Web lists-archives.com

Re: [Samba] Replication problems bdc to pdc




Hallo Louis,

    thanks for the response.

Yes, change on ry11citsdc, now hostname -d works correctly. Somewhere I saw the opposite entry. Thanks for the repair. Samba-setup-checkup.sh follows:----------------------------------------------------

pi@ry11citsdc:~ $ bash /home/pi/Ry11/samba-setup-checkup.sh
Check hostnames : Ok
Checking detected host ipnumbers from resolv.conf and default gateway
Ping gateway ip : 10.44.1.1 : Error
ping nameserver1: 10.44.1.9 : Ok
ping nameserver2: 10.44.1.10 : Ok
Check ping google dns : 8.8.8.8 : Error
Checking file owner..
-rw-r--r-- pi pi         /etc/samba/smb.conf
Checking file owner..
-rw-r--r-- pi pi         /etc/samba/lmhosts
Checking file owner..
Missing file /etc/samba/smbpasswd
drwxr-xr-x root root     /usr/bin
drwxr-xr-x root root     /var/cache/samba
drwxr-xr-x root root     /usr/lib/arm-linux-gnueabihf
drwxr-xr-x root root     /var/run/samba
drwxr-x--- root adm      /var/log/samba
drwxr-xr-x root root     /usr/lib/arm-linux-gnueabihf/samba
drwxr-xr-x root root     /var/run/samba
drwxr-xr-x root root     /var/lib/samba/private
drwxr-xr-x root root     /usr/sbin
drwxr-xr-x root root     /var/lib/samba
ltdb: tdb(/var/lib/samba/private/sam.ldb): tdb_open_ex: could not open file /var/lib/samba/private/sam.ldb: Permission denied

Unable to open tdb '/var/lib/samba/private/sam.ldb': Permission denied
Failed to connect to 'tdb:///var/lib/samba/private/sam.ldb' with backend 'tdb': Unable to open tdb '/var/lib/samba/private/sam.ldb': Permission denied ERROR(ldb): uncaught exception - Unable to open tdb '/var/lib/samba/private/sam.ldb': Permission denied   File "/usr/lib/python2.7/dist-packages/samba/netcmd/__init__.py", line 176, in _run
    return self.run(*args, **kwargs)
  File "/usr/lib/python2.7/dist-packages/samba/netcmd/fsmo.py", line 438, in run
    credentials=creds, lp=lp)
  File "/usr/lib/python2.7/dist-packages/samba/samdb.py", line 57, in __init__
    options=options)
  File "/usr/lib/python2.7/dist-packages/samba/__init__.py", line 115, in __init__
    self.connect(url, flags, options)
  File "/usr/lib/python2.7/dist-packages/samba/samdb.py", line 72, in connect
    options=options)
ltdb: tdb(/var/lib/samba/private/sam.ldb): tdb_open_ex: could not open file /var/lib/samba/private/sam.ldb: Permission denied

Unable to open tdb '/var/lib/samba/private/sam.ldb': Permission denied
Failed to connect to 'tdb:///var/lib/samba/private/sam.ldb' with backend 'tdb': Unable to open tdb '/var/lib/samba/private/sam.ldb': Permission denied ERROR(ldb): uncaught exception - Unable to open tdb '/var/lib/samba/private/sam.ldb': Permission denied   File "/usr/lib/python2.7/dist-packages/samba/netcmd/__init__.py", line 176, in _run
    return self.run(*args, **kwargs)
  File "/usr/lib/python2.7/dist-packages/samba/netcmd/fsmo.py", line 438, in run
    credentials=creds, lp=lp)
  File "/usr/lib/python2.7/dist-packages/samba/samdb.py", line 57, in __init__
    options=options)
  File "/usr/lib/python2.7/dist-packages/samba/__init__.py", line 115, in __init__
    self.connect(url, flags, options)
  File "/usr/lib/python2.7/dist-packages/samba/samdb.py", line 72, in connect
    options=options)
ltdb: tdb(/var/lib/samba/private/sam.ldb): tdb_open_ex: could not open file /var/lib/samba/private/sam.ldb: Permission denied

Unable to open tdb '/var/lib/samba/private/sam.ldb': Permission denied
Failed to connect to 'tdb:///var/lib/samba/private/sam.ldb' with backend 'tdb': Unable to open tdb '/var/lib/samba/private/sam.ldb': Permission denied ERROR(ldb): uncaught exception - Unable to open tdb '/var/lib/samba/private/sam.ldb': Permission denied   File "/usr/lib/python2.7/dist-packages/samba/netcmd/__init__.py", line 176, in _run
    return self.run(*args, **kwargs)
  File "/usr/lib/python2.7/dist-packages/samba/netcmd/fsmo.py", line 438, in run
    credentials=creds, lp=lp)
  File "/usr/lib/python2.7/dist-packages/samba/samdb.py", line 57, in __init__
    options=options)
  File "/usr/lib/python2.7/dist-packages/samba/__init__.py", line 115, in __init__
    self.connect(url, flags, options)
  File "/usr/lib/python2.7/dist-packages/samba/samdb.py", line 72, in connect
    options=options)
DCS ry11citsdc.ry11cit.lan
ry11citdc.ry11cit.lan
DC1 ry11citsdc.ry11cit.lan
DC2 ry11citdc.ry11cit.lan
Samba AD DC info:             =  detected (command and where to look)
This server hostname          = ry11citsdc (hostname -s and /etc/hosts and DNS server) This server FQDN (hostname)   = ry11citsdc.ry11cit.lan (hostname -f and /etc/hosts and DNS server) This server primary dnsdomain = ry11cit.lan (hostname -d and /etc/resolv.conf and DNS server) This server IP address(ses)   = 10.44.1.9  Only one interface detected (hostname -i (-I) and /etc/networking/interfaces and DNS server
The DC with FSMO roles        =  (samba-tool fsmo show)
The DC (with FSMO) Site name  =  (samba-tool fsmo show)
The Default Naming Context    =  (samba-tool fsmo show)
The Kerberos REALM name used  = RY11CIT.LAN    (kinit and /etc/krb5.conf and resolving)
The Ipadres of DC ry11citsdc.ry11cit.lan        = 10.44.1.9
The Ipadres of DC ry11citdc.ry11cit.lan        = 10.44.1.10
SAMBA_SERVER_ROLE: active directory domain controller
SAMBA_SERVER_SERVICES: s3fs, rpc, nbt, wrepl, ldap, cldap, kdc, drepl, winbindd, ntp_signd, kcc, dnsupdate SAMBA_DCERPC_ENDPOINT_SERVERS: epmapper, wkssvc, rpcecho, samr, netlogon, lsarpc, drsuapi, dssetup, unixinfo, browser, eventlog6, backupkey, dnsserver


file samba-debug-info.txt:---------------------------------------------------------------------------------------------

an error occurred while running:

pi@ry11citsdc:~ $ bash /home/pi/Ry11/samba-collect-debug-info.sh
Please wait, collecting debug info.
ERROR(runtime): uncaught exception - (-1073741606, 'Configuration information could not be read from the domain controller, either because the machine is unavailable or access has been d                                enied.')   File "/usr/lib/python2.7/dist-packages/samba/netcmd/__init__.py", line 176, in _run
    return self.run(*args, **kwargs)
  File "/usr/lib/python2.7/dist-packages/samba/netcmd/dns.py", line 812, in run
    self.creds = credopts.get_credentials(self.lp)
  File "/usr/lib/python2.7/dist-packages/samba/getopt.py", line 212, in get_credentials
    self.creds.set_machine_account(lp)
The debug info about your system can be found in this file: /tmp/samba-debug-info.txt


Collected config  --- 2017-12-13-11:27 -----------

Hostname: ry11citsdc
DNS Domain: ry11cit.lan
FQDN: ry11citsdc.ry11cit.lan
ipaddress: 10.44.1.9

-----------
Samba is running as an AD DC
Checking file: /etc/os-release
PRETTY_NAME="Raspbian GNU/Linux 9 (stretch)"
NAME="Raspbian GNU/Linux"
VERSION_ID="9"
VERSION="9 (stretch)"
ID=raspbian
ID_LIKE=debian
HOME_URL="http://www.raspbian.org/";
SUPPORT_URL="http://www.raspbian.org/RaspbianForums";
BUG_REPORT_URL="http://www.raspbian.org/RaspbianBugs";

-----------

Warning, /etc/devuan_version does not exist

-----------
running command : ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
    link/ether b8:27:eb:9d:64:eb brd ff:ff:ff:ff:ff:ff
    inet 10.44.1.9/16 brd 10.44.255.255 scope global eth0
3: wlan0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast state DOWN group default qlen 1000
    link/ether b8:27:eb:c8:31:be brd ff:ff:ff:ff:ff:ff
-----------
Checking file: /etc/hosts
127.0.0.1 localhost.localdomain localhost
10.44.1.10 ry11citdc.ry11cit.lan ry11citdc
10.44.1.9 ry11citsdc.ry11cit.lan ry11citsdc

-----------
Checking file: /etc/krb5.conf
[libdefaults]
    default_realm = RY11CIT.LAN
    dns_lookup_realm = false
    dns_lookup_kdc = true

-----------
Checking file: /etc/nsswitch.conf
# /etc/nsswitch.conf
#
# Example configuration of GNU Name Service Switch functionality.
# If you have the `glibc-doc-reference' and `info' packages installed, try:
# `info libc "Name Service Switch"' for information about this file.

passwd:         compat
group:          compat
shadow:         compat
gshadow:        files

hosts:          files mdns4_minimal [NOTFOUND=return] dns
networks:       files

protocols:      db files
services:       db files
ethers:         db files
rpc:            db files

netgroup:       nis

-----------
Checking file: /etc/samba/smb.conf
# Global parameters
[global]
    netbios name = RY11CITSDC
    realm = RY11CIT.LAN
    server services = -dns
    workgroup = RY11CIT
    server role = active directory domain controller

[netlogon]
    path = /var/lib/samba/sysvol/ry11cit.lan/scripts
    read only = No

[sysvol]
    path = /var/lib/samba/sysvol
    read only = No

-----------
No username map detected.

-----------
Detected bind DLZ enabled..
Checking file: /etc/bind/named.conf
// This is the primary configuration file for the BIND DNS server named.
//
// Please read /usr/share/doc/bind9/README.Debian.gz for information on the
// structure of BIND configuration files in Debian, *BEFORE* you customize
// this configuration file.
//
// If you are just adding zones, please do that in /etc/bind/named.conf.local

include "/etc/bind/named.conf.options";
include "/etc/bind/named.conf.local";
include "/etc/bind/named.conf.default-zones";
include "/var/lib/samba/private/named.conf";

-----------
Checking file: /etc/bind/named.conf.options
options {
    directory "/var/cache/bind";

    // If there is a firewall between you and nameservers you want
    // to talk to, you may need to fix the firewall to allow multiple
    // ports to talk.  See http://www.kb.cert.org/vuls/id/800113

    // If your ISP provided one or more IP addresses for stable
    // nameservers, you probably want to use them as forwarders.
    // Uncomment the following block, and insert the addresses replacing
    // the all-0's placeholder.

    // forwarders {
    //     0.0.0.0;
    // };

//========================================================================
    // If BIND logs error messages about the root key being expired,
    // you will need to update your keys.  See https://www.isc.org/bind-keys
//========================================================================
    dnssec-validation auto;

    auth-nxdomain no;    # conform to RFC1035
    listen-on-v6 { none; };
    tkey-gssapi-keytab "/var/lib/samba/private/dns.keytab";
};


-----------
Checking file: /etc/bind/named.conf.local
//
// Do any local configuration here
//

// Consider adding the 1918 zones here, if they are not used in your
// organization
//include "/etc/bind/zones.rfc1918";


-----------
Checking file: /etc/bind/named.conf.default-zones
// prime the server with knowledge of the root servers
zone "." {
    type hint;
    file "/etc/bind/db.root";
};

// be authoritative for the localhost forward and reverse zones, and for
// broadcast zones as per RFC 1912

zone "localhost" {
    type master;
    file "/etc/bind/db.local";
};

zone "127.in-addr.arpa" {
    type master;
    file "/etc/bind/db.127";
};

zone "0.in-addr.arpa" {
    type master;
    file "/etc/bind/db.0";
};

zone "255.in-addr.arpa" {
    type master;
    file "/etc/bind/db.255";
};



-----------

Installed packages, running: dpkg -l | egrep "samba|winbind|krb5|smb|acl|xattr" ii  acl 2.2.52-3                     armhf        Access control list utilities ii  krb5-config 2.6                          all          Configuration files for Kerberos Version 5 ii  krb5-user 1.15-1+deb9u1                armhf        basic programs to authenticate using MIT Kerberos ii  libacl1:armhf 2.2.52-3                     armhf        Access control list shared library ii  libgssapi-krb5-2:armhf 1.15-1+deb9u1                armhf        MIT Kerberos runtime libraries - krb5 GSS-API Mechanism ii  libkrb5-3:armhf 1.15-1+deb9u1                armhf        MIT Kerberos runtime libraries ii  libkrb5support0:armhf 1.15-1+deb9u1                armhf        MIT Kerberos runtime libraries - Support library ii  libsmbclient:armhf 2:4.5.12+dfsg-2+deb9u1       armhf        shared library for communication with SMB/CIFS servers ii  libwbclient0:armhf 2:4.5.12+dfsg-2+deb9u1       armhf        Samba winbind client library ii  python-samba 2:4.5.12+dfsg-2+deb9u1       armhf        Python bindings for Samba ii  samba 2:4.5.12+dfsg-2+deb9u1       armhf        SMB/CIFS file, print, and login server for Unix ii  samba-common 2:4.5.12+dfsg-2+deb9u1       all          common files used by both the Samba server and client ii  samba-common-bin 2:4.5.12+dfsg-2+deb9u1       armhf        Samba common files used by both the server and the client ii  samba-dsdb-modules 2:4.5.12+dfsg-2+deb9u1       armhf        Samba Directory Services Database ii  samba-libs:armhf 2:4.5.12+dfsg-2+deb9u1       armhf        Samba core libraries ii  samba-vfs-modules 2:4.5.12+dfsg-2+deb9u1       armhf        Samba Virtual FileSystem plugins ii  smbclient 2:4.5.12+dfsg-2+deb9u1       armhf        command-line SMB/CIFS clients for Unix ii  winbind 2:4.5.12+dfsg-2+deb9u1       armhf        service to resolve user and group information from Windows NT servers
-----------

Thanks Jiri Knotek


On 13. 12. 2017 10:52, L.P.H. van Belle via samba wrote:
Ow and..

Your hosts files are incorrect.
Layout should be :
ip 	hostname.fqdn hostname

So this should be :
10.44.1.10  ry11citdc.ry11cit.lan ry11citdc
10.44.1.9   ry11citsdc.ry11cit.lan ry11citsdc
Reboot both servers after the change.


Greetz,

Louis


-----Oorspronkelijk bericht-----
Van: samba [mailto:samba-bounces@xxxxxxxxxxxxxxx] Namens
L.P.H. van Belle via samba
Verzonden: woensdag 13 december 2017 10:41
Aan: samba@xxxxxxxxxxxxxxx
CC: Ji??í Knotek
Onderwerp: Re: [Samba] Replication problems bdc to pdc

Great you use my script :-)
Now we know something is wrong, run this one.

https://raw.githubusercontent.com/thctlo/samba4/master/samba-c
ollect-debug-info.sh
And post the content to the list, that helps a lot.

Greetz,

Louis

-----Oorspronkelijk bericht-----
Van: samba [mailto:samba-bounces@xxxxxxxxxxxxxxx] Namens
Ji??í Knotek via samba
Verzonden: woensdag 13 december 2017 10:14
Aan: samba@xxxxxxxxxxxxxxx
Onderwerp: Re: [Samba] Replication problems bdc to pdc

Hello Rowland,

      thank you for advice. I reconfigure both AC-DCs again
with new data
and send updated data. Unfortunately, the result is the same.
I'm also
sending a listing from

samba-setup-checkup.sh.

   * Linux: Raspbian, debian stretch lite
   * Samba version 4.5.12-Debian
   * DNS: BIND9_DLZ 9.10.x
   * Installed packages: ntp ntpdate samba smbclient winbind
libcups2
samba-common cups ldb-tools bind9 bind9utils dnsutils krb5-user

*root@ry11citdc:/home/pi/Ry11# samba-tool drs replicate ry11citsdc
ry11citdc dc=ry11cit,dc=lan*
Replicate from ry11citdc to ry11citsdc was successful.

*root@ry11citdc:/home/pi/Ry11# samba-tool drs replicate ry11citdc
ry11citsdc dc=ry11cit,dc=lan*
ERROR(<class 'samba.drs_utils.drsException'>):
DsReplicaSync failed -
drsException: DsReplicaSync failed (2, 'WERR_BADFILE')
    File
"/usr/lib/python2.7/dist-packages/samba/netcmd/drs.py", line
368, in run
      drs_utils.sendDsReplicaSync(server_bind, server_bind_handle,
source_dsa_guid, NC, req_options)
    File
"/usr/lib/python2.7/dist-packages/samba/drs_utils.py", line 83,
in sendDsReplicaSync
      raise drsException("DsReplicaSync failed %s" % estr)


*root@ry11citdc:/home/pi/Ry11# bash samba-setup-checkup.sh*
Check hostnames : Mismatch in hostname definitions
please check :
HOST_NAME_SHORT: ry11citdc
HOST_NAME_DOMAIN:
HOST_NAME_FQDN: ry11citdc
HOST_IP1: 10.44.1.10
HOST_IP2: Only one interface detected
HOST_GATEWAY: 10.44.1.1
HOST_PRIMARY_INTERFACE: 10.44.1.1
eth0
HOST_RESOLV_DOMAIN: domain ry11cit.lan
HOST_RESOLV_SEARCH: search ry11cit.lan
HOST_RESOLV_NAMESERV1: 10.44.1.10
HOST_RESOLV_NAMESERV2: 10.44.1.9
HOST_RESOLV_NAMESERV3:
Possible error detected in /etc/hosts, mismatch FQDN and
detected IP
10.44.1.10 for the host.
expected was : 10.44.1.10 ry11citdc ry11citdc
Checking detected host ipnumbers from resolv.conf and
default gateway
Ping gateway ip : 10.44.1.1 : Error
ping nameserver1: 10.44.1.10 : Ok
ping nameserver2: 10.44.1.9 : Ok
Check ping google dns : 8.8.8.8 : Error
Checking file owner..
-rw-r--r-- pi pi         /etc/samba/smb.conf
Checking file owner..
-rw-r--r-- pi pi         /etc/samba/lmhosts
Checking file owner..
Missing file /etc/samba/smbpasswd
drwxr-xr-x root root     /usr/bin
drwxr-xr-x root root     /var/cache/samba
drwxr-xr-x root root     /usr/lib/arm-linux-gnueabihf
drwxr-xr-x root root     /var/run/samba
drwxr-x--- root adm      /var/log/samba
drwxr-xr-x root root     /usr/lib/arm-linux-gnueabihf/samba
drwxr-xr-x root root     /var/run/samba
drwxr-xr-x root root     /var/lib/samba/private
drwxr-xr-x root root     /usr/sbin
drwxr-xr-x root root     /var/lib/samba
DCS 2(SERVFAIL
DC1 2(SERVFAIL
DC2
ERROR: Invalid IP address '2(SERVFAIL'!
Samba AD DC info:             =  detected (command and
where to look)
This server hostname          = ry11citdc (hostname -s and
/etc/hosts
and DNS server)
This server FQDN (hostname)   = ry11citdc (hostname -f and
/etc/hosts
and DNS server)
This server primary dnsdomain =  (hostname -d and
/etc/resolv.conf and
DNS server)
This server IP address(ses)   = 10.44.1.10  Only one
interface detected
(hostname -i (-I) and /etc/networking/interfaces and DNS server
The DC with FSMO roles        = RY11CITDC (samba-tool fsmo show)
The DC (with FSMO) Site name  = Default-First-Site-Name
(samba-tool fsmo
show)
The Default Naming Context    = DC=ry11cit,DC=lan (samba-tool
fsmo show)
The Kerberos REALM name used  = RY11CIT.LAN    (kinit and
/etc/krb5.conf
and resolving)
The Ipadres of DC 2(SERVFAIL        = 2(SERVFAIL)
SAMBA_SERVER_ROLE: active directory domain controller
SAMBA_SERVER_SERVICES: s3fs, rpc, nbt, wrepl, ldap, cldap,
kdc, drepl,
winbindd, ntp_signd, kcc, dnsupdate
SAMBA_DCERPC_ENDPOINT_SERVERS: epmapper, wkssvc, rpcecho, samr,
netlogon, lsarpc, drsuapi, dssetup, unixinfo, browser, eventlog6,
backupkey, dnsserver


*I did not come to the way the hostname -d command would return the
domain name. How can I do that? In addition, there are
host, lmhost,
resolv.conf, and so on**
*

Please help, I don 't know the advice.

System integrator Ji??í Knotek


"Primary" Active Directory Domain
Controler:----------------------------------------------------
-----------------------------------------------

--------------------------------------------------------------
--------------------------------------------------------------
-------------------------


hostname:-----------------
ry11citdc.ry11cit.lan

hosts:---------------
127.0.0.1    localhost localhost.localdomain
10.44.1.10    ry11citdc ry11citdc.ry11cit.lan
10.44.1.9     ry11citsdc ry11citsdc.ry11cit.lan

resolv.conf.head:-------------------
domain ry11cit.lan
search ry11cit.lan

systemctl.conf"--------------------
net.ipv4.ip_forward=1
net.ipv6.conf.all.disable_ipv6=1



krb5.conf:------------

[libdefaults]
      default_realm = RY11CIT.LAN
      dns_lookup_realm = false
      dns_lookup_kdc = true

named.conf:------------------------

include "/etc/bind/named.conf.options";
include "/etc/bind/named.conf.local";
include "/etc/bind/named.conf.default-zones";
include "/var/lib/samba/private/named.conf";

named.conf.options:-----------------------

options {
      directory "/var/cache/bind";

      dnssec-validation auto;

      auth-nxdomain no;    # conform to RFC1035
      listen-on-v6 { none; };
      tkey-gssapi-keytab "/var/lib/samba/private/dns.keytab";
};

lmhost:--------------------------
127.0.0.1   localhost
10.44.1.10  ry11citdc
10.44.1.9   ry11citsdc

smb.conf:------------------------------

# Global parameters
[global]
      netbios name = RY11CITDC
      realm = RY11CIT.LAN
      server services = -dns
      workgroup = RY11CIT
      server role = active directory domain controller

[netlogon]
      path = /var/lib/samba/sysvol/ry11cit.lan/scripts
      read only = No

[sysvol]
      path = /var/lib/samba/sysvol
      read only = No

Samba Provision---------------:

      samba-tool domain provision --realm=RY11CIT.LAN
--domain=RY11CIT
--server-role=dc --dns-backend=BIND9_DLZ --adminpass='.....'

"Backup / Standby" Active Directory Domain
Controler:----------------------------------------------------
-----------------------------------------------


--------------------------------------------------------------
--------------------------------------------------------------
-------------------------


hostname:-----------------
ry11citsdc.ry11cit.lan

hosts:---------------
127.0.0.1    localhost localhost.localdomain
10.44.1.10    ry11citdc ry11citdc.ry11cit.lan
10.44.1.9     ry11citsdc ry11citsdc.ry11cit.lan

resolv.conf.head:-------------------
domain ry11cit.lan
search ry11cit.lan

systemctl.conf"--------------------
net.ipv4.ip_forward=1
net.ipv6.conf.all.disable_ipv6=1



krb5.conf:------------

[libdefaults]
      default_realm = RY11CIT.LAN
      dns_lookup_realm = false
      dns_lookup_kdc = true

named.conf:------------------------

include "/etc/bind/named.conf.options";
include "/etc/bind/named.conf.local";
include "/etc/bind/named.conf.default-zones";
include "/var/lib/samba/private/named.conf";

named.conf.options:-----------------------

options {
      directory "/var/cache/bind";

      dnssec-validation auto;

      auth-nxdomain no;    # conform to RFC1035
      listen-on-v6 { none; };
      tkey-gssapi-keytab "/var/lib/samba/private/dns.keytab";
};

lmhost:--------------------------
127.0.0.1   localhost
10.44.1.10  ry11citdc
10.44.1.9   ry11citsdc

smb.conf:------------------------------

# Global parameters
[global]
      netbios name = RY11CITSDC
      realm = RY11CIT.LAN
      server services = -dns
      workgroup = RY11CIT
      server role = active directory domain controller

[netlogon]
      path = /var/lib/samba/sysvol/ry11cit.lan/scripts
      read only = No

[sysvol]
      path = /var/lib/samba/sysvol
      read only = No

Samba join---------------:

         samba-tool domain join RY11CIT DC -Uadministrator
--realm=RY11CIT.LAN --dns-backend=BIND9_DLZ --adminpass='.....'


Thanks Jiri Knotek


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba



--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba




--

*Ing. Jiří Knotek*
programátor

*GEMA s.r.o. Automatizace technologických procesů*

Doubravice 13, Pardubice 19, 53353
Tel: +420604570127
E-mail: jiri.knotek@xxxxxxxxxx <mailto:jiri.knotek@xxxxxxxxxx>
Web:www.gemapce.cz <http://www.gemapce.cz/>


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba