Web lists-archives.com

Re: [Samba] Please help with Samba AD DC after restore from backup




On 26/05/2019 18:28, Viktor Trojanovic via samba wrote:
Small update: I added "lo" to the interfaces in smb.conf, now smbclient
works also on localhost. But both the other problems remain as described
for now.

On Sun, 26 May 2019 at 19:17, Viktor Trojanovic <viktor@xxxxxxxx> wrote:

I just did a restore of a backed up Samba DC and as feared, I'm running
into issues that have kept me for hours on this already.

Everything seems fine at first sight. The daemon (samba-ad-dc, 4.10, on
Ubuntu Bionic) starts properly and without error messages in any log, even
with increased level 3. Most of the typical testing and troubleshooting
commands give the correct output.

Specifically, all the host commands mentioned in the wiki work, so
(internal) DNS seems to work fine. kinit and klist work, too, so I guess
Kerberos is set up correctly. What doesn't seem to work fully, however, is
the file server.

I can run

smbclient -L DC1 -U%

just fine. But when I switch DC1 for localhost, I get an error message.

Connection to localhost failed (Error NT_STATUS_CONNECTION_REFUSED)

I'm not sure if it matters, but no matter if I choose localhost or DC1, it
also says "Unable to initialize messaging context". I couldn't find a clear
reference as to what this means.

What I further noticed is that I cannot seem to access "DC1" from other
stations. I can ping the address 192.168.1.1, but running "nslookup DC1"
gives an error

** server can't find dc1: SERVFAIL

It seems to me as if most of the DC is working fine but one element is
screwed up. Hopefully someone can guide me in the right direction to solve
this.

/etc/samba/smb.conf
[global]
workgroup = SAMDOM
realm = SAMDOM.EXAMPLE.COM
netbios name = DC1
server role = active directory domain controller
dns forwarder = 8.8.8.8
idmap_ldb:use rfc2307 = yes
interfaces = eth0
bind interfaces only = Yes
tls enabled = no
         log level = 3

[netlogon]
path = /var/lib/samba/sysvol/samdom.example.com/scripts
read only = No
acl_xattr:ignore system acls = yes

[sysvol]
path = /var/lib/samba/sysvol
read only = No
acl_xattr:ignore system acls = yes

/etc/hosts
127.0.0.1 localhost
192.168.1.1 dc1.samdom.example.com dc1

/etc/hostname
DC1

/etc/resolv.conf
nameserver 192.168.1.1
search samdom.example.com



Everything looks okay, just a few thoughts/comments

You get 'Unable to initialize messaging context' if you are not root when running smbclient.

Is the time on the DC correct ?

Why do you have 'tls enabled = no' ?

I know you have restored Samba from a backup, but what about the OS, is everything exactly the same as before you needed to restore ?

Have you checked if the dns server is actually running on port 53 and if something is, that it is the DC and not something else ?

Rowland



--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba