誤用メモ: ERROR(大なることclass 'samba.provision. ProvisioningError'小なること):

一難越えてまた越える、かな。Windowsドメインプロビジョニングな最初のエラー。

ERROR(<class 'samba.provision.ProvisioningError'>):

Provision failed - ProvisioningError: guess_names: 'realm=TESTD.LOCAL' in /usr/local/samba/etc/smb.conf must match chosen realm 'TESTAD.LOCAL'!
Please remove the smb.conf file and let provision generate it File "/usr/local/samba/lib64/python2.7/site-packages/samba/netcmd/domain.py", line 434, in run nosync=ldap_backend_nosync, ldap_dryrun_mode=ldap_dryrun_mode)

File "/usr/local/samba/lib64/python2.7/site-packages/samba/provision/__init__.py", line 2022, in provision sitename=sitename, rootdn=rootdn, domain_names_forced=(samdb_fill
== FILL_DRS))

File "/usr/local/samba/lib64/python2.7/site-packages/samba/provision/__init__.py", line 606, in guess_names raise ProvisioningError("guess_names: 'realm=%s' in %s must match
chosen realm '%s'! Please remove the smb.conf file and let provision generate it" % (lp.get("realm").upper(), lp.configfile, realm)





[root@dctest01 ~]# more /usr/local/samba/etc/smb.conf# Global parameters
[global]
        workgroup = TESTD
        realm = TESTD.LOCAL
        netbios name = DCTEST01
        server role = active directory domain controller
        dns forwarder = (外部DNSグローバル)
        idmap_ldb:use rfc2307 = yes

[netlogon]
        path = /usr/local/samba/var/locks/sysvol/testd.local/scripts
        read only = No

[sysvol]
        path = /usr/local/samba/var/locks/sysvol
        read only = No
[root@dctest01 ~]# vi /usr/local/samba/etc/smb.conf
[root@dctest01 ~]#
[root@dctest01 ~]#
[root@dctest01 ~]#
[root@dctest01 ~]# /usr/local/samba/bin/samba-tool domain provision --use-rfc2307 --interactive --function-level=2008_R2
Realm: TESTAD.LOCAL
Domain [TESTAD]:
Server Role (dc, member, standalone) [dc]:
DNS backend (SAMBA_INTERNAL, BIND9_FLATFILE, BIND9_DLZ, NONE) [SAMBA_INTERNAL]:
DNS forwarder IP address (write 'none' to disable forwarding) [(外部DNSグローバル)]:
Administrator password:
Retype password:
ERROR(<class 'samba.provision.ProvisioningError'>): Provision failed - ProvisioningError: guess_names: Workgroup 'TESTD' in smb.conf must match chosen domain 'TESTAD'! Please remove the /usr/local/samba/etc/smb.conf file and let provision generate it
File "/usr/local/samba/lib64/python2.7/site-packages/samba/netcmd/domain.py", line 434, in run
    nosync=ldap_backend_nosync, ldap_dryrun_mode=ldap_dryrun_mode)
File "/usr/local/samba/lib64/python2.7/site-packages/samba/provision/__init__.py", line 2022, in provision
    sitename=sitename, rootdn=rootdn, domain_names_forced=(samdb_fill == FILL_DRS))
File "/usr/local/samba/lib64/python2.7/site-packages/samba/provision/__init__.py", line 618, in guess_names
    raise ProvisioningError("guess_names: Workgroup '%s' in smb.conf must match chosen domain '%s'! Please remove the %s file and let provision generate it" % (lp.get("workgroup").upper(), domain, lp.configfile))

[root@dctest01 ~]# rm /usr/local/samba/etc/smb.confrm: remove regular file ‘/usr/local/samba/etc/smb.conf’?
[root@dctest01 ~]#
[root@dctest01 ~]#
[root@dctest01 ~]# /usr/local/samba/bin/samba-tool domain provision --use-rfc2307 --interactive --function-level=2008_R2
Realm: TESTAD.LOCAL
Domain [TESTAD]:
Server Role (dc, member, standalone) [dc]:
DNS backend (SAMBA_INTERNAL, BIND9_FLATFILE, BIND9_DLZ, NONE) [SAMBA_INTERNAL]:
DNS forwarder IP address (write 'none' to disable forwarding) [(外部DNSグローバル)]:
Administrator password:
Retype password:
ERROR(<class 'samba.provision.ProvisioningError'>): Provision failed - ProvisioningError: guess_names: Workgroup 'TESTD' in smb.conf must match chosen domain 'TESTAD'! Please remove the /usr/local/samba/etc/smb.conf file and let provision generate it
File "/usr/local/samba/lib64/python2.7/site-packages/samba/netcmd/domain.py", line 434, in run
    nosync=ldap_backend_nosync, ldap_dryrun_mode=ldap_dryrun_mode)
File "/usr/local/samba/lib64/python2.7/site-packages/samba/provision/__init__.py", line 2022, in provision
    sitename=sitename, rootdn=rootdn, domain_names_forced=(samdb_fill == FILL_DRS))
File "/usr/local/samba/lib64/python2.7/site-packages/samba/provision/__init__.py", line 618, in guess_names
    raise ProvisioningError("guess_names: Workgroup '%s' in smb.conf must match chosen domain '%s'! Please remove the %s file and let provision generate it" % (lp.get("workgroup").upper(), domain, lp.configfile))

[root@dctest01 ~]# more /usr/local/samba/lib64/python2.7/site-packages/samba/provision/__init__.py
# Unix SMB/CIFS implementation.
# backend code for provisioning a Samba4 server

# Copyright (C) Jelmer Vernooij <jelmer@samba.org> 2007-2012
# Copyright (C) Andrew Bartlett <abartlet@samba.org> 2008-2009
# Copyright (C) Oliver Liebel <oliver@itc.li> 2008-2009
#
# Based on the original in EJS:
# Copyright (C) Andrew Tridgell <tridge@samba.org> 2005
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
#

"""Functions for setting up a Samba configuration."""

__docformat__ = "restructuredText"

from base64 import b64encode
import os
import re
import pwd
import grp
import logging
import time
import uuid
import socket
import urllib
import string
import tempfile

import ldb

from samba.auth import system_session, admin_session
import samba
from samba.samba3 import smbd, passdb
from samba.samba3 import param as s3param
from samba.dsdb import DS_DOMAIN_FUNCTION_2000
from samba import (
    Ldb,
    MAX_NETBIOS_NAME_LEN,
    check_all_substituted,
    is_valid_netbios_char,
    setup_file,
    substitute_var,
    valid_netbios_name,
    version,
    )
from samba.dcerpc import security, misc
from samba.dcerpc.misc import (
    SEC_CHAN_BDC,
    SEC_CHAN_WKSTA,
    )
from samba.dsdb import (
    DS_DOMAIN_FUNCTION_2003,
    DS_DOMAIN_FUNCTION_2008_R2,
    ENC_ALL_TYPES,
    )
from samba.idmap import IDmapDB
from samba.ms_display_specifiers import read_ms_ldif
from samba.ntacls import setntacl, getntacl, dsacl2fsacl
from samba.ndr import ndr_pack, ndr_unpack
from samba.provision.backend import (
    ExistingBackend,
    FDSBackend,
    LDBBackend,
    OpenLDAPBackend,
    )
from samba.descriptor import (
    get_empty_descriptor,
    get_config_descriptor,
    get_config_partitions_descriptor,
    get_config_sites_descriptor,
    get_config_ntds_quotas_descriptor,
    get_config_delete_protected1_descriptor,
    get_config_delete_protected1wd_descriptor,
    get_config_delete_protected2_descriptor,
    get_domain_descriptor,
    get_domain_infrastructure_descriptor,
    get_domain_builtin_descriptor,
    get_domain_computers_descriptor,
    get_domain_users_descriptor,
    get_domain_controllers_descriptor,
    get_domain_delete_protected1_descriptor,
    get_domain_delete_protected2_descriptor,
    get_dns_partition_descriptor,
    get_dns_forest_microsoft_dns_descriptor,
    get_dns_domain_microsoft_dns_descriptor,
    )
from samba.provision.common import (
    setup_path,
    setup_add_ldif,
    setup_modify_ldif,
    FILL_FULL,
    FILL_SUBDOMAIN,
    FILL_NT4SYNC,
    FILL_DRS
)
from samba.provision.sambadns import (
    get_dnsadmins_sid,
    setup_ad_dns,
    create_dns_update_list
    )

import samba.param
import samba.registry
from samba.schema import Schema
from samba.samdb import SamDB
from samba.dbchecker import dbcheck

DEFAULT_POLICY_GUID = "31B2F340-016D-11D2-945F-00C04FB984F9"
DEFAULT_DC_POLICY_GUID = "6AC1786C-016F-11D2-945F-00C04fB984F9"
DEFAULTSITE = "Default-First-Site-Name"
LAST_PROVISION_USN_ATTRIBUTE = "lastProvisionUSN"

class ProvisionPaths(object):

    def __init__(self):
        self.shareconf = None
        self.hklm = None
        self.hkcu = None
        self.hkcr = None
        self.hku = None
        self.hkpd = None
        self.hkpt = None
        self.samdb = None
        self.idmapdb = None
        self.secrets = None
        self.keytab = None
        self.dns_keytab = None
        self.dns = None
        self.winsdb = None
        self.private_dir = None
        self.state_dir = None

class ProvisionNames(object):

    def __init__(self):
        self.ncs = None
        self.rootdn = None
        self.domaindn = None
        self.configdn = None
        self.schemadn = None
        self.dnsforestdn = None
        self.dnsdomaindn = None
        self.ldapmanagerdn = None
        self.dnsdomain = None
        self.realm = None
        self.netbiosname = None
        self.domain = None
        self.hostname = None
        self.sitename = None
        self.smbconf = None
        self.domainsid = None
        self.forestsid = None
        self.domainguid = None
        self.name_map = {}

def find_provision_key_parameters(samdb, secretsdb, idmapdb, paths, smbconf,
        lp):
    """Get key provision parameters (realm, domain, ...) from a given provision

    :param samdb: An LDB object connected to the sam.ldb file
    :param secretsdb: An LDB object connected to the secrets.ldb file
    :param idmapdb: An LDB object connected to the idmap.ldb file
    :param paths: A list of path to provision object
    :param smbconf: Path to the smb.conf file
    :param lp: A LoadParm object
    :return: A list of key provision parameters
    """
    names = ProvisionNames()
    names.adminpass = None

    # NT domain, kerberos realm, root dn, domain dn, domain dns name
    names.domain = string.upper(lp.get("workgroup"))
    names.realm = lp.get("realm")
    names.dnsdomain = names.realm.lower()
    basedn = samba.dn_from_dns_name(names.dnsdomain)
    names.realm = string.upper(names.realm)
    # netbiosname
    # Get the netbiosname first (could be obtained from smb.conf in theory)
    res = secretsdb.search(expression="(flatname=%s)" %
                            names.domain,base="CN=Primary Domains",
                            scope=ldb.SCOPE_SUBTREE, attrs=["sAMAccountName"])
    names.netbiosname = str(res[0]["sAMAccountName"]).replace("$","")

    names.smbconf = smbconf

    # That's a bit simplistic but it's ok as long as we have only 3
    # partitions
    current = samdb.search(expression="(objectClass=*)",
        base="", scope=ldb.SCOPE_BASE,
        attrs=["defaultNamingContext", "schemaNamingContext",
               "configurationNamingContext","rootDomainNamingContext",
               "namingContexts"])

    names.configdn = current[0]["configurationNamingContext"][0]
    names.schemadn = current[0]["schemaNamingContext"][0]
    if not (ldb.Dn(samdb, basedn) == (ldb.Dn(samdb,
                                       current[0]["defaultNamingContext"][0]))):
        raise ProvisioningError(("basedn in %s (%s) and from %s (%s)"
                                 "is not the same ..." % (paths.samdb,
                                    str(current[0]["defaultNamingContext"][0]),
                                    paths.smbconf, basedn)))

    names.domaindn=current[0]["defaultNamingContext"][0]
    names.rootdn=current[0]["rootDomainNamingContext"][0]
    names.ncs=current[0]["namingContexts"]
    names.dnsforestdn = None
    names.dnsdomaindn = None

    for i in range(0, len(names.ncs)):
        nc = names.ncs[i]

        dnsforestdn = "DC=ForestDnsZones,%s" % (str(names.rootdn))
        if nc == dnsforestdn:
            names.dnsforestdn = dnsforestdn
            continue

        dnsdomaindn = "DC=DomainDnsZones,%s" % (str(names.domaindn))
        if nc == dnsdomaindn:
            names.dnsdomaindn = dnsdomaindn
            continue

    # default site name
    res3 = samdb.search(expression="(objectClass=site)",
        base="CN=Sites," + names.configdn, scope=ldb.SCOPE_ONELEVEL, attrs=["cn"
])
    names.sitename = str(res3[0]["cn"])

    # dns hostname and server dn
    res4 = samdb.search(expression="(CN=%s)" % names.netbiosname,
                            base="OU=Domain Controllers,%s" % basedn,
                            scope=ldb.SCOPE_ONELEVEL, attrs=["dNSHostName"])
    names.hostname = str(res4[0]["dNSHostName"]).replace("." + names.dnsdomain,
"")

    server_res = samdb.search(expression="serverReference=%s" % res4[0].dn,
                                attrs=[], base=names.configdn)
    names.serverdn = str(server_res[0].dn)

    # invocation id/objectguid
    res5 = samdb.search(expression="(objectClass=*)",
            base="CN=NTDS Settings,%s" % str(names.serverdn),
            scope=ldb.SCOPE_BASE,
            attrs=["invocationID", "objectGUID"])
    names.invocation = str(ndr_unpack(misc.GUID, res5[0]["invocationId"][0]))
[root@dctest01 ~]#
[root@dctest01 ~]#
[root@dctest01 ~]# vi /usr/local/samba/lib64/python2.7/site-packages/samba/provision/__init__.py
[root@dctest01 ~]#
[root@dctest01 ~]#


[root@dctest01 ~]# /usr/local/samba/bin/samba-tool domain provision --use-rfc2307 --interactive --function-level=2008_R2
Realm: TEST.LOCAL
Domain [TEST]:
Server Role (dc, member, standalone) [dc]:
DNS backend (SAMBA_INTERNAL, BIND9_FLATFILE, BIND9_DLZ, NONE) [SAMBA_INTERNAL]:
DNS forwarder IP address (write 'none' to disable forwarding) [(外部DNSグローバル)]:
Administrator password:
Retype password:
ERROR(<class 'samba.provision.ProvisioningError'>): Provision failed - ProvisioningError: guess_names: 'realm=TESTAD.LOCAL' in /usr/local/samba/etc/smb.conf must match chosen realm 'TEST.LOCAL'! Please remove the smb.conf file and let provision generate it
File "/usr/local/samba/lib64/python2.7/site-packages/samba/netcmd/domain.py", line 434, in run
    nosync=ldap_backend_nosync, ldap_dryrun_mode=ldap_dryrun_mode)
File "/usr/local/samba/lib64/python2.7/site-packages/samba/provision/__init__.py", line 2022, in provision
    sitename=sitename, rootdn=rootdn, domain_names_forced=(samdb_fill == FILL_DRS))
File "/usr/local/samba/lib64/python2.7/site-packages/samba/provision/__init__.py", line 606, in guess_names
    raise ProvisioningError("guess_names: 'realm=%s' in %s must match chosen realm '%s'! Please remove the smb.conf file and let provision generate it" % (lp.get("realm").upper(), lp.configfile, realm))

[root@dctest01 ~]# rm /usr/local/samba/etc/smb.confrm: remove regular file ‘/usr/local/samba/etc/smb.conf’? ^C
[root@dctest01 ~]# vi /usr/local/samba/etc/smb.conf
[root@dctest01 ~]#
[root@dctest01 ~]#
[root@dctest01 ~]#
[root@dctest01 ~]# /usr/local/samba/bin/samba-tool domain provision --use-rfc2307 --interactive --function-level=2008_R2
Realm: TESTAD.LOCAL
Domain [TESTAD]:
Server Role (dc, member, standalone) [dc]:
DNS backend (SAMBA_INTERNAL, BIND9_FLATFILE, BIND9_DLZ, NONE) [SAMBA_INTERNAL]:
DNS forwarder IP address (write 'none' to disable forwarding) [(外部DNSグローバル)]:
Administrator password:
Retype password:
Looking up IPv4 addresses
Looking up IPv6 addresses
No IPv6 address will be assigned
Setting up secrets.ldb
Setting up the registry
Setting up the privileges database
Setting up idmap db
Setting up SAM db
Setting up sam.ldb partitions and settings
Setting up sam.ldb rootDSE
Pre-loading the Samba 4 and AD schema
Adding DomainDN: DC=testad,DC=local
Adding configuration container
Setting up sam.ldb schema
Setting up sam.ldb configuration data
Setting up display specifiers
Modifying display specifiers
Adding users container
Modifying users container
Adding computers container
Modifying computers container
Setting up sam.ldb data
Setting up well known security principals
Setting up sam.ldb users and groups
Setting up self join
Adding DNS accounts
Creating CN=MicrosoftDNS,CN=System,DC=testad,DC=local
Creating DomainDnsZones and ForestDnsZones partitions
Populating DomainDnsZones and ForestDnsZones partitions
Setting up sam.ldb rootDSE marking as synchronized
Fixing provision GUIDs
A Kerberos configuration suitable for Samba 4 has been generated at /usr/local/samba/private/krb5.conf
Setting up fake yp server settings
Once the above files are installed, your Samba4 server will be ready to use
Server Role:           active directory domain controller
Hostname:              dctest01
NetBIOS Domain:        TESTAD
DNS Domain:            testad.local
DOMAIN SID:            S-1-5-21-1668573399-2154983584-2311720169

[root@dctest01 ~]#
[root@dctest01 ~]#
[root@dctest01 ~]#
[root@dctest01 ~]#
[root@dctest01 ~]# ls /etc/rc.d/init.d/
functions netconsole network README
[root@dctest01 ~]# vi /etc/rc.d/init.d/samba4
[root@dctest01 ~]#
[root@dctest01 ~]#
[root@dctest01 ~]#
[root@dctest01 ~]#
[root@dctest01 ~]# chmod 755 /etc/rc.d/init.d/samba4
[root@dctest01 ~]# chmod +x /etc/rc.d/init.d/samba4
[root@dctest01 ~]# ln -s /etc/rc.d/init.d/samba4 /etc/rc3.d/S80samba4
[root@dctest01 ~]# chkconfig samba4 on && systemctl start samba4
[root@dctest01 ~]# echo "nameserver 127.0.0.1" > /etc/resolv.conf
[root@dctest01 ~]# sed -i "/^DNS1/cDNS=127.0.0.1" /etc/sysconfig/network-scripts/ifcfg-*
[root@dctest01 ~]# systemctl restart network
[root@dctest01 ~]#
[root@dctest01 ~]#
[root@dctest01 ~]#
[root@dctest01 ~]#
[root@dctest01 ~]#
[root@dctest01 ~]#
[root@dctest01 ~]# /usr/local/samba/bin/samba-tool dns zonelist 127.0.0.1 -U Administrator
Password for [TESTAD\Administrator]:
2 zone(s) found

pszZoneName                 : testad.local
Flags                       : DNS_RPC_ZONE_DSINTEGRATED DNS_RPC_ZONE_UPDATE_SECURE
ZoneType                    : DNS_ZONE_TYPE_PRIMARY
Version                     : 50
dwDpFlags                   : DNS_DP_AUTOCREATED DNS_DP_DOMAIN_DEFAULT DNS_DP_ENLISTED
pszDpFqdn                   : DomainDnsZones.testad.local

pszZoneName                 : _msdcs.testad.local
Flags                       : DNS_RPC_ZONE_DSINTEGRATED DNS_RPC_ZONE_UPDATE_SECURE
ZoneType                    : DNS_ZONE_TYPE_PRIMARY
Version                     : 50
dwDpFlags                   : DNS_DP_AUTOCREATED DNS_DP_FOREST_DEFAULT DNS_DP_ENLISTED
pszDpFqdn                   : ForestDnsZones.testad.local
[root@dctest01 ~]#
[root@dctest01 ~]#
[root@dctest01 ~]#
[root@dctest01 ~]#
[root@dctest01 ~]# host -t SRV _ldap._tcp.TESTAD.LOCAL 127.0.0.1
Using domain server:
Name: 127.0.0.1
Address: 127.0.0.1#53
Aliases:

_ldap._tcp.TESTAD.LOCAL has SRV record 0 100 389 dctest01.testad.local.
[root@dctest01 ~]# host -t SRV _kerberos._udp.TESTAD.LOCAL 127.0.0.1
Using domain server:
Name: 127.0.0.1
Address: 127.0.0.1#53
Aliases:

_kerberos._udp.TESTAD.LOCAL has SRV record 0 100 88 dctest01.testad.local.
[root@dctest01 ~]# more /etc/hostname
dctest01
[root@dctest01 ~]# host -t A dctest01.testad.local 127.0.0.1
Using domain server:
Name: 127.0.0.1
Address: 127.0.0.1#53
Aliases:

dctest01.testad.local has address 172.19.19.181
[root@dctest01 ~]#
[root@dctest01 ~]# cp /usr/local/samba/private/krb5.conf /etc/krb5.conf
cp: overwrite ‘/etc/krb5.conf’?
[root@dctest01 ~]#
[root@dctest01 ~]#
[root@dctest01 ~]#
[root@dctest01 ~]#
[root@dctest01 ~]# kinit administrator@TESTAD.LOCAL
Password for administrator@TESTAD.LOCAL:
Warning: Your password will expire in 41 days on Thu 31 Mar 2016 02:04:13 PM JST
[root@dctest01 ~]#
[root@dctest01 ~]#
[root@dctest01 ~]#
[root@dctest01 ~]# firewall-cmd --permanent --zone=public --add-service=samba
-bash: firewall-cmd: command not found
[root@dctest01 ~]#
[root@dctest01 ~]#
[root@dctest01 ~]#
[root@dctest01 ~]# systemctl status firewalld
● firewalld.service
   Loaded: not-found (Reason: No such file or directory)
   Active: inactive (dead)
[root@dctest01 ~]#
[root@dctest01 ~]#
[root@dctest01 ~]# setsebool -P samba_domain_controller on
[root@dctest01 ~]# setsebool -P samba_export_all_ro on
[root@dctest01 ~]# setsebool -P samba_explort_all_rw on
Boolean samba_explort_all_rw is not defined
[root@dctest01 ~]# setsebool -P samba_export_all_rw on
[root@dctest01 ~]# setsebool -P samba_enable_home_dirs o
setsebool: illegal value o for boolean samba_enable_home_dirs
[root@dctest01 ~]# setsebool -P samba_enable_home_dirs on
[root@dctest01 ~]#
[root@dctest01 ~]#
[root@dctest01 ~]#

誤用メモ

2016年2月17日水曜日

ERROR(大なることclass 'samba.provision. ProvisioningError'小なること):

0 件のコメント:

コメントを投稿