Web lists-archives.com

Re: [Samba] Please help with Samba AD DC after restore from backup




Hi Rowland,

On Sun, 26 May 2019 at 19:54, Rowland penny via samba <samba@xxxxxxxxxxxxxxx>
wrote:

> On 26/05/2019 18:28, Viktor Trojanovic via samba wrote:
> > Small update: I added "lo" to the interfaces in smb.conf, now smbclient
> > works also on localhost. But both the other problems remain as described
> > for now.
> >
> > On Sun, 26 May 2019 at 19:17, Viktor Trojanovic <viktor@xxxxxxxx> wrote:
> >
> >> I just did a restore of a backed up Samba DC and as feared, I'm running
> >> into issues that have kept me for hours on this already.
> >>
> >> Everything seems fine at first sight. The daemon (samba-ad-dc, 4.10, on
> >> Ubuntu Bionic) starts properly and without error messages in any log,
> even
> >> with increased level 3. Most of the typical testing and troubleshooting
> >> commands give the correct output.
> >>
> >> Specifically, all the host commands mentioned in the wiki work, so
> >> (internal) DNS seems to work fine. kinit and klist work, too, so I guess
> >> Kerberos is set up correctly. What doesn't seem to work fully, however,
> is
> >> the file server.
> >>
> >> I can run
> >>
> >> smbclient -L DC1 -U%
> >>
> >> just fine. But when I switch DC1 for localhost, I get an error message.
> >>
> >> Connection to localhost failed (Error NT_STATUS_CONNECTION_REFUSED)
> >>
> >> I'm not sure if it matters, but no matter if I choose localhost or DC1,
> it
> >> also says "Unable to initialize messaging context". I couldn't find a
> clear
> >> reference as to what this means.
> >>
> >> What I further noticed is that I cannot seem to access "DC1" from other
> >> stations. I can ping the address 192.168.1.1, but running "nslookup DC1"
> >> gives an error
> >>
> >> ** server can't find dc1: SERVFAIL
> >>
> >> It seems to me as if most of the DC is working fine but one element is
> >> screwed up. Hopefully someone can guide me in the right direction to
> solve
> >> this.
> >>
> >> /etc/samba/smb.conf
> >> [global]
> >> workgroup = SAMDOM
> >> realm = SAMDOM.EXAMPLE.COM
> >> netbios name = DC1
> >> server role = active directory domain controller
> >> dns forwarder = 8.8.8.8
> >> idmap_ldb:use rfc2307 = yes
> >> interfaces = eth0
> >> bind interfaces only = Yes
> >> tls enabled = no
> >>          log level = 3
> >>
> >> [netlogon]
> >> path = /var/lib/samba/sysvol/samdom.example.com/scripts
> >> read only = No
> >> acl_xattr:ignore system acls = yes
> >>
> >> [sysvol]
> >> path = /var/lib/samba/sysvol
> >> read only = No
> >> acl_xattr:ignore system acls = yes
> >>
> >> /etc/hosts
> >> 127.0.0.1 localhost
> >> 192.168.1.1 dc1.samdom.example.com dc1
> >>
> >> /etc/hostname
> >> DC1
> >>
> >> /etc/resolv.conf
> >> nameserver 192.168.1.1
> >> search samdom.example.com
> >>
> >>
> >>
> Everything looks okay, just a few thoughts/comments
>
> You get 'Unable to initialize messaging context' if you are not root
> when running smbclient.
>
Ok, got it. Thanks.

>
> Is the time on the DC correct ?
>

Yes, it is. Still, I'm curious, does that really matter? After all, it's
the only DC.


> Why do you have 'tls enabled = no' ?
>

For no good reason, Google pointed me to it.

I know you have restored Samba from a backup, but what about the OS, is
> everything exactly the same as before you needed to restore ?
>
>
No, it's a different OS, was Arch Linux, now it's Ubuntu. But the file
locations are the same on both systems.


> Have you checked if the dns server is actually running on port 53 and if
> something is, that it is the DC and not something else ?
>

I have, only Samba is running on 53.

I just did some more experiments, and things have gotten considerably
worse.

Basically, I decided to restore the backup once again from scratch, just
the Samba folder part, everything else remains as described above. Now, DNS
no longer works, I get an exit code 110 in the log.

task[dnsupdate][224]:   dnsupdate_nameupdate_done: Failed DNS update with
exit code 110

Before restoring the backup, I made a backup of the previous Samba folder
(just renamed it to Samba2). I thought, no matter what happens with the new
restore, I can always just revert to the situation I had before. But that
doesn't seem to be the case either, even after moving Samba2 back to Samba,
I get the same DNS errors as with the new restore.

Frankly, I don't understand this. Where else does Samba keep its files,
except for /etc/samba and /var/lib/samba?

It's like opening Pandora's box every time I do more than just an
incremental version update in Samba :)

Viktor
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba