similar to: Samba AD-DC on FreeBSD-12.1 Jail

I did not include enough of /var/log/samba4/smbd.log. There is a dns update failure that I do not understand: [2020/06/08 14:09:53.989584, 1] ../../source3/lib/messages.c:899(send_all_fn) send_all_fn: messaging_send_buf to 56486 failed: NT_STATUS_OBJECT_NAME_NOT_FOUND [2020/06/08 14:12:23.781712, 2] ../../source3/smbd/server.c:843(remove_child_pid) Could not find child 57829 -- ignoring

I decided to scrap everything and restart from the very beginning. I created a new jail. I installed samba410 samba-nsupdate py37-dnspython as these are current. I provisioned a domain: samba-tool domain provision --adminpass=INstall166 --dns-backend=SAMBA_INTERNAL --dnspass=INstall166 --domain=BROCKLEY --host-name=SMB4-1 --host-ip=192.168.8.166 --option="bind interfaces only=yes"

On Thu, July 2, 2020 14:47:42 UTC, Rowland penny wrote: > Looks like you need to recompile nsupdate, you need GSSAPI. > > Failing that, try adding: > > dns update command = /usr/sbin/samba_dnsupdate --use-samba-tool > > To your DC's smb.conf Further investigation has uncovered (for me) the cause of this error: /usr/local/bin/samba-nsupdate: cannot specify -g or -o,

Thank you for your patience. On Tue, June 30, 2020 16:48, Rowland penny wrote: > > From 'man smb.conf': > > nsupdate command (G) > > This option sets the path to the nsupdate command which is used for > GSS-TSIG dynamic DNS updates. > > Default: nsupdate command = /usr/bin/nsupdate -g > > dns update command (G) > > This

> Could be because you added the wrong line to your smb4.conf (why does > freebsd call it smb4.conf ?), Why does freebsd put these things in /usr/local/etc/? Some questions have answers that are not worth the effort to know. > try: > nsupdate command = /usr/local/sbin/nsupdate -g I did catch that error earlier. But it makes no difference. samba_dnsupdate does not give any

On Sat, July 11, 2020 04:32, Andrea Venturoli wrote: > On 2020-07-10 14:47, James B. Byrne wrote: >> FreeBSD-12.1p6 IOCage thick jails on ZFS, samba-4.10.15: > > Can you post the smb.conf of both DCs? > > Just out of curiosity, are you also using vfs_zfsacl? Yes. smb.confs DC1 and DC2: /zroot/iocage/jails/smb4-1a/root/usr/local/etc/smb4.conf [root at vhost04 ~ (master)]#

I changed the entries in smb4.conf (smb.conf) to this: [global] . . . dns update command = /usr/local/sbin/samba_dnsupdate nsupdate command = /usr/local/bin/samba-nsupdate -d -g And this is what results when I run: samba_dnsupdate --verbose -d8 --all-names . . . update(nsupdate): SRV _ldap._tcp.Default-First-Site-Name._sites.ForestDnsZones.brockley.harte-lyne.ca

I have a dc configured to use the samba internal dns service. The version of samba I am using is 4.10.15 packaged for FreeBSD. Its build options state this: BIND911 : off BIND916 : off , , , GSSAPI_BUILTIN : on GSSAPI_MIT : off LDAP : on . . . NSUPDATE : off My smb4.conf file contains this: [global] bind interfaces only = Yes dns forwarder =

This is all the diagnostic information I can think of at the moment: [root at smb4-1 ~ (master)]# klist Credentials cache: FILE:/tmp/krb5cc_0 Principal: administrator at BROCKLEY.HARTE-LYNE.CA Issued Expires Principal Jul 2 10:35:11 2020 Jul 2 20:35:11 2020 krbtgt/BROCKLEY.HARTE-LYNE.CA at BROCKLEY.HARTE-LYNE.CA [root at smb4-1 ~ (master)]# grep nsup

On FreeBSD-12.1p7 running Samba-4.10.15 I have a working test AD domain. While samba_server is confirmed stopped the 'samba-tool domain backup offline' command gives the following error: [root at smb4-1c-testfmso ~ (master)]# hostname smb4-1.brockley.harte-lyne.ca [root at smb4-1c-testfmso ~ (master)]# samba-tool domain backup offline --targetdir=/tmp ERROR(<class

FreeBSD-12.1p7 Samba-4.10.15 The user profiles were transferred from the existing Samba AD-DC to a new domain running on Samba-4.10. An ls on the original Samba (4.3.13) domain DC shows this: [root at SAMBA-01 ~]# ls -ld /var/samba4/BROCKLEY-2016/PROFILES/lyneak_hll.V2 drwxrwx---+ 16 BROCKLEY-2016\lyneak_hll BROCKLEY-2016\domain admins 512 Aug 12 17:07

I have abandoned trying to get an existing AD-DC on a FreeBSD host using UFS to replicate successfully to a FreeBSD host on ZFS. I am now in the process of provisioning a new domain on the ZFS host. The domain is created on a FreeBSD thick jail using IOcage as the jail manager; probably should be called the warden but I digress. I have successfully provisioned a new domain but I see an issue

Previously, when I did this: >> samba-tool dns query localhost brockley.harte-lyne.ca brockley.harte-lyne.ca >> ALL -U administrator Then I saw this: >> Password for [BROCKLEY\administrator]: Now I see this: >> samba-tool dns query localhost brockley.harte-lyne.ca brockley.harte-lyne.ca >> ALL -U administrator >> Cannot do GSSAPI to an IP address >>

On Tue, June 2, 2020 11:13, Rowland penny wrote: > On 02/06/2020 16:03, James B. Byrne via samba wrote: >> Samba-4.11.8 on FreeBSd-12.1p5 >> >> How does one list all of the actual DNS records for Samba administered zones, >> forward and reverse? >> > Try: > > samba-tool dns query localhost brockley.harte-lyne.ca > brockley.harte-lyne.ca ALL -U

Samba-4.11.8 on FreeBSd-12.1p5 How does one list all of the actual DNS records for Samba administered zones, forward and reverse? When I use the dns query option of samba-tool I get a summary but no detail: samba-tool dns query localhost brockley.harte-lyne.ca @ ALL -U administrator Password for [BROCKLEY\administrator]: Name=, Records=3, Children=0 SOA: serial=1, refresh=900, retry=600,

FreeBSd-12.1p5 Samab-4.11 py37-dnspython-1.16.0 python37-3.7.7 I am seeing a recurring error relating to dns updates. I ran: samba_dnsupdate --verbose I see this result: Calling samba-tool dns add -k no -P ['192.168.216.166', 'brockley.harte-lyne.ca', '_ldap._tcp.Default-First-Site-Name._sites.ForestDnsZones', 'SRV',

On Wed, June 3, 2020 10:52, Rowland penny wrote: > On 03/06/2020 15:31, James B. Byrne wrote: >> >> samba-tool dns query localhost brockley.harte-lyne.ca brockley.harte-lyne.ca >> ALL -U administrator >> Password for [BROCKLEY\administrator]: >> Name=, Records=3, Children=0 >> SOA: serial=1, refresh=900, retry=600, expire=86400, minttl=3600, >>

I decided to restart the provisioning process. I stopped the samba_server, deleted /usr/local/etc/smb4.conf and /var/db/samba4. I then decided to do an interactive provisioning and this is the result: [root at smb4-1 ~ (master)]# ll /var/samba4 ; ll /usr/local/etc/smb4.conf ls: /var/samba4: No such file or directory ls: /usr/local/etc/smb4.conf: No such file or directory [root at smb4-1 ~

I am testing DC administration using samba-4.10.15 on FreeBSD-12.1p6 and have run across this: [root at smb4-2 ~ (master)]# samba-tool domain join BROCKLEY.HARTE-LYNE.CA DC -U"BROCKLEY\administrator" INFO 2020-06-25 14:26:10,692 pid:47306 /usr/local/lib/python3.7/site-packages/samba/join.py #104: Finding a writeable DC for domain 'BROCKLEY.HARTE-LYNE.CA' INFO 2020-06-25

On 07/07/2020 20:00, James B. Byrne via samba wrote: > I have this on the DC smb4-1.brockley.harte-lyne.ca: > > samba-tool dns query localhost brockley.harte-lyne.ca brockley.harte-lyne.ca > ALL -U administrator > Password for [BROCKLEY\administrator]: > Name=, Records=6, Children=0 > SOA: serial=7, refresh=900, retry=600, expire=86400, minttl=3600, >