Re: [Samba] Problems adding DC to Samba 4.1.6 AD

'sudo ufw allow Samba' did wonders!

...ugh... how long did I waste of that trivial stuff(!)

no more RPC server is unavailable errors - looks like 14.04 (with latest
updates) did actually join AD as a DC after all!

On Tue, Apr 4, 2017 at 5:19 PM, Mickey Bankhead <mbankhead@xxxxxxxxxx>

> I inherited an AD "domain" which is running Ubuntu 14.04, with Samba 4.1.6
> with "built-in" AD-DNS. The network has only one AD server, which runs on
> KVM as a guest - (convenient so I can make backups and test stuff without
> breaking my network.
> We have around 500 users on the system, and I'm trying to upgrade to 16.04
> and a more current version of Samba without making all my users create new
> passwords...
> The problem I have run into is that when I try and upgrade Ubuntu to the
> latest version of 14.04 (required to get to 16.04), samba breaks badly. I
> have chased the errors for hours, searching forums, and haven't gotten
> anywhere... - At one point I did finally get to where samba would actually
> *start* but my shares wouldn't mount - "bad credentials"... - and I was
> concerned about carrying along issues from this AD server which might
> plague me in the future - so I decided to migrate to a new AD server
> instead.
> I created a new Ubuntu 14.04 server, installed latest updates, (Samba
> 4.3.11) and tried to join it as a DC to the existing "domain", following
> this howto https://wiki.samba.org/index.php/Joining_a_Samba_DC_to_an_
> Existing_Active_Directory
> It appeared to join fine - did give Warning: No NC replicated for
> Connection!, but everything else appeared normal - INBOUND and OUTBOUND
> neighbors show successful, 0 failures - however - the only thing which
> appeared to have replicated is the DNS. I can go into DNS manager from a
> windows box, and switch to the new DC, and DNS appears to be there - but
> USERS did NOT replicate. when I go into AD Users and Computers, and try to
> change Directory Servers to the new Samba server, it says could not be
> contacted: The RPC server is unavailable.
> I then added a 16.04 server, and tried to join it as a DC, and had the
> same result - Active Directory Users and Computers says DC could not be
> contacted, RPC server is unavailable.
> So, I restored a fresh copy of my original AD Server, and started again -
> this time, trying to join join a 2k8 server to the AD as an AD server, it
> joins just fine - EXCEPT it will not join/synchronize the DNS. It gives an
> error - A delegation for this DNS server cannot be created because the
> authoritative parent zone cannot be found or it does not run Windows DNS
> server. If you are integrating with an existing DNS infrastructure you
> should manually create a delegation to this DNS server in the parent
> zone...", When I go into AD DNS manager, there's an error which says "DNS
> server was unable to initialize Active Directory security interfaces. Check
> that AD is functioning properly..." For this test, I had used this howto
>  - https://wiki.samba.org/index.php/Joi..._to_a_Samba_AD
> <https://wiki.samba.org/index.php/Joining_a_Windows_Server_2008_/_2008_R2_DC_to_a_Samba_AD>
> Next I tried running RecoveryManager Plus from ManageEngine - to make a
> full AD backup - hoping to restore to a fresh AD server - it backs up all
> the AD users/groups/containers, but when it hits the DNS, it crashes - and
> /lib/util/fault.c:75*fault_report) and (smb_panic_default)
> Of course when I temporarily shut down the samba server (which is the
> *only* existing DNS), the w2k8 server won't even start AD - and I'm dead.
> I tried to manually create my DNS zone in 2k8 DNS, but it won't let me use
> the existing domain...
> (sorry for the LONG post!)
