Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss
[Samba] Samba 4 Additional DC existing domain
7 views
Skip to first unread message
Dino Edwards
Jun 11, 2013, 11:30:02 AM6/11/13
to
Using Ubuntu 10.04 LTS 32-bit. Tried following the wiki to install an additional DC in an existing AD domain. Here are the steps I took:
1. Installed the Ubuntu prerequisites and then I built from source. It compiled and installed successfully to /usr/local/samba
2. Skipped Step 1 Provision Samba according to the wiki It's not required to install as an additional DC in existing domain
3. Went to step 2 Starting your Samba AD DC located here: http://wiki.samba.org/index.php/Samba4/HOWTO/Join_a_domain_as_a_DC
4. Set /etc/krb5.conf with the following:
[libdefaults]
dns_lookup_realm = true
dns_lookup_kdc = true
default_realm = mydomain.local
5. Ran kinit Administrator and put in the domain admin password and I got absolutely no output. The command ran and I got no error or any indication that anything happened. Apparently I'm supposed to get something like this:
6. Ticket cache: FILE:/tmp/krb5cc_0
7. Default principal: admini...@mydomain.local
8.
9. Valid starting Expires Service principal
10.11/11/12 17:29:51 11/12/12 03:29:51 krbtgt/
Additionally, running /usr/local/samba/sbin/samba does nothing also. When I c heck for any samba running processes I get nothing. I'm stuck. I would appreciate some assistance on this.
Thanks a lot
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
1. Installed the Ubuntu prerequisites and then I built from source. It compiled and installed successfully to /usr/local/samba
2. Skipped Step 1 Provision Samba according to the wiki It's not required to install as an additional DC in existing domain
3. Went to step 2 Starting your Samba AD DC located here: http://wiki.samba.org/index.php/Samba4/HOWTO/Join_a_domain_as_a_DC
4. Set /etc/krb5.conf with the following:
[libdefaults]
dns_lookup_realm = true
dns_lookup_kdc = true
default_realm = mydomain.local
5. Ran kinit Administrator and put in the domain admin password and I got absolutely no output. The command ran and I got no error or any indication that anything happened. Apparently I'm supposed to get something like this:
6. Ticket cache: FILE:/tmp/krb5cc_0
7. Default principal: admini...@mydomain.local
8.
9. Valid starting Expires Service principal
10.11/11/12 17:29:51 11/12/12 03:29:51 krbtgt/
Additionally, running /usr/local/samba/sbin/samba does nothing also. When I c heck for any samba running processes I get nothing. I'm stuck. I would appreciate some assistance on this.
Thanks a lot
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
Marc Muehlfeld
Jun 11, 2013, 11:40:02 AM6/11/13
to
Hello Dino,
Did you followed *all* steps from the
http://wiki.samba.org/index.php/Samba4/HOWTO/Join_a_domain_as_a_DC
HowTo? I didn't saw, in the steps you had listed, that you joined the
domain, etc.
Can you start Samba with the following command and see, what it outputs:
# samba -i -M single
Regards,
Marc
http://wiki.samba.org/index.php/Samba4/HOWTO/Join_a_domain_as_a_DC
HowTo? I didn't saw, in the steps you had listed, that you joined the
domain, etc.
Can you start Samba with the following command and see, what it outputs:
# samba -i -M single
Regards,
Marc
Ricky Nance
Jun 11, 2013, 12:00:02 PM6/11/13
to
Kinit doesn't have output on all systems (ubuntu is one of them) after
running that, klist should show that you have an active ticket. Also do
what Marc says samba -i -M single and see where samba is failing the
startup.
Ricky
On Tue, Jun 11, 2013 at 10:38 AM, Marc Muehlfeld <sa...@marc-muehlfeld.de>wrote:
> Hello Dino,
>
> Am 11.06.2013 17:11, schrieb Dino Edwards:
>
> Using Ubuntu 10.04 LTS 32-bit. Tried following the wiki to install an
>> additional DC in an existing AD domain. Here are the steps I took:
>>
>>
>> 1. Installed the Ubuntu prerequisites and then I built from source.
>> It compiled and installed successfully to /usr/local/samba
>>
>> 2. Skipped Step 1 Provision Samba according to the wiki It's not
>> required to install as an additional DC in existing domain
>>
>> 3. Went to step 2 Starting your Samba AD DC located here:
>> http://wiki.samba.org/index.**php/Samba4/HOWTO/Join_a_**domain_as_a_DC<http://wiki.samba.org/index.php/Samba4/HOWTO/Join_a_domain_as_a_DC>
running that, klist should show that you have an active ticket. Also do
what Marc says samba -i -M single and see where samba is failing the
startup.
Ricky
On Tue, Jun 11, 2013 at 10:38 AM, Marc Muehlfeld <sa...@marc-muehlfeld.de>wrote:
> Hello Dino,
>
> Am 11.06.2013 17:11, schrieb Dino Edwards:
>
> Using Ubuntu 10.04 LTS 32-bit. Tried following the wiki to install an
>> additional DC in an existing AD domain. Here are the steps I took:
>>
>>
>> 1. Installed the Ubuntu prerequisites and then I built from source.
>> It compiled and installed successfully to /usr/local/samba
>>
>> 2. Skipped Step 1 Provision Samba according to the wiki It's not
>> required to install as an additional DC in existing domain
>>
>> 3. Went to step 2 Starting your Samba AD DC located here:
>>
>> 4. Set /etc/krb5.conf with the following:
>>
>>
>> [libdefaults]
>>
>> dns_lookup_realm = true
>>
>> dns_lookup_kdc = true
>>
>> default_realm = mydomain.local
>>
>>
>>
>> 5. Ran kinit Administrator and put in the domain admin password and
>> I got absolutely no output. The command ran and I got no error or any
>> indication that anything happened. Apparently I'm supposed to get something
>> like this:
>>
>> 6. Ticket cache: FILE:/tmp/krb5cc_0
>>
>> 7. Default principal: admini...@mydomain.local
>>
>> 8.
>>
>> 9. Valid starting Expires Service principal
>>
>> 10.11/11/12 17:29:51 11/12/12 03:29:51 krbtgt/
>>
>> Additionally, running /usr/local/samba/sbin/samba does nothing also. When
>> I c heck for any samba running processes I get nothing. I'm stuck. I would
>> appreciate some assistance on this.
>>
>> Thanks a lot
>>
>
>
>
> Did you followed *all* steps from the
> http://wiki.samba.org/index.**php/Samba4/HOWTO/Join_a_**domain_as_a_DC<http://wiki.samba.org/index.php/Samba4/HOWTO/Join_a_domain_as_a_DC>
>> 4. Set /etc/krb5.conf with the following:
>>
>>
>> [libdefaults]
>>
>> dns_lookup_realm = true
>>
>> dns_lookup_kdc = true
>>
>> default_realm = mydomain.local
>>
>>
>>
>> 5. Ran kinit Administrator and put in the domain admin password and
>> I got absolutely no output. The command ran and I got no error or any
>> indication that anything happened. Apparently I'm supposed to get something
>> like this:
>>
>> 6. Ticket cache: FILE:/tmp/krb5cc_0
>>
>> 7. Default principal: admini...@mydomain.local
>>
>> 8.
>>
>> 9. Valid starting Expires Service principal
>>
>> 10.11/11/12 17:29:51 11/12/12 03:29:51 krbtgt/
>>
>> Additionally, running /usr/local/samba/sbin/samba does nothing also. When
>> I c heck for any samba running processes I get nothing. I'm stuck. I would
>> appreciate some assistance on this.
>>
>> Thanks a lot
>>
>
>
>
> Did you followed *all* steps from the
> HowTo? I didn't saw, in the steps you had listed, that you joined the
> domain, etc.
>
>
> Can you start Samba with the following command and see, what it outputs:
> # samba -i -M single
>
>
>
> Regards,
> Marc
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/**mailman/options/samba<https://lists.samba.org/mailman/options/samba>
> domain, etc.
>
>
> Can you start Samba with the following command and see, what it outputs:
> # samba -i -M single
>
>
>
> Regards,
> Marc
>
> --
> To unsubscribe from this list go to the following URL and read the
!["David González Herrera - [DGHVoIP]"'s profile photo](http://lh3.googleusercontent.com/a-/ALV-UjUZO9qpTOVQ1g3LEx0ktJv9ZGwv0Yfve5YaBXy3xfAxPgIK5n0=s40-c)
"David González Herrera - [DGHVoIP]"
Jun 11, 2013, 12:10:02 PM6/11/13
to
On 6/11/2013 10:58 AM, Ricky Nance wrote:
> Kinit doesn't have output on all systems (ubuntu is one of them) after
> running that, klist should show that you have an active ticket. Also do
> what Marc says samba -i -M single and see where samba is failing the
> startup.
If I migh add issue the command with some debug level so you see some
> Kinit doesn't have output on all systems (ubuntu is one of them) after
> running that, klist should show that you have an active ticket. Also do
> what Marc says samba -i -M single and see where samba is failing the
> startup.
more info:
samba -i -M single -d3
Cheers
DGHVoIP
USA:
MOBILE: +1.646.559.6200
COL: +57.1.382.6718
COL: +57.4.247.0985
URL: www.dghvoip.com
Skype: davidgonzalezh
Dino Edwards
Jun 11, 2013, 12:30:02 PM6/11/13
to
I'm pretty sure I did unless I'm missing something. According to what I'm reading, the very first step is running the kinit administrator command which of course shows no output on the screen. So, to address the second suggestion when I run:
/usr/local/samba/sbin/samba -i -M single
I get this:
samba version 4.0.6 started.
Copyright Andrew Tridgell and the Samba Team 1992-2012
At this time the 'samba' binary should only be used for either:
'server role = active directory domain controller' or to access the ntvfs file server with 'server services = +smb' or the rpc proxy with 'dcerpc endpoint servers = remote'
You should start smbd/nmbd/winbindd instead for domain member and standalone file server tasks
Dino
Did you followed *all* steps from the
/usr/local/samba/sbin/samba -i -M single
I get this:
samba version 4.0.6 started.
Copyright Andrew Tridgell and the Samba Team 1992-2012
At this time the 'samba' binary should only be used for either:
'server role = active directory domain controller' or to access the ntvfs file server with 'server services = +smb' or the rpc proxy with 'dcerpc endpoint servers = remote'
You should start smbd/nmbd/winbindd instead for domain member and standalone file server tasks
Dino
Did you followed *all* steps from the
http://wiki.samba.org/index.php/Samba4/HOWTO/Join_a_domain_as_a_DC
HowTo? I didn't saw, in the steps you had listed, that you joined the domain, etc.
Can you start Samba with the following command and see, what it outputs:
# samba -i -M single
Regards,
Marc
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
HowTo? I didn't saw, in the steps you had listed, that you joined the domain, etc.
Can you start Samba with the following command and see, what it outputs:
# samba -i -M single
Regards,
Marc
--
To unsubscribe from this list go to the following URL and read the
Dino Edwards
Jun 11, 2013, 12:30:02 PM6/11/13
to
> -----Original Message-----
> From: samba-...@lists.samba.org [mailto:samba-
> bou...@lists.samba.org] On Behalf Of "David González Herrera -
> [DGHVoIP]"
> Sent: Tuesday, June 11, 2013 12:02 PM
> To: Ricky Nance
> Cc: sa...@lists.samba.org
> Subject: Re: [Samba] Samba 4 Additional DC existing domain
>
> On 6/11/2013 10:58 AM, Ricky Nance wrote:
> > Kinit doesn't have output on all systems (ubuntu is one of them)
> after
> > running that, klist should show that you have an active ticket. Also
> > do what Marc says samba -i -M single and see where samba is failing
> > the startup.
> If I migh add issue the command with some debug level so you see some
> more info:
>
> samba -i -M single -d3
>
When I run:
> From: samba-...@lists.samba.org [mailto:samba-
> bou...@lists.samba.org] On Behalf Of "David González Herrera -
> [DGHVoIP]"
> Sent: Tuesday, June 11, 2013 12:02 PM
> To: Ricky Nance
> Cc: sa...@lists.samba.org
> Subject: Re: [Samba] Samba 4 Additional DC existing domain
>
> On 6/11/2013 10:58 AM, Ricky Nance wrote:
> > Kinit doesn't have output on all systems (ubuntu is one of them)
> after
> > running that, klist should show that you have an active ticket. Also
> > do what Marc says samba -i -M single and see where samba is failing
> > the startup.
> If I migh add issue the command with some debug level so you see some
> more info:
>
> samba -i -M single -d3
>
/usr/local/samba/sbin/samba -i -M single -d3
I get the following:
samba version 4.0.6 started.
Copyright Andrew Tridgell and the Samba Team 1992-2012
GENSEC backend 'gssapi_krb5' registered
GENSEC backend 'gssapi_krb5_sasl' registered
GENSEC backend 'schannel' registered
GENSEC backend 'spnego' registered
GENSEC backend 'ntlmssp' registered
GENSEC backend 'krb5' registered
GENSEC backend 'fake_gssapi_krb5' registered
NTPTR backend 'simple_ldb'
NTVFS backend 'default' for type 1 registered
NTVFS backend 'posix' for type 1 registered
NTVFS backend 'unixuid' for type 1 registered
NTVFS backend 'unixuid' for type 3 registered
NTVFS backend 'unixuid' for type 2 registered
NTVFS backend 'cifs' for type 1 registered
NTVFS backend 'smb2' for type 1 registered
NTVFS backend 'simple' for type 1 registered
NTVFS backend 'cifsposix' for type 1 registered
NTVFS backend 'default' for type 3 registered
NTVFS backend 'default' for type 2 registered
NTVFS backend 'nbench' for type 1 registered
PROCESS_MODEL 'single' registered
PROCESS_MODEL 'onefork' registered
PROCESS_MODEL 'prefork' registered
PROCESS_MODEL 'standard' registered
AUTH backend 'sam' registered
AUTH backend 'sam_ignoredomain' registered
AUTH backend 'anonymous' registered
AUTH backend 'winbind' registered
AUTH backend 'winbind_wbclient' registered
AUTH backend 'name_to_ntstatus' registered
AUTH backend 'unix' registered
SHARE backend [classic] registered.
SHARE backend [ldb] registered.
At this time the 'samba' binary should only be used for either:
'server role = active directory domain controller' or to access the ntvfs file server with 'server services = +smb' or the rpc proxy with 'dcerpc endpoint servers = remote'
You should start smbd/nmbd/winbindd instead for domain member and standalone file server task
'server role = active directory domain controller' or to access the ntvfs file server with 'server services = +smb' or the rpc proxy with 'dcerpc endpoint servers = remote'
You should start smbd/nmbd/winbindd instead for domain member and standalone file server task
Dino Edwards
Jun 11, 2013, 12:30:02 PM6/11/13
to
> > Kinit doesn't have output on all systems (ubuntu is one of them)
> after
> > running that, klist should show that you have an active ticket.
Klist
I get the following:
Ticket cache: FILE:/tmp/krb5cc_0
Default principal: Admini...@MYDOMAIN.LOCAL
Valid starting Expires Service principal
renew until 06/12/13 12:22:52
Marc Muehlfeld
Jun 11, 2013, 12:50:01 PM6/11/13
to
Am 11.06.2013 18:21, schrieb Dino Edwards:
> samba version 4.0.6 started.
> Copyright Andrew Tridgell and the Samba Team 1992-2012
> At this time the 'samba' binary should only be used for either:
> 'server role = active directory domain controller' or to access the ntvfs file server with 'server services = +smb' or the rpc proxy with 'dcerpc endpoint servers = remote'
> You should start smbd/nmbd/winbindd instead for domain member and standalone file server tasks
You haven't answered my previous question:
> samba version 4.0.6 started.
> Copyright Andrew Tridgell and the Samba Team 1992-2012
> At this time the 'samba' binary should only be used for either:
> 'server role = active directory domain controller' or to access the ntvfs file server with 'server services = +smb' or the rpc proxy with 'dcerpc endpoint servers = remote'
> You should start smbd/nmbd/winbindd instead for domain member and standalone file server tasks
> Did you followed *all* steps from the
> http://wiki.samba.org/index.php/Samba4/HOWTO/Join_a_domain_as_a_DC
> HowTo? I didn't saw, in the steps you had listed, that you joined the
> domain, etc.
smb.conf either. And without a smb.conf, you get this error, too
If you have an smb.conf, then please post it.
Dino Edwards
Jun 11, 2013, 4:10:02 PM6/11/13
to
> You haven't answered my previous question:
>
> > Did you followed *all* steps from the >
> http://wiki.samba.org/index.php/Samba4/HOWTO/Join_a_domain_as_a_DC
> > HowTo? I didn't saw, in the steps you had listed, that you joined
> the > domain, etc.
ernal samba DNS? What do I need to do to rectify that?
I'm also assuming that I should use 127.0.0.1 or the IP of the samba 4 DC as the DNS server of the samba 4 DC in /etc/network/interfaces file vs. pointing to the Windows DC. Is that a correct assumption?
And finally, rebooting the server does not automatically start samba. I have to start it manually. Do I need to create a script in /etc/init.d/ and if that's the case, is there a template for that somewhere?
Thanks in advance.
Dino
Marc Muehlfeld
Jun 11, 2013, 4:20:02 PM6/11/13
to
Hello Dino,
Am 11.06.2013 22:04, schrieb Dino Edwards:
> I believe I answered it albeit indirectly. One of the first steps of
> joining a domain as a DC was to run the kinit command and upon success
> proceed with joining the domain. Since I wasn't getting any output from
> running that command, I stopped and didn't go any further with joining
> the domain because I thought there was something wrong.
I changed the HowTo a bit, to make it more clear, that the output shown
is from "klist" and not "kinit".
> When I pointed one of the windows machines to use the samba 4 DC
> as its DNS server, I was able to resolve hosts in the mydomain.local
> domain. However, I wasn't able to resolve hosts outside my domain.
> A Windows DNS server is able to do that.
You have to add
dns forwarder = 8.8.8.8
to your smb.conf and restart Samba. Adapt 8.8.8.8 to whatever you host
is, to which you want to forward queries to, your Samba isn't
authoritative for.
> I'm also assuming that I should use 127.0.0.1 or the IP of the samba 4
> DC as the DNS server of the samba 4 DC in /etc/network/interfaces file
> vs. pointing to the Windows DC. Is that a correct assumption?
You can use the IP of any host, that is able to resolve your AD DNS
domain(s).
> And finally, rebooting the server does not automatically start samba.
> I have to start it manually. Do I need to create a script in
> /etc/init.d/ and if that's the case, is there a template for
> that somewhere?
Yes, you need something that start the service if you want Samba to come
up on reboots. See
https://wiki.samba.org/index.php/Samba4/InitScript
Regards,
Marc
Am 11.06.2013 22:04, schrieb Dino Edwards:
> I believe I answered it albeit indirectly. One of the first steps of
> joining a domain as a DC was to run the kinit command and upon success
> proceed with joining the domain. Since I wasn't getting any output from
> running that command, I stopped and didn't go any further with joining
> the domain because I thought there was something wrong.
is from "klist" and not "kinit".
> When I pointed one of the windows machines to use the samba 4 DC
> as its DNS server, I was able to resolve hosts in the mydomain.local
> domain. However, I wasn't able to resolve hosts outside my domain.
> A Windows DNS server is able to do that.
dns forwarder = 8.8.8.8
to your smb.conf and restart Samba. Adapt 8.8.8.8 to whatever you host
is, to which you want to forward queries to, your Samba isn't
authoritative for.
> I'm also assuming that I should use 127.0.0.1 or the IP of the samba 4
> DC as the DNS server of the samba 4 DC in /etc/network/interfaces file
> vs. pointing to the Windows DC. Is that a correct assumption?
domain(s).
> And finally, rebooting the server does not automatically start samba.
> I have to start it manually. Do I need to create a script in
> /etc/init.d/ and if that's the case, is there a template for
> that somewhere?
up on reboots. See
https://wiki.samba.org/index.php/Samba4/InitScript
Regards,
Marc
Michael De Groote
Jun 11, 2013, 4:20:04 PM6/11/13
to
did you put in a
dns forwarder = ip.of.external.dns.server
line?
2013/6/11 Dino Edwards <dino.e...@mydirectmail.net>
--
Michael De Groote
ICT-coordinator Sint-Pietersschool Korbeek-Lo
ICT-support Sancta Maria Basisschool Leuven
dns forwarder = ip.of.external.dns.server
line?
2013/6/11 Dino Edwards <dino.e...@mydirectmail.net>
Michael De Groote
ICT-coordinator Sint-Pietersschool Korbeek-Lo
ICT-support Sancta Maria Basisschool Leuven
Ricky Nance
Jun 11, 2013, 4:40:04 PM6/11/13
to
On Tue, Jun 11, 2013 at 3:19 PM, Marc Muehlfeld <sa...@marc-muehlfeld.de>wrote:
> I changed the HowTo a bit, to make it more clear, that the output shown is
> from "klist" and not "kinit".
Marc, thanks for adding that :).
> I changed the HowTo a bit, to make it more clear, that the output shown is
> from "klist" and not "kinit".
Also dns forwarder = 8.8.8.8 the 8.8.8.8 there is a Google dns server, so
that ip WILL work :) but if you have a local one you'd rather use, then use
it. (8.8.4.4 is another google one if I recall right)
Ricky
Dino Edwards
Jun 11, 2013, 4:50:02 PM6/11/13
to
> -----Original Message-----
> From: Marc Muehlfeld [mailto:sa...@marc-muehlfeld.de]
> Sent: Tuesday, June 11, 2013 4:19 PM
> To: Dino Edwards
> Cc: sa...@lists.samba.org
> Subject: Re: [Samba] Samba 4 Additional DC existing domain
>
>
>
> I changed the HowTo a bit, to make it more clear, that the output shown
> is from "klist" and not "kinit".
>
Awesome, thanks!
>
> I changed the HowTo a bit, to make it more clear, that the output shown
> is from "klist" and not "kinit".
>
> > When I pointed one of the windows machines to use the samba 4 DC
> > as its DNS server, I was able to resolve hosts in the mydomain.local
> > domain. However, I wasn't able to resolve hosts outside my domain.
> > A Windows DNS server is able to do that.
>
> You have to add
> dns forwarder = 8.8.8.8
> to your smb.conf and restart Samba. Adapt 8.8.8.8 to whatever you host
> is, to which you want to forward queries to, your Samba isn't
> authoritative for.
> > I'm also assuming that I should use 127.0.0.1 or the IP of the samba
> 4
> > DC as the DNS server of the samba 4 DC in /etc/network/interfaces
> file
> > vs. pointing to the Windows DC. Is that a correct assumption?
>
> You can use the IP of any host, that is able to resolve your AD DNS
> domain(s).
>
>
> > And finally, rebooting the server does not automatically start samba.
> > I have to start it manually. Do I need to create a script in
> > /etc/init.d/ and if that's the case, is there a template for
> > that somewhere?
>
> Yes, you need something that start the service if you want Samba to
> come
> up on reboots. See
> https://wiki.samba.org/index.php/Samba4/InitScript
>
>
Cheers,
Dino
Dino Edwards
Jun 11, 2013, 5:00:01 PM6/11/13
to
That's exactly what I did
From: Michael De Groote [mailto:i...@sint-pietersschool.be]
Sent: Tuesday, June 11, 2013 4:15 PM
To: Dino Edwards
Cc: Marc Muehlfeld; sa...@lists.samba.org
Subject: Re: [Samba] Samba 4 Additional DC existing domain
From: Michael De Groote [mailto:i...@sint-pietersschool.be]
Sent: Tuesday, June 11, 2013 4:15 PM
To: Dino Edwards
Cc: Marc Muehlfeld; sa...@lists.samba.org
Subject: Re: [Samba] Samba 4 Additional DC existing domain
did you put in a
dns forwarder = ip.of.external.dns.server
line?
2013/6/11 Dino Edwards <dino.e...@mydirectmail.net<mailto:dino.e...@mydirectmail.net>>
dns forwarder = ip.of.external.dns.server
line?
0 new messages