fails

Hi, I'm trying to set up an AD DC in an iocage jail on FreeBSD (to avoid the issues of having the DC a file server) but I'm running into some trouble. I've setup Kerberos and can kinit OK: root at samba-addc:/ # kinit administrator administrator at BEGER.COM.AU's Password: root at samba-addc:/ # klist Credentials cache: FILE:/tmp/krb5cc_0 Principal: administrator at

I am testing DC administration using samba-4.10.15 on FreeBSD-12.1p6 and have run across this: [root at smb4-2 ~ (master)]# samba-tool domain join BROCKLEY.HARTE-LYNE.CA DC -U"BROCKLEY\administrator" INFO 2020-06-25 14:26:10,692 pid:47306 /usr/local/lib/python3.7/site-packages/samba/join.py #104: Finding a writeable DC for domain 'BROCKLEY.HARTE-LYNE.CA' INFO 2020-06-25

On 07/07/2020 20:00, James B. Byrne via samba wrote: > I have this on the DC smb4-1.brockley.harte-lyne.ca: > > samba-tool dns query localhost brockley.harte-lyne.ca brockley.harte-lyne.ca > ALL -U administrator > Password for [BROCKLEY\administrator]: > Name=, Records=6, Children=0 > SOA: serial=7, refresh=900, retry=600, expire=86400, minttl=3600, >

On 07.07.2020 22:14, Mani Wieser via samba wrote: > > On 07.07.2020 21:14, Rowland penny via samba wrote: >> On 07/07/2020 20:00, James B. Byrne via samba wrote: >>> I have this on the DC smb4-1.brockley.harte-lyne.ca: >>> >>> samba-tool dns query localhost brockley.harte-lyne.ca >>> brockley.harte-lyne.ca >>> ALL -U administrator

I have this on the DC smb4-1.brockley.harte-lyne.ca: samba-tool dns query localhost brockley.harte-lyne.ca brockley.harte-lyne.ca ALL -U administrator Password for [BROCKLEY\administrator]: Name=, Records=6, Children=0 SOA: serial=7, refresh=900, retry=600, expire=86400, minttl=3600, ns=SMB4-1.brockley.harte-lyne.ca., email=support.harte-lyne.ca. (flags=600000f0, serial=110, ttl=3600)

FreeBSd-12.1p5 Samab-4.11 py37-dnspython-1.16.0 python37-3.7.7 I am seeing a recurring error relating to dns updates. I ran: samba_dnsupdate --verbose I see this result: Calling samba-tool dns add -k no -P ['192.168.216.166', 'brockley.harte-lyne.ca', '_ldap._tcp.Default-First-Site-Name._sites.ForestDnsZones', 'SRV',

On 07.07.2020 21:14, Rowland penny via samba wrote: > On 07/07/2020 20:00, James B. Byrne via samba wrote: >> I have this on the DC smb4-1.brockley.harte-lyne.ca: >> >> samba-tool dns query localhost brockley.harte-lyne.ca >> brockley.harte-lyne.ca >> ALL -U administrator >> Password for [BROCKLEY\administrator]: >> ?? Name=, Records=6, Children=0

Following the wiki replication guide precisely I got to this step. [root at smb4-2 ~ (master)]# rsync -XAavz --delete-after smb4-1.brockley.harte-lyne.ca:/var/db/samba4/sysvol/ /var/db/samba4/sysvol/ receiving file list ... done ./ brockley.harte-lyne.ca/ . . . brockley.harte-lyne.ca/scripts/ sent 142 bytes received 1,683 bytes 3,650.00 bytes/sec total size is 182 speedup is 0.10 [root at

I decided to scrap everything and restart from the very beginning. I created a new jail. I installed samba410 samba-nsupdate py37-dnspython as these are current. I provisioned a domain: samba-tool domain provision --adminpass=INstall166 --dns-backend=SAMBA_INTERNAL --dnspass=INstall166 --domain=BROCKLEY --host-name=SMB4-1 --host-ip=192.168.8.166 --option="bind interfaces only=yes"

On Wed, July 22, 2020 14:48, Rowland penny wrote: > On 22/07/2020 19:40, James B. Byrne via samba wrote: >> >> On Wed, July 22, 2020 12:35, James B. Byrne wrote: >>> FreeBSD-12.1p7 jail running Samba-4.10.15 on ZFS. >>> >>> When I run 'samba-tool domain backup offline targetdir=/tmp' I see this: >>> >>> running backup on dirs:

On Thu, August 20, 2020 16:14, Rowland penny wrote: > On 20/08/2020 20:40, James B. Byrne via samba wrote: >> FreeBSd-12.1p8 >> Samba-4.10.15 >> >> >> I have this problem: >> >> samba-tool dbcheck --cross-ncs >> Searching for dsServiceName in rootDSE failed: operations error at >> ../../source4/dsdb/samdb/ldb_modules/rootdse.c:518 >>

On Wed Jul 8 13:46:41 UTC 2020, Rowland penny wrote: > > This is because it is an 'A' record and not an 'NS' record. samba-tool dns delete localhost brockley.harte-lyne.ca brockley.harte-lyne.ca. A 192.168.216.162 -U administrator Password for [BROCKLEY\administrator]: ERROR(runtime): uncaught exception - (9701, 'WERR_DNS_ERROR_RECORD_DOES_NOT_EXIST') File

On FreeBSD-12.1p7 running Samba-4.10.15 I have a working test AD domain. While samba_server is confirmed stopped the 'samba-tool domain backup offline' command gives the following error: [root at smb4-1c-testfmso ~ (master)]# hostname smb4-1.brockley.harte-lyne.ca [root at smb4-1c-testfmso ~ (master)]# samba-tool domain backup offline --targetdir=/tmp ERROR(<class

Wed Jul 8 16:09:19 UTC 2020, Rowland penny wrote: > No, it is '@' for the name, not 'brockley.harte-lyne.ca' Previously I had tried that as well with similar results as shown below: [root at smb4-1 ~ (master)]# samba-tool dns help delete Usage: samba-tool dns delete <server> <zone> <name> <A|AAAA|PTR|CNAME|NS|MX|SRV|TXT> <data> [root at smb4-1

On Wed, July 8, 2020 04:23, Rowland penny wrote: > On 08/07/2020 08:50, Mani Wieser via samba wrote: >> >> On 07.07.2020 22:14, Mani Wieser via samba wrote: >> Found it (while having my morning walk with the dog): same as with >> SOA: this is a zone/domain thing and not record >> >> Usage: samba-tool dns delete <server> <zone> <name>

On Sun, Oct 25, 2020 at 4:02 PM Rowland penny via samba <samba at lists.samba.org> wrote: > What do you mean by 'working domain' and 'non-working domain' ? > Do you have two domains ? Different sites, different companies, not related. The working one was also a classic upgrade but earlier on, pre 4.6.x. Just using it to compare. > I am also trying to understand why

On 25/10/2020 20:20, Sonic wrote: > On Sun, Oct 25, 2020 at 4:02 PM Rowland penny via samba > <samba at lists.samba.org> wrote: >> What do you mean by 'working domain' and 'non-working domain' ? >> Do you have two domains ? > Different sites, different companies, not related. The working one was > also a classic upgrade but earlier on, pre 4.6.x. Just

On Wed, July 22, 2020 21:47, Andrew Bartlett wrote: > Are you using DLZ_BIND9? There is a bug where it doesn't know the locking rules for those files. No. I am using the internal dns service. > Otherwise, work out which commend it is waiting on (the child) and > what lock that is waiting on (lslocks on linux is what I used to > debug this stuff). There does not appear to be

On the original AD DC I see this error: /usr/sbin/rndc: Failed to exec child - No such file or directory [2020/06/25 15:38:50.565496, 0] ../../source4/dsdb/dns/dns_update.c:91(dnsupdate_rndc_done) ../../source4/dsdb/dns/dns_update.c:90: Failed rndc update - NT_STATUS_UNSUCCESSFUL But there is no rndc program anywhere on this system. And internal DNS is all that was ever enabled.

On 25/10/2020 20:37, Sonic wrote: > The reset allowed the current GPO to take effect, but right after > adding a new GPO (just named it, no editing, or linking) the > sysvolcheck fails: > # samba-tool ntacl sysvolcheck > ERROR(<class 'samba.provision.ProvisioningError'>): uncaught exception > - ProvisioningError: DB ACL on GPO directory >