Quantcast

samba 4.6.0 dc provisioning fails with exception

classic Classic list List threaded Threaded
5 messages Options
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

samba 4.6.0 dc provisioning fails with exception

Samba - General mailing list
Hello,

I have a problem with samba provisioning as DC. CentOS 7, built from
tarball using samba howto.

Below is the output. I would have filled bug report, but the "New
Account" in bugzilla is not working also :(

[root@dc samba-4.6.0]# samba-tool domain provision --use-rfc2307 --realm
navidom.office.navi.pl --domain NAVIDOM --server-role dc --adminpass
DuDu778$$# --dns-backend SAMBA_INTERNAL
Looking up IPv4 addresses
Looking up IPv6 addresses
No IPv6 address will be assigned
Setting up share.ldb
Setting up secrets.ldb
Setting up the registry
Setting up the privileges database
Setting up idmap db
Setting up SAM db
Setting up sam.ldb partitions and settings
Setting up sam.ldb rootDSE
Pre-loading the Samba 4 and AD schema
Adding DomainDN: DC=navidom,DC=office,DC=navi,DC=pl
Adding configuration container
Setting up sam.ldb schema
Setting up sam.ldb configuration data
Setting up display specifiers
Modifying display specifiers
Adding users container
Modifying users container
Adding computers container
Modifying computers container
Setting up sam.ldb data
Setting up well known security principals
Setting up sam.ldb users and groups
ERROR(ldb): uncaught exception - operations error at
../source4/dsdb/samdb/ldb_modules/password_hash.c:2820
   File
"/usr/local/samba/lib64/python2.7/site-packages/samba/netcmd/__init__.py",
line 176, in _run
     return self.run(*args, **kwargs)
   File
"/usr/local/samba/lib64/python2.7/site-packages/samba/netcmd/domain.py",
line 471, in run
     nosync=ldap_backend_nosync, ldap_dryrun_mode=ldap_dryrun_mode)
   File
"/usr/local/samba/lib64/python2.7/site-packages/samba/provision/__init__.py",
line 2175, in provision
     skip_sysvolacl=skip_sysvolacl)
   File
"/usr/local/samba/lib64/python2.7/site-packages/samba/provision/__init__.py",
line 1787, in provision_fill
     next_rid=next_rid, dc_rid=dc_rid)
   File
"/usr/local/samba/lib64/python2.7/site-packages/samba/provision/__init__.py",
line 1447, in fill_samdb
     "KRBTGTPASS_B64": b64encode(krbtgtpass.encode('utf-16-le'))
   File
"/usr/local/samba/lib64/python2.7/site-packages/samba/provision/common.py",
line 55, in setup_add_ldif
     ldb.add_ldif(data, controls)
   File
"/usr/local/samba/lib64/python2.7/site-packages/samba/__init__.py", line
225, in add_ldif
     self.add(msg, controls)

Best regards,

Olaf Frączyk


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: samba 4.6.0 dc provisioning fails with exception

Samba - General mailing list
On Sat, 11 Mar 2017 16:20:14 +0100
Olaf Frączyk via samba <[hidden email]> wrote:

> Hello,
>
> I have a problem with samba provisioning as DC. CentOS 7, built from
> tarball using samba howto.
>
> Below is the output. I would have filled bug report, but the "New
> Account" in bugzilla is not working also :(
>
> [root@dc samba-4.6.0]# samba-tool domain provision --use-rfc2307
> --realm navidom.office.navi.pl --domain NAVIDOM --server-role dc
> --adminpass DuDu778$$# --dns-backend SAMBA_INTERNAL

Try again, but with a different password, one without '$$' in it, this
has a special meaning on Linux, so this could be your problem.

Rowland
 

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: samba 4.6.0 dc provisioning fails with exception

Samba - General mailing list
In reply to this post by Samba - General mailing list
Hello,

I found the cause. It was the default kerberos config on CentOS:
/etc/krb5.conf

Please add to the wiki page:

https://wiki.samba.org/index.php/Setting_up_Samba_as_an_Active_Directory_Domain_Controller

that before provisioning we should remove this file.

It wasn't confusing only for me, as the resolution I found was in bugzilla:

https://bugzilla.samba.org/show_bug.cgi?id=11573

Maybe you could add some error description for this exception during
provisioning, so the installing person is not totally in the dark?

Best regards,

Olaf


On 3/11/2017 4:20 PM, Olaf Frączyk wrote:

> Hello,
>
> I have a problem with samba provisioning as DC. CentOS 7, built from
> tarball using samba howto.
>
> Below is the output. I would have filled bug report, but the "New
> Account" in bugzilla is not working also :(
>
> [root@dc samba-4.6.0]# samba-tool domain provision --use-rfc2307
> --realm navidom.office.navi.pl --domain NAVIDOM --server-role dc
> --adminpass DuDu778$$# --dns-backend SAMBA_INTERNAL
> Looking up IPv4 addresses
> Looking up IPv6 addresses
> No IPv6 address will be assigned
> Setting up share.ldb
> Setting up secrets.ldb
> Setting up the registry
> Setting up the privileges database
> Setting up idmap db
> Setting up SAM db
> Setting up sam.ldb partitions and settings
> Setting up sam.ldb rootDSE
> Pre-loading the Samba 4 and AD schema
> Adding DomainDN: DC=navidom,DC=office,DC=navi,DC=pl
> Adding configuration container
> Setting up sam.ldb schema
> Setting up sam.ldb configuration data
> Setting up display specifiers
> Modifying display specifiers
> Adding users container
> Modifying users container
> Adding computers container
> Modifying computers container
> Setting up sam.ldb data
> Setting up well known security principals
> Setting up sam.ldb users and groups
> ERROR(ldb): uncaught exception - operations error at
> ../source4/dsdb/samdb/ldb_modules/password_hash.c:2820
>   File
> "/usr/local/samba/lib64/python2.7/site-packages/samba/netcmd/__init__.py",
> line 176, in _run
>     return self.run(*args, **kwargs)
>   File
> "/usr/local/samba/lib64/python2.7/site-packages/samba/netcmd/domain.py",
> line 471, in run
>     nosync=ldap_backend_nosync, ldap_dryrun_mode=ldap_dryrun_mode)
>   File
> "/usr/local/samba/lib64/python2.7/site-packages/samba/provision/__init__.py",
> line 2175, in provision
>     skip_sysvolacl=skip_sysvolacl)
>   File
> "/usr/local/samba/lib64/python2.7/site-packages/samba/provision/__init__.py",
> line 1787, in provision_fill
>     next_rid=next_rid, dc_rid=dc_rid)
>   File
> "/usr/local/samba/lib64/python2.7/site-packages/samba/provision/__init__.py",
> line 1447, in fill_samdb
>     "KRBTGTPASS_B64": b64encode(krbtgtpass.encode('utf-16-le'))
>   File
> "/usr/local/samba/lib64/python2.7/site-packages/samba/provision/common.py",
> line 55, in setup_add_ldif
>     ldb.add_ldif(data, controls)
>   File
> "/usr/local/samba/lib64/python2.7/site-packages/samba/__init__.py",
> line 225, in add_ldif
>     self.add(msg, controls)
>
> Best regards,
>
> Olaf Frączyk
>


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: samba 4.6.0 dc provisioning fails with exception

Samba - General mailing list
On Sat, 11 Mar 2017 17:04:55 +0100
Olaf Frączyk via samba <[hidden email]> wrote:

> Hello,
>
> I found the cause. It was the default kerberos config on CentOS:
> /etc/krb5.conf

Glad you found the problem ;-)

>
> Please add to the wiki page:
>
> https://wiki.samba.org/index.php/Setting_up_Samba_as_an_Active_Directory_Domain_Controller
>
> that before provisioning we should remove this file.

To be honest, the wiki page does tell you to remove /etc/krb5.conf,
just not in the correct place.

I think the problem has been brought to the fore since they started to
add a couple of lines to the top of the file on red-hat distros.

Rowland

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: samba 4.6.0 dc provisioning fails with exception

Samba - General mailing list
In reply to this post by Samba - General mailing list
On Sat, 2017-03-11 at 17:04 +0100, Olaf Frączyk via samba wrote:
> Hello,
>
> I found the cause. It was the default kerberos config on CentOS: 
> /etc/krb5.conf

Thankfully upstream Heimdal just merged a patch for includedir.  I'll
see if we can backport it.

> Please add to the wiki page:
>
> https://wiki.samba.org/index.php/Setting_up_Samba_as_an_Active_Direct
> ory_Domain_Controller
>
> that before provisioning we should remove this file.
>
> It wasn't confusing only for me, as the resolution I found was in
> bugzilla:
>
> https://bugzilla.samba.org/show_bug.cgi?id=11573
>
> Maybe you could add some error description for this exception during 
> provisioning, so the installing person is not totally in the dark?

I've updated the bug.

Thanks,

Andrew Bartlett

--
Andrew Bartlett                       http://samba.org/~abartlet/
Authentication Developer, Samba Team  http://samba.org
Samba Developer, Catalyst IT          http://catalyst.net.nz/services/samba


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba
Loading...