Unable to activate active directory domain controller in 7 RC1

Hi Gabriel,
thank you for your response. I’ll search more about the limitations of Samba as a DC ASAP. In my previous test environments they didn’t hit me, but it may be just me.

Meanwhile, I’ve repeated the whole test on my home PC, which has a very similar setup.
Host runs Ubuntu 15.04, IP address is 192.168.1.2, netmask is 24, gateway is 192.168.1.1, under a home router. VirtualBox is 4.3.26, and, repeating the steps in my previous message in the guest, using 192.168.1.20 for NS and 192.168.1.21 for the DC, the DC has been provisioned without errors!

Having checksummed the download on both my home PC and my office PC, and not willing to accept that the difference may be due to the host OS or VirtualBox versions :slight_smile: I guess we can blame the network setup at office?

There we already have production a Windows Server 2003 domain with a primary DC (which is of course a DNS server, and has DHCP enabled) and two secondary DCs, the whole network is behind a firewall, but my PC is allowed to pass through for outgoing traffic, just like at home, and there is a running Zentyal 4.2 test server acting as PDC for a test domain (which is a DNS server, and has DHCP disabled).

Thanks,
Salvo

1 Like

I think that was the problem!
You have already a DC on your network and maybe has the same FQDN.

Enjoy now with NS 7RC!

PS:

  • You can mark the post as “solved” (your answer from above).
  • You gave me free time to solve other problems. Thank you!:smiley:

No, it has not the same FQDN unfortunately. They couldn’t be more different :slight_smile:

16 posts were split to a new topic: I still don’t get why Samba has to be run in a container

Besides the domain name, is a problem for Nethserver if there is a DC in the same network even if the domain is totally different? If it is, I’m afraid Nethserver could not be the right choice for me, since I cannot turn of the existing production domain at once, but the migration to a new system would take some time.

I am using two PDCs, one is NS7RC1, in the same network, with different domain names, without issues.

1 Like

Gabriel, I’m so stubborn that tomorrow I’ll carry my home desktop PC at office to try from scratch in that network :slight_smile:

3 Likes

Hello everybody,
I’ve carried my home PC at office, deleted the virtual machine that worked at home, and did a new installation from scratch. Same error here, so I think we can definitely blame the network setup (see my previous messages).
Please let me know what other tests I can do in order to understand what’s going wrong.
Thanks,
Salvo

3 Likes

Could you attach the container journal? The output of

journalctl -M nsdc
1 Like

Here it is. Thanks!

-- Logs begin at Mon 2016-11-07 09:28:54 CET, end at Mon 2016-11-07 09:49:56 CET. -- Nov 07 09:28:54 nsdc-ntest.nalma.loc systemd-journal[13]: Runtime journal is using 8.0M (max allowed 92.0M, trying to leave 138.0M free of 912.0M available → current limit 92.0M). Nov 07 09:28:54 nsdc-ntest.nalma.loc systemd-journal[13]: Permanent journal is using 8.0M (max allowed 4.0G, trying to leave 4.0G free of 44.9G available → current limit 4.0G). Nov 07 09:28:54 nsdc-ntest.nalma.loc systemd-journal[13]: Time spent on flushing to /var is 349us for 2 entries. Nov 07 09:28:54 nsdc-ntest.nalma.loc systemd-journal[13]: Journal started Nov 07 09:28:54 nsdc-ntest.nalma.loc systemd[1]: Starting Flush Journal to Persistent Storage... Nov 07 09:28:54 nsdc-ntest.nalma.loc systemd[1]: Started Rebuild Hardware Database. Nov 07 09:28:54 nsdc-ntest.nalma.loc systemd[1]: Started udev Coldplug all Devices. Nov 07 09:28:54 nsdc-ntest.nalma.loc systemd[1]: Starting Update is Completed... Nov 07 09:28:54 nsdc-ntest.nalma.loc systemd[1]: Started Update is Completed. Nov 07 09:28:54 nsdc-ntest.nalma.loc systemd[1]: Started Flush Journal to Persistent Storage. Nov 07 09:28:54 nsdc-ntest.nalma.loc systemd[1]: Starting Create Volatile Files and Directories... Nov 07 09:28:54 nsdc-ntest.nalma.loc systemd[1]: Started Create Volatile Files and Directories. Nov 07 09:28:54 nsdc-ntest.nalma.loc systemd[1]: Starting Update UTMP about System Boot/Shutdown... Nov 07 09:28:54 nsdc-ntest.nalma.loc systemd[1]: Started Update UTMP about System Boot/Shutdown. Nov 07 09:28:54 nsdc-ntest.nalma.loc systemd[1]: Reached target System Initialization. Nov 07 09:28:54 nsdc-ntest.nalma.loc systemd[1]: Starting System Initialization. Nov 07 09:28:54 nsdc-ntest.nalma.loc systemd[1]: Listening on D-Bus System Message Bus Socket. Nov 07 09:28:54 nsdc-ntest.nalma.loc systemd[1]: Reached target Basic System. Nov 07 09:28:54 nsdc-ntest.nalma.loc systemd[1]: Starting Basic System. Nov 07 09:28:54 nsdc-ntest.nalma.loc systemd[1]: Starting Domain controller provisioning... Nov 07 09:28:54 nsdc-ntest.nalma.loc systemd[1]: Starting Permit User Sessions... Nov 07 09:28:54 nsdc-ntest.nalma.loc systemd[1]: Started D-Bus System Message Bus. Nov 07 09:28:54 nsdc-ntest.nalma.loc systemd[1]: Starting D-Bus System Message Bus... Nov 07 09:28:54 nsdc-ntest.nalma.loc systemd[1]: Starting Network Service... Nov 07 09:28:54 nsdc-ntest.nalma.loc systemd[1]: Starting Login Service... Nov 07 09:28:54 nsdc-ntest.nalma.loc systemd[1]: Started Daily Cleanup of Temporary Directories. Nov 07 09:28:54 nsdc-ntest.nalma.loc systemd[1]: Starting Daily Cleanup of Temporary Directories. Nov 07 09:28:54 nsdc-ntest.nalma.loc systemd[1]: Reached target Timers. Nov 07 09:28:54 nsdc-ntest.nalma.loc systemd[1]: Starting Timers. Nov 07 09:28:54 nsdc-ntest.nalma.loc systemd[1]: Started Permit User Sessions. Nov 07 09:28:54 nsdc-ntest.nalma.loc systemd[1]: Started Getty on tty1. Nov 07 09:28:54 nsdc-ntest.nalma.loc systemd[1]: Started Console Getty. Nov 07 09:28:54 nsdc-ntest.nalma.loc systemd[1]: Starting Console Getty... Nov 07 09:28:54 nsdc-ntest.nalma.loc systemd[1]: Reached target Login Prompts. Nov 07 09:28:54 nsdc-ntest.nalma.loc systemd[1]: Starting Login Prompts. Nov 07 09:28:54 nsdc-ntest.nalma.loc systemd-networkd[25]: host0 : Cannot configure IPv4 forwarding for interface host0: Read-only file system Nov 07 09:28:54 nsdc-ntest.nalma.loc systemd-networkd[25]: host0 : Cannot configure IPv6 forwarding for interface: Read-only file system Nov 07 09:28:54 nsdc-ntest.nalma.loc systemd-networkd[25]: Enumeration completed Nov 07 09:28:54 nsdc-ntest.nalma.loc systemd-networkd[25]: host0 : link configured Nov 07 09:28:54 nsdc-ntest.nalma.loc systemd[1]: Started Network Service. Nov 07 09:28:54 nsdc-ntest.nalma.loc systemd[1]: Reached target Network. Nov 07 09:28:54 nsdc-ntest.nalma.loc systemd[1]: Starting Network. Nov 07 09:28:54 nsdc-ntest.nalma.loc systemd[1]: Started Login Service. Nov 07 09:28:54 nsdc-ntest.nalma.loc systemd-logind[26]: New seat seat0. Nov 07 09:28:54 nsdc-ntest.nalma.loc systemd-networkd[25]: host0 : gained carrier Nov 07 09:28:54 nsdc-ntest.nalma.loc samba-tool[22]: Looking up IPv4 addresses Nov 07 09:28:54 nsdc-ntest.nalma.loc samba-tool[22]: Looking up IPv6 addresses Nov 07 09:28:54 nsdc-ntest.nalma.loc samba-tool[22]: No IPv6 address will be assigned Nov 07 09:28:54 nsdc-ntest.nalma.loc samba-tool[22]: Setting up share.ldb Nov 07 09:28:54 nsdc-ntest.nalma.loc samba-tool[22]: Setting up secrets.ldb Nov 07 09:28:55 nsdc-ntest.nalma.loc samba-tool[22]: Setting up the registry Nov 07 09:28:55 nsdc-ntest.nalma.loc samba-tool[22]: Setting up the privileges database Nov 07 09:28:55 nsdc-ntest.nalma.loc samba-tool[22]: Setting up idmap db Nov 07 09:28:55 nsdc-ntest.nalma.loc samba-tool[22]: Setting up SAM db Nov 07 09:28:55 nsdc-ntest.nalma.loc samba-tool[22]: Setting up sam.ldb partitions and settings Nov 07 09:28:55 nsdc-ntest.nalma.loc samba-tool[22]: Setting up sam.ldb rootDSE Nov 07 09:28:55 nsdc-ntest.nalma.loc samba-tool[22]: Pre-loading the Samba 4 and AD schema Nov 07 09:28:55 nsdc-ntest.nalma.loc samba-tool[22]: Adding DomainDN: DC=nalma,DC=loc Nov 07 09:28:55 nsdc-ntest.nalma.loc samba-tool[22]: Adding configuration container Nov 07 09:28:55 nsdc-ntest.nalma.loc samba-tool[22]: Setting up sam.ldb schema Nov 07 09:28:56 nsdc-ntest.nalma.loc samba-tool[22]: Setting up sam.ldb configuration data Nov 07 09:28:57 nsdc-ntest.nalma.loc samba-tool[22]: Setting up display specifiers Nov 07 09:28:58 nsdc-ntest.nalma.loc samba-tool[22]: Modifying display specifiers Nov 07 09:28:58 nsdc-ntest.nalma.loc samba-tool[22]: Adding users container Nov 07 09:28:58 nsdc-ntest.nalma.loc samba-tool[22]: Modifying users container Nov 07 09:28:58 nsdc-ntest.nalma.loc samba-tool[22]: Adding computers container Nov 07 09:28:58 nsdc-ntest.nalma.loc samba-tool[22]: Modifying computers container Nov 07 09:28:58 nsdc-ntest.nalma.loc samba-tool[22]: Setting up sam.ldb data Nov 07 09:28:58 nsdc-ntest.nalma.loc samba-tool[22]: Setting up well known security principals Nov 07 09:28:58 nsdc-ntest.nalma.loc samba-tool[22]: Setting up sam.ldb users and groups Nov 07 09:28:58 nsdc-ntest.nalma.loc samba-tool[22]: Setting up self join Nov 07 09:28:59 nsdc-ntest.nalma.loc samba-tool[22]: Adding DNS accounts Nov 07 09:28:59 nsdc-ntest.nalma.loc samba-tool[22]: Creating CN=MicrosoftDNS,CN=System,DC=nalma,DC=loc Nov 07 09:29:00 nsdc-ntest.nalma.loc samba-tool[22]: Creating DomainDnsZones and ForestDnsZones partitions Nov 07 09:29:00 nsdc-ntest.nalma.loc samba-tool[22]: Populating DomainDnsZones and ForestDnsZones partitions Nov 07 09:29:02 nsdc-ntest.nalma.loc samba-tool[22]: Setting up sam.ldb rootDSE marking as synchronized Nov 07 09:29:02 nsdc-ntest.nalma.loc samba-tool[22]: Fixing provision GUIDs Nov 07 09:29:02 nsdc-ntest.nalma.loc samba-tool[22]: A Kerberos configuration suitable for Samba 4 has been generated at /var/lib/samba/private/krb5.conf Nov 07 09:29:02 nsdc-ntest.nalma.loc samba-tool[22]: Once the above files are installed, your Samba4 server will be ready to use Nov 07 09:29:02 nsdc-ntest.nalma.loc samba-tool[22]: Server Role: active directory domain controller Nov 07 09:29:02 nsdc-ntest.nalma.loc samba-tool[22]: Hostname: nsdc-ntest Nov 07 09:29:02 nsdc-ntest.nalma.loc samba-tool[22]: NetBIOS Domain: NALMA Nov 07 09:29:02 nsdc-ntest.nalma.loc samba-tool[22]: DNS Domain: nalma.loc Nov 07 09:29:02 nsdc-ntest.nalma.loc samba-tool[22]: DOMAIN SID: S-1-5-21-805887485-4195957193-4256198718 Nov 07 09:29:02 nsdc-ntest.nalma.loc cp[33]: '/var/lib/samba/private/krb5.conf' -> '/etc/krb5.conf' Nov 07 09:29:02 nsdc-ntest.nalma.loc systemd[1]: Started Domain controller provisioning. Nov 07 09:29:02 nsdc-ntest.nalma.loc systemd[1]: Started Samba domain controller daemon. Nov 07 09:29:02 nsdc-ntest.nalma.loc systemd[1]: Starting Samba domain controller daemon... Nov 07 09:29:02 nsdc-ntest.nalma.loc systemd[1]: Reached target Multi-User System. Nov 07 09:29:02 nsdc-ntest.nalma.loc systemd[1]: Starting Multi-User System. Nov 07 09:29:02 nsdc-ntest.nalma.loc systemd[1]: Reached target Graphical Interface. Nov 07 09:29:02 nsdc-ntest.nalma.loc systemd[1]: Starting Graphical Interface. Nov 07 09:29:02 nsdc-ntest.nalma.loc systemd[1]: Starting Update UTMP about System Runlevel Changes... Nov 07 09:29:02 nsdc-ntest.nalma.loc systemd[1]: Started Stop Read-Ahead Data Collection 10s After Completed Startup. Nov 07 09:29:02 nsdc-ntest.nalma.loc systemd[1]: Started Update UTMP about System Runlevel Changes. Nov 07 09:29:02 nsdc-ntest.nalma.loc systemd[1]: Startup finished in 8.434s. Nov 07 09:29:02 nsdc-ntest.nalma.loc samba[35]: samba version 4.4.5 started. Nov 07 09:29:02 nsdc-ntest.nalma.loc samba[35]: Copyright Andrew Tridgell and the Samba Team 1992-2016 Nov 07 09:29:02 nsdc-ntest.nalma.loc samba[35]: samba: using 'standard' process model Nov 07 09:29:02 nsdc-ntest.nalma.loc samba[35]: Attempting to autogenerate TLS self-signed keys for https for hostname 'NSDC-NTEST.nalma.loc' Nov 07 09:29:02 nsdc-ntest.nalma.loc winbindd[50]: [2016/11/07 09:29:02.641690, 0] ../source3/winbindd/winbindd_cache.c:3245(initialize_winbindd_cache) Nov 07 09:29:02 nsdc-ntest.nalma.loc winbindd[50]: initialize_winbindd_cache: clearing cache and re-creating with version number 2 Nov 07 09:29:02 nsdc-ntest.nalma.loc winbindd[50]: [2016/11/07 09:29:02.983376, 0] ../lib/util/become_daemon.c:124(daemon_ready) Nov 07 09:29:02 nsdc-ntest.nalma.loc winbindd[50]: STATUS=daemon 'winbindd' finished starting up and ready to serve connections Nov 07 09:29:03 nsdc-ntest.nalma.loc smbd[39]: [2016/11/07 09:29:03.225254, 0] ../lib/util/become_daemon.c:124(daemon_ready) Nov 07 09:29:03 nsdc-ntest.nalma.loc smbd[39]: STATUS=daemon 'smbd' finished starting up and ready to serve connections Nov 07 09:29:04 nsdc-ntest.nalma.loc samba[35]: TLS self-signed keys generated OK Nov 07 09:39:14 nsdc-ntest.nalma.loc systemd[1]: Starting Cleanup of Temporary Directories... Nov 07 09:39:14 nsdc-ntest.nalma.loc systemd[1]: Started Cleanup of Temporary Directories. Nov 07 09:49:56 nsdc-ntest.nalma.loc systemd[1]: Started /usr/bin/samba-tool domain passwordsettings set --min-pwd-age=0 --max-pwd-age=0 --complexity=on --history-length=default. Nov 07 09:49:56 nsdc-ntest.nalma.loc systemd[1]: Starting /usr/bin/samba-tool domain passwordsettings set --min-pwd-age=0 --max-pwd-age=0 --complexity=on --history-length=default...

1 Like

The domain provisioning seems normal. But from the previous log trace I see a missing response from DNS. Could it be a networking/routing problem? What is the LAN network?

Can you share here the output of

db networks show

br0=bridge gateway=10.0.0.254 ipaddr=10.0.0.17 netmask=255.255.255.0 role=green enp0s17=ethernet bridge=br0 role=bridged ppp0=xdsl-disabled AuthType=auto Password= name=PPPoE provider=xDSL provider role=red user=

Before starting the DC it was enp0s17 that was configured as static 10.0.0.17. Thanks.

I would test a couple of things.

Is the container reachable from the machine host?
Try with ping:

ping 10.0.0.13 -c3

Does the container reply to DNS request?

host -t SRV _ldap._tcp.`config get DomainName`

You should have a reply like this:

_ldap._tcp.neth.eu has SRV record 0 100 389 nsdc-<fqdn>.
1 Like

Only 2 responses backs to the host. Started from the shell of Nethserver VM itself, without the -c3 argument, I got responses for 1, 2, 7, 8, then nothing.

Timeout.

Firewall smell… Is there some specific settings I have to look for?
Thanks

Maybe you’ve network issue?
Are you sure the IP you gave to the Samba container isn’t used by any other machine?

No, it should work out of the box.
If unsure, you could cleanup all rules with this command:
shorewall clear

Longshot: is the IP address assigned to the Samba container inside the DHCP scope? If so, this can cause a device being assigned the same IP address…

As a sidenote: is there any option to change the IP address of the Samba4 container?

1 Like

3 posts were split to a new topic: How to change the IP address of the Samba4 container?

Good morning everybody. It seems I have finally solved it, although I cannot really believe how.

Yesterday evening I took a deep breath, notified -and prepared to be insulted by- the few colleagues still at work, went to the network rack and started to “binary search” for the Ethernet cable that, once detached, allowed to continuously ping the IP address of the Samba 4 container.

Turns out that it was an old server, turned off from ages, that had the same IP address that I have reused for the Samba 4 container. Although the machine was turned off, the power cord and the Ethernet cable were still connected. I guess that the NIC was still powered, and the switch still cached the relationship between the IP address and that MAC address, although I was not able to find it in the ARP cache of its admin page (not that I have a very deep knowledge of that). This looks very strange to me especially because it is not the first time that I “recycle” that IP address: perhaps it is due to the promiscuous mode? If you have some insight or different interpretation, please let me know, as I’m very curious about that!

However, simply detaching the Ethernet cable of that old server solved the problem :blush: , and with a fresh install I have been able to provision my DC :smile:

Thanks to everybody that helped for their time and valuable advices. This seems like a very nice community. Now I look forward to test the other “small business” server functionality :wink:

8 Likes

Thanks for sharing your experience! Real-world failure cases are important for everyone!

1 Like

Wow, how a simple ‘unsolved admin task’ can make your day misserable. It also shows that having an ip plan AND keping it up-to-date and tidy is an absulute must in the life of a sys admin.
Thnx for sharing this.

1 Like