Problema al instalar dcsamba4 en un dominio de Windows AD existente

Ven aquí para compartir tus consejos y trucos para usar Samba4
Bloqueado
águila calva
Mensajes: 4
Inscripción: 27 de diciembre de 2017 - 17:39

27 de diciembre de 2017 - 17:55

Buen día

Tengo un dominio de Active Directory que se ejecuta en Windows Server 2012 R2, por lo que el nivel funcional del bosque está en Windows Server 2008 y el nivel funcional del dominio está en Windows Server 2008 R2

Seguí tu tutorial https://dev.tranquil.it/wiki/SAMBA_-_En ... secundaria Para agregar un DC Debian 9 Samba 4 al momento de unirme me arroja esto:

Código: Seleccionar todo

Adding 1 remote DNS records for ECKBADEB.kenneagle.lan
Adding DNS A record ECKBADEB.kenneagle.lan for IPv4 IP: 192.168.100.3
Join failed - cleaning up
Deleted CN=RID Set,CN=ECKBADEB,OU=Domain Controllers,DC=kenneagle,DC=lan
Deleted CN=ECKBADEB,OU=Domain Controllers,DC=kenneagle,DC=lan
Deleted CN=NTDS Settings,CN=ECKBADEB,CN=Servers,CN=Premier-Site-par-defaut,CN=Sites,CN=Configuration,DC=kenneagle,DC=lan
Deleted CN=ECKBADEB,CN=Servers,CN=Premier-Site-par-defaut,CN=Sites,CN=Configuration,DC=kenneagle,DC=lan
ERROR(runtime): uncaught exception - (9003, 'WERR_DNS_ERROR_RCODE_NAME_ERROR')
  File "/usr/lib/python2.7/dist-packages/samba/netcmd/__init__.py", line 176, in _run
    return self.run(*args, **kwargs)
  File "/usr/lib/python2.7/dist-packages/samba/netcmd/domain.py", line 661, in run
    machinepass=machinepass, use_ntvfs=use_ntvfs, dns_backend=dns_backend)
  File "/usr/lib/python2.7/dist-packages/samba/join.py", line 1474, in join_DC
    ctx.do_join()
  File "/usr/lib/python2.7/dist-packages/samba/join.py", line 1384, in do_join
    ctx.join_add_dns_records()
  File "/usr/lib/python2.7/dist-packages/samba/join.py", line 1116, in join_add_dns_records
    dns_partition=domaindns_zone_dn)
  File "/usr/lib/python2.7/dist-packages/samba/samdb.py", line 939, in dns_lookup
    dns_partition=dns_partition)
¿Puedes ayudarme?, gracias de antemano
Alto
águila calva
Mensajes: 4
Inscripción: 27 de diciembre de 2017 - 17:39

28 de diciembre de 2017 - 12:12

Buen día

Después de volver a probar, logré conectar mi controlador de dominio Samba4 a mi dominio de Active Directory existente

El directorio se replica correctamente, pero no DNS y sysvol:
para dns

Código: Seleccionar todo

root@eckbadeb:/home/nicoket# samba_dnsupdate --use-samba-tool --rpc-server-ip=192.168.1.78
ERROR(runtime): uncaught exception - (-1073741790, '{Access Denied} A process has requested access to an object but has not been granted those access rights.')
  File "/usr/lib/python2.7/dist-packages/samba/netcmd/__init__.py", line 176, in _run
    return self.run(*args, **kwargs)
  File "/usr/lib/python2.7/dist-packages/samba/netcmd/dns.py", line 935, in run
    0, server, zone, name, add_rec_buf, None)
ERROR(runtime): uncaught exception - (-1073741790, '{Access Denied} A process has requested access to an object but has not been granted those access rights.')
  File "/usr/lib/python2.7/dist-packages/samba/netcmd/__init__.py", line 176, in _run
    return self.run(*args, **kwargs)
  File "/usr/lib/python2.7/dist-packages/samba/netcmd/dns.py", line 935, in run
    0, server, zone, name, add_rec_buf, None)
ERROR(runtime): uncaught exception - (-1073741790, '{Access Denied} A process has requested access to an object but has not been granted those access rights.')
  File "/usr/lib/python2.7/dist-packages/samba/netcmd/__init__.py", line 176, in _run
    return self.run(*args, **kwargs)
  File "/usr/lib/python2.7/dist-packages/samba/netcmd/dns.py", line 935, in run
    0, server, zone, name, add_rec_buf, None)
ERROR(runtime): uncaught exception - (-1073741790, '{Access Denied} A process has requested access to an object but has not been granted those access rights.')
  File "/usr/lib/python2.7/dist-packages/samba/netcmd/__init__.py", line 176, in _run
    return self.run(*args, **kwargs)
  File "/usr/lib/python2.7/dist-packages/samba/netcmd/dns.py", line 935, in run
    0, server, zone, name, add_rec_buf, None)
ERROR(runtime): uncaught exception - (-1073741790, '{Access Denied} A process has requested access to an object but has not been granted those access rights.')
  File "/usr/lib/python2.7/dist-packages/samba/netcmd/__init__.py", line 176, in _run
    return self.run(*args, **kwargs)
  File "/usr/lib/python2.7/dist-packages/samba/netcmd/dns.py", line 935, in run
    0, server, zone, name, add_rec_buf, None)
ERROR(runtime): uncaught exception - (-1073741790, '{Access Denied} A process has requested access to an object but has not been granted those access rights.')
  File "/usr/lib/python2.7/dist-packages/samba/netcmd/__init__.py", line 176, in _run
    return self.run(*args, **kwargs)
  File "/usr/lib/python2.7/dist-packages/samba/netcmd/dns.py", line 935, in run
    0, server, zone, name, add_rec_buf, None)
ERROR(runtime): uncaught exception - (-1073741790, '{Access Denied} A process has requested access to an object but has not been granted those access rights.')
  File "/usr/lib/python2.7/dist-packages/samba/netcmd/__init__.py", line 176, in _run
    return self.run(*args, **kwargs)
  File "/usr/lib/python2.7/dist-packages/samba/netcmd/dns.py", line 935, in run
    0, server, zone, name, add_rec_buf, None)
ERROR(runtime): uncaught exception - (-1073741790, '{Access Denied} A process has requested access to an object but has not been granted those access rights.')
  File "/usr/lib/python2.7/dist-packages/samba/netcmd/__init__.py", line 176, in _run
    return self.run(*args, **kwargs)
  File "/usr/lib/python2.7/dist-packages/samba/netcmd/dns.py", line 935, in run
    0, server, zone, name, add_rec_buf, None)
ERROR(runtime): uncaught exception - (-1073741790, '{Access Denied} A process has requested access to an object but has not been granted those access rights.')
  File "/usr/lib/python2.7/dist-packages/samba/netcmd/__init__.py", line 176, in _run
    return self.run(*args, **kwargs)
  File "/usr/lib/python2.7/dist-packages/samba/netcmd/dns.py", line 935, in run
    0, server, zone, name, add_rec_buf, None)
ERROR(runtime): uncaught exception - (-1073741790, '{Access Denied} A process has requested access to an object but has not been granted those access rights.')
  File "/usr/lib/python2.7/dist-packages/samba/netcmd/__init__.py", line 176, in _run
    return self.run(*args, **kwargs)
  File "/usr/lib/python2.7/dist-packages/samba/netcmd/dns.py", line 935, in run
    0, server, zone, name, add_rec_buf, None)
ERROR(runtime): uncaught exception - (-1073741790, '{Access Denied} A process has requested access to an object but has not been granted those access rights.')
  File "/usr/lib/python2.7/dist-packages/samba/netcmd/__init__.py", line 176, in _run
    return self.run(*args, **kwargs)
  File "/usr/lib/python2.7/dist-packages/samba/netcmd/dns.py", line 935, in run
    0, server, zone, name, add_rec_buf, None)
ERROR(runtime): uncaught exception - (-1073741790, '{Access Denied} A process has requested access to an object but has not been granted those access rights.')
  File "/usr/lib/python2.7/dist-packages/samba/netcmd/__init__.py", line 176, in _run
    return self.run(*args, **kwargs)
  File "/usr/lib/python2.7/dist-packages/samba/netcmd/dns.py", line 935, in run
    0, server, zone, name, add_rec_buf, None)
ERROR(runtime): uncaught exception - (-1073741790, '{Access Denied} A process has requested access to an object but has not been granted those access rights.')
  File "/usr/lib/python2.7/dist-packages/samba/netcmd/__init__.py", line 176, in _run
    return self.run(*args, **kwargs)
  File "/usr/lib/python2.7/dist-packages/samba/netcmd/dns.py", line 935, in run
    0, server, zone, name, add_rec_buf, None)
ERROR(runtime): uncaught exception - (-1073741790, '{Access Denied} A process has requested access to an object but has not been granted those access rights.')
  File "/usr/lib/python2.7/dist-packages/samba/netcmd/__init__.py", line 176, in _run
    return self.run(*args, **kwargs)
  File "/usr/lib/python2.7/dist-packages/samba/netcmd/dns.py", line 935, in run
    0, server, zone, name, add_rec_buf, None)
ERROR(runtime): uncaught exception - (-1073741790, '{Access Denied} A process has requested access to an object but has not been granted those access rights.')
  File "/usr/lib/python2.7/dist-packages/samba/netcmd/__init__.py", line 176, in _run
    return self.run(*args, **kwargs)
  File "/usr/lib/python2.7/dist-packages/samba/netcmd/dns.py", line 935, in run
    0, server, zone, name, add_rec_buf, None)
ERROR(runtime): uncaught exception - (-1073741790, '{Access Denied} A process has requested access to an object but has not been granted those access rights.')
  File "/usr/lib/python2.7/dist-packages/samba/netcmd/__init__.py", line 176, in _run
    return self.run(*args, **kwargs)
  File "/usr/lib/python2.7/dist-packages/samba/netcmd/dns.py", line 935, in run
    0, server, zone, name, add_rec_buf, None)
ERROR(runtime): uncaught exception - (-1073741790, '{Access Denied} A process has requested access to an object but has not been granted those access rights.')
  File "/usr/lib/python2.7/dist-packages/samba/netcmd/__init__.py", line 176, in _run
    return self.run(*args, **kwargs)
  File "/usr/lib/python2.7/dist-packages/samba/netcmd/dns.py", line 935, in run
    0, server, zone, name, add_rec_buf, None)
ERROR(runtime): uncaught exception - (-1073741790, '{Access Denied} A process has requested access to an object but has not been granted those access rights.')
  File "/usr/lib/python2.7/dist-packages/samba/netcmd/__init__.py", line 176, in _run
    return self.run(*args, **kwargs)
  File "/usr/lib/python2.7/dist-packages/samba/netcmd/dns.py", line 935, in run
    0, server, zone, name, add_rec_buf, None)
ERROR(runtime): uncaught exception - (-1073741790, '{Access Denied} A process has requested access to an object but has not been granted those access rights.')
  File "/usr/lib/python2.7/dist-packages/samba/netcmd/__init__.py", line 176, in _run
    return self.run(*args, **kwargs)
  File "/usr/lib/python2.7/dist-packages/samba/netcmd/dns.py", line 935, in run
    0, server, zone, name, add_rec_buf, None)
ERROR(runtime): uncaught exception - (-1073741790, '{Access Denied} A process has requested access to an object but has not been granted those access rights.')
  File "/usr/lib/python2.7/dist-packages/samba/netcmd/__init__.py", line 176, in _run
    return self.run(*args, **kwargs)
  File "/usr/lib/python2.7/dist-packages/samba/netcmd/dns.py", line 935, in run
    0, server, zone, name, add_rec_buf, None)
ERROR(runtime): uncaught exception - (-1073741790, '{Access Denied} A process has requested access to an object but has not been granted those access rights.')
  File "/usr/lib/python2.7/dist-packages/samba/netcmd/__init__.py", line 176, in _run
    return self.run(*args, **kwargs)
  File "/usr/lib/python2.7/dist-packages/samba/netcmd/dns.py", line 935, in run
    0, server, zone, name, add_rec_buf, None)
ERROR(runtime): uncaught exception - (-1073741790, '{Access Denied} A process has requested access to an object but has not been granted those access rights.')
  File "/usr/lib/python2.7/dist-packages/samba/netcmd/__init__.py", line 176, in _run
    return self.run(*args, **kwargs)
  File "/usr/lib/python2.7/dist-packages/samba/netcmd/dns.py", line 935, in run
    0, server, zone, name, add_rec_buf, None)
ERROR(runtime): uncaught exception - (-1073741790, '{Access Denied} A process has requested access to an object but has not been granted those access rights.')
  File "/usr/lib/python2.7/dist-packages/samba/netcmd/__init__.py", line 176, in _run
    return self.run(*args, **kwargs)
  File "/usr/lib/python2.7/dist-packages/samba/netcmd/dns.py", line 935, in run
    0, server, zone, name, add_rec_buf, None)
ERROR(runtime): uncaught exception - (-1073741790, '{Access Denied} A process has requested access to an object but has not been granted those access rights.')
  File "/usr/lib/python2.7/dist-packages/samba/netcmd/__init__.py", line 176, in _run
    return self.run(*args, **kwargs)
  File "/usr/lib/python2.7/dist-packages/samba/netcmd/dns.py", line 935, in run
    0, server, zone, name, add_rec_buf, None)
Failed update of 24 entries

Código: Seleccionar todo

samba-tool ntacl sysvolcheck ERROR(<type 'exceptions.TypeError'>): uncaught exception - (2, 'No such file or directory')
  File "/usr/lib/python2.7/dist-packages/samba/netcmd/__init__.py", line 176, in _run
    return self.run(*args, **kwargs)
  File "/usr/lib/python2.7/dist-packages/samba/netcmd/ntacl.py", line 270, in run
    lp)
  File "/usr/lib/python2.7/dist-packages/samba/provision/__init__.py", line 1723, in checksysvolacl
    direct_db_access)
  File "/usr/lib/python2.7/dist-packages/samba/provision/__init__.py", line 1659, in check_gpos_acl
    direct_db_access=direct_db_access, service=SYSVOL_SERVICE)
  File "/usr/lib/python2.7/dist-packages/samba/ntacls.py", line 81, in getntacl
    xattr.XATTR_NTACL_NAME)

Código: Seleccionar todo

root@eckbadeb:/home/nicoket# samba-tool ntacl sysvolresetopen: error=2 (No such file or directory)
ERROR(runtime): uncaught exception - (-1073741823, '{Operation Failed} The requested operation was unsuccessful.')
  File "/usr/lib/python2.7/dist-packages/samba/netcmd/__init__.py", line 176, in _run
    return self.run(*args, **kwargs)
  File "/usr/lib/python2.7/dist-packages/samba/netcmd/ntacl.py", line 239, in run
    lp, use_ntvfs=use_ntvfs)
  File "/usr/lib/python2.7/dist-packages/samba/provision/__init__.py", line 1609, in setsysvolacl
    set_gpos_acl(sysvol, dnsdomain, domainsid, domaindn, samdb, lp, use_ntvfs, passdb=s4_passdb)
  File "/usr/lib/python2.7/dist-packages/samba/provision/__init__.py", line 1502, in set_gpos_acl
    use_ntvfs=use_ntvfs, skip_invalid_chown=True, passdb=passdb, service=SYSVOL_SERVICE)
  File "/usr/lib/python2.7/dist-packages/samba/ntacls.py", line 162, in setntacl
    smbd.set_nt_acl(file, security.SECINFO_OWNER | security.SECINFO_GROUP | security.SECINFO_DACL | security.SECINFO_SACL, sd, service=service)
¿Alguien tiene alguna idea?
Alto
Avatar de usuario
Sfonteneau
Experto en WAPT
Mensajes: 2312
Registrado: 10 de julio de 2014 - 23:52
Contacto :
Contacto Sfonteneau

29 de diciembre de 2017 - 11:45 AM

La parte de sysvol es normal.

https://dev.tranquil.it/wiki/SAMBA_-_R% ... age_SYSVOL

Con una solución Syncthing tanto en Windows como en Linux, sin duda es posible, ¡pero requerirá algunos ajustes!

Respecto al DNS, ¿podrías especificar la dirección IP del Directorio Activo de Windows y del servidor Samba 4?
Alto
águila calva
Mensajes: 4
Inscripción: 27 de diciembre de 2017 - 17:39

2 de enero de 2018 - 17:57

Hola,

gracias por tu respuesta.

El problema de sysvol se ha resuelto.

En cuanto al DNS,

mi servidor Windows tiene la dirección IP 192.168.1.78 y
mi servidor Linux la dirección IP 192.168.100.3.

Tras realizar más pruebas, reinstalé completamente el servidor.
La conexión solo funciona si la opción "A todos los servidores que se ejecutan en controladores de dominio en este dominio: mydomain.lan" está marcada. ¿Es un problema del servidor?
La sincronización DNS sigue sin funcionar.
Alto
Avatar de usuario
dcardón
Experto en WAPT
Mensajes: 1908
Inscripción: 18 de junio de 2014 - 09:58
Ubicación: Saint Sébastien sur Loire
Contacto :
Contactar con dcardon

15 de enero de 2018 - 13:21

eckeagle escribió: 27 de diciembre de 2017 - 17:55 Hola,

tengo un dominio de AD ejecutándose en Windows Server 2012 R2, por lo que el nivel funcional del bosque está en Windows Server 2008 y el nivel funcional del dominio está en Windows Server 2008 R2.

Seguí tu tutorial https://dev.tranquil.it/wiki/SAMBA_-_In ... secondary para agregar un controlador de dominio Samba4 Debian 9, pero durante el proceso de unión, me da estos resultados:
Aunque el nivel de bosque es 2k8r2, el servidor Win2k12 añade características específicas que no son compatibles con Samba-AD (al menos eso era cierto hace 5 o 6 meses). Se han publicado confirmaciones en la lista de correo para resolver este problema y añadir compatibilidad con esquemas 2k12 (me refiero a esquemas, no a funciones de silo, FAST, etc.).
Es mejor hacer la prueba con un win2k8r2, o esperar a Samba 4.8 que probablemente debería incluir estas mejoras.

Denis
Denis Cardon - Tranquil IT
¡Comparte tus experiencias en WAPT! Envíanos las URL de tus blogs y artículos en la "Tu opinión del foro y los publicaremos en el de WAPT
Alto
Avatar de usuario
dcardón
Experto en WAPT
Mensajes: 1908
Inscripción: 18 de junio de 2014 - 09:58
Ubicación: Saint Sébastien sur Loire
Contacto :
Contactar con dcardon

15 de enero de 2018 - 13:27

eckeagle escribió: 2 de enero de 2018 - 17:57 Para DNS,

mi servidor Windows está en la IP 192.168.1.78
y mi servidor Linux está en la IP 192.168.100.3.

Después de realizar más pruebas, reconstruí completamente el servidor.
La conexión solo funciona si la opción "a todos los servidores que se ejecutan en controladores de dominio en este dominio: mydomain.lan" está marcada. ¿Problema del servidor?
Y la sincronización de DNS sigue sin funcionar.
Acabo de unir un Active Directory de Windows Server 2008 R2 a mi dominio Samba-AD con la versión 4.7.4. Tengo un problema al replicar las zonas DNS (de hecho, el KCC ni siquiera creó los registros `repsfrom` y `repsto` correspondientes). Debe ser una regresión, o hay algún problema con mis particiones `DC=DomainDNSZones` y `DC=ForestDNSZones`. Las demás particiones funcionan correctamente... Ha funcionado antes, aunque no se recomiendan los dominios mixtos Samba/MS. Lo revisaré esta tarde si tengo tiempo.

Denis
Denis Cardon - Tranquil IT
¡Comparte tus experiencias en WAPT! Envíanos las URL de tus blogs y artículos en la "Tu opinión del foro y los publicaremos en el de WAPT
Alto
águila calva
Mensajes: 4
Inscripción: 27 de diciembre de 2017 - 17:39

15 de enero de 2018 - 23:19

Empezaba a sospechar que provenía del Administrador de Red. Sí, instalé la interfaz de GNOME, pero no sé qué recomendar
Alto
Bloqueado

Volver a "Consejos y trucos"


  • Para ir más allá con WAPT