Web lists-archives.com

Re: [Samba] preparing a 2nd DC




Am 30.01.19 um 12:09 schrieb Stefan G. Weichinger via samba:
> Am 30.01.19 um 11:37 schrieb Rowland Penny via samba:
> 
>> You will have to sync sysvol AFTER the join
>> The join will create the kerberos ticket (unless you are actually
>> referring to /etc/krb5.conf) and smb.conf.
>> /etc/resolv.conf needs to point to DC1 before the join and itself after
>> the join.
> 
> phew! I didn't have that on the radar, good that I asked ...
> 
> No problem to temporarily disable the rsync-job and rm the kerberos
> ticket (quick reboot of DC2 during lunch ;-)).
> 
> thanks!
> 
>>> I hesitate to join the DC2 during work hours ;-) from experience.
>>
>> Wise decision ;-)
> 
> At least this was done correctly ;-)
> 
>>> And I think it's better to ask you *before* I crash my network ;-)
>>
>> Oh definitely, better to ask before, it is easier to fix ;-)
> 
> great, thanks so far.


Are we surprised that I face difficulties at the join? no ...

;-)

clean /etc/samba, no krb5.conf


# samba-tool domain join mydomain.at -U"BUERO\Administrator"
--dns-backend=SAMBA_INTERNAL --option='idmap_ldb:use rfc2307 = yes'
Password for [BUERO\Administrator]:
ERROR(runtime): uncaught exception - (-1073741606,
'provision_store_self_join failed with NT_STATUS_CANT_ACCESS_DOMAIN_INFO')
  File "/usr/lib/python2.7/dist-packages/samba/netcmd/__init__.py", line
176, in _run
    return self.run(*args, **kwargs)
  File "/usr/lib/python2.7/dist-packages/samba/netcmd/domain.py", line
697, in run
    machinepass=machinepass)


-

the smb.conf on DC(1) says:

[global]
	workgroup = BUERO
	realm = MYDOMAIN.AT
	netbios name = DC


that comes from old NT4 times

I wonder if I use wrong realm/domain name or if I miss some package on DC2

dsdb-modules are installed already (were missing at first)


-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba