Kein Domain join nach Neuinstallation des UCS

torcolato · January 29, 2018, 2:28pm

Hallo!

Ich musste aus diversen Gründen unseren UCS neuinstallieren.
Er wurde, wie der Vorgänger, als AD DC konfiguriert, mit dem selben Domainamen wie die alte Maschine.

DNS ist korrekt aber dennoch kann ich mit der einen Windowsmaschine (welche unter dem alten DC der Domain bereits beigetreten war) nicht der Domain beitreten:
Windows meldet
“Es konnte keine Verbindung mit einem AD DC für die Domöne hergestellt werden”
Und unter Details
Abfrage des SRV Eintrages nach dem LDAP Server erfolgreich.
Es konnte jedoch keine Verbindung mit Domäncontrollern hergestellt werden.

Bei einem tcpdump sehe ich dass versucht wird auf UDP Port 389 zuzugreifen, dies jedoch mit einem ICP Port unreachable beantwortet wird.
Desweiteren mehrer UDP Pakete an Port 137 auf die aber keine Antwort kommt
IP 192.168.202.11.netbios-ns > PDC.netbios-ns: NBT UDP PACKET(137): REFRESH(8); REQUEST; UNICAST

Für jeden Tip dankbar!
Christian

knebb · February 22, 2018, 8:06am

Hi,

meanwhile outdated, I assume?

Anyways: Do you have installed the samba4 package? It is not installed by default!
And is samba started an up-and-running?

/KNEBB

torcolato · February 22, 2018, 8:22am

Hi,

yes samba4 was installed and running.
But there seems to be a bug in the configuration:
Samba is not listening on all interfaces in the default (at least in our fresh installed instance) configuration.
Christian

Moritz_Bunkus · February 22, 2018, 8:27am

Hey,

That is correct. The default is to listen on lo and the interface the server considers its primary interface (e.g. eth0 for a regular network interface or br0 if it’s bridged). You can change that by setting the UCR variable samba/interfaces and restarting the samba service.

Kind regards,
mosu

torcolato · February 22, 2018, 8:46am

I am not 100% certain but if i remember correctly bridged networking is set up automagically when configuring UCS as VM supervisor/host?
If that is the case the br0 is nonetheless not considered as the servers primary interface.
Christian

Moritz_Bunkus · February 22, 2018, 8:51am

Hey,

hmm, sounds like a bug. What actually happens is: the content of the UCR variable interfaces/primary is used. This defaults to eth0 if it isn’t set. And that seems to be the bug to me; in a setup where eth0 is part of a bridge, the bridge interface should be used instead.

And it looks like this issue is known already.

Kind regards,
mosu

torcolato · February 22, 2018, 9:05am

yes, this is exactly the same problem.
But noone seems to care

knebb · February 26, 2018, 9:55am

Hi,

may I recall the issue?

By default (and if interfaces/primary is not set) Samba listens to eth0 only.

When UVMM virtualization comes into play it converts the eth0 interface to a br0 bridge.

Result is, Samba does not listen to any interface, as the default eth0 does not work.

I assume the bug is UVMM should set interfaces/primary to br0? I bet some say we should not set a primary interface if it has not been set before… so this could be seen from different point of views.

As a solution you should set interfaces/primary to “lo br0” or just to “br0”, restart Samba and everything works fine, right?

Well, solved so far I would say. Probably a documentation issue?

/KNEBB

Moritz_Bunkus · February 26, 2018, 10:22am

Hey,

do not remove lo from the list of interfaces as that’ll lead to Kerberos problems as /etc/krb5.conf usually contains 127.0.0.1 as the KDC’s address.

Kind regards
mosu