Results 1 to 10 of 10

Thread: OpenSuSe 15.1 as primary AD DC

  1. #1

    Default OpenSuSe 15.1 as primary AD DC

    Hi everyone!
    I try to create AD DC via YaST.
    I install yast2-samba-provision and go to YaST > Provision an AD DC.
    i Installed all missed package, choise Add a new forest > Root Domain name > choise functional level > set NetBIOS DN and NetBIOS host name.
    After all, a get error below in screenshot
    https://drive.google.com/file/d/1W3e...ew?usp=sharing

  2. #2
    Join Date
    May 2012
    Location
    Finland
    Posts
    2,012

    Default Re: OpenSuSe 15.1 as primary AD DC

    The error message is a bit vague because it can be the result of several different things, for example:

    - The password is shorter than 7 characters
    - The password doesn't conform to specific requirements on complexity. For example have Capital Letters in it or Numbers.
    - You've used a domain name that doesn't conform to TLD, for example: mytestdomain.local would be fine, mytestdomain would not.

    You can check /var/log/YaST2/y2log to see what the exact error message is when it appears on the screen.
    .: miuku #suse @ irc.freenode.net
    :: miuku@opensuse.org

    .: h​ttps://download.opensuse.org/repositories/home:/Miuku/

  3. #3

    Default Re: OpenSuSe 15.1 as primary AD DC

    Quote Originally Posted by Miuku View Post
    The error message is a bit vague because it can be the result of several different things, for example:

    - The password is shorter than 7 characters
    - The password doesn't conform to specific requirements on complexity. For example have Capital Letters in it or Numbers.
    - You've used a domain name that doesn't conform to TLD, for example: mytestdomain.local would be fine, mytestdomain would not.

    You can check /var/log/YaST2/y2log to see what the exact error message is when it appears on the screen.
    Few minutes, please.
    I'll check and answer

  4. #4

    Default Re: OpenSuSe 15.1 as primary AD DC

    Quote Originally Posted by Miuku View Post
    You can check /var/log/YaST2/y2log to see what the exact error message is when it appears on the screen.
    Code:
    2019-12-10 21:23:03 <1> srv(2032) [ui] YPushButton.cc(setFunctionKey):202 Guessing button role YOKButton for YPushButton "Next" at 0x7fc8b02d22b0 from function key F10
    2019-12-10 21:23:03 <1> srv(2032) [ui] YPushButton.cc(setFunctionKey):202 Guessing button role YCancelButton for YPushButton "Cancel" at 0x7fc8b01ff790 from function key F9
    2019-12-10 21:23:04 <1> srv(2032) [ui] YPushButton.cc(setFunctionKey):202 Guessing button role YOKButton for YPushButton "Next" at 0x7fc8b02d22b0 from function key F10
    2019-12-10 21:23:04 <1> srv(2032) [ui] YPushButton.cc(setFunctionKey):202 Guessing button role YCancelButton for YPushButton "Cancel" at 0x7fc8b01ff790 from function key F9
    2019-12-10 21:23:04 <3> srv(2032) [bash] ShellCommand.cc(shellcommand):78 hostname: Name or service not known
    2019-12-10 21:23:04 <2> srv(2032) [Ruby] modules/Hostname.rb:161 Using fallback hostname
    2019-12-10 21:23:04 <1> srv(2032) [Ruby] modules/Hostname.rb:171 Current FQDN: srv
    2019-12-10 21:23:10 <1> srv(2032) [ui] YPushButton.cc(setFunctionKey):202 Guessing button role YOKButton for YPushButton "Next" at 0x7fc8b02d22b0 from function key F10
    2019-12-10 21:23:10 <1> srv(2032) [ui] YPushButton.cc(setFunctionKey):202 Guessing button role YCancelButton for YPushButton "Cancel" at 0x7fc8b01ff790 from function key F9
    2019-12-10 21:23:17 <1> srv(2032) [Ruby] modules/Progress.rb:344 Progress::New(Provisioning Samba Active Directory Domain controller..., 5, ["Write the settings", "Provision", "Write kerberos settings", "Write DNS settings", "Update network configuration"])
    2019-12-10 21:23:17 <2> srv(2032) [ui] YWidget.cc(findWidget):635     THROW:    No widget with ID back
    2019-12-10 21:23:17 <2> srv(2032) [ui] YCP_UI.cc(ChangeWidget):728     CAUGHT:   No widget with ID back
    2019-12-10 21:23:17 <3> srv(2032) [libycp] modules/Wizard.rb:1282 UI::ChangeWidget failed: UI::ChangeWidget( `id (`back), `Enabled, false )
    2019-12-10 21:23:17 <3> srv(2032) [Ruby] modules/Wizard.rb:1251 Neither `next nor `accept widgets exist
    2019-12-10 21:23:17 <3> srv(2032) [Ruby] modules/Wizard.rb:1251 ------------- Backtrace begin -------------
    2019-12-10 21:23:17 <3> srv(2032) [Ruby] modules/Wizard.rb:1251 /usr/share/YaST2/modules/Wizard.rb:1251:in `DisableNextButton'
    2019-12-10 21:23:17 <3> srv(2032) [Ruby] modules/Wizard.rb:1251 /usr/share/YaST2/modules/Progress.rb:465:in `New'
    2019-12-10 21:23:17 <3> srv(2032) [Ruby] modules/Wizard.rb:1251 /usr/share/YaST2/modules/SambaProvision.rb:60:in `Write'
    2019-12-10 21:23:17 <3> srv(2032) [Ruby] modules/Wizard.rb:1251 /usr/share/YaST2/include/samba-provision/dialogs.rb:193:in `WriteDialog'
    2019-12-10 21:23:17 <3> srv(2032) [Ruby] modules/Wizard.rb:1251 /usr/share/YaST2/include/samba-provision/wizards.rb:72:in `block in SambaProvisionSequence'
    2019-12-10 21:23:17 <3> srv(2032) [Ruby] modules/Wizard.rb:1251 /usr/lib64/ruby/vendor_ruby/2.5.0/yast/builtins.rb:546:in `eval'
    2019-12-10 21:23:17 <3> srv(2032) [Ruby] modules/Wizard.rb:1251 /usr/share/YaST2/modules/Sequencer.rb:261:in `WS_run'
    2019-12-10 21:23:17 <3> srv(2032) [Ruby] modules/Wizard.rb:1251 /usr/share/YaST2/modules/Sequencer.rb:333:in `block in Run'
    2019-12-10 21:23:17 <3> srv(2032) [Ruby] modules/Wizard.rb:1251 /usr/share/YaST2/modules/Sequencer.rb:325:in `loop'
    2019-12-10 21:23:17 <3> srv(2032) [Ruby] modules/Wizard.rb:1251 /usr/share/YaST2/modules/Sequencer.rb:325:in `Run'
    2019-12-10 21:23:17 <3> srv(2032) [Ruby] modules/Wizard.rb:1251 /usr/share/YaST2/include/samba-provision/wizards.rb:85:in `SambaProvisionSequence'
    2019-12-10 21:23:17 <3> srv(2032) [Ruby] modules/Wizard.rb:1251 /usr/lib64/ruby/vendor_ruby/2.5.0/yast/fun_ref.rb:33:in `call'
    2019-12-10 21:23:17 <3> srv(2032) [Ruby] modules/Wizard.rb:1251 /usr/lib64/ruby/vendor_ruby/2.5.0/yast/fun_ref.rb:33:in `call'
    2019-12-10 21:23:17 <3> srv(2032) [Ruby] modules/Wizard.rb:1251 /usr/share/YaST2/modules/CommandLine.rb:1517:in `Run'
    2019-12-10 21:23:17 <3> srv(2032) [Ruby] modules/Wizard.rb:1251 /usr/share/YaST2/clients/samba-provision.rb:50:in `main'
    2019-12-10 21:23:17 <3> srv(2032) [Ruby] modules/Wizard.rb:1251 /usr/share/YaST2/clients/samba-provision.rb:64:in `<top (required)>'
    2019-12-10 21:23:17 <3> srv(2032) [Ruby] modules/Wizard.rb:1251 /usr/lib64/ruby/vendor_ruby/2.5.0/yast/wfm.rb:318:in `eval'
    2019-12-10 21:23:17 <3> srv(2032) [Ruby] modules/Wizard.rb:1251 /usr/lib64/ruby/vendor_ruby/2.5.0/yast/wfm.rb:318:in `run_client'
    2019-12-10 21:23:17 <3> srv(2032) [Ruby] modules/Wizard.rb:1251 /usr/lib64/ruby/vendor_ruby/2.5.0/yast/wfm.rb:206:in `call_builtin'
    2019-12-10 21:23:17 <3> srv(2032) [Ruby] modules/Wizard.rb:1251 /usr/lib64/ruby/vendor_ruby/2.5.0/yast/wfm.rb:206:in `call_builtin_wrapper'
    2019-12-10 21:23:17 <3> srv(2032) [Ruby] modules/Wizard.rb:1251 /usr/lib64/ruby/vendor_ruby/2.5.0/yast/wfm.rb:195:in `CallFunction'
    2019-12-10 21:23:17 <3> srv(2032) [Ruby] modules/Wizard.rb:1251 /usr/lib/YaST2/bin/y2start:62:in `<main>'
    2019-12-10 21:23:17 <3> srv(2032) [Ruby] modules/Wizard.rb:1251 ------------- Backtrace end ---------------
    2019-12-10 21:23:18 <3> srv(2032) [bash] ShellCommand.cc(shellcommand):78 Looking up IPv4 addresses
    2019-12-10 21:23:18 <3> srv(2032) [bash] ShellCommand.cc(shellcommand):78 Looking up IPv6 addresses
    2019-12-10 21:23:18 <3> srv(2032) [bash] ShellCommand.cc(shellcommand):78 No IPv6 address will be assigned
    2019-12-10 21:23:18 <3> srv(2032) [bash] ShellCommand.cc(shellcommand):78 ERROR(<class 'samba.provision.ProvisioningError'>): Provision failed - ProvisioningError: Failed to create directory /var/lib/samba/private: No such file or directory
    2019-12-10 21:23:18 <3> srv(2032) [bash] ShellCommand.cc(shellcommand):78   File "/usr/lib64/python2.7/site-packages/samba/netcmd/domain.py", line 538, in run
    2019-12-10 21:23:18 <3> srv(2032) [bash] ShellCommand.cc(shellcommand):78     backend_store=backend_store)
    2019-12-10 21:23:18 <3> srv(2032) [bash] ShellCommand.cc(shellcommand):78   File "/usr/lib64/python2.7/site-packages/samba/provision/__init__.py", line 2205, in provision
    2019-12-10 21:23:18 <3> srv(2032) [bash] ShellCommand.cc(shellcommand):78     directory_create_or_exists(paths.private_dir, 0o700)
    2019-12-10 21:23:18 <3> srv(2032) [bash] ShellCommand.cc(shellcommand):78   File "/usr/lib64/python2.7/site-packages/samba/provision/__init__.py", line 2056, in directory_create_or_exists
    2019-12-10 21:23:18 <3> srv(2032) [bash] ShellCommand.cc(shellcommand):78     raise ProvisioningError("Failed to create directory %s: %s" % (path, e.strerror))
    2019-12-10 21:23:18 <1> srv(2032) [Ruby] modules/SambaProvision.rb:172 Samba provision result: {"exit"=>255, "stderr"=>"Looking up IPv4 addresses\nLooking up IPv6 addresses\nNo IPv6 address will be assigned\nERROR(<class 'samba.provision.ProvisioningError'>): Provision failed - ProvisioningError: Failed to create directory /var/lib/samba/private: No such file or directory\n  File \"/usr/lib64/python2.7/site-packages/samba/netcmd/domain.py\", line 538, in run\n    backend_store=backend_store)\n  File \"/usr/lib64/python2.7/site-packages/samba/provision/__init__.py\", line 2205, in provision\n    directory_create_or_exists(paths.private_dir, 0o700)\n  File \"/usr/lib64/python2.7/site-packages/samba/provision/__init__.py\", line 2056, in directory_create_or_exists\n    raise ProvisioningError(\"Failed to create directory %s: %s\" % (path, e.strerror))\n", "stdout"=>""}
    2019-12-10 21:23:18 <3> srv(2032) [Ruby] modules/SambaProvision.rb:85 Error provisioning database. Check logs for details.
    2019-12-10 21:23:18 <1> srv(2032) [ui] YPushButton.cc(setFunctionKey):202 Guessing button role YOKButton for YPushButton "OK" at 0x7fc8b01f0300 from function key F10
    2019-12-10 21:23:19 <1> srv(2032) [Ruby] clients/samba-provision.rb:53 Samba-provision module finished
    2019-12-10 21:23:19 <1> srv(2032) [Ruby] clients/samba-provision.rb:54 ----------------------------------------
    2019-12-10 21:23:19 <1> srv(2032) [Interpreter] bin/y2start:62 Called YaST client returned.
    2019-12-10 21:23:19 <1> srv(2032) [qt-ui] YQUI.cc(uiThreadDestructor):332 Destroying UI thread
    2019-12-10 21:23:19 <1> srv(2032) [qt-ui] YQUI.cc(~YQUI):315 Closing down Qt UI.
    2019-12-10 21:23:19 <2> srv(2032) [qt-ui] YQUI.cc(qMessageHandler):676 <libqt-warning> QObject::killTimer: Timers cannot be stopped from another thread
    2019-12-10 21:23:19 <2> srv(2032) [qt-ui] YQUI.cc(qMessageHandler):676 <libqt-warning> QObject::~QObject: Timers cannot be stopped from another thread
    2019-12-10 21:23:19 <2> srv(2032) [qt-ui] YQUI.cc(qMessageHandler):676 <libqt-warning> QObject::~QObject: Timers cannot be stopped from another thread
    2019-12-10 21:23:19 <1> srv(2032) [Y2Ruby] binary/YRuby.cc(~YRuby):117 Shutting down ruby interpreter.
    2019-12-10 21:23:19 <1> srv(2032) [Y2Perl] YPerl.cc(destroy):164 Shutting down embedded Perl interpreter.

  5. #5

    Default Re: OpenSuSe 15.1 as primary AD DC

    Also, I have a few questions about setting up a dns server. I configured the configuration files as follows:

    /etc/named.conf
    Code:
    options {
        include "/etc/named.d/forwarders.conf";
    };
    logging {
        category default { log_syslog; };
        channel log_syslog { syslog; };
    };
    zone "network.local" in {
        file "/etc/network.local";
        type master;
        allow-update { any; };
    };
    zone "reverse.local" in {
        file "/etc/reverse.local";
        type master;
        allow-update { any; };
    };
    /etc/network.local
    Code:
    $TTL 86400      ;       1 day
    network.local.    IN      SOA   srv.network.local. admin.network.local. (
                                    20110103        ; Serial
                                    10800           ; Refresh
                                    3600            ; Retry
                                    604800          ; Expire
                                    86400           ; Minimum TTL
                            )
    
                    IN      NS      srv.network.local.
                    IN      A       192.168.2.1
    localhost       IN      A       127.0.0.1
    server          IN      A       192.168.2.1
    /etc/reverse.local
    Code:
    $TTL 86400      ;       1 day
    2.168.192.in-addr.arpa. IN SOA srv.network.local. admin.network.local. (
                            20110104        ; Serial
                            10800           ; Refresh
                            3600            ; Retry
                            604800          ; Expire
                            3600 )          ; Minimum
    
            IN      NS      srv.network.local.
    1       IN      PTR     network.local
    1       IN      PTR     srv.network.local
    After command nslookup srv 192.168.2.1 i got:
    Code:
    Server:         192.168.2.1
    Address:        192.168.2.1#53
    
    ** server can't find srv: NXDOMAIN

  6. #6
    Join Date
    May 2012
    Location
    Finland
    Posts
    2,012

    Default Re: OpenSuSe 15.1 as primary AD DC

    ERROR(<class 'samba.provision.ProvisioningError'>): Provision failed - ProvisioningError: Failed to create directory /var/lib/samba/private: No such file or directory
    This is curious, perhaps you should try to install samba-client manually and then re-try the tool (samba-client owns the directory in question)
    .: miuku #suse @ irc.freenode.net
    :: miuku@opensuse.org

    .: h​ttps://download.opensuse.org/repositories/home:/Miuku/

  7. #7
    Join Date
    Jun 2008
    Location
    San Diego, Ca, USA
    Posts
    11,719
    Blog Entries
    2

    Default Re: OpenSuSe 15.1 as primary AD DC

    Not only does an AD Domain require a suffix, it's not recommended to use something like ".local" because some technologies use that namespace. If you never implement or encounter one of those technologies, you'll be OK but if you ever do run into a problem it's extraordinarily difficult to address... to the point many will decide the practical solution is to tear down their entire AD and re-build with a new namespace. Use something likely unique like ".mygreennetwork" or whatever else you can make up.

    It'd be interesting if you can create a SAMBA AD Domain on its won from the beginning, I've never heard of anyone doing that.
    It's common to create a DC that can join an existing AD Domain.
    Or, create an original SAMBA (not AD) Domain.
    The issue is whether SAMBA's setup can create and deploy an AD schema on its own which I've never looked into. It's likely technically possible but I don't know if there is an easy setup that's built into SAMBA.

    TSU
    Beginner Wiki Quickstart - https://en.opensuse.org/User:Tsu2/Quickstart_Wiki
    Solved a problem recently? Create a wiki page for future personal reference!
    Learn something new?
    Attended a computing event?
    Post and Share!

  8. #8
    Join Date
    Jun 2008
    Location
    San Diego, Ca, USA
    Posts
    11,719
    Blog Entries
    2

    Default Re: OpenSuSe 15.1 as primary AD DC

    A FYI if not already aware...

    LEAP SAMBA documentation
    https://doc.opensuse.org/documentati...cha-samba.html

    I'll admit I haven't looked at trying to create an original AD realm and Domain using SAMBA anytime recently and unless you see something that's not described in the above LEAP documentation, you may have some difficulties using YaST. Based on the above documentation, I suspect that you <might> only be creating a SAMBA NT4 type Domain (but I may be surprised). If you try using YaST, you can use the below reference to inspect your configuration for what type of Domain you installed.

    But,
    An Internet search suggests that it's possible to create an original SAMBA AD, the following article describes doing so on Ubuntu. Of course Ubuntu doesn't have YaST, but if you use the following you may be able to integrate various steps with the LEAP documentation for setting up SAMBA manually. I don't know if there have been improvements to SAMBA since the article was written in 2016, but at that time you could only create a Win2008 AD (not 2012 or later).

    https://www.tecmint.com/install-samb...ectory-ubuntu/

    Another comment...
    It'd be very unusual to set up an AD with NetBIOS and WINS name resolution support.
    AD naming conventions are based entirely on the Hostname system with uses only DNS and hosts files, no WINS and lmhosts files.

    Good Luck,
    TSU
    Beginner Wiki Quickstart - https://en.opensuse.org/User:Tsu2/Quickstart_Wiki
    Solved a problem recently? Create a wiki page for future personal reference!
    Learn something new?
    Attended a computing event?
    Post and Share!

  9. #9

    Default Re: OpenSuSe 15.1 as primary AD DC

    I want to deviate a little from the question towards the DNS server. With YaST I set up a DNS server. Here are its settings:

    /etc/named.conf:
    Code:
    options {
        include "/etc/named.d/forwarders.conf";
    };
    logging {
        category default { log_syslog; };
        channel log_syslog { syslog; };
    };
    zone "example.com" in {
        allow-update { key super; };
        allow-transfer { any; localhost; localnets; };
        file "dyn/example.comX";
        type master;
    };
    zone "2.168.192.in-addr.arpa" in {
        allow-transfer { any; localnets; };
        file "master/2.168.192.in-addr.arpa";
        type master;
    };
    acl local { 192.168.2/24; };
    /var/lib/named/dyn/example.comX

    Code:
    $TTL 2d
    @        IN SOA        dnsserver.    root.dnsserver. (
                    2019121100    ; serial
                    3h        ; refresh
                    1h        ; retry
                    1w        ; expiry
                    1d )        ; minimum
    
    example.com.    IN NS        dnsserver.example.com.
    master/2.168.192.in-addr.arpa
    Code:
    $TTL 2d
    @        IN SOA        dnsserver.example.com    root.dnsserver. (
                    2019121102    ; serial
                    3h        ; refresh
                    1h        ; retry
                    1w        ; expiry
                    1d )        ; minimum
    
    2.168.192.in-addr.arpa.    IN NS        dnsserver.2.168.192.in-addr.arpa.
    2.2.168.192.in-addr.arpa.    IN PTR        example.com.
    if i use command:
    Code:
    nslookup dnsserver
    Server:   192.168.2.2
    Address:  192.168.2.2#53
    
    ** server can't find dnsserver: SERVFAIL
    But, if i use
    Code:
    ping dnsserver
    PING dnsserver (192.168.2.2) 56(84) bytes of data.
    64 bytes from dnsserver (192.168.2.2): icmp_seq=1 ttl=64
    Looks like everything works.

  10. #10
    Join Date
    Jun 2008
    Location
    San Diego, Ca, USA
    Posts
    11,719
    Blog Entries
    2

    Default Re: OpenSuSe 15.1 as primary AD DC

    Comment about "example.com"
    Don't know if this is just a placeholder or your real configuration, but it shouldn't be real if you don't own the domain "example.com"
    You should use a FQDN that's not routable over the Internet to comply with security "Best Practice" although I've done so for a Domain I owned because in that situation although it was very unlikely anyone from outside the LAN would ever access my servers, I also didn't mind if that information somehow leaked. And, it was convenient in one case to provide LAN name resolution for external clients.

    Are you using the YaST DNS module to manage your zone records?
    I can't remember off the top of my head whether it has ever been proper to only define 3 octets for your in-addr.arpa zones... Would seem to me that it should be standard to define 4 octets, the missing (leading when a reverse lookup zone) should be a zero.

    TSU
    Beginner Wiki Quickstart - https://en.opensuse.org/User:Tsu2/Quickstart_Wiki
    Solved a problem recently? Create a wiki page for future personal reference!
    Learn something new?
    Attended a computing event?
    Post and Share!

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •