Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

change ordering of samba (classic.pp) #69

Open
MinschartT opened this issue Jul 18, 2019 · 0 comments
Open

change ordering of samba (classic.pp) #69

MinschartT opened this issue Jul 18, 2019 · 0 comments

Comments

@MinschartT
Copy link

Since version 4.8, samba no longer has a fallback option to contact the domain controller.
This means that there must be a valid winbind session before samba can be started, otherwise it cannot be started.

Order:

  1. Package Installation (Samba and Winbind)
  2. Samba Configuration
  3. Winbind Join
  4. Start Samba
  5. Start Winbind

Modifications:

if $manage_winbind and $join_domain {
unless $adminpassword == undef {
$ou = $joinou ? {
default => "createcomputer="${joinou}"",
undef => '',
}
Samba::Option <| |> -> Exec['Join Domain'] -> Service['SambaSmb']
exec{ 'Join Domain':
path => '/bin:/sbin:/usr/sbin:/usr/bin/',
unless => 'net ads testjoin',
command => "echo '${adminpassword}'| net ads join -U '${adminuser}' ${ou}",
notify => Service['SambaWinBind'],
require => Package['SambaClassic'],
}
}
}

  • Samba::Option <| |> -> Exec['Join Domain'] -> Service['SambaSmb'] ->
    Before a join can be done(via net ads), the Samba configuration file must first be created.
    Otherwise you will receive an error message from Winbind.
    This rule ensures that everything is executed in the correct order
  • require => Package['SambaClassic'], ->
    Service ['SambaSmb'] removed. Otherwise the items will not be executed in the correct order.

Without a net ads join:

-- Logs begin at Wed 2019-06-12 15:08:26 CEST, end at Thu 2019-06-13 13:07:35 CEST. --
Jun 13 13:07:35 systemd[1]: Starting Samba SMB Daemon...
Jun 13 13:07:35 smbd[58501]: [2019/06/13 13:07:35.297661, 0] ../source3/auth/auth_util.c:1372(make_new_session_info_guest)
Jun 13 13:07:35 smbd[58501]: create_local_token failed: NT_STATUS_NO_MEMORY
Jun 13 13:07:35 smbd[58501]: [2019/06/13 13:07:35.297749, 0] ../source3/smbd/server.c:1993(main)
Jun 13 13:07:35 smbd[58501]: ERROR: failed to setup guest info.
Jun 13 13:07:35 systemd[1]: smb.service: main process exited, code=exited, status=255/n/a
Jun 13 13:07:35 systemd[1]: Failed to start Samba SMB Daemon.
Jun 13 13:07:35 systemd[1]: Unit smb.service entered failed state.
Jun 13 13:07:35 systemd[1]: smb.service failed.

When the Samba configuration file is not present before the net ads join is done:

Notice: /Stage[main]/Samba::Classic/Exec[Join Domain]/returns: Invalid configuration. Exiting....
Notice: /Stage[main]/Samba::Classic/Exec[Join Domain]/returns: Host is not configured as a member server.
Notice: /Stage[main]/Samba::Classic/Exec[Join Domain]/returns: Failed to join domain: This operation is only allowed for the PDC of the domain.
tynsh added a commit to tynsh/puppet-samba that referenced this issue Sep 25, 2019
@tynsh
implement ad join improvements suggested in kakwa#69
50cf67e
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@MinschartT