Unable to activate active directory domain controller in 7 RC1

Can you check the clock on both “machines”?
On PC and NS?
If is an DNS issue and the the clock isn’t sync, the DC join will fail.
I think I had such situation when I’ve tested on VirtualBox.

You have the same issue like here:

Try out Nethserver 7 beta1

@chuckk didn’t tell us if and how was solved.

@flatspin suggested to "to set the interface to promiscuous mode “allow all” but you already did that.

You made a nice catch: I’ve been snapshotting all day long and the system time of the guest went nuts.
I’m now retrying after using ntpdate, but it’s hung at “57%: adjust-services” for more than ten minutes now… with no messages in /var/log/messages
Edit: just finished, same errors on the web UI and same log.

I have the same error at 57%.
Let me find on forum that post.

OK!
I found it!

Experimenting with Samba Domain Controller

Can you test?

EDIT: and here:

KDC not present in NS7B1

EDIT 2:

After DC join fail, did you try “factory reset” as described here and after that to try again?

Hi Gabriel,
I’ve restarted everything from scratch, following the steps in the post you’ve linked. Same result unfortunately. Just to be verbose:

  • New virtual machine in VirtualBox 5.0.26, Ubuntu 14.04 host with IP address 10.0.0.91, LAN 1 as bridged adapter with promiscuous mode set to Allow All.
  • Installed Nethserver 7rc1 using all defaults but Rome timezone, Italian keyboard, and static IP address 10.0.0.17, netmask 24, gateway 10.0.0.254, hostname set to ntest.nalma.loc (edit: .com was a typo), set a non-default root password, no additional users.
  • Logged in in https://10.0.0.17:980 as root from my PC, applied updates in Software center. For the record, Software center took a long time to display packages, with a page reload helped in between.
  • Edited contact information and self-signed certificate (relogged in after that).
  • Installed Samba AD module, and only that.
  • Reboot.
  • Tried to configured the Samba AD module specifying 10.0.0.13 (free) as DC IP address, checked to create a bridged interface.
  • Failed with the error already posted after several minutes.
  • Without closing the page, with the same settings I’ve tried another go, same result after 15 minutes.
    In past tests, the “factory reset” procedure didn’t help: same result over and over.

I’m starting to feel a little incompetent about that! Please let me know what do you think.

As a side note, I still don’t get why Samba has to be run in a container. Looks very not KISS to me. As said, starting a PDC in vanilla Ubuntu 16.04 or in Zentyal 4.2 takes literally a few minutes (tested joining a Windows XP client), while here I’ve watched one and half episode of Lost (no pun intended) while trying :slight_smile:
The motivation published by Microsoft, recommending that the DC is on a separate host, seems a bit thin to me: even they didn’t follow that in Windows SBS. Sorry if this may sound rude, it isn’t meant to, I’m just a little frustrated, as I’ve not yet started to try anything! :frowning:
Thank you for your help,
Salvo

Hi Salvo,

Please give me a couple of hours to install Ubuntu on my laptop to try to reproduce your situation.

I will give feedback ASAP.

From here:
https://wiki.samba.org/index.php/Setting_up_Samba_as_an_Active_Directory_Domain_Controller

"Using the Domain Controller as a File Server

The Samba Active Directory (AD) domain controller (DC) is able to provide file shares, such as all other installation modes. However, the Samba team does not recommend to use a DC as file server because the DC smbd process has some limitations compared with the service in non-DC setups."

1 Like

Hi Gabriel,
thank you for your response. I’ll search more about the limitations of Samba as a DC ASAP. In my previous test environments they didn’t hit me, but it may be just me.

Meanwhile, I’ve repeated the whole test on my home PC, which has a very similar setup.
Host runs Ubuntu 15.04, IP address is 192.168.1.2, netmask is 24, gateway is 192.168.1.1, under a home router. VirtualBox is 4.3.26, and, repeating the steps in my previous message in the guest, using 192.168.1.20 for NS and 192.168.1.21 for the DC, the DC has been provisioned without errors!

Having checksummed the download on both my home PC and my office PC, and not willing to accept that the difference may be due to the host OS or VirtualBox versions :slight_smile: I guess we can blame the network setup at office?

There we already have production a Windows Server 2003 domain with a primary DC (which is of course a DNS server, and has DHCP enabled) and two secondary DCs, the whole network is behind a firewall, but my PC is allowed to pass through for outgoing traffic, just like at home, and there is a running Zentyal 4.2 test server acting as PDC for a test domain (which is a DNS server, and has DHCP disabled).

Thanks,
Salvo

1 Like

I think that was the problem!
You have already a DC on your network and maybe has the same FQDN.

Enjoy now with NS 7RC!

PS:

  • You can mark the post as “solved” (your answer from above).
  • You gave me free time to solve other problems. Thank you!:smiley:

No, it has not the same FQDN unfortunately. They couldn’t be more different :slight_smile:

16 posts were split to a new topic: I still don’t get why Samba has to be run in a container

Besides the domain name, is a problem for Nethserver if there is a DC in the same network even if the domain is totally different? If it is, I’m afraid Nethserver could not be the right choice for me, since I cannot turn of the existing production domain at once, but the migration to a new system would take some time.

I am using two PDCs, one is NS7RC1, in the same network, with different domain names, without issues.

1 Like

Gabriel, I’m so stubborn that tomorrow I’ll carry my home desktop PC at office to try from scratch in that network :slight_smile:

3 Likes

Hello everybody,
I’ve carried my home PC at office, deleted the virtual machine that worked at home, and did a new installation from scratch. Same error here, so I think we can definitely blame the network setup (see my previous messages).
Please let me know what other tests I can do in order to understand what’s going wrong.
Thanks,
Salvo

3 Likes

Could you attach the container journal? The output of

journalctl -M nsdc
1 Like

Here it is. Thanks!

-- Logs begin at Mon 2016-11-07 09:28:54 CET, end at Mon 2016-11-07 09:49:56 CET. -- Nov 07 09:28:54 nsdc-ntest.nalma.loc systemd-journal[13]: Runtime journal is using 8.0M (max allowed 92.0M, trying to leave 138.0M free of 912.0M available → current limit 92.0M). Nov 07 09:28:54 nsdc-ntest.nalma.loc systemd-journal[13]: Permanent journal is using 8.0M (max allowed 4.0G, trying to leave 4.0G free of 44.9G available → current limit 4.0G). Nov 07 09:28:54 nsdc-ntest.nalma.loc systemd-journal[13]: Time spent on flushing to /var is 349us for 2 entries. Nov 07 09:28:54 nsdc-ntest.nalma.loc systemd-journal[13]: Journal started Nov 07 09:28:54 nsdc-ntest.nalma.loc systemd[1]: Starting Flush Journal to Persistent Storage... Nov 07 09:28:54 nsdc-ntest.nalma.loc systemd[1]: Started Rebuild Hardware Database. Nov 07 09:28:54 nsdc-ntest.nalma.loc systemd[1]: Started udev Coldplug all Devices. Nov 07 09:28:54 nsdc-ntest.nalma.loc systemd[1]: Starting Update is Completed... Nov 07 09:28:54 nsdc-ntest.nalma.loc systemd[1]: Started Update is Completed. Nov 07 09:28:54 nsdc-ntest.nalma.loc systemd[1]: Started Flush Journal to Persistent Storage. Nov 07 09:28:54 nsdc-ntest.nalma.loc systemd[1]: Starting Create Volatile Files and Directories... Nov 07 09:28:54 nsdc-ntest.nalma.loc systemd[1]: Started Create Volatile Files and Directories. Nov 07 09:28:54 nsdc-ntest.nalma.loc systemd[1]: Starting Update UTMP about System Boot/Shutdown... Nov 07 09:28:54 nsdc-ntest.nalma.loc systemd[1]: Started Update UTMP about System Boot/Shutdown. Nov 07 09:28:54 nsdc-ntest.nalma.loc systemd[1]: Reached target System Initialization. Nov 07 09:28:54 nsdc-ntest.nalma.loc systemd[1]: Starting System Initialization. Nov 07 09:28:54 nsdc-ntest.nalma.loc systemd[1]: Listening on D-Bus System Message Bus Socket. Nov 07 09:28:54 nsdc-ntest.nalma.loc systemd[1]: Reached target Basic System. Nov 07 09:28:54 nsdc-ntest.nalma.loc systemd[1]: Starting Basic System. Nov 07 09:28:54 nsdc-ntest.nalma.loc systemd[1]: Starting Domain controller provisioning... Nov 07 09:28:54 nsdc-ntest.nalma.loc systemd[1]: Starting Permit User Sessions... Nov 07 09:28:54 nsdc-ntest.nalma.loc systemd[1]: Started D-Bus System Message Bus. Nov 07 09:28:54 nsdc-ntest.nalma.loc systemd[1]: Starting D-Bus System Message Bus... Nov 07 09:28:54 nsdc-ntest.nalma.loc systemd[1]: Starting Network Service... Nov 07 09:28:54 nsdc-ntest.nalma.loc systemd[1]: Starting Login Service... Nov 07 09:28:54 nsdc-ntest.nalma.loc systemd[1]: Started Daily Cleanup of Temporary Directories. Nov 07 09:28:54 nsdc-ntest.nalma.loc systemd[1]: Starting Daily Cleanup of Temporary Directories. Nov 07 09:28:54 nsdc-ntest.nalma.loc systemd[1]: Reached target Timers. Nov 07 09:28:54 nsdc-ntest.nalma.loc systemd[1]: Starting Timers. Nov 07 09:28:54 nsdc-ntest.nalma.loc systemd[1]: Started Permit User Sessions. Nov 07 09:28:54 nsdc-ntest.nalma.loc systemd[1]: Started Getty on tty1. Nov 07 09:28:54 nsdc-ntest.nalma.loc systemd[1]: Started Console Getty. Nov 07 09:28:54 nsdc-ntest.nalma.loc systemd[1]: Starting Console Getty... Nov 07 09:28:54 nsdc-ntest.nalma.loc systemd[1]: Reached target Login Prompts. Nov 07 09:28:54 nsdc-ntest.nalma.loc systemd[1]: Starting Login Prompts. Nov 07 09:28:54 nsdc-ntest.nalma.loc systemd-networkd[25]: host0 : Cannot configure IPv4 forwarding for interface host0: Read-only file system Nov 07 09:28:54 nsdc-ntest.nalma.loc systemd-networkd[25]: host0 : Cannot configure IPv6 forwarding for interface: Read-only file system Nov 07 09:28:54 nsdc-ntest.nalma.loc systemd-networkd[25]: Enumeration completed Nov 07 09:28:54 nsdc-ntest.nalma.loc systemd-networkd[25]: host0 : link configured Nov 07 09:28:54 nsdc-ntest.nalma.loc systemd[1]: Started Network Service. Nov 07 09:28:54 nsdc-ntest.nalma.loc systemd[1]: Reached target Network. Nov 07 09:28:54 nsdc-ntest.nalma.loc systemd[1]: Starting Network. Nov 07 09:28:54 nsdc-ntest.nalma.loc systemd[1]: Started Login Service. Nov 07 09:28:54 nsdc-ntest.nalma.loc systemd-logind[26]: New seat seat0. Nov 07 09:28:54 nsdc-ntest.nalma.loc systemd-networkd[25]: host0 : gained carrier Nov 07 09:28:54 nsdc-ntest.nalma.loc samba-tool[22]: Looking up IPv4 addresses Nov 07 09:28:54 nsdc-ntest.nalma.loc samba-tool[22]: Looking up IPv6 addresses Nov 07 09:28:54 nsdc-ntest.nalma.loc samba-tool[22]: No IPv6 address will be assigned Nov 07 09:28:54 nsdc-ntest.nalma.loc samba-tool[22]: Setting up share.ldb Nov 07 09:28:54 nsdc-ntest.nalma.loc samba-tool[22]: Setting up secrets.ldb Nov 07 09:28:55 nsdc-ntest.nalma.loc samba-tool[22]: Setting up the registry Nov 07 09:28:55 nsdc-ntest.nalma.loc samba-tool[22]: Setting up the privileges database Nov 07 09:28:55 nsdc-ntest.nalma.loc samba-tool[22]: Setting up idmap db Nov 07 09:28:55 nsdc-ntest.nalma.loc samba-tool[22]: Setting up SAM db Nov 07 09:28:55 nsdc-ntest.nalma.loc samba-tool[22]: Setting up sam.ldb partitions and settings Nov 07 09:28:55 nsdc-ntest.nalma.loc samba-tool[22]: Setting up sam.ldb rootDSE Nov 07 09:28:55 nsdc-ntest.nalma.loc samba-tool[22]: Pre-loading the Samba 4 and AD schema Nov 07 09:28:55 nsdc-ntest.nalma.loc samba-tool[22]: Adding DomainDN: DC=nalma,DC=loc Nov 07 09:28:55 nsdc-ntest.nalma.loc samba-tool[22]: Adding configuration container Nov 07 09:28:55 nsdc-ntest.nalma.loc samba-tool[22]: Setting up sam.ldb schema Nov 07 09:28:56 nsdc-ntest.nalma.loc samba-tool[22]: Setting up sam.ldb configuration data Nov 07 09:28:57 nsdc-ntest.nalma.loc samba-tool[22]: Setting up display specifiers Nov 07 09:28:58 nsdc-ntest.nalma.loc samba-tool[22]: Modifying display specifiers Nov 07 09:28:58 nsdc-ntest.nalma.loc samba-tool[22]: Adding users container Nov 07 09:28:58 nsdc-ntest.nalma.loc samba-tool[22]: Modifying users container Nov 07 09:28:58 nsdc-ntest.nalma.loc samba-tool[22]: Adding computers container Nov 07 09:28:58 nsdc-ntest.nalma.loc samba-tool[22]: Modifying computers container Nov 07 09:28:58 nsdc-ntest.nalma.loc samba-tool[22]: Setting up sam.ldb data Nov 07 09:28:58 nsdc-ntest.nalma.loc samba-tool[22]: Setting up well known security principals Nov 07 09:28:58 nsdc-ntest.nalma.loc samba-tool[22]: Setting up sam.ldb users and groups Nov 07 09:28:58 nsdc-ntest.nalma.loc samba-tool[22]: Setting up self join Nov 07 09:28:59 nsdc-ntest.nalma.loc samba-tool[22]: Adding DNS accounts Nov 07 09:28:59 nsdc-ntest.nalma.loc samba-tool[22]: Creating CN=MicrosoftDNS,CN=System,DC=nalma,DC=loc Nov 07 09:29:00 nsdc-ntest.nalma.loc samba-tool[22]: Creating DomainDnsZones and ForestDnsZones partitions Nov 07 09:29:00 nsdc-ntest.nalma.loc samba-tool[22]: Populating DomainDnsZones and ForestDnsZones partitions Nov 07 09:29:02 nsdc-ntest.nalma.loc samba-tool[22]: Setting up sam.ldb rootDSE marking as synchronized Nov 07 09:29:02 nsdc-ntest.nalma.loc samba-tool[22]: Fixing provision GUIDs Nov 07 09:29:02 nsdc-ntest.nalma.loc samba-tool[22]: A Kerberos configuration suitable for Samba 4 has been generated at /var/lib/samba/private/krb5.conf Nov 07 09:29:02 nsdc-ntest.nalma.loc samba-tool[22]: Once the above files are installed, your Samba4 server will be ready to use Nov 07 09:29:02 nsdc-ntest.nalma.loc samba-tool[22]: Server Role: active directory domain controller Nov 07 09:29:02 nsdc-ntest.nalma.loc samba-tool[22]: Hostname: nsdc-ntest Nov 07 09:29:02 nsdc-ntest.nalma.loc samba-tool[22]: NetBIOS Domain: NALMA Nov 07 09:29:02 nsdc-ntest.nalma.loc samba-tool[22]: DNS Domain: nalma.loc Nov 07 09:29:02 nsdc-ntest.nalma.loc samba-tool[22]: DOMAIN SID: S-1-5-21-805887485-4195957193-4256198718 Nov 07 09:29:02 nsdc-ntest.nalma.loc cp[33]: '/var/lib/samba/private/krb5.conf' -> '/etc/krb5.conf' Nov 07 09:29:02 nsdc-ntest.nalma.loc systemd[1]: Started Domain controller provisioning. Nov 07 09:29:02 nsdc-ntest.nalma.loc systemd[1]: Started Samba domain controller daemon. Nov 07 09:29:02 nsdc-ntest.nalma.loc systemd[1]: Starting Samba domain controller daemon... Nov 07 09:29:02 nsdc-ntest.nalma.loc systemd[1]: Reached target Multi-User System. Nov 07 09:29:02 nsdc-ntest.nalma.loc systemd[1]: Starting Multi-User System. Nov 07 09:29:02 nsdc-ntest.nalma.loc systemd[1]: Reached target Graphical Interface. Nov 07 09:29:02 nsdc-ntest.nalma.loc systemd[1]: Starting Graphical Interface. Nov 07 09:29:02 nsdc-ntest.nalma.loc systemd[1]: Starting Update UTMP about System Runlevel Changes... Nov 07 09:29:02 nsdc-ntest.nalma.loc systemd[1]: Started Stop Read-Ahead Data Collection 10s After Completed Startup. Nov 07 09:29:02 nsdc-ntest.nalma.loc systemd[1]: Started Update UTMP about System Runlevel Changes. Nov 07 09:29:02 nsdc-ntest.nalma.loc systemd[1]: Startup finished in 8.434s. Nov 07 09:29:02 nsdc-ntest.nalma.loc samba[35]: samba version 4.4.5 started. Nov 07 09:29:02 nsdc-ntest.nalma.loc samba[35]: Copyright Andrew Tridgell and the Samba Team 1992-2016 Nov 07 09:29:02 nsdc-ntest.nalma.loc samba[35]: samba: using 'standard' process model Nov 07 09:29:02 nsdc-ntest.nalma.loc samba[35]: Attempting to autogenerate TLS self-signed keys for https for hostname 'NSDC-NTEST.nalma.loc' Nov 07 09:29:02 nsdc-ntest.nalma.loc winbindd[50]: [2016/11/07 09:29:02.641690, 0] ../source3/winbindd/winbindd_cache.c:3245(initialize_winbindd_cache) Nov 07 09:29:02 nsdc-ntest.nalma.loc winbindd[50]: initialize_winbindd_cache: clearing cache and re-creating with version number 2 Nov 07 09:29:02 nsdc-ntest.nalma.loc winbindd[50]: [2016/11/07 09:29:02.983376, 0] ../lib/util/become_daemon.c:124(daemon_ready) Nov 07 09:29:02 nsdc-ntest.nalma.loc winbindd[50]: STATUS=daemon 'winbindd' finished starting up and ready to serve connections Nov 07 09:29:03 nsdc-ntest.nalma.loc smbd[39]: [2016/11/07 09:29:03.225254, 0] ../lib/util/become_daemon.c:124(daemon_ready) Nov 07 09:29:03 nsdc-ntest.nalma.loc smbd[39]: STATUS=daemon 'smbd' finished starting up and ready to serve connections Nov 07 09:29:04 nsdc-ntest.nalma.loc samba[35]: TLS self-signed keys generated OK Nov 07 09:39:14 nsdc-ntest.nalma.loc systemd[1]: Starting Cleanup of Temporary Directories... Nov 07 09:39:14 nsdc-ntest.nalma.loc systemd[1]: Started Cleanup of Temporary Directories. Nov 07 09:49:56 nsdc-ntest.nalma.loc systemd[1]: Started /usr/bin/samba-tool domain passwordsettings set --min-pwd-age=0 --max-pwd-age=0 --complexity=on --history-length=default. Nov 07 09:49:56 nsdc-ntest.nalma.loc systemd[1]: Starting /usr/bin/samba-tool domain passwordsettings set --min-pwd-age=0 --max-pwd-age=0 --complexity=on --history-length=default...

1 Like

The domain provisioning seems normal. But from the previous log trace I see a missing response from DNS. Could it be a networking/routing problem? What is the LAN network?

Can you share here the output of

db networks show

br0=bridge gateway=10.0.0.254 ipaddr=10.0.0.17 netmask=255.255.255.0 role=green enp0s17=ethernet bridge=br0 role=bridged ppp0=xdsl-disabled AuthType=auto Password= name=PPPoE provider=xDSL provider role=red user=

Before starting the DC it was enp0s17 that was configured as static 10.0.0.17. Thanks.

I would test a couple of things.

Is the container reachable from the machine host?
Try with ping:

ping 10.0.0.13 -c3

Does the container reply to DNS request?

host -t SRV _ldap._tcp.`config get DomainName`

You should have a reply like this:

_ldap._tcp.neth.eu has SRV record 0 100 389 nsdc-<fqdn>.
1 Like