NethServer Version: 7.7.1908
Module: Accounts Provider
Hello everyone!
I have some clients running samba4 as DC on Debian servers. After test Nethserver for a long time, I decide to migrate them to NethServer. To avoid rejoin all stations on domain, I tried to make a “domain takeover”
I started here:
https://wiki.nethserver.org/doku.php?id=howto:add_ns7_samba_domain_controller_to_existing_active_directory#discussion
And after that, I transfer the FSMO to nsdc and demote the old DC. All seems to work well. I have access to user and groups from nethserver UI and users can log in normally.
I am thinking about creating a full wiki on how to do this, but first I need information about these erros. Should I worry about that?
[root@mds01fs01 ~]# fg
/etc/e-smith/events/actions/nethserver-dc-firststart ev
Feb 22 13:13:12 mds01fs01 esmith::event[2059]: Action: /etc/e-smith/events/nethserver-dc-save/S95nethserver-dc-waitstart SUCCESS [265.553123]
Feb 22 13:13:14 mds01fs01 esmith::event[2059]: Log to /var/spool/createldapservice-aBaudk.log
Feb 22 13:13:14 mds01fs01 /sbin/e-smith/db[3530]: /var/lib/nethserver/db/configuration: OLD sssd=service|AdDns||DiscoverDcType|dns|LdapURI||Provider|none|Realm|MEDISOCIAL.LAN|ShellOverrideStatus|disabled|Workgroup|MEDISOCIAL|status|disabled
Feb 22 13:13:14 mds01fs01 /sbin/e-smith/db[3530]: /var/lib/nethserver/db/configuration: NEW sssd=service|AdDns||BindDN|ldapservice@MEDISOCIAL.LAN|DiscoverDcType|dns|LdapURI||Provider|none|Realm|MEDISOCIAL.LAN|ShellOverrideStatus|disabled|Workgroup|MEDISOCIAL|status|disabled
Feb 22 13:13:14 mds01fs01 /sbin/e-smith/db[3530]: /var/lib/nethserver/db/configuration: OLD sssd=service|AdDns||BindDN|ldapservice@MEDISOCIAL.LAN|DiscoverDcType|dns|LdapURI||Provider|none|Realm|MEDISOCIAL.LAN|ShellOverrideStatus|disabled|Workgroup|MEDISOCIAL|status|disabled
Feb 22 13:13:14 mds01fs01 /sbin/e-smith/db[3530]: /var/lib/nethserver/db/configuration: NEW sssd=service|AdDns||BindDN|ldapservice@MEDISOCIAL.LAN|BindPassword|vgH_bOoboyg0rH4j|DiscoverDcType|dns|LdapURI||Provider|none|Realm|MEDISOCIAL.LAN|ShellOverrideStatus|disabled|Workgroup|MEDISOCIAL|status|disabled
Feb 22 13:13:14 mds01fs01 esmith::event[2059]: Action: /etc/e-smith/events/nethserver-dc-save/S96nethserver-dc-createldapservice SUCCESS [2.400734]
Feb 22 13:13:15 mds01fs01 esmith::event[2059]: [NOTICE] The DC host will be set to nsdc-mds01fs01.medisocial.lan
Feb 22 13:13:15 mds01fs01 /sbin/e-smith/db[3535]: /var/lib/nethserver/db/configuration: OLD sssd=service|AdDns||BindDN|ldapservice@MEDISOCIAL.LAN|BindPassword|vgH_bOoboyg0rH4j|DiscoverDcType|dns|LdapURI||Provider|none|Realm|MEDISOCIAL.LAN|ShellOverrideStatus|disabled|Workgroup|MEDISOCIAL|status|disabled
Feb 22 13:13:15 mds01fs01 /sbin/e-smith/db[3535]: /var/lib/nethserver/db/configuration: NEW sssd=service|AdDns|192.168.0.251|BindDN|ldapservice@MEDISOCIAL.LAN|BindPassword|vgH_bOoboyg0rH4j|DiscoverDcType|dns|LdapURI||Provider|none|Realm|MEDISOCIAL.LAN|ShellOverrideStatus|disabled|Workgroup|MEDISOCIAL|status|disabled
Feb 22 13:13:15 mds01fs01 /sbin/e-smith/db[3535]: /var/lib/nethserver/db/configuration: OLD sssd=service|AdDns|192.168.0.251|BindDN|ldapservice@MEDISOCIAL.LAN|BindPassword|vgH_bOoboyg0rH4j|DiscoverDcType|dns|LdapURI||Provider|none|Realm|MEDISOCIAL.LAN|ShellOverrideStatus|disabled|Workgroup|MEDISOCIAL|status|disabled
Feb 22 13:13:15 mds01fs01 /sbin/e-smith/db[3535]: /var/lib/nethserver/db/configuration: NEW sssd=service|AdDns|192.168.0.251|BindDN|ldapservice@MEDISOCIAL.LAN|BindPassword|vgH_bOoboyg0rH4j|DiscoverDcType|ldapuri|LdapURI||Provider|none|Realm|MEDISOCIAL.LAN|ShellOverrideStatus|disabled|Workgroup|MEDISOCIAL|status|disabled
Feb 22 13:13:15 mds01fs01 /sbin/e-smith/db[3535]: /var/lib/nethserver/db/configuration: OLD sssd=service|AdDns|192.168.0.251|BindDN|ldapservice@MEDISOCIAL.LAN|BindPassword|vgH_bOoboyg0rH4j|DiscoverDcType|ldapuri|LdapURI||Provider|none|Realm|MEDISOCIAL.LAN|ShellOverrideStatus|disabled|Workgroup|MEDISOCIAL|status|disabled
Feb 22 13:13:15 mds01fs01 /sbin/e-smith/db[3535]: /var/lib/nethserver/db/configuration: NEW sssd=service|AdDns|192.168.0.251|BindDN|ldapservice@MEDISOCIAL.LAN|BindPassword|vgH_bOoboyg0rH4j|DiscoverDcType|ldapuri|LdapURI|ldaps://nsdc-mds01fs01.medisocial.lan|Provider|none|Realm|MEDISOCIAL.LAN|ShellOverrideStatus|disabled|Workgroup|MEDISOCIAL|status|disabled
Feb 22 13:13:15 mds01fs01 /sbin/e-smith/db[3535]: /var/lib/nethserver/db/configuration: OLD sssd=service|AdDns|192.168.0.251|BindDN|ldapservice@MEDISOCIAL.LAN|BindPassword|vgH_bOoboyg0rH4j|DiscoverDcType|ldapuri|LdapURI|ldaps://nsdc-mds01fs01.medisocial.lan|Provider|none|Realm|MEDISOCIAL.LAN|ShellOverrideStatus|disabled|Workgroup|MEDISOCIAL|status|disabled
Feb 22 13:13:15 mds01fs01 /sbin/e-smith/db[3535]: /var/lib/nethserver/db/configuration: NEW sssd=service|AdDns|192.168.0.251|BindDN|ldapservice@MEDISOCIAL.LAN|BindPassword|vgH_bOoboyg0rH4j|DiscoverDcType|ldapuri|LdapURI|ldaps://nsdc-mds01fs01.medisocial.lan|Provider|ad|Realm|MEDISOCIAL.LAN|ShellOverrideStatus|disabled|Workgroup|MEDISOCIAL|status|disabled
Feb 22 13:13:15 mds01fs01 /sbin/e-smith/db[3535]: /var/lib/nethserver/db/configuration: OLD sssd=service|AdDns|192.168.0.251|BindDN|ldapservice@MEDISOCIAL.LAN|BindPassword|vgH_bOoboyg0rH4j|DiscoverDcType|ldapuri|LdapURI|ldaps://nsdc-mds01fs01.medisocial.lan|Provider|ad|Realm|MEDISOCIAL.LAN|ShellOverrideStatus|disabled|Workgroup|MEDISOCIAL|status|disabled
Feb 22 13:13:15 mds01fs01 /sbin/e-smith/db[3535]: /var/lib/nethserver/db/configuration: NEW sssd=service|AdDns|192.168.0.251|BindDN|ldapservice@MEDISOCIAL.LAN|BindPassword|vgH_bOoboyg0rH4j|DiscoverDcType|ldapuri|LdapURI|ldaps://nsdc-mds01fs01.medisocial.lan|Provider|ad|Realm|MEDISOCIAL.LAN|ShellOverrideStatus|disabled|Workgroup|MEDISOCIAL|status|enabled
Feb 22 13:13:15 mds01fs01 dnsmasq[2822]: exiting on receipt of SIGTERM
Feb 22 13:13:15 mds01fs01 systemd: Stopping DNS caching server....
Feb 22 13:13:15 mds01fs01 systemd: Stopped DNS caching server..
Feb 22 13:13:15 mds01fs01 systemd: Started DNS caching server..
Feb 22 13:13:15 mds01fs01 dnsmasq[3544]: started, version 2.76 cachesize 4000
Feb 22 13:13:15 mds01fs01 dnsmasq[3544]: compile time options: IPv6 GNU-getopt DBus no-i18n IDN DHCP DHCPv6 no-Lua TFTP no-conntrack ipset auth no-DNSSEC loop-detect inotify
Feb 22 13:13:15 mds01fs01 dnsmasq-tftp[3544]: TFTP root is /var/lib/tftpboot
Feb 22 13:13:15 mds01fs01 dnsmasq[3544]: using nameserver 192.168.0.251#53 for domain medisocial.lan
Feb 22 13:13:15 mds01fs01 dnsmasq[3544]: using nameserver 192.168.0.1#53
Feb 22 13:13:15 mds01fs01 dnsmasq[3544]: using nameserver 192.168.0.250#53
Feb 22 13:13:15 mds01fs01 dnsmasq[3544]: read /etc/hosts - 2 addresses
Feb 22 13:13:15 mds01fs01 dbus[734]: [system] Activating via systemd: service name='org.freedesktop.realmd' unit='realmd.service'
Feb 22 13:13:15 mds01fs01 systemd: Starting Realm and Domain Configuration...
Feb 22 13:13:15 mds01fs01 dbus[734]: [system] Successfully activated service 'org.freedesktop.realmd'
Feb 22 13:13:15 mds01fs01 systemd: Started Realm and Domain Configuration.
Feb 22 13:13:15 mds01fs01 realmd: * Resolving: _ldap._tcp.medisocial.lan
Feb 22 13:13:15 mds01fs01 realmd: * Performing LDAP DSE lookup on: 192.168.0.250
Feb 22 13:13:15 mds01fs01 realmd: * Performing LDAP DSE lookup on: 192.168.0.251
Feb 22 13:13:15 mds01fs01 realmd: * Successfully discovered: medisocial.lan
Feb 22 13:13:15 mds01fs01 realmd: * Required files: /usr/sbin/oddjobd, /usr/libexec/oddjob/mkhomedir, /usr/sbin/sssd, /usr/bin/net
Feb 22 13:13:15 mds01fs01 realmd: * LANG=C LOGNAME=root /usr/bin/net -s /var/cache/realmd/realmd-smb-conf.6YYUG0 -U administrator ads join medisocial.lan
Feb 22 13:13:20 mds01fs01 realmd: Enter administrator's password:DNS update failed: NT_STATUS_UNSUCCESSFUL
Feb 22 13:13:20 mds01fs01 realmd:
Feb 22 13:13:20 mds01fs01 realmd: Using short domain name -- MEDISOCIAL
Feb 22 13:13:20 mds01fs01 realmd: Joined 'MDS01FS01' to dns domain 'medisocial.lan'
Feb 22 13:13:20 mds01fs01 realmd: DNS Update for mds01fs01.medisocial.lan failed: ERROR_DNS_UPDATE_FAILED
Feb 22 13:13:20 mds01fs01 realmd: * LANG=C LOGNAME=root /usr/bin/net -s /var/cache/realmd/realmd-smb-conf.6YYUG0 -U administrator ads keytab create
Feb 22 13:13:23 mds01fs01 realmd: Enter administrator's password:
Feb 22 13:13:23 mds01fs01 realmd: * /usr/bin/systemctl enable sssd.service
Feb 22 13:13:23 mds01fs01 realmd: Created symlink from /etc/systemd/system/multi-user.target.wants/sssd.service to /usr/lib/systemd/system/sssd.service.
Feb 22 13:13:23 mds01fs01 systemd: Reloading.
Feb 22 13:13:23 mds01fs01 realmd: * /usr/bin/systemctl restart sssd.service
Feb 22 13:13:23 mds01fs01 systemd: Starting System Security Services Daemon...
Feb 22 13:13:24 mds01fs01 sssd: Starting up
Feb 22 13:13:25 mds01fs01 sssd[be[medisocial.lan]]: Starting up
Feb 22 13:13:25 mds01fs01 sssd[nss]: Starting up
Feb 22 13:13:25 mds01fs01 sssd[pam]: Starting up
Feb 22 13:13:25 mds01fs01 systemd: Started System Security Services Daemon.
Feb 22 13:13:25 mds01fs01 systemd: Reached target User and Group Name Lookups.
Feb 22 13:13:25 mds01fs01 realmd: * /usr/bin/sh -c /usr/sbin/authconfig --update --enablesssd --enablesssdauth --enablemkhomedir --nostart && /usr/bin/systemctl enable oddjobd.service && /usr/bin/systemctl start oddjobd.service
Feb 22 13:13:27 mds01fs01 systemd: Reloading.
Feb 22 13:13:27 mds01fs01 systemd: Reloading.
Feb 22 13:13:27 mds01fs01 systemd: Reloading.
Feb 22 13:13:27 mds01fs01 sssd: ; TSIG error with server: tsig verify failure
Feb 22 13:13:27 mds01fs01 systemd: Started privileged operations for unprivileged applications.
Feb 22 13:13:27 mds01fs01 realmd: * Successfully enrolled machine in realm
Feb 22 13:13:27 mds01fs01 esmith::event[2059]: Password for administrator:
Feb 22 13:13:27 mds01fs01 sssd: ; TSIG error with server: tsig verify failure
Feb 22 13:13:27 mds01fs01 esmith::event[3532]: Event: nethserver-sssd-save
Feb 22 13:13:27 mds01fs01 systemd: Stopping System Security Services Daemon...
Feb 22 13:13:27 mds01fs01 sssd: Failing assertion due to probable leaked memory in context 0x2110010 ("") (stats[16].gets == 1).
Feb 22 13:13:27 mds01fs01 sssd[be[medisocial.lan]]: Shutting down
Feb 22 13:13:27 mds01fs01 sssd[pam]: Shutting down
Feb 22 13:13:27 mds01fs01 sssd: ../../../lib/isc/mem.c:1080: INSIST(ctx->stats[i].gets == 0U) failed, back trace
Feb 22 13:13:27 mds01fs01 sssd: #0 0x7f992e2e51f7 in ??
Feb 22 13:13:27 mds01fs01 sssd: #1 0x7f992e2e514a in ??
Feb 22 13:13:27 mds01fs01 sssd: #2 0x7f992e2f7618 in ??
Feb 22 13:13:27 mds01fs01 sssd: #3 0x7f992e2f7a79 in ??
Feb 22 13:13:27 mds01fs01 sssd: #4 0x7f992e2fa7c8 in ??
Feb 22 13:13:27 mds01fs01 sssd: #5 0x405069 in ??
Feb 22 13:13:27 mds01fs01 sssd: #6 0x7f992c079505 in ??
Feb 22 13:13:27 mds01fs01 sssd: #7 0x40518a in ??
Feb 22 13:13:27 mds01fs01 sssd[nss]: Shutting down
Feb 22 13:13:27 mds01fs01 systemd: Stopped System Security Services Daemon.
Feb 22 13:13:27 mds01fs01 esmith::event[3532]: [NOTICE] wipe out sssd databases and configuration
Feb 22 13:13:27 mds01fs01 esmith::event[3532]: Action: /etc/e-smith/events/nethserver-sssd-save/S01nethserver-sssd-cleanup SUCCESS [0.076573]
Feb 22 13:13:27 mds01fs01 esmith::event[3532]: expanding /etc/krb5.conf
Feb 22 13:13:27 mds01fs01 esmith::event[3532]: expanding /etc/backup-config.d/nethserver-sssd.include
Feb 22 13:13:27 mds01fs01 esmith::event[3532]: expanding /etc/openldap/ldap.conf
Feb 22 13:13:27 mds01fs01 esmith::event[3532]: expanding /etc/samba/smb.conf
Feb 22 13:13:27 mds01fs01 esmith::event[3532]: expanding /etc/sssd/sssd.conf
Feb 22 13:13:27 mds01fs01 esmith::event[3532]: expanding /etc/nethserver/ldappasswd.conf
Feb 22 13:13:27 mds01fs01 esmith::event[3532]: expanding /etc/nethserver/cockpit.allow
Feb 22 13:13:27 mds01fs01 esmith::event[3532]: expanding /etc/pam.d/cockpit
Feb 22 13:13:27 mds01fs01 esmith::event[3532]: expanding /etc/ssh/sshd_config
Feb 22 13:13:27 mds01fs01 esmith::event[3532]: Action: /etc/e-smith/events/actions/generic_template_expand SUCCESS [0.416333]
Feb 22 13:13:28 mds01fs01 esmith::event[3532]: Action: /etc/e-smith/events/nethserver-sssd-save/S20nethserver-sssd-conf SUCCESS [0.144214]
Feb 22 13:13:28 mds01fs01 esmith::event[3532]: Action: /etc/e-smith/events/nethserver-sssd-save/S30nethserver-sssd-initkeytabs SUCCESS [0.577515]
Feb 22 13:13:31 mds01fs01 esmith::event[3532]: Action: /etc/e-smith/events/nethserver-sssd-save/S80nethserver-sssd-notifyclients SUCCESS [3.146888]
Feb 22 13:13:31 mds01fs01 systemd: Reloading.
Feb 22 13:13:31 mds01fs01 systemd: Starting System Security Services Daemon...
Feb 22 13:13:32 mds01fs01 sssd: Starting up
Feb 22 13:13:32 mds01fs01 sssd[be[medisocial.lan]]: Starting up
Feb 22 13:13:33 mds01fs01 sssd[pam]: Starting up
Feb 22 13:13:33 mds01fs01 sssd[nss]: Starting up
Feb 22 13:13:33 mds01fs01 systemd: Started System Security Services Daemon.
Feb 22 13:13:33 mds01fs01 esmith::event[3532]: [INFO] sssd has been started
Feb 22 13:13:33 mds01fs01 systemd: Reloading.
Feb 22 13:13:33 mds01fs01 esmith::event[3532]: [INFO] service sshd restart
Feb 22 13:13:33 mds01fs01 sshd[1024]: Received signal 15; terminating.
Feb 22 13:13:33 mds01fs01 systemd: Stopping OpenSSH server daemon...
Feb 22 13:13:33 mds01fs01 systemd: Stopped OpenSSH server daemon.
Feb 22 13:13:33 mds01fs01 systemd: Starting OpenSSH server daemon...
Feb 22 13:13:33 mds01fs01 sshd[3774]: Server listening on 0.0.0.0 port 22.
Feb 22 13:13:33 mds01fs01 sshd[3774]: Server listening on :: port 22.
Feb 22 13:13:33 mds01fs01 systemd: Started OpenSSH server daemon.
Feb 22 13:13:33 mds01fs01 esmith::event[3532]: Action: /etc/e-smith/events/actions/adjust-services SUCCESS [1.473576]
Feb 22 13:13:33 mds01fs01 esmith::event[3532]: Event: nethserver-sssd-save SUCCESS
Feb 22 13:13:33 mds01fs01 esmith::event[2059]: Action: /etc/e-smith/events/nethserver-dc-save/S96nethserver-dc-join SUCCESS [18.275419]
Feb 22 13:13:33 mds01fs01 sssd: ; TSIG error with server: tsig verify failure
Feb 22 13:13:33 mds01fs01 sssd: ; TSIG error with server: tsig verify failure
Feb 22 13:13:33 mds01fs01 esmith::event[2059]: Password complexity activated!
Feb 22 13:13:33 mds01fs01 esmith::event[2059]: Password history length changed!
Feb 22 13:13:33 mds01fs01 esmith::event[2059]: Minimum password age changed!
Feb 22 13:13:33 mds01fs01 esmith::event[2059]: Maximum password age changed!
Feb 22 13:13:33 mds01fs01 esmith::event[2059]: All changes applied successfully!
Feb 22 13:13:33 mds01fs01 esmith::event[2059]: Action: /etc/e-smith/events/nethserver-dc-save/S97nethserver-dc-password-policy SUCCESS [0.669622]
Feb 22 13:13:34 mds01fs01 sssd: ; TSIG error with server: tsig verify failure
Feb 22 13:13:34 mds01fs01 sssd: ; TSIG error with server: tsig verify failure
Feb 22 13:13:34 mds01fs01 sssd: tkey query failed: GSSAPI error: Major = Unspecified GSS failure. Minor code may provide more information, Minor = Server not found in Kerberos database.
Feb 22 13:13:34 mds01fs01 sssd: tkey query failed: GSSAPI error: Major = Unspecified GSS failure. Minor code may provide more information, Minor = Server not found in Kerberos database.
Feb 22 13:13:34 mds01fs01 sssd: tkey query failed: GSSAPI error: Major = Unspecified GSS failure. Minor code may provide more information, Minor = Server not found in Kerberos database.
Feb 22 13:13:34 mds01fs01 esmith::event[2059]: Action: /etc/e-smith/events/nethserver-dc-save/S97nethserver-dc-set-upn SUCCESS [0.588401]
Feb 22 13:13:35 mds01fs01 esmith::event[2059]: User 'admin' created successfully
Feb 22 13:13:36 mds01fs01 esmith::event[2059]: Added members to group Domain Admins
Feb 22 13:13:37 mds01fs01 esmith::event[2059]: Action: /etc/e-smith/events/nethserver-dc-save/S98nethserver-dc-createadmins SUCCESS [2.600975]
Feb 22 13:13:37 mds01fs01 esmith::event[2059]: Action: /etc/e-smith/events/nethserver-dc-save/S98nethserver-dc-machine-grants SUCCESS [0.357251]
Feb 22 13:13:37 mds01fs01 esmith::event[2059]: Event: nethserver-dc-save SUCCESS
Thanks a lot for your time and information.