• [Samba] samba 4.6.0 dc provisioning fails with exception

    From Rowland Penny via samba@21:1/5 to samba@lists.samba.org on Sat Mar 11 17:00:01 2017
    On Sat, 11 Mar 2017 16:20:14 +0100
    Olaf Frączyk via samba <samba@lists.samba.org> wrote:

    Hello,

    I have a problem with samba provisioning as DC. CentOS 7, built from
    tarball using samba howto.

    Below is the output. I would have filled bug report, but the "New
    Account" in bugzilla is not working also :(

    [root@dc samba-4.6.0]# samba-tool domain provision --use-rfc2307
    --realm navidom.office.navi.pl --domain NAVIDOM --server-role dc
    --adminpass DuDu778$$# --dns-backend SAMBA_INTERNAL

    Try again, but with a different password, one without '$$' in it, this
    has a special meaning on Linux, so this could be your problem.

    Rowland


    --
    To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From =?UTF-8?Q?Olaf_Fr=c4=85czyk?= via s@21:1/5 to All on Sat Mar 11 16:50:01 2017
    Hello,

    I have a problem with samba provisioning as DC. CentOS 7, built from
    tarball using samba howto.

    Below is the output. I would have filled bug report, but the "New
    Account" in bugzilla is not working also :(

    [root@dc samba-4.6.0]# samba-tool domain provision --use-rfc2307 --realm navidom.office.navi.pl --domain NAVIDOM --server-role dc --adminpass
    DuDu778$$# --dns-backend SAMBA_INTERNAL
    Looking up IPv4 addresses
    Looking up IPv6 addresses
    No IPv6 address will be assigned
    Setting up share.ldb
    Setting up secrets.ldb
    Setting up the registry
    Setting up the privileges database
    Setting up idmap db
    Setting up SAM db
    Setting up sam.ldb partitions and settings
    Setting up sam.ldb rootDSE
    Pre-loading the Samba 4 and AD schema
    Adding DomainDN: DC=navidom,DC=office,DC=navi,DC=pl
    Adding configuration container
    Setting up sam.ldb schema
    Setting up sam.ldb configuration data
    Setting up display specifiers
    Modifying display specifiers
    Adding users container
    Modifying users container
    Adding computers container
    Modifying computers container
    Setting up sam.ldb data
    Setting up well known security principals
    Setting up sam.ldb users and groups
    ERROR(ldb): uncaught exception - operations error at ../source4/dsdb/samdb/ldb_modules/password_hash.c:2820
    File "/usr/local/samba/lib64/python2.7/site-packages/samba/netcmd/__init__.py",
    line 176, in _run
    return self.run(*args, **kwargs)
    File "/usr/local/samba/lib64/python2.7/site-packages/samba/netcmd/domain.py",
    line 471, in run
    nosync=ldap_backend_nosync, ldap_dryrun_mode=ldap_dryrun_mode)
    File "/usr/local/samba/lib64/python2.7/site-packages/samba/provision/__init__.py", line 2175, in provision
    skip_sysvolacl=skip_sysvolacl)
    File "/usr/local/samba/lib64/python2.7/site-packages/samba/provision/__init__.py", line 1787, in provision_fill
    next_rid=next_rid, dc_rid=dc_rid)
    File "/usr/local/samba/lib64/python2.7/site-packages/samba/provision/__init__.py", line 1447, in fill_samdb
    "KRBTGTPASS_B64": b64encode(krbtgtpass.encode('utf-16-le'))
    File "/usr/local/samba/lib64/python2.7/site-packages/samba/provision/common.py", line 55, in setup_add_ldif
    ldb.add_ldif(data, controls)
    File
    "/usr/local/samba/lib64/python2.7/site-packages/samba/__init__.py", line
    225, in add_ldif
    self.add(msg, controls)

    Best regards,

    Olaf Frączyk


    --
    To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Rowland Penny via samba@21:1/5 to samba@lists.samba.org on Sat Mar 11 17:30:01 2017
    On Sat, 11 Mar 2017 17:04:55 +0100
    Olaf Frączyk via samba <samba@lists.samba.org> wrote:

    Hello,

    I found the cause. It was the default kerberos config on CentOS: /etc/krb5.conf

    Glad you found the problem ;-)


    Please add to the wiki page:

    https://wiki.samba.org/index.php/Setting_up_Samba_as_an_Active_Directory_Domain_Controller

    that before provisioning we should remove this file.

    To be honest, the wiki page does tell you to remove /etc/krb5.conf,
    just not in the correct place.

    I think the problem has been brought to the fore since they started to
    add a couple of lines to the top of the file on red-hat distros.

    Rowland

    --
    To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From =?UTF-8?Q?Olaf_Fr=c4=85czyk?= via s@21:1/5 to All on Sat Mar 11 17:10:01 2017
    Hello,

    I found the cause. It was the default kerberos config on CentOS:
    /etc/krb5.conf

    Please add to the wiki page:

    https://wiki.samba.org/index.php/Setting_up_Samba_as_an_Active_Directory_Domain_Controller

    that before provisioning we should remove this file.

    It wasn't confusing only for me, as the resolution I found was in bugzilla:

    https://bugzilla.samba.org/show_bug.cgi?id=11573

    Maybe you could add some error description for this exception during provisioning, so the installing person is not totally in the dark?

    Best regards,

    Olaf


    On 3/11/2017 4:20 PM, Olaf Frączyk wrote:
    Hello,

    I have a problem with samba provisioning as DC. CentOS 7, built from
    tarball using samba howto.

    Below is the output. I would have filled bug report, but the "New
    Account" in bugzilla is not working also :(

    [root@dc samba-4.6.0]# samba-tool domain provision --use-rfc2307
    --realm navidom.office.navi.pl --domain NAVIDOM --server-role dc
    --adminpass DuDu778$$# --dns-backend SAMBA_INTERNAL
    Looking up IPv4 addresses
    Looking up IPv6 addresses
    No IPv6 address will be assigned
    Setting up share.ldb
    Setting up secrets.ldb
    Setting up the registry
    Setting up the privileges database
    Setting up idmap db
    Setting up SAM db
    Setting up sam.ldb partitions and settings
    Setting up sam.ldb rootDSE
    Pre-loading the Samba 4 and AD schema
    Adding DomainDN: DC=navidom,DC=office,DC=navi,DC=pl
    Adding configuration container
    Setting up sam.ldb schema
    Setting up sam.ldb configuration data
    Setting up display specifiers
    Modifying display specifiers
    Adding users container
    Modifying users container
    Adding computers container
    Modifying computers container
    Setting up sam.ldb data
    Setting up well known security principals
    Setting up sam.ldb users and groups
    ERROR(ldb): uncaught exception - operations error at ../source4/dsdb/samdb/ldb_modules/password_hash.c:2820
    File "/usr/local/samba/lib64/python2.7/site-packages/samba/netcmd/__init__.py", line 176, in _run
    return self.run(*args, **kwargs)
    File "/usr/local/samba/lib64/python2.7/site-packages/samba/netcmd/domain.py",
    line 471, in run
    nosync=ldap_backend_nosync, ldap_dryrun_mode=ldap_dryrun_mode)
    File "/usr/local/samba/lib64/python2.7/site-packages/samba/provision/__init__.py", line 2175, in provision
    skip_sysvolacl=skip_sysvolacl)
    File "/usr/local/samba/lib64/python2.7/site-packages/samba/provision/__init__.py", line 1787, in provision_fill
    next_rid=next_rid, dc_rid=dc_rid)
    File "/usr/local/samba/lib64/python2.7/site-packages/samba/provision/__init__.py", line 1447, in fill_samdb
    "KRBTGTPASS_B64": b64encode(krbtgtpass.encode('utf-16-le'))
    File "/usr/local/samba/lib64/python2.7/site-packages/samba/provision/common.py", line 55, in setup_add_ldif
    ldb.add_ldif(data, controls)
    File
    "/usr/local/samba/lib64/python2.7/site-packages/samba/__init__.py",
    line 225, in add_ldif
    self.add(msg, controls)

    Best regards,

    Olaf Frączyk



    --
    To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Andrew Bartlett via samba@21:1/5 to All on Sat Mar 11 20:00:02 2017
    On Sat, 2017-03-11 at 17:04 +0100, Olaf Frączyk via samba wrote:
    Hello,

    I found the cause. It was the default kerberos config on CentOS:  /etc/krb5.conf

    Thankfully upstream Heimdal just merged a patch for includedir. I'll
    see if we can backport it.

    Please add to the wiki page:

    https://wiki.samba.org/index.php/Setting_up_Samba_as_an_Active_Direct ory_Domain_Controller

    that before provisioning we should remove this file.

    It wasn't confusing only for me, as the resolution I found was in
    bugzilla:

    https://bugzilla.samba.org/show_bug.cgi?id=11573

    Maybe you could add some error description for this exception during  provisioning, so the installing person is not totally in the dark?

    I've updated the bug.

    Thanks,

    Andrew Bartlett

    --
    Andrew Bartlett http://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org
    Samba Developer, Catalyst IT http://catalyst.net.nz/services/samba


    --
    To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)