Hi, I use the Van Bell repo, I've upgraded from samba 4.7 to samba 4.9 but now it fails, these are the errors: dic 12 09:14:49 samba4 samba[4881]: task[dnsupdate][4881]: [2018/12/12 09:14:49.372290, 0] ../lib/util/util_runcmd.c:327(samba_runcmd_io_handler) dic 12 09:14:49 samba4 samba[4881]: task[dnsupdate][4881]: /usr/sbin/samba_dnsupdate: Failed to bind to uuid 50abc2a4-574d-40b3-9d66-ee4fd5fba076 for ncacn_ip_tcp:192.168.50.40[49152,sign,abstract_syntax=50abc2a4-574d-40b3-9d66-ee4fd5fba076/0x00000005,localaddress=192.168.50.40] NT_STATUS_LOGON_FAILURE dic 12 09:14:49 samba4 samba[4881]: task[dnsupdate][4881]: [2018/12/12 09:14:49.372338, 0] ../lib/util/util_runcmd.c:327(samba_runcmd_io_handler) dic 12 09:14:49 samba4 samba[4881]: task[dnsupdate][4881]: /usr/sbin/samba_dnsupdate: ERROR: Connecting to DNS RPC server 192.168.50.40 failed with (3221225581, 'The attempted logon is invalid. This is either due to a bad username or authentication information.') dic 12 09:14:49 samba4 samba[4881]: task[dnsupdate][4881]: [2018/12/12 09:14:49.381318, 0] ../lib/util/util_runcmd.c:327(samba_runcmd_io_handler) dic 12 09:14:49 samba4 samba[4881]: task[dnsupdate][4881]: /usr/sbin/samba_dnsupdate: Failed to bind to uuid 50abc2a4-574d-40b3-9d66-ee4fd5fba076 for ncacn_ip_tcp:192.168.50.40[49152,sign,abstract_syntax=50abc2a4-574d-40b3-9d66-ee4fd5fba076/0x00000005,localaddress=192.168.50.40] NT_STATUS_LOGON_FAILURE dic 12 09:14:49 samba4 samba[4881]: task[dnsupdate][4881]: [2018/12/12 09:14:49.381385, 0] ../lib/util/util_runcmd.c:327(samba_runcmd_io_handler) I've no modified the smb.conf which is: [global] dns forwarder = 8.8.8.8 netbios name = SAMBA4 realm = EXAMPLE.COM interfaces = lo eth0 server role = active directory domain controller workgroup = EXAMPLE idmap_ldb:use rfc2307 = yes # Audit settings full_audit:prefix = %u|%I|%m|%S full_audit:failure = connect full_audit:success = mkdir rmdir read pread write pwrite rename unlink full_audit:facility = local5 full_audit:priority = notice # TLS settings tls enabled = yes tls certfile = tls/ldap.example-aid.com/fullchain.pem tls keyfile = tls/ldap.example-aid.com/privkey.pem tls cafile #log auth log level = 1 auth_audit:3 auth_json_audit:3 [netlogon] path = /var/lib/samba/sysvol/example-aid.com/scripts read only = No [sysvol] path = /var/lib/samba/sysvol read only = No [lab] path = /srv/samba/lab read only = no vfs objects = full_audit I cannot even 'to kinit', I get: kinit: krb5_get_init_creds: unable to reach any KDC in realm EXAMPLE.COM Please could you help me? Thanks in advance... Thanks in advance -- -- Sergio Belkin LPIC-2 Certified - http://www.lpi.org
Hai, Can you post /etc/krb5.conf /etc/resolv.conf /etc/hosts Output off: samba-tool dbcheck --cross-ncs And last question, are there any DC removed from the domain. 50abc2a4-574d-40b3-9d66-ee4fd5fba076/0x00000005,localaddress=> 192.168.50.40] My guess here the UUID is a removed DC. You samba config looks fine to me. Greetz, Louis> -----Oorspronkelijk bericht----- > Van: samba [mailto:samba-bounces at lists.samba.org] Namens > Sergio Belkin via samba > Verzonden: woensdag 12 december 2018 13:25 > Aan: samba at lists.samba.org > Onderwerp: [Samba] Problem after upgrading to 4.9 > > Hi, I use the Van Bell repo, I've upgraded from samba 4.7 to > samba 4.9 but > now it fails, these are the errors: > > dic 12 09:14:49 samba4 samba[4881]: task[dnsupdate][4881]: [2018/12/12 > 09:14:49.372290, 0] > ../lib/util/util_runcmd.c:327(samba_runcmd_io_handler) > dic 12 09:14:49 samba4 samba[4881]: task[dnsupdate][4881]: > /usr/sbin/samba_dnsupdate: Failed to bind to uuid > 50abc2a4-574d-40b3-9d66-ee4fd5fba076 for > ncacn_ip_tcp:192.168.50.40[49152,sign,abstract_syntax=50abc2a4-574d-40b3-9d66-ee4fd5fba076/0x00000005,localaddress=> 192.168.50.40]> NT_STATUS_LOGON_FAILURE > dic 12 09:14:49 samba4 samba[4881]: task[dnsupdate][4881]: [2018/12/12 > 09:14:49.372338, 0] > ../lib/util/util_runcmd.c:327(samba_runcmd_io_handler) > dic 12 09:14:49 samba4 samba[4881]: task[dnsupdate][4881]: > /usr/sbin/samba_dnsupdate: ERROR: Connecting to DNS RPC server > 192.168.50.40 failed with (3221225581, 'The attempted logon > is invalid. > This is either due to a bad username or authentication information.') > dic 12 09:14:49 samba4 samba[4881]: task[dnsupdate][4881]: [2018/12/12 > 09:14:49.381318, 0] > ../lib/util/util_runcmd.c:327(samba_runcmd_io_handler) > dic 12 09:14:49 samba4 samba[4881]: task[dnsupdate][4881]: > /usr/sbin/samba_dnsupdate: Failed to bind to uuid > 50abc2a4-574d-40b3-9d66-ee4fd5fba076 for > ncacn_ip_tcp:192.168.50.40[49152,sign,abstract_syntax=50abc2a4-574d-40b3-9d66-ee4fd5fba076/0x00000005,localaddress=> 192.168.50.40]> NT_STATUS_LOGON_FAILURE > dic 12 09:14:49 samba4 samba[4881]: task[dnsupdate][4881]: [2018/12/12 > 09:14:49.381385, 0] > ../lib/util/util_runcmd.c:327(samba_runcmd_io_handler) > > I've no modified the smb.conf which is: > > [global] > dns forwarder = 8.8.8.8 > netbios name = SAMBA4 > realm = EXAMPLE.COM > interfaces = lo eth0 > server role = active directory domain controller > workgroup = EXAMPLE > idmap_ldb:use rfc2307 = yes > # Audit settings > full_audit:prefix = %u|%I|%m|%S > full_audit:failure = connect > full_audit:success = mkdir rmdir read pread write pwrite > rename unlink > full_audit:facility = local5 > full_audit:priority = notice > # TLS settings > tls enabled = yes > tls certfile = tls/ldap.example-aid.com/fullchain.pem > tls keyfile = tls/ldap.example-aid.com/privkey.pem > tls cafile > #log auth > log level = 1 auth_audit:3 auth_json_audit:3 > [netlogon] > path = /var/lib/samba/sysvol/example-aid.com/scripts > read only = No > [sysvol] > path = /var/lib/samba/sysvol > read only = No > [lab] > path = /srv/samba/lab > read only = no > vfs objects = full_audit > > I cannot even 'to kinit', I get: > kinit: krb5_get_init_creds: unable to reach any KDC in realm > EXAMPLE.COM > > Please could you help me? > > Thanks in advance... > > > > > > > > Thanks in advance > -- > -- > Sergio Belkin > LPIC-2 Certified - http://www.lpi.org > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba >
Thanks Louis; /etc/krb5.conf [libdefaults] default_realm = EXAMPLE.COM dns_lookup_realm = false dns_lookup_kdc = true /etc/resolv.conf search example.com nameserver 192.168.50.40 /etc/hosts 127.0.0.1 localhost samba4.example.com 192.168.50.40 samba4.example.com samba4 ldap.example.com Output off: samba-tool dbcheck --cross-ncs NOTE: old (due to rename or delete) DN string component for lastKnownParent in object DC=@\0ADEL:d86ef51e-83a5-4a8d-b224-e7a559c47094,CN=Deleted Objects,DC=DomainDnsZones,DC=EXAMPLE,DC=com - DC=pepino.cuac,CN=MicrosoftDNS,DC=DomainDnsZones,DC=EXAMPLE,DC=com Not fixing old string component NOTE: old (due to rename or delete) DN string component for lastKnownParent in object DC=www.pepino.cuac\0ADEL:d3bc33d0-6d4d-4345-a7fe-96a19550b293,CN=Deleted Objects,DC=DomainDnsZones,DC=EXAMPLE,DC=com - DC=pepino.cuac,CN=MicrosoftDNS,DC=DomainDnsZones,DC=EXAMPLE,DC=com Not fixing old string component Checked 3626 objects (0 errors) Something interesting: if I run samba -i outside systemd workf fine... weird, I see that systemd run: ExecStart=/usr/sbin/samba --foreground --no-process-group $SAMBAOPTIONS Thanks in advance! El mié., 12 dic. 2018 a las 9:46, L.P.H. van Belle via samba (< samba at lists.samba.org>) escribió:> Hai, > > Can you post > /etc/krb5.conf > /etc/resolv.conf > /etc/hosts > > Output off: > samba-tool dbcheck --cross-ncs > > And last question, are there any DC removed from the domain. > > > 50abc2a4-574d-40b3-9d66-ee4fd5fba076/0x00000005,localaddress=> > 192.168.50.40] > My guess here the UUID is a removed DC. > > You samba config looks fine to me. > > Greetz, > > Louis > > > > > -----Oorspronkelijk bericht----- > > Van: samba [mailto:samba-bounces at lists.samba.org] Namens > > Sergio Belkin via samba > > Verzonden: woensdag 12 december 2018 13:25 > > Aan: samba at lists.samba.org > > Onderwerp: [Samba] Problem after upgrading to 4.9 > > > > Hi, I use the Van Bell repo, I've upgraded from samba 4.7 to > > samba 4.9 but > > now it fails, these are the errors: > > > > dic 12 09:14:49 samba4 samba[4881]: task[dnsupdate][4881]: [2018/12/12 > > 09:14:49.372290, 0] > > ../lib/util/util_runcmd.c:327(samba_runcmd_io_handler) > > dic 12 09:14:49 samba4 samba[4881]: task[dnsupdate][4881]: > > /usr/sbin/samba_dnsupdate: Failed to bind to uuid > > 50abc2a4-574d-40b3-9d66-ee4fd5fba076 for > > ncacn_ip_tcp:192.168.50.40[49152,sign,abstract_syntax=50abc2a4 > -574d-40b3-9d66-ee4fd5fba076/0x00000005,localaddress=> 192.168.50.40] > > NT_STATUS_LOGON_FAILURE > > dic 12 09:14:49 samba4 samba[4881]: task[dnsupdate][4881]: [2018/12/12 > > 09:14:49.372338, 0] > > ../lib/util/util_runcmd.c:327(samba_runcmd_io_handler) > > dic 12 09:14:49 samba4 samba[4881]: task[dnsupdate][4881]: > > /usr/sbin/samba_dnsupdate: ERROR: Connecting to DNS RPC server > > 192.168.50.40 failed with (3221225581, 'The attempted logon > > is invalid. > > This is either due to a bad username or authentication information.') > > dic 12 09:14:49 samba4 samba[4881]: task[dnsupdate][4881]: [2018/12/12 > > 09:14:49.381318, 0] > > ../lib/util/util_runcmd.c:327(samba_runcmd_io_handler) > > dic 12 09:14:49 samba4 samba[4881]: task[dnsupdate][4881]: > > /usr/sbin/samba_dnsupdate: Failed to bind to uuid > > 50abc2a4-574d-40b3-9d66-ee4fd5fba076 for > > ncacn_ip_tcp:192.168.50.40[49152,sign,abstract_syntax=50abc2a4 > -574d-40b3-9d66-ee4fd5fba076/0x00000005,localaddress=> 192.168.50.40] > > NT_STATUS_LOGON_FAILURE > > dic 12 09:14:49 samba4 samba[4881]: task[dnsupdate][4881]: [2018/12/12 > > 09:14:49.381385, 0] > > ../lib/util/util_runcmd.c:327(samba_runcmd_io_handler) > > > > I've no modified the smb.conf which is: > > > > [global] > > dns forwarder = 8.8.8.8 > > netbios name = SAMBA4 > > realm = EXAMPLE.COM > > interfaces = lo eth0 > > server role = active directory domain controller > > workgroup = EXAMPLE > > idmap_ldb:use rfc2307 = yes > > # Audit settings > > full_audit:prefix = %u|%I|%m|%S > > full_audit:failure = connect > > full_audit:success = mkdir rmdir read pread write pwrite > > rename unlink > > full_audit:facility = local5 > > full_audit:priority = notice > > # TLS settings > > tls enabled = yes > > tls certfile = tls/ldap.example-aid.com/fullchain.pem > > tls keyfile = tls/ldap.example-aid.com/privkey.pem > > tls cafile > > #log auth > > log level = 1 auth_audit:3 auth_json_audit:3 > > [netlogon] > > path = /var/lib/samba/sysvol/example-aid.com/scripts > > read only = No > > [sysvol] > > path = /var/lib/samba/sysvol > > read only = No > > [lab] > > path = /srv/samba/lab > > read only = no > > vfs objects = full_audit > > > > I cannot even 'to kinit', I get: > > kinit: krb5_get_init_creds: unable to reach any KDC in realm > > EXAMPLE.COM > > > > Please could you help me? > > > > Thanks in advance... > > > > > > > > > > > > > > > > Thanks in advance > > -- > > -- > > Sergio Belkin > > LPIC-2 Certified - http://www.lpi.org > > -- > > To unsubscribe from this list go to the following URL and read the > > instructions: https://lists.samba.org/mailman/options/samba > > > > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba-- -- Sergio Belkin LPIC-2 Certified - http://www.lpi.org
Just beware.. That this is your problem. 127.0.0.1 localhost samba4.example.com << 192.168.50.40 samba4.example.com samba4 ldap.example.com should be 127.0.0.1 localhost 192.168.50.40 samba4.example.com samba4 ldap.example.com ldap Just because that localhost != samba4 Greetz, Louis Van: Sergio Belkin [mailto:sebelk at gmail.com] Verzonden: woensdag 12 december 2018 14:08 Aan: L.P.H. van Belle CC: samba at lists.samba.org Onderwerp: Re: [Samba] Problem after upgrading to 4.9 Thanks Louis; /etc/krb5.conf [libdefaults] default_realm = EXAMPLE.COM dns_lookup_realm = false dns_lookup_kdc = true /etc/resolv.conf search example.com nameserver 192.168.50.40 /etc/hosts 127.0.0.1 localhost samba4.example.com 192.168.50.40 samba4.example.com samba4 ldap.example.com Output off: samba-tool dbcheck --cross-ncs NOTE: old (due to rename or delete) DN string component for lastKnownParent in object DC=@\0ADEL:d86ef51e-83a5-4a8d-b224-e7a559c47094,CN=Deleted Objects,DC=DomainDnsZones,DC=EXAMPLE,DC=com - DC=pepino.cuac,CN=MicrosoftDNS,DC=DomainDnsZones,DC=EXAMPLE,DC=com Not fixing old string component NOTE: old (due to rename or delete) DN string component for lastKnownParent in object DC=www.pepino.cuac\0ADEL:d3bc33d0-6d4d-4345-a7fe-96a19550b293,CN=Deleted Objects,DC=DomainDnsZones,DC=EXAMPLE,DC=com - DC=pepino.cuac,CN=MicrosoftDNS,DC=DomainDnsZones,DC=EXAMPLE,DC=com Not fixing old string component Checked 3626 objects (0 errors) Something interesting: if I run samba -i outside systemd workf fine... weird, I see that systemd run: ExecStart=/usr/sbin/samba --foreground --no-process-group $SAMBAOPTIONS Thanks in advance! El mié., 12 dic. 2018 a las 9:46, L.P.H. van Belle via samba (<samba at lists.samba.org>) escribió: Hai, Can you post /etc/krb5.conf /etc/resolv.conf /etc/hosts Output off: samba-tool dbcheck --cross-ncs And last question, are there any DC removed from the domain. 50abc2a4-574d-40b3-9d66-ee4fd5fba076/0x00000005,localaddress=> 192.168.50.40] My guess here the UUID is a removed DC. You samba config looks fine to me. Greetz, Louis> -----Oorspronkelijk bericht----- > Van: samba [mailto:samba-bounces at lists.samba.org] Namens > Sergio Belkin via samba > Verzonden: woensdag 12 december 2018 13:25 > Aan: samba at lists.samba.org > Onderwerp: [Samba] Problem after upgrading to 4.9 > > Hi, I use the Van Bell repo, I've upgraded from samba 4.7 to > samba 4.9 but > now it fails, these are the errors: > > dic 12 09:14:49 samba4 samba[4881]: task[dnsupdate][4881]: [2018/12/12 > 09:14:49.372290, 0] > ../lib/util/util_runcmd.c:327(samba_runcmd_io_handler) > dic 12 09:14:49 samba4 samba[4881]: task[dnsupdate][4881]: > /usr/sbin/samba_dnsupdate: Failed to bind to uuid > 50abc2a4-574d-40b3-9d66-ee4fd5fba076 for > ncacn_ip_tcp:192.168.50.40[49152,sign,abstract_syntax=50abc2a4-574d-40b3-9d66-ee4fd5fba076/0x00000005,localaddress=> 192.168.50.40]> NT_STATUS_LOGON_FAILURE > dic 12 09:14:49 samba4 samba[4881]: task[dnsupdate][4881]: [2018/12/12 > 09:14:49.372338, 0] > ../lib/util/util_runcmd.c:327(samba_runcmd_io_handler) > dic 12 09:14:49 samba4 samba[4881]: task[dnsupdate][4881]: > /usr/sbin/samba_dnsupdate: ERROR: Connecting to DNS RPC server > 192.168.50.40 failed with (3221225581, 'The attempted logon > is invalid. > This is either due to a bad username or authentication information.') > dic 12 09:14:49 samba4 samba[4881]: task[dnsupdate][4881]: [2018/12/12 > 09:14:49.381318, 0] > ../lib/util/util_runcmd.c:327(samba_runcmd_io_handler) > dic 12 09:14:49 samba4 samba[4881]: task[dnsupdate][4881]: > /usr/sbin/samba_dnsupdate: Failed to bind to uuid > 50abc2a4-574d-40b3-9d66-ee4fd5fba076 for > ncacn_ip_tcp:192.168.50.40[49152,sign,abstract_syntax=50abc2a4-574d-40b3-9d66-ee4fd5fba076/0x00000005,localaddress=> 192.168.50.40]> NT_STATUS_LOGON_FAILURE > dic 12 09:14:49 samba4 samba[4881]: task[dnsupdate][4881]: [2018/12/12 > 09:14:49.381385, 0] > ../lib/util/util_runcmd.c:327(samba_runcmd_io_handler) > > I've no modified the smb.conf which is: > > [global] > dns forwarder = 8.8.8.8 > netbios name = SAMBA4 > realm = EXAMPLE.COM > interfaces = lo eth0 > server role = active directory domain controller > workgroup = EXAMPLE > idmap_ldb:use rfc2307 = yes > # Audit settings > full_audit:prefix = %u|%I|%m|%S > full_audit:failure = connect > full_audit:success = mkdir rmdir read pread write pwrite > rename unlink > full_audit:facility = local5 > full_audit:priority = notice > # TLS settings > tls enabled = yes > tls certfile = tls/ldap.example-aid.com/fullchain.pem > tls keyfile = tls/ldap.example-aid.com/privkey.pem > tls cafile > #log auth > log level = 1 auth_audit:3 auth_json_audit:3 > [netlogon] > path = /var/lib/samba/sysvol/example-aid.com/scripts > read only = No > [sysvol] > path = /var/lib/samba/sysvol > read only = No > [lab] > path = /srv/samba/lab > read only = no > vfs objects = full_audit > > I cannot even 'to kinit', I get: > kinit: krb5_get_init_creds: unable to reach any KDC in realm > EXAMPLE.COM > > Please could you help me? > > Thanks in advance... > > > > > > > > Thanks in advance > -- > -- > Sergio Belkin > LPIC-2 Certified - http://www.lpi.org > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba >-- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- -- Sergio Belkin LPIC-2 Certified - http://www.lpi.org