Web lists-archives.com

Re: [Samba] Replication problems bdc to pdc




Hallo Louis,

I am sorry. I forgot to login as a root, I hurried.


10.44.1.10 is gateway on destination site, there is not available.


"Primary" Active Directory Domain Controler: -------------------------------------------------------------------------------------------------------------

root@ry11citdc:~# bash /home/pi/Ry11/samba-setup-checkup.sh
Check hostnames : Ok
Checking detected host ipnumbers from resolv.conf and default gateway
Ping gateway ip : 10.44.1.1 : Error
Warning, no ping to gateway, this might be firewalled.
check you internet connection, AD DNS might need it.
ping nameserver1: 10.44.1.10 : Ok
ping nameserver2: 10.44.1.9 : Ok
Check ping google dns : 8.8.8.8 : Error
Warning, no ping to internet dns 8.8.8.8, this might be firewalled.
Check you internet connection, AD DNS might need it.
Checking file owner..
-rw-r--r-- pi pi         /etc/samba/smb.conf
Checking file owner..
-rw-r--r-- pi pi         /etc/samba/lmhosts
Checking file owner..
Missing file /etc/samba/smbpasswd
drwxr-xr-x root root     /usr/bin
drwxr-xr-x root root     /var/cache/samba
drwxr-xr-x root root     /usr/lib/arm-linux-gnueabihf
drwxr-xr-x root root     /var/run/samba
drwxr-x--- root adm      /var/log/samba
drwxr-xr-x root root     /usr/lib/arm-linux-gnueabihf/samba
drwxr-xr-x root root     /var/run/samba
drwxr-xr-x root root     /var/lib/samba/private
drwxr-xr-x root root     /usr/sbin
drwxr-xr-x root root     /var/lib/samba
DCS ry11citdc.ry11cit.lan
DC1 ry11citdc.ry11cit.lan
DC2
Samba AD DC info:             =  detected (command and where to look)
This server hostname          = ry11citdc (hostname -s and /etc/hosts and DNS server) This server FQDN (hostname)   = ry11citdc.ry11cit.lan (hostname -f and /etc/hosts and DNS server) This server primary dnsdomain = ry11cit.lan (hostname -d and /etc/resolv.conf and DNS server) This server IP address(ses)   = 10.44.1.10  Only one interface detected (hostname -i (-I) and /etc/networking/interfaces and DNS server
The DC with FSMO roles        = RY11CITDC (samba-tool fsmo show)
The DC (with FSMO) Site name  = Default-First-Site-Name (samba-tool fsmo show)
The Default Naming Context    = DC=ry11cit,DC=lan (samba-tool fsmo show)
The Kerberos REALM name used  = RY11CIT.LAN    (kinit and /etc/krb5.conf and resolving)
The Ipadres of DC ry11citdc.ry11cit.lan        = 10.44.1.10
SAMBA_SERVER_ROLE: active directory domain controller
SAMBA_SERVER_SERVICES: s3fs, rpc, nbt, wrepl, ldap, cldap, kdc, drepl, winbindd, ntp_signd, kcc, dnsupdate SAMBA_DCERPC_ENDPOINT_SERVERS: epmapper, wkssvc, rpcecho, samr, netlogon, lsarpc, drsuapi, dssetup, unixinfo, browser, eventlog6, backupkey, dnsserver


file samba-debug-info.txt:---------------------------------

Collected config  --- 2017-12-13-13:02 -----------

Hostname: ry11citdc
DNS Domain: ry11cit.lan
FQDN: ry11citdc.ry11cit.lan
ipaddress: 10.44.1.10

-----------
Samba is running as an AD DC
Checking file: /etc/os-release
PRETTY_NAME="Raspbian GNU/Linux 9 (stretch)"
NAME="Raspbian GNU/Linux"
VERSION_ID="9"
VERSION="9 (stretch)"
ID=raspbian
ID_LIKE=debian
HOME_URL="http://www.raspbian.org/";
SUPPORT_URL="http://www.raspbian.org/RaspbianForums";
BUG_REPORT_URL="http://www.raspbian.org/RaspbianBugs";

-----------

Warning, /etc/devuan_version does not exist

-----------
running command : ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
    link/ether b8:27:eb:69:ac:e4 brd ff:ff:ff:ff:ff:ff
    inet 10.44.1.10/16 brd 10.44.255.255 scope global eth0
-----------
Checking file: /etc/hosts
127.0.0.1 localhost.localdomain localhost
10.44.1.10 ry11citdc.ry11cit.lan ry11citdc
10.44.1.9 ry11citsdc.ry11cit.lan ry11citsdc

-----------
Checking file: /etc/krb5.conf
[libdefaults]
    default_realm = RY11CIT.LAN
    dns_lookup_realm = false
    dns_lookup_kdc = true

-----------
Checking file: /etc/nsswitch.conf
# /etc/nsswitch.conf
#
# Example configuration of GNU Name Service Switch functionality.
# If you have the `glibc-doc-reference' and `info' packages installed, try:
# `info libc "Name Service Switch"' for information about this file.

passwd:         compat
group:          compat
shadow:         compat
gshadow:        files

hosts:          files mdns4_minimal [NOTFOUND=return] dns
networks:       files

protocols:      db files
services:       db files
ethers:         db files
rpc:            db files

netgroup:       nis

-----------
Checking file: /etc/samba/smb.conf
# Global parameters
[global]
    netbios name = RY11CITDC
    realm = RY11CIT.LAN
    server services = -dns
    workgroup = RY11CIT
    server role = active directory domain controller

[netlogon]
    path = /var/lib/samba/sysvol/ry11cit.lan/scripts
    read only = No

[sysvol]
    path = /var/lib/samba/sysvol
    read only = No

-----------
No username map detected.

-----------
Detected bind DLZ enabled..
Checking file: /etc/bind/named.conf
// This is the primary configuration file for the BIND DNS server named.
//
// Please read /usr/share/doc/bind9/README.Debian.gz for information on the
// structure of BIND configuration files in Debian, *BEFORE* you customize
// this configuration file.
//
// If you are just adding zones, please do that in /etc/bind/named.conf.local

include "/etc/bind/named.conf.options";
include "/etc/bind/named.conf.local";
include "/etc/bind/named.conf.default-zones";
include "/var/lib/samba/private/named.conf";

-----------
Checking file: /etc/bind/named.conf.options
options {
    directory "/var/cache/bind";

    // If there is a firewall between you and nameservers you want
    // to talk to, you may need to fix the firewall to allow multiple
    // ports to talk.  See http://www.kb.cert.org/vuls/id/800113

    // If your ISP provided one or more IP addresses for stable
    // nameservers, you probably want to use them as forwarders.
    // Uncomment the following block, and insert the addresses replacing
    // the all-0's placeholder.

    // forwarders {
    //     0.0.0.0;
    // };

//========================================================================
    // If BIND logs error messages about the root key being expired,
    // you will need to update your keys.  See https://www.isc.org/bind-keys
//========================================================================
    dnssec-validation auto;

    auth-nxdomain no;    # conform to RFC1035
    listen-on-v6 { none; };
    tkey-gssapi-keytab "/var/lib/samba/private/dns.keytab";
};


-----------
Checking file: /etc/bind/named.conf.local
//
// Do any local configuration here
//

// Consider adding the 1918 zones here, if they are not used in your
// organization
//include "/etc/bind/zones.rfc1918";


-----------
Checking file: /etc/bind/named.conf.default-zones
// prime the server with knowledge of the root servers
zone "." {
    type hint;
    file "/etc/bind/db.root";
};

// be authoritative for the localhost forward and reverse zones, and for
// broadcast zones as per RFC 1912

zone "localhost" {
    type master;
    file "/etc/bind/db.local";
};

zone "127.in-addr.arpa" {
    type master;
    file "/etc/bind/db.127";
};

zone "0.in-addr.arpa" {
    type master;
    file "/etc/bind/db.0";
};

zone "255.in-addr.arpa" {
    type master;
    file "/etc/bind/db.255";
};



-----------

Installed packages, running: dpkg -l | egrep "samba|winbind|krb5|smb|acl|xattr" ii  acl 2.2.52-3                     armhf        Access control list utilities ii  krb5-config 2.6                          all          Configuration files for Kerberos Version 5 ii  krb5-user 1.15-1+deb9u1                armhf        basic programs to authenticate using MIT Kerberos ii  libacl1:armhf 2.2.52-3                     armhf        Access control list shared library ii  libgssapi-krb5-2:armhf 1.15-1+deb9u1                armhf        MIT Kerberos runtime libraries - krb5 GSS-API Mechanism ii  libkrb5-3:armhf 1.15-1+deb9u1                armhf        MIT Kerberos runtime libraries ii  libkrb5support0:armhf 1.15-1+deb9u1                armhf        MIT Kerberos runtime libraries - Support library ii  libsmbclient:armhf 2:4.5.12+dfsg-2+deb9u1       armhf        shared library for communication with SMB/CIFS servers ii  libwbclient0:armhf 2:4.5.12+dfsg-2+deb9u1       armhf        Samba winbind client library ii  python-samba 2:4.5.12+dfsg-2+deb9u1       armhf        Python bindings for Samba ii  samba 2:4.5.12+dfsg-2+deb9u1       armhf        SMB/CIFS file, print, and login server for Unix ii  samba-common 2:4.5.12+dfsg-2+deb9u1       all          common files used by both the Samba server and client ii  samba-common-bin 2:4.5.12+dfsg-2+deb9u1       armhf        Samba common files used by both the server and the client ii  samba-dsdb-modules 2:4.5.12+dfsg-2+deb9u1       armhf        Samba Directory Services Database ii  samba-libs:armhf 2:4.5.12+dfsg-2+deb9u1       armhf        Samba core libraries ii  samba-vfs-modules 2:4.5.12+dfsg-2+deb9u1       armhf        Samba Virtual FileSystem plugins ii  smbclient 2:4.5.12+dfsg-2+deb9u1       armhf        command-line SMB/CIFS clients for Unix ii  winbind 2:4.5.12+dfsg-2+deb9u1       armhf        service to resolve user and group information from Windows NT servers
-----------




"Backup / Standby" Active Directory Domain Controler: -------------------------------------------------------------------------------------------------------------

root@ry11citsdc:~# bash /home/pi/Ry11/samba-setup-checkup.sh
Check hostnames : Ok
Checking detected host ipnumbers from resolv.conf and default gateway
Ping gateway ip : 10.44.1.1 : Error
Warning, no ping to gateway, this might be firewalled.
check you internet connection, AD DNS might need it.
ping nameserver1: 10.44.1.9 : Ok
ping nameserver2: 10.44.1.10 : Ok
Check ping google dns : 8.8.8.8 : Error
Warning, no ping to internet dns 8.8.8.8, this might be firewalled.
Check you internet connection, AD DNS might need it.
Checking file owner..
-rw-r--r-- pi pi         /etc/samba/smb.conf
Checking file owner..
-rw-r--r-- pi pi         /etc/samba/lmhosts
Checking file owner..
Missing file /etc/samba/smbpasswd
drwxr-xr-x root root     /usr/bin
drwxr-xr-x root root     /var/cache/samba
drwxr-xr-x root root     /usr/lib/arm-linux-gnueabihf
drwxr-xr-x root root     /var/run/samba
drwxr-x--- root adm      /var/log/samba
drwxr-xr-x root root     /usr/lib/arm-linux-gnueabihf/samba
drwxr-xr-x root root     /var/run/samba
drwxr-xr-x root root     /var/lib/samba/private
drwxr-xr-x root root     /usr/sbin
drwxr-xr-x root root     /var/lib/samba
DCS ry11citsdc.ry11cit.lan
ry11citdc.ry11cit.lan
DC1 ry11citsdc.ry11cit.lan
DC2 ry11citdc.ry11cit.lan
Samba AD DC info:             =  detected (command and where to look)
This server hostname          = ry11citsdc (hostname -s and /etc/hosts and DNS server) This server FQDN (hostname)   = ry11citsdc.ry11cit.lan (hostname -f and /etc/hosts and DNS server) This server primary dnsdomain = ry11cit.lan (hostname -d and /etc/resolv.conf and DNS server) This server IP address(ses)   = 10.44.1.9  Only one interface detected (hostname -i (-I) and /etc/networking/interfaces and DNS server
The DC with FSMO roles        = RY11CITDC (samba-tool fsmo show)
The DC (with FSMO) Site name  = Default-First-Site-Name (samba-tool fsmo show)
The Default Naming Context    = DC=ry11cit,DC=lan (samba-tool fsmo show)
The Kerberos REALM name used  = RY11CIT.LAN    (kinit and /etc/krb5.conf and resolving)
The Ipadres of DC ry11citsdc.ry11cit.lan        = 10.44.1.9
The Ipadres of DC ry11citdc.ry11cit.lan        = 10.44.1.10
SAMBA_SERVER_ROLE: active directory domain controller
SAMBA_SERVER_SERVICES: s3fs, rpc, nbt, wrepl, ldap, cldap, kdc, drepl, winbindd, ntp_signd, kcc, dnsupdate SAMBA_DCERPC_ENDPOINT_SERVERS: epmapper, wkssvc, rpcecho, samr, netlogon, lsarpc, drsuapi, dssetup, unixinfo, browser, eventlog6, backupkey, dnsserver
root@ry11citsdc:~#


file samba-debug-info.txt:---------------------------------

Collected config  --- 2017-12-13-12:45 -----------

Hostname: ry11citsdc
DNS Domain: ry11cit.lan
FQDN: ry11citsdc.ry11cit.lan
ipaddress: 10.44.1.9

-----------
Samba is running as an AD DC
Checking file: /etc/os-release
PRETTY_NAME="Raspbian GNU/Linux 9 (stretch)"
NAME="Raspbian GNU/Linux"
VERSION_ID="9"
VERSION="9 (stretch)"
ID=raspbian
ID_LIKE=debian
HOME_URL="http://www.raspbian.org/";
SUPPORT_URL="http://www.raspbian.org/RaspbianForums";
BUG_REPORT_URL="http://www.raspbian.org/RaspbianBugs";

-----------

Warning, /etc/devuan_version does not exist

-----------
running command : ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
    link/ether b8:27:eb:9d:64:eb brd ff:ff:ff:ff:ff:ff
    inet 10.44.1.9/16 brd 10.44.255.255 scope global eth0
3: wlan0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast state DOWN group default qlen 1000
    link/ether b8:27:eb:c8:31:be brd ff:ff:ff:ff:ff:ff
-----------
Checking file: /etc/hosts
127.0.0.1 localhost.localdomain localhost
10.44.1.10 ry11citdc.ry11cit.lan ry11citdc
10.44.1.9 ry11citsdc.ry11cit.lan ry11citsdc

-----------
Checking file: /etc/krb5.conf
[libdefaults]
    default_realm = RY11CIT.LAN
    dns_lookup_realm = false
    dns_lookup_kdc = true

-----------
Checking file: /etc/nsswitch.conf
# /etc/nsswitch.conf
#
# Example configuration of GNU Name Service Switch functionality.
# If you have the `glibc-doc-reference' and `info' packages installed, try:
# `info libc "Name Service Switch"' for information about this file.

passwd:         compat
group:          compat
shadow:         compat
gshadow:        files

hosts:          files mdns4_minimal [NOTFOUND=return] dns
networks:       files

protocols:      db files
services:       db files
ethers:         db files
rpc:            db files

netgroup:       nis

-----------
Checking file: /etc/samba/smb.conf
# Global parameters
[global]
    netbios name = RY11CITSDC
    realm = RY11CIT.LAN
    server services = -dns
    workgroup = RY11CIT
    server role = active directory domain controller

[netlogon]
    path = /var/lib/samba/sysvol/ry11cit.lan/scripts
    read only = No

[sysvol]
    path = /var/lib/samba/sysvol
    read only = No

-----------
No username map detected.

-----------
Detected bind DLZ enabled..
Checking file: /etc/bind/named.conf
// This is the primary configuration file for the BIND DNS server named.
//
// Please read /usr/share/doc/bind9/README.Debian.gz for information on the
// structure of BIND configuration files in Debian, *BEFORE* you customize
// this configuration file.
//
// If you are just adding zones, please do that in /etc/bind/named.conf.local

include "/etc/bind/named.conf.options";
include "/etc/bind/named.conf.local";
include "/etc/bind/named.conf.default-zones";
include "/var/lib/samba/private/named.conf";

-----------
Checking file: /etc/bind/named.conf.options
options {
    directory "/var/cache/bind";

    // If there is a firewall between you and nameservers you want
    // to talk to, you may need to fix the firewall to allow multiple
    // ports to talk.  See http://www.kb.cert.org/vuls/id/800113

    // If your ISP provided one or more IP addresses for stable
    // nameservers, you probably want to use them as forwarders.
    // Uncomment the following block, and insert the addresses replacing
    // the all-0's placeholder.

    // forwarders {
    //     0.0.0.0;
    // };

//========================================================================
    // If BIND logs error messages about the root key being expired,
    // you will need to update your keys.  See https://www.isc.org/bind-keys
//========================================================================
    dnssec-validation auto;

    auth-nxdomain no;    # conform to RFC1035
    listen-on-v6 { none; };
    tkey-gssapi-keytab "/var/lib/samba/private/dns.keytab";
};


-----------
Checking file: /etc/bind/named.conf.local
//
// Do any local configuration here
//

// Consider adding the 1918 zones here, if they are not used in your
// organization
//include "/etc/bind/zones.rfc1918";


-----------
Checking file: /etc/bind/named.conf.default-zones
// prime the server with knowledge of the root servers
zone "." {
    type hint;
    file "/etc/bind/db.root";
};

// be authoritative for the localhost forward and reverse zones, and for
// broadcast zones as per RFC 1912

zone "localhost" {
    type master;
    file "/etc/bind/db.local";
};

zone "127.in-addr.arpa" {
    type master;
    file "/etc/bind/db.127";
};

zone "0.in-addr.arpa" {
    type master;
    file "/etc/bind/db.0";
};

zone "255.in-addr.arpa" {
    type master;
    file "/etc/bind/db.255";
};



-----------

Installed packages, running: dpkg -l | egrep "samba|winbind|krb5|smb|acl|xattr" ii  acl 2.2.52-3                     armhf        Access control list utilities ii  krb5-config 2.6                          all          Configuration files for Kerberos Version 5 ii  krb5-user 1.15-1+deb9u1                armhf        basic programs to authenticate using MIT Kerberos ii  libacl1:armhf 2.2.52-3                     armhf        Access control list shared library ii  libgssapi-krb5-2:armhf 1.15-1+deb9u1                armhf        MIT Kerberos runtime libraries - krb5 GSS-API Mechanism ii  libkrb5-3:armhf 1.15-1+deb9u1                armhf        MIT Kerberos runtime libraries ii  libkrb5support0:armhf 1.15-1+deb9u1                armhf        MIT Kerberos runtime libraries - Support library ii  libsmbclient:armhf 2:4.5.12+dfsg-2+deb9u1       armhf        shared library for communication with SMB/CIFS servers ii  libwbclient0:armhf 2:4.5.12+dfsg-2+deb9u1       armhf        Samba winbind client library ii  python-samba 2:4.5.12+dfsg-2+deb9u1       armhf        Python bindings for Samba ii  samba 2:4.5.12+dfsg-2+deb9u1       armhf        SMB/CIFS file, print, and login server for Unix ii  samba-common 2:4.5.12+dfsg-2+deb9u1       all          common files used by both the Samba server and client ii  samba-common-bin 2:4.5.12+dfsg-2+deb9u1       armhf        Samba common files used by both the server and the client ii  samba-dsdb-modules 2:4.5.12+dfsg-2+deb9u1       armhf        Samba Directory Services Database ii  samba-libs:armhf 2:4.5.12+dfsg-2+deb9u1       armhf        Samba core libraries ii  samba-vfs-modules 2:4.5.12+dfsg-2+deb9u1       armhf        Samba Virtual FileSystem plugins ii  smbclient 2:4.5.12+dfsg-2+deb9u1       armhf        command-line SMB/CIFS clients for Unix ii  winbind 2:4.5.12+dfsg-2+deb9u1       armhf        service to resolve user and group information from Windows NT servers
-----------


On 13. 12. 2017 12:05, L.P.H. van Belle via samba wrote:
Hai,

Both script where missing "run as root".
I've update the github versions.

Can you run that these again, but as root or with sudo.
And post the content again.


Greetz,

Louis


-----Oorspronkelijk bericht-----
Van: samba [mailto:samba-bounces@xxxxxxxxxxxxxxx] Namens
Ji??í Knotek via samba
Verzonden: woensdag 13 december 2017 11:36
Aan: samba@xxxxxxxxxxxxxxx
Onderwerp: Re: [Samba] Replication problems bdc to pdc

Hallo Louis,

      thanks for the response.

Yes, change on ry11citsdc, now hostname -d works correctly.
Somewhere I
saw the opposite entry. Thanks for the repair. Samba-setup-checkup.sh
follows:----------------------------------------------------


....

Thanks Jiri Knotek


On 13. 12. 2017 10:52, L.P.H. van Belle via samba wrote:
Ow and..

Your hosts files are incorrect.
Layout should be :
ip 	hostname.fqdn hostname

So this should be :
10.44.1.10  ry11citdc.ry11cit.lan ry11citdc
10.44.1.9   ry11citsdc.ry11cit.lan ry11citsdc
Reboot both servers after the change.


Greetz,

Louis


-----Oorspronkelijk bericht-----
Van: samba [mailto:samba-bounces@xxxxxxxxxxxxxxx] Namens
L.P.H. van Belle via samba
Verzonden: woensdag 13 december 2017 10:41
Aan: samba@xxxxxxxxxxxxxxx
CC: Ji??í Knotek
Onderwerp: Re: [Samba] Replication problems bdc to pdc

Great you use my script :-)
Now we know something is wrong, run this one.

https://raw.githubusercontent.com/thctlo/samba4/master/samba-c
ollect-debug-info.sh
And post the content to the list, that helps a lot.

Greetz,

Louis

-----Oorspronkelijk bericht-----
Van: samba [mailto:samba-bounces@xxxxxxxxxxxxxxx] Namens
Ji??í Knotek via samba
Verzonden: woensdag 13 december 2017 10:14
Aan: samba@xxxxxxxxxxxxxxx
Onderwerp: Re: [Samba] Replication problems bdc to pdc

Hello Rowland,

       thank you for advice. I reconfigure both AC-DCs again
with new data
and send updated data. Unfortunately, the result is the same.
I'm also
sending a listing from

samba-setup-checkup.sh.

    * Linux: Raspbian, debian stretch lite
    * Samba version 4.5.12-Debian
    * DNS: BIND9_DLZ 9.10.x
    * Installed packages: ntp ntpdate samba smbclient winbind
libcups2
samba-common cups ldb-tools bind9 bind9utils dnsutils krb5-user

*root@ry11citdc:/home/pi/Ry11# samba-tool drs replicate ry11citsdc
ry11citdc dc=ry11cit,dc=lan*
Replicate from ry11citdc to ry11citsdc was successful.

*root@ry11citdc:/home/pi/Ry11# samba-tool drs replicate ry11citdc
ry11citsdc dc=ry11cit,dc=lan*
ERROR(<class 'samba.drs_utils.drsException'>):
DsReplicaSync failed -
drsException: DsReplicaSync failed (2, 'WERR_BADFILE')
     File
"/usr/lib/python2.7/dist-packages/samba/netcmd/drs.py", line
368, in run
       drs_utils.sendDsReplicaSync(server_bind, server_bind_handle,
source_dsa_guid, NC, req_options)
     File
"/usr/lib/python2.7/dist-packages/samba/drs_utils.py", line 83,
in sendDsReplicaSync
       raise drsException("DsReplicaSync failed %s" % estr)


*root@ry11citdc:/home/pi/Ry11# bash samba-setup-checkup.sh*
Check hostnames : Mismatch in hostname definitions
please check :
HOST_NAME_SHORT: ry11citdc
HOST_NAME_DOMAIN:
HOST_NAME_FQDN: ry11citdc
HOST_IP1: 10.44.1.10
HOST_IP2: Only one interface detected
HOST_GATEWAY: 10.44.1.1
HOST_PRIMARY_INTERFACE: 10.44.1.1
eth0
HOST_RESOLV_DOMAIN: domain ry11cit.lan
HOST_RESOLV_SEARCH: search ry11cit.lan
HOST_RESOLV_NAMESERV1: 10.44.1.10
HOST_RESOLV_NAMESERV2: 10.44.1.9
HOST_RESOLV_NAMESERV3:
Possible error detected in /etc/hosts, mismatch FQDN and
detected IP
10.44.1.10 for the host.
expected was : 10.44.1.10 ry11citdc ry11citdc
Checking detected host ipnumbers from resolv.conf and
default gateway
Ping gateway ip : 10.44.1.1 : Error
ping nameserver1: 10.44.1.10 : Ok
ping nameserver2: 10.44.1.9 : Ok
Check ping google dns : 8.8.8.8 : Error
Checking file owner..
-rw-r--r-- pi pi         /etc/samba/smb.conf
Checking file owner..
-rw-r--r-- pi pi         /etc/samba/lmhosts
Checking file owner..
Missing file /etc/samba/smbpasswd
drwxr-xr-x root root     /usr/bin
drwxr-xr-x root root     /var/cache/samba
drwxr-xr-x root root     /usr/lib/arm-linux-gnueabihf
drwxr-xr-x root root     /var/run/samba
drwxr-x--- root adm      /var/log/samba
drwxr-xr-x root root     /usr/lib/arm-linux-gnueabihf/samba
drwxr-xr-x root root     /var/run/samba
drwxr-xr-x root root     /var/lib/samba/private
drwxr-xr-x root root     /usr/sbin
drwxr-xr-x root root     /var/lib/samba
DCS 2(SERVFAIL
DC1 2(SERVFAIL
DC2
ERROR: Invalid IP address '2(SERVFAIL'!
Samba AD DC info:             =  detected (command and
where to look)
This server hostname          = ry11citdc (hostname -s and
/etc/hosts
and DNS server)
This server FQDN (hostname)   = ry11citdc (hostname -f and
/etc/hosts
and DNS server)
This server primary dnsdomain =  (hostname -d and
/etc/resolv.conf and
DNS server)
This server IP address(ses)   = 10.44.1.10  Only one
interface detected
(hostname -i (-I) and /etc/networking/interfaces and DNS server
The DC with FSMO roles        = RY11CITDC (samba-tool fsmo show)
The DC (with FSMO) Site name  = Default-First-Site-Name
(samba-tool fsmo
show)
The Default Naming Context    = DC=ry11cit,DC=lan (samba-tool
fsmo show)
The Kerberos REALM name used  = RY11CIT.LAN    (kinit and
/etc/krb5.conf
and resolving)
The Ipadres of DC 2(SERVFAIL        = 2(SERVFAIL)
SAMBA_SERVER_ROLE: active directory domain controller
SAMBA_SERVER_SERVICES: s3fs, rpc, nbt, wrepl, ldap, cldap,
kdc, drepl,
winbindd, ntp_signd, kcc, dnsupdate
SAMBA_DCERPC_ENDPOINT_SERVERS: epmapper, wkssvc, rpcecho, samr,
netlogon, lsarpc, drsuapi, dssetup, unixinfo, browser, eventlog6,
backupkey, dnsserver


*I did not come to the way the hostname -d command would
return the
domain name. How can I do that? In addition, there are
host, lmhost,
resolv.conf, and so on**
*

Please help, I don 't know the advice.

System integrator Ji??í Knotek


"Primary" Active Directory Domain
Controler:----------------------------------------------------
-----------------------------------------------

--------------------------------------------------------------
--------------------------------------------------------------
-------------------------


hostname:-----------------
ry11citdc.ry11cit.lan

hosts:---------------
127.0.0.1    localhost localhost.localdomain
10.44.1.10    ry11citdc ry11citdc.ry11cit.lan
10.44.1.9     ry11citsdc ry11citsdc.ry11cit.lan

resolv.conf.head:-------------------
domain ry11cit.lan
search ry11cit.lan

systemctl.conf"--------------------
net.ipv4.ip_forward=1
net.ipv6.conf.all.disable_ipv6=1



krb5.conf:------------

[libdefaults]
       default_realm = RY11CIT.LAN
       dns_lookup_realm = false
       dns_lookup_kdc = true

named.conf:------------------------

include "/etc/bind/named.conf.options";
include "/etc/bind/named.conf.local";
include "/etc/bind/named.conf.default-zones";
include "/var/lib/samba/private/named.conf";

named.conf.options:-----------------------

options {
       directory "/var/cache/bind";

       dnssec-validation auto;

       auth-nxdomain no;    # conform to RFC1035
       listen-on-v6 { none; };
       tkey-gssapi-keytab "/var/lib/samba/private/dns.keytab";
};

lmhost:--------------------------
127.0.0.1   localhost
10.44.1.10  ry11citdc
10.44.1.9   ry11citsdc

smb.conf:------------------------------

# Global parameters
[global]
       netbios name = RY11CITDC
       realm = RY11CIT.LAN
       server services = -dns
       workgroup = RY11CIT
       server role = active directory domain controller

[netlogon]
       path = /var/lib/samba/sysvol/ry11cit.lan/scripts
       read only = No

[sysvol]
       path = /var/lib/samba/sysvol
       read only = No

Samba Provision---------------:

       samba-tool domain provision --realm=RY11CIT.LAN
--domain=RY11CIT
--server-role=dc --dns-backend=BIND9_DLZ --adminpass='.....'

"Backup / Standby" Active Directory Domain
Controler:----------------------------------------------------
-----------------------------------------------


--------------------------------------------------------------
--------------------------------------------------------------
-------------------------


hostname:-----------------
ry11citsdc.ry11cit.lan

hosts:---------------
127.0.0.1    localhost localhost.localdomain
10.44.1.10    ry11citdc ry11citdc.ry11cit.lan
10.44.1.9     ry11citsdc ry11citsdc.ry11cit.lan

resolv.conf.head:-------------------
domain ry11cit.lan
search ry11cit.lan

systemctl.conf"--------------------
net.ipv4.ip_forward=1
net.ipv6.conf.all.disable_ipv6=1



krb5.conf:------------

[libdefaults]
       default_realm = RY11CIT.LAN
       dns_lookup_realm = false
       dns_lookup_kdc = true

named.conf:------------------------

include "/etc/bind/named.conf.options";
include "/etc/bind/named.conf.local";
include "/etc/bind/named.conf.default-zones";
include "/var/lib/samba/private/named.conf";

named.conf.options:-----------------------

options {
       directory "/var/cache/bind";

       dnssec-validation auto;

       auth-nxdomain no;    # conform to RFC1035
       listen-on-v6 { none; };
       tkey-gssapi-keytab "/var/lib/samba/private/dns.keytab";
};

lmhost:--------------------------
127.0.0.1   localhost
10.44.1.10  ry11citdc
10.44.1.9   ry11citsdc

smb.conf:------------------------------

# Global parameters
[global]
       netbios name = RY11CITSDC
       realm = RY11CIT.LAN
       server services = -dns
       workgroup = RY11CIT
       server role = active directory domain controller

[netlogon]
       path = /var/lib/samba/sysvol/ry11cit.lan/scripts
       read only = No

[sysvol]
       path = /var/lib/samba/sysvol
       read only = No

Samba join---------------:

          samba-tool domain join RY11CIT DC -Uadministrator
--realm=RY11CIT.LAN --dns-backend=BIND9_DLZ --adminpass='.....'


Thanks Jiri Knotek


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba


--

*Ing. Ji??í Knotek*
programátor

*GEMA s.r.o. Automatizace technologických proces??*

Doubravice 13, Pardubice 19, 53353
Tel: +420604570127
E-mail: jiri.knotek@xxxxxxxxxx <mailto:jiri.knotek@xxxxxxxxxx>
Web:www.gemapce.cz <http://www.gemapce.cz/>


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba




--

*Ing. Jiří Knotek*
programátor

*GEMA s.r.o. Automatizace technologických procesů*

Doubravice 13, Pardubice 19, 53353
Tel: +420604570127
E-mail: jiri.knotek@xxxxxxxxxx <mailto:jiri.knotek@xxxxxxxxxx>
Web:www.gemapce.cz <http://www.gemapce.cz/>


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba