Jim's picture

I have created a primary AD DC, and that install went fine.

Proxmox v72-7

CT template 16.1-2

Both containers we created priveldged/nested.

 

Primary samba-ad-dc.service status shows:

Aug 31 13:29:48 dc1 samba[207]: root process[207]:   Copyright Andrew Tridgell and the Samba Team 1992-2018
Aug 31 13:29:48 dc1 samba[207]: root process[207]: [2022/08/31 13:29:48.779541,  0] ../source4/smbd/server.c:773(binary_smbd_main)
Aug 31 13:29:48 dc1 samba[207]: root process[207]:   binary_smbd_main: samba: using 'standard' process model
Aug 31 13:29:49 dc1 winbindd[276]: [2022/08/31 13:29:49.302504,  0] ../source3/winbindd/winbindd_cache.c:3160(initialize_winbindd_cache)
Aug 31 13:29:49 dc1 winbindd[276]:   initialize_winbindd_cache: clearing cache and re-creating with version number 2
Aug 31 13:29:49 dc1 systemd[1]: Started Samba AD Daemon.
Aug 31 13:29:49 dc1 winbindd[276]: [2022/08/31 13:29:49.316430,  0] ../lib/util/become_daemon.c:138(daemon_ready)
Aug 31 13:29:49 dc1 winbindd[276]:   daemon_ready: STATUS=daemon 'winbindd' finished starting up and ready to serve connections
Aug 31 13:29:49 dc1 smbd[277]: [2022/08/31 13:29:49.331366,  0] ../lib/util/become_daemon.c:138(daemon_ready)
Aug 31 13:29:49 dc1 smbd[277]:   daemon_ready: STATUS=daemon 'smbd' finished starting up and ready to serve connections

 

krb5.conf:

[libdefaults]
        default_realm = CARROTNET.LAN
        dns_lookup_realm = false
        dns_lookup_kdc = true

smb.conf:

# Global parameters
[global]
        dns forwarder = 8.8.8.8
        interfaces = 127.0.0.1 192.168.40.10
        netbios name = DC1
        realm = CARROTNET.LAN
        server role = active directory domain controller
        workgroup = CARROTNET
        idmap_ldb:use rfc2307 = yes

[netlogon]
        path = /var/lib/samba/sysvol/carrotnet.lan/scripts
        read only = No

[sysvol]
        path = /var/lib/samba/sysvol
        read only = No

 

Secondary DC status shows this:

Aug 31 19:38:59 dc2 samba[1992]: root process[1992]:   binary_smbd_main: samba: using 'standard' process model
Aug 31 19:38:59 dc2 winbindd[2008]: [2022/08/31 19:38:59.898138,  0] ../source3/winbindd/winbindd_cache.c:3160(initialize_winbindd_cache)
Aug 31 19:38:59 dc2 winbindd[2008]:   initialize_winbindd_cache: clearing cache and re-creating with version number 2
Aug 31 19:38:59 dc2 systemd[1]: Started Samba AD Daemon.
Aug 31 19:38:59 dc2 winbindd[2008]: [2022/08/31 19:38:59.905476,  0] ../lib/util/become_daemon.c:138(daemon_ready)
Aug 31 19:38:59 dc2 winbindd[2008]:   daemon_ready: STATUS=daemon 'winbindd' finished starting up and ready to serve connections
Aug 31 19:39:00 dc2 smbd[2012]: [2022/08/31 19:39:00.062399,  0] ../lib/util/become_daemon.c:138(daemon_ready)
Aug 31 19:39:00 dc2 smbd[2012]:   daemon_ready: STATUS=daemon 'smbd' finished starting up and ready to serve connections
Aug 31 19:39:00 dc2 samba[2004]: task[dnsupdate][2004]: [2022/08/31 19:39:00.430731,  0] ../source4/dsdb/dns/dns_update.c:330(dnsupdate_nameupdate_done)
Aug 31 19:39:00 dc2 samba[2004]: task[dnsupdate][2004]:   ../source4/dsdb/dns/dns_update.c:330: Failed DNS update - with error code 26

 

krb5.conf:

[libdefaults]
        default_realm = CARROTNET.LAN
        dns_lookup_realm = false
        dns_lookup_kdc = true

[realms]
CARROTNET.LAN = {
        default_domain = carrotnet.lan
}

[domain_realm]
        dc2 = CARROTNET.LAN

 

smb.conf:

# Global parameters
[global]
        dns forwarder = 8.8.8.8
        interfaces = 127.0.0.1 192.168.40.11
        netbios name = DC2
        realm = CARROTNET.LAN
        server role = active directory domain controller
        workgroup = CARROTNET
        'idmap_ldb:use rfc2307  = yes'

[netlogon]
        path = /var/lib/samba/sysvol/carrotnet.lan/scripts
        read only = No

[sysvol]
        path = /var/lib/samba/sysvol
        read only = No

 

I don't know enough to fix this.  What is error 26 and how do I make this play nicely?

 

 

Forum: 
Jeremy Davis's picture

TBH I'm no Samba expert and am not really confident diagnosing and/or resolving Samba issues...

After searching online, the only relevant looking info that I could find was on the Samba mailing list. It suggests adding the line:

dns update command = /usr/local/samba/sbin/samba_dnsupdate --use-samba-tool

to your /etc/samba/smb.cnf file. I would assume that you'd need to restart Samba after that too.

It's quite an old post so I'm not even sure that it's relevant, let alone a fix, but hopefully...

If not, then your best bet would be to post on the general Samba mailing list yourself (be sure to check the etiquette page to ensure that you're doing it right). Please feel free to cross post a link here to your post so we can follow along.

Either way, please do post back with any further info (e.g. whether that helped, or not).

Jim's picture

I didn't do anything to fix this problem but the status shows ok now on both DC1 and DC2.

A series of restarting the containers maybe got both DCs talking?  Not really sure.

Jeremy Davis's picture

Strange!? But don't fight it! :)

My guess is that for some reason it was having troubles updating DNS entries. But for whatever reason, it's working now. So that's a win I guess?!

I do hate it when stuff like that happens (i.e. a weird error, that goes away for no apparent reason). It suggests that there may be some sort of intermittent bug and/or perhaps a race condition somewhere. But now that it's working, it's almost impossible to diagnose where it might be (you can only find a bug when it's actually causing issues).

So I recommend keeping an eye out for similar issues in the future, just in case. But if all looks good, then I'd run with that. Good luck with it.

Add new comment