Installer Samba en contrôleur de domaine sur un serveur Ubuntu

Ceci n'est qu'un BROUILLON

Sources:

Préambule

NOTE :

Les tests sont fait sur une machine virtuelle.
La version de l'OS est Ubuntu serveur 18.04

Le nom d'hôte de la machine doit être différent du nom de domaine choisi

Etat des lieux

Sur un Ubuntu Server 18.04.1 LTS fraichement installé sur une VM (Virtual Machine)

Hostname

thierry@bino:~$ hostnamectl
   Static hostname: bino
         Icon name: computer-vm
           Chassis: vm
        Machine ID: c1ebde3e4ad0405c9e1f04ea0a5fbc7a
           Boot ID: b6dfd8b5079c4fc38abc0e3a0fd03262
    Virtualization: kvm
  Operating System: Ubuntu 18.04.1 LTS
            Kernel: Linux 4.15.0-38-generic
      Architecture: x86-64

Bon on constate que notre nom d'hôte est bino.

Ressources ⇒ Modifier un hostname:

Fichier Hosts

/etc/hosts

127.0.0.1       localhost.localdomain   localhost
::1             localhost6.localdomain6 localhost6
 
# The following lines are desirable for IPv6 capable hosts
::1     localhost ip6-localhost ip6-loopback
fe00::0 ip6-localnet
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters
ff02::3 ip6-allhosts

Rien de spécial à constater, il y a juste localhost de défini

Config réseau

Apparement, la version 18 d'Ubuntu utilise cloud-init pour gérer le réseau…

Le nom de fichier peut etre different de 50-cloud-init.yml

config.yaml par exemple

/etc/netplan/50-cloud-init.yml

# This file is generated from information provided by
# the datasource.  Changes to it will not persist across an instance.
# To disable cloud-init's network configuration capabilities, write a file
# /etc/cloud/cloud.cfg.d/99-disable-network-config.cfg with the following:
# network: {config: disabled}
network:
    ethernets:
        ens18:
            addresses:
            - 192.168.1.104/24
            dhcp4: false
            gateway4: 192.168.1.1
            nameservers:
                addresses:
                - 192.168.1.1
                search: []
    version: 2

Ressources ⇒ Netplan et Cloud-Init

Heureusement ifconfig fonctionne toujours.

thierry@bino:/$ ifconfig
ens18: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 192.168.1.104  netmask 255.255.255.0  broadcast 192.168.1.255
        inet6 fe80::fc63:4cff:fea8:faaa  prefixlen 64  scopeid 0x20<link>
        inet6 fd00::1:fc63:4cff:fea8:faaa  prefixlen 64  scopeid 0x0<global>
        ether fe:63:4c:a8:fa:aa  txqueuelen 1000  (Ethernet)
        RX packets 1558  bytes 218058 (218.0 KB)
        RX errors 0  dropped 28  overruns 0  frame 0
        TX packets 467  bytes 60070 (60.0 KB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0
 
lo: flags=73<UP,LOOPBACK,RUNNING>  mtu 65536
        inet 127.0.0.1  netmask 255.0.0.0
        inet6 ::1  prefixlen 128  scopeid 0x10<host>
        loop  txqueuelen 1000  (Local Loopback)
        RX packets 113  bytes 8184 (8.1 KB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 113  bytes 8184 (8.1 KB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

On constate que nous sommes en adresse ip fixe (dhcp4:false)

notre adresse ip est 192.168.1.104

La passerelle et le dns sont notre LiveBox nationale 192.168.1.1

DNS

/etc/resolv.conf

# This file is managed by man:systemd-resolved(8). Do not edit.
#
# This is a dynamic resolv.conf file for connecting local clients to the
# internal DNS stub resolver of systemd-resolved. This file lists all
# configured search domains.
#
# Run "systemd-resolve --status" to see details about the uplink DNS servers
# currently in use.
#
# Third party programs must not access this file directly, but only through the
# symlink at /etc/resolv.conf. To manage man:resolv.conf(5) in a different way,
# replace this symlink by a static file or a different symlink.
#
# See man:systemd-resolved.service(8) for details about the supported modes of
# operation for /etc/resolv.conf.
 
nameserver 127.0.0.53

Donc, apparement, il y aurait un dns sur l'adresse locale 127.0.0.53 ?

On va tester avec un dig

thierry@bino:/$ dig google.fr
 
; <<>> DiG 9.11.3-1ubuntu1.2-Ubuntu <<>> google.fr
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 10978
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
 
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 65494
;; QUESTION SECTION:
;google.fr.                     IN      A
 
;; ANSWER SECTION:
google.fr.              219     IN      A       216.58.213.131
 
;; Query time: 59 msec
;; SERVER: 127.0.0.53#53(127.0.0.53)
;; WHEN: Fri Oct 26 09:47:45 UTC 2018
;; MSG SIZE  rcvd: 54

Ça a l'air de fonctionner, c'est bien le serveur dns 127.0.0.53:53 qui réponds…

Préparation

Informations pour le paramétrage

Nom d'hôte	bino
Adresse IP de l'hôte	192.168.1.104/24
Adresse IP passerelle	192.168.1.1
Adresse IP DNS	192.168.1.1
Nom du domaine (Realm)	BINOVA.LAN
Mot de passe administrator du domaine	……. (min 8 caractères, avec MAJ et min et chiffre)

ACL et Attributs étendus

Installer et tester les ACL et Attr

Synchronisation du temps sur le réseau

La synchro du temps est indispensable pour le LDAP, surement pour la réplication des bases entre le PDC (Primary Domain Controller) et le BDC (Backup Domain Controller) (…todo : a vérifier)

Sur Ubuntu 18+ apparement la synchro se fait d'office, on peut vérifier par timedatectl:

thierry@bino:~$ sudo timedatectl
[sudo] password for thierry:
                      Local time: ven. 2018-10-26 11:15:24 UTC
                  Universal time: ven. 2018-10-26 11:15:24 UTC
                        RTC time: ven. 2018-10-26 11:15:25
                       Time zone: Etc/UTC (UTC, +0000)
       System clock synchronized: yes
systemd-timesyncd.service active: yes
                 RTC in local TZ: no

Je pense que System clock synchronized: yes et systemd-timesyncd.service active: yes signifie que tout se passe bien…

Si ça marche pas ou si vous avez besoin d'installer le servive NTP ⇒ Installer et tester NTP

Installation

sudo apt -y install samba krb5-config winbind smbclient krb5-user dnsutils

smbclient krb5-user dnsutils seront utiles pour les tests

On saisie le nom du “royaume”, ici BINOVA.LAN en MAJUSCULES (et non BINOVA.COM, comme indiqué sur l'image, car ce domaine existe déjà…)

Durant l'installation il y a le message suivant : Le service samba-ad-dc est maské, pourquoi ???

.....
Adding group `sambashare' (GID 115) ...
Done.
Samba is not being run as an AD Domain Controller, masking samba-ad-dc.service.
Please ignore the following error about deb-systemd-helper not finding samba-ad-dc.service.
Created symlink /etc/systemd/system/multi-user.target.wants/nmbd.service → /lib/systemd/system/nmbd.service.
Failed to preset unit: Unit file /etc/systemd/system/samba-ad-dc.service is masked.
/usr/bin/deb-systemd-helper: error: systemctl preset failed on samba-ad-dc.service: No such file or directory
Created symlink /etc/systemd/system/multi-user.target.wants/smbd.service → /lib/systemd/system/smbd.service.
....

Paramètrage

Stopper et désactiver les services

Stopper et désactiver les services Samba avec les commandes:

sudo systemctl stop samba-ad-dc.service smbd.service nmbd.service winbind.service
sudo systemctl disable samba-ad-dc.service smbd.service nmbd.service winbind.service

thierry@bino:~$ sudo systemctl stop samba-ad-dc.service smbd.service nmbd.service winbind.service
thierry@bino:~$ sudo systemctl disable samba-ad-dc.service smbd.service nmbd.service winbind.service
Synchronizing state of samba-ad-dc.service with SysV service script with /lib/systemd/systemd-sysv-install.
Executing: /lib/systemd/systemd-sysv-install disable samba-ad-dc
Synchronizing state of smbd.service with SysV service script with /lib/systemd/systemd-sysv-install.
Executing: /lib/systemd/systemd-sysv-install disable smbd
Synchronizing state of nmbd.service with SysV service script with /lib/systemd/systemd-sysv-install.
Executing: /lib/systemd/systemd-sysv-install disable nmbd
Synchronizing state of winbind.service with SysV service script with /lib/systemd/systemd-sysv-install.
Executing: /lib/systemd/systemd-sysv-install disable winbind
Unit /etc/systemd/system/samba-ad-dc.service is masked, ignoring.

Supprimer smb.conf

On renomme le fichier conf de samba. Si on oublie on aura une erreur lors de la commande suivante (samba-tool domain provision)

thierry@bino:~$ sudo mv /etc/samba/smb.conf /etc/samba/smb.conf.bak

Provisionner le domaine (samba-tool domain provision)

Le nom de domain doit être différent du nom de l'hôte (hostname)

C'est pour cela que dans l'exemple on utilise BINOVASAS au lieu de BINOVA…

Le mot de passe Administrator password doit etre complexe, sinon → Erreur

C'est a dire minimum 8 caractéres dont Majuscules, minuscules et chiffres

thierry@bino:~$ sudo samba-tool domain provision --use-rfc2307 --interactive
Realm: BINOVA.LAN
 Domain [BINOVA]:
 Server Role (dc, member, standalone) [dc]:
 DNS backend (SAMBA_INTERNAL, BIND9_FLATFILE, BIND9_DLZ, NONE) [SAMBA_INTERNAL]:               
 DNS forwarder IP address (write 'none' to disable forwarding) [127.0.0.53]: 192.168.1.1
Administrator password:
Retype password:
Looking up IPv4 addresses
Looking up IPv6 addresses
Setting up share.ldb
Setting up secrets.ldb
Setting up the registry
Setting up the privileges database
Setting up idmap db
Setting up SAM db
Setting up sam.ldb partitions and settings
Setting up sam.ldb rootDSE
Pre-loading the Samba 4 and AD schema
Adding DomainDN: DC=binova,DC=lan
Adding configuration container
Setting up sam.ldb schema
Setting up sam.ldb configuration data
Setting up display specifiers
Modifying display specifiers
Adding users container
Modifying users container
Adding computers container
Modifying computers container
Setting up sam.ldb data
Setting up well known security principals
Setting up sam.ldb users and groups
Setting up self join
Adding DNS accounts
Creating CN=MicrosoftDNS,CN=System,DC=binova,DC=lan
Creating DomainDnsZones and ForestDnsZones partitions
Populating DomainDnsZones and ForestDnsZones partitions
Setting up sam.ldb rootDSE marking as synchronized
Fixing provision GUIDs
A Kerberos configuration suitable for Samba AD has been generated at /var/lib/samba/private/krb5.conf
Setting up fake yp server settings
Once the above files are installed, your Samba AD server will be ready to use
Server Role:           active directory domain controller
Hostname:              bino
NetBIOS Domain:        BINOVA
DNS Domain:            binova.lan
DOMAIN SID:            S-1-5-21-3406771442-4184896349-3643982972

Ca recree un SMB.CONF

/etc/samba/smb.conf

# Global parameters
[global]
        dns forwarder = 192.168.1.1
        netbios name = BINO
        realm = BINOVA.LAN
        server role = active directory domain controller
        workgroup = BINOVA
        idmap_ldb:use rfc2307 = yes
 
[netlogon]
        path = /var/lib/samba/sysvol/binova.lan/scripts
        read only = No
 
[sysvol]
        path = /var/lib/samba/sysvol
        read only = No

Modification de krb5.conf pour Kerbeiros

thierry@bino:~$ sudo mv /etc/krb5.conf /etc/krb5.conf.bak
thierry@bino:~$ sudo ln -s /var/lib/samba/private/krb5.conf /etc/
thierry@bino:~$ ls -l /etc/krb5.conf
lrwxrwxrwx 1 root root 32 oct.  26 12:46 /etc/krb5.conf -> /var/lib/samba/private/krb5.conf

Modification du Resolv.conf

Modification manuelle du Resolv.conf

On supprime Resolv.conf et on en cree un autre (Je ne sais pas si c'est la meilleure solution… a discuter)

thierry@bino:~$ ll /etc/resolv.conf
lrwxrwxrwx 1 root root 39 juil. 25 22:59 /etc/resolv.conf -> ../run/systemd/resolve/stub-resolv.conf
thierry@bino:~$ sudo rm /etc/resolv.conf
thierry@bino:~$ sudo nano /etc/resolv.conf
thierry@bino:~$ cat /etc/resolv.conf

/etc/resolv.conf

domain binova.lan
nameserver 127.0.0.1

A ce niveau la ni nslookup ni dig ne sont capable de résoudre une adresse Internet.

Normal car le DNS en 127.0.0.1 ne fonctionne pas encore.

Démarrer le service

Avec les commandes:

sudo systemctl unmask samba-ad-dc.service → Enlève le mask du service si il est maské.
sudo systemctl start samba-ad-dc.service → Démarre le service
sudo systemctl status samba-ad-dc.service → Visionner si le service a démarrer correctement
sudo systemctl enable samba-ad-dc.service → Active le service

thierry@bino:~$ sudo systemctl unmask samba-ad-dc.service
Removed /etc/systemd/system/samba-ad-dc.service.
thierry@bino:~$ sudo systemctl start samba-ad-dc.service
thierry@bino:~$ sudo systemctl status samba-ad-dc.service
● samba-ad-dc.service - Samba AD Daemon
   Loaded: loaded (/lib/systemd/system/samba-ad-dc.service; disabled; vendor preset: en
   Active: active (running) since Fri 2018-10-26 13:05:48 UTC; 15s ago
     Docs: man:samba(8)
           man:samba(7)
           man:smb.conf(5)
 Main PID: 3785 (samba)
   Status: "smbd: ready to serve connections..."
    Tasks: 22 (limit: 2320)
   CGroup: /system.slice/samba-ad-dc.service
           ├─3785 /usr/sbin/samba --foreground --no-process-group
           ├─3798 /usr/sbin/samba --foreground --no-process-group
           ├─3800 /usr/sbin/samba --foreground --no-process-group
           ├─3803 /usr/sbin/samba --foreground --no-process-group
           ├─3804 /usr/sbin/samba --foreground --no-process-group
           ├─3805 /usr/sbin/samba --foreground --no-process-group
           ├─3806 /usr/sbin/smbd -D --option=server role check:inhibit=yes --foreground
           ├─3808 /usr/sbin/samba --foreground --no-process-group
           ├─3809 /usr/sbin/samba --foreground --no-process-group
           ├─3810 /usr/sbin/samba --foreground --no-process-group
           ├─3811 /usr/sbin/samba --foreground --no-process-group
           ├─3812 /usr/sbin/samba --foreground --no-process-group
           ├─3813 /usr/sbin/samba --foreground --no-process-group
thierry@bino:~$ sudo systemctl enable samba-ad-dc.service
Synchronizing state of samba-ad-dc.service with SysV service script with /lib/systemd/systemd-sysv-install.
Executing: /lib/systemd/systemd-sysv-install enable samba-ad-dc

Erreurs rencontrées

ERREUR : Failed to listen on 0.0.0.0:53 - NT_STATUS_ADDRESS_ALREADY_ASSOCIAT

Tests

SMBClient

thierry@bino:~$ smbclient -L localhost -U%
 
        Sharename       Type      Comment
        ---------       ----      -------
        netlogon        Disk
        sysvol          Disk
        IPC$            IPC       IPC Service (Samba 4.7.6-Ubuntu)
Reconnecting with SMB1 for workgroup listing.
 
        Server               Comment
        ---------            -------
 
        Workgroup            Master
        ---------            -------
        WORKGROUP            C3PO

thierry@bino:~$ smbclient //localhost/netlogon -UAdministrator -c 'ls'
Enter BINOVA\Administrator's password:
  .                                   D        0  Fri Oct 26 14:12:29 2018
  ..                                  D        0  Fri Oct 26 14:12:36 2018
 
                65790508 blocks of size 1024. 57685256 blocks available

Voir les processus utilisés par Samba

thierry@bino:~$ sudo samba-tool processes
 Service:                PID
-----------------------------
dnsupdate               3316
cldap_server            3308
rpc_server              3301
rpc_server              3301
rpc_server              3301
rpc_server              3301
rpc_server             12708
rpc_server             12709
rpc_server              3301
rpc_server              3301
rpc_server              3301
rpc_server              3301
rpc_server              3301
rpc_server              3301
rpc_server              3301
rpc_server              3301
nbt_server              3304
winbind_server          3315
kdc_server              3309
notify-daemon           3326
ldap_server             3307
ldap_server            15054
ldap_server            15072
kccsrv                  3314
samba                      0
dreplsrv                3310
dnssrv                  3317

Test du DNS

thierry@bino:~$ host -t SRV _ldap._tcp.binova.lan
_ldap._tcp.binova.lan has SRV record 0 100 389 bino.binova.lan.
thierry@bino:~$ host -t SRV _kerberos._udp.binova.lan
_kerberos._udp.binova.lan has SRV record 0 100 88 bino.binova.lan.
thierry@bino:~$ host -t A bino.binova.lan
bino.binova.lan has address 192.168.1.104

Avec dig (parce que j'aime bien dig)

thierry@bino:~$ dig bino.binova.lan
 
; <<>> DiG 9.11.3-1ubuntu1.2-Ubuntu <<>> bino.binova.lan
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 46141
;; flags: qr aa rd ra ad; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 0
 
;; QUESTION SECTION:
;bino.binova.lan.               IN      A
 
;; ANSWER SECTION:
bino.binova.lan.        900     IN      A       192.168.1.104
 
;; AUTHORITY SECTION:
binova.lan.             3600    IN      SOA     bino.binova.lan. hostmaster.binova.lan. 1 900 600 86400 3600
 
;; Query time: 1 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Fri Oct 26 15:36:05 UTC 2018
;; MSG SIZE  rcvd: 96

Kerberos

krb5.conf

Verifions le fichier de configuration de Kerberos

thierry@bino:~$ cat /etc/krb5.conf
[libdefaults]
        default_realm = BINOVA.LAN
        dns_lookup_realm = false
        dns_lookup_kdc = true

Test de connexion

Avec kinit

thierry@bino:~$ kinit administrator@BINOVA.LAN
Password for administrator@BINOVA.LAN:
Warning: Your password will expire in 41 days on ven. 07 déc. 2018 15:15:00 UTC

Pour désactiver l'expiration du password, utilisez

thierry@bino:~$ sudo samba-tool user setexpiry administrator --noexpiry
Expiry for user 'administrator' disabled.

Verifiez avec un nouveau kinit administrator@BINOVA.LAN

Et ensuite...

Erreurs

Unit samba-ad-dc.service is masked

thierry@binova:~$ sudo systemctl start samba-ad-dc.service
Failed to start samba-ad-dc.service: Unit samba-ad-dc.service is masked.
thierry@binova:~$ sudo systemctl unmask samba-ad-dc
Removed /etc/systemd/system/samba-ad-dc.service.
thierry@binova:~$ sudo systemctl enable samba-ad-dc
Synchronizing state of samba-ad-dc.service with SysV service script with /lib/systemd/systemd-sysv-install.
Executing: /lib/systemd/systemd-sysv-install enable samba-ad-dc
thierry@binova:~$ sudo systemctl restart samba-ad-dc

Failed to listen on 0.0.0.0:53 - NT_STATUS_ADDRESS_ALREADY_ASSOCIAT

L'erreur

Lors du lancement du service on voit cette erreur:

thierry@binova-srv:~$ sudo systemctl status samba-ad-dc.service
● samba-ad-dc.service - Samba AD Daemon
   Loaded: loaded (/lib/systemd/system/samba-ad-dc.service; disabled; vendor preset: enabled)
   Active: active (running) since Sat 2018-11-03 18:34:54 CET; 8s ago
     Docs: man:samba(8)
           man:samba(7)
           man:smb.conf(5)
 Main PID: 11506 (samba)
   Status: "smbd: ready to serve connections..."
    Tasks: 24 (limit: 3820)
   CGroup: /system.slice/samba-ad-dc.service
           ├─11506 /usr/sbin/samba --foreground --no-process-group
           ├─11526 /usr/sbin/samba --foreground --no-process-group
           ├─11529 /usr/sbin/samba --foreground --no-process-group
           ├─11530 /usr/sbin/samba --foreground --no-process-group
           ├─11531 /usr/sbin/samba --foreground --no-process-group
           ├─11533 /usr/sbin/samba --foreground --no-process-group
           ├─11534 /usr/sbin/samba --foreground --no-process-group
           ├─11535 /usr/sbin/smbd -D --option=server role check:inhibit=yes --foreground
           ├─11536 /usr/sbin/samba --foreground --no-process-group
           ├─11537 /usr/sbin/samba --foreground --no-process-group
           ├─11538 /usr/sbin/samba --foreground --no-process-group
           ├─11539 /usr/sbin/samba --foreground --no-process-group
           ├─11540 /usr/sbin/samba --foreground --no-process-group
           ├─11541 /usr/sbin/samba --foreground --no-process-group
           ├─11542 /usr/sbin/samba --foreground --no-process-group
           ├─11543 /usr/sbin/samba --foreground --no-process-group
           ├─11544 /usr/sbin/samba --foreground --no-process-group
           ├─11545 /usr/sbin/winbindd -D --option=server role check:inhibit=yes --foreground
           ├─11548 /usr/sbin/samba --foreground --no-process-group
           ├─11549 /usr/bin/python2.7 /usr/sbin/samba_dnsupdate
           ├─11554 /usr/sbin/smbd -D --option=server role check:inhibit=yes --foreground
           ├─11555 /usr/sbin/smbd -D --option=server role check:inhibit=yes --foreground
           ├─11557 /usr/sbin/winbindd -D --option=server role check:inhibit=yes --foreground
           └─11559 /usr/sbin/smbd -D --option=server role check:inhibit=yes --foreground
 
nov. 03 18:34:53 binova-srv samba[11544]:   Failed to listen on 0.0.0.0:53 - NT_STATUS_ADDRESS_ALREADY_ASSOCIAT
nov. 03 18:34:53 binova-srv samba[11544]: [2018/11/03 18:34:53.275324,  0] ../source4/dns_server/dns_server.c:6
nov. 03 18:34:53 binova-srv samba[11544]:   Failed to bind to 0.0.0.0:53 TCP - NT_STATUS_ADDRESS_ALREADY_ASSOCI

Cela signifie que le port 53 est déjà utilisé !!!

Diagnostique

Si je regarde qui utilise ce port avec une netstat -lnp | grep :53

Config qui marche pas

thierry@binova-srv:~$ sudo netstat -lnp | grep :53
tcp        0      0 127.0.0.53:53           0.0.0.0:*               LISTEN      1870/systemd-resolv
tcp6       0      0 :::53                   :::*                    LISTEN      1243/samba
udp        0      0 127.0.0.53:53           0.0.0.0:*                           1870/systemd-resolv
udp6       0      0 :::53                   :::*                                1243/samba

On constate que j'ai un systemd-resolv qui est présent, alors qu'il n'est pas présent dans une config qui tourne déjà…

Comparaison avec une config qui marche...

thierry@bino:~$ sudo netstat -nlp | grep :53
tcp        0      0 0.0.0.0:53              0.0.0.0:*               LISTEN      3317/samba
tcp6       0      0 :::53                   :::*                    LISTEN      3317/samba
udp    43776      0 0.0.0.0:53              0.0.0.0:*                           3317/samba
udp6    2304      0 :::53                   :::*                                3317/samba

Résolution

On supprime systemd-resolved

Source: https://askubuntu.com/questions/907246/how-to-disable-systemd-resolved-in-ubuntu

# On désactive le service
thierry@binova-srv:~$ sudo systemctl disable systemd-resolved.service
Removed /etc/systemd/system/multi-user.target.wants/systemd-resolved.service.
Removed /etc/systemd/system/dbus-org.freedesktop.resolve1.service.
 
# On stop le service
thierry@binova-srv:~$ sudo systemctl stop systemd-resolved
 
# On verifie...
thierry@binova-srv:~$ sudo netstat -lnp | grep :53
tcp6       0      0 :::53                   :::*                    LISTEN      1243/samba
udp6       0      0 :::53                   :::*                                1243/samba

Donc le problème a disparu, relançons le service Samba pour voir si ça marche…

thierry@bino:~$ sudo systemctl restart samba-ad-dc.service

Vérifications

thierry@bino:~$ sudo systemctl status samba-ad-dc.service
● samba-ad-dc.service - Samba AD Daemon
   Loaded: loaded (/lib/systemd/system/samba-ad-dc.service; enabled; vendor preset: enabled)
   Active: active (running) since Sat 2018-11-03 18:14:04 UTC; 10s ago
     Docs: man:samba(8)
           man:samba(7)
           man:smb.conf(5)
 Main PID: 28122 (samba)
   Status: "smbd: ready to serve connections..."
    Tasks: 24 (limit: 2320)
   CGroup: /system.slice/samba-ad-dc.service
           ├─28122 /usr/sbin/samba --foreground --no-process-group
           ├─28143 /usr/sbin/samba --foreground --no-process-group
           ├─28144 /usr/sbin/samba --foreground --no-process-group
           ├─28145 /usr/sbin/samba --foreground --no-process-group
           ├─28146 /usr/sbin/samba --foreground --no-process-group
           ├─28147 /usr/sbin/samba --foreground --no-process-group
           ├─28148 /usr/sbin/samba --foreground --no-process-group
           ├─28150 /usr/sbin/samba --foreground --no-process-group
           ├─28151 /usr/sbin/samba --foreground --no-process-group
           ├─28153 /usr/sbin/samba --foreground --no-process-group
           ├─28154 /usr/sbin/smbd -D --option=server role check:inhibit=yes --foreground
           ├─28155 /usr/sbin/samba --foreground --no-process-group
           ├─28156 /usr/sbin/samba --foreground --no-process-group
           ├─28157 /usr/sbin/samba --foreground --no-process-group
           ├─28158 /usr/sbin/samba --foreground --no-process-group
           ├─28159 /usr/sbin/samba --foreground --no-process-group
           ├─28160 /usr/sbin/samba --foreground --no-process-group
           ├─28161 /usr/sbin/winbindd -D --option=server role check:inhibit=yes --foreground
           ├─28169 /usr/sbin/smbd -D --option=server role check:inhibit=yes --foreground
           ├─28170 /usr/sbin/smbd -D --option=server role check:inhibit=yes --foreground
           ├─28171 /usr/sbin/winbindd -D --option=server role check:inhibit=yes --foreground
           ├─28173 /usr/sbin/winbindd -D --option=server role check:inhibit=yes --foreground
           ├─28175 /usr/sbin/winbindd -D --option=server role check:inhibit=yes --foreground
           └─28176 /usr/sbin/smbd -D --option=server role check:inhibit=yes --foreground
 
nov. 03 18:14:01 bino samba[28122]:   Copyright Andrew Tridgell and the Samba Team 1992-2017
nov. 03 18:14:02 bino samba[28122]: [2018/11/03 18:14:02.198210,  0] ../source4/smbd/server.c:620(binary_smbd_main)
nov. 03 18:14:02 bino samba[28122]:   samba: using 'standard' process model
nov. 03 18:14:03 bino winbindd[28161]: [2018/11/03 18:14:03.032310,  0] ../source3/winbindd/winbindd_cache.c:3170(initialize_w
nov. 03 18:14:03 bino winbindd[28161]:   initialize_winbindd_cache: clearing cache and re-creating with version number 2
nov. 03 18:14:04 bino systemd[1]: Started Samba AD Daemon.
nov. 03 18:14:05 bino winbindd[28161]: [2018/11/03 18:14:04.923125,  0] ../lib/util/become_daemon.c:124(daemon_ready)
nov. 03 18:14:05 bino winbindd[28161]:   STATUS=daemon 'winbindd' finished starting up and ready to serve connections
nov. 03 18:14:09 bino smbd[28154]: [2018/11/03 18:14:09.556902,  0] ../lib/util/become_daemon.c:124(daemon_ready)
nov. 03 18:14:09 bino smbd[28154]:   STATUS=daemon 'smbd' finished starting up and ready to serve connections

On verifie avec NetStat

thierry@bino:~$ sudo netstat -nlp | grep :53
tcp        0      0 0.0.0.0:53              0.0.0.0:*               LISTEN      28159/samba
tcp6       0      0 :::53                   :::*                    LISTEN      28159/samba
udp    36864      0 0.0.0.0:53              0.0.0.0:*                           28159/samba
udp6       0      0 :::53                   :::*                                28159/samba

Et on verifie la résolution des nom avec un NSLookup

thierry@binova-srv:~$ nslookup google.fr
Server:         127.0.0.1
Address:        127.0.0.1#53
 
Non-authoritative answer:
Name:   google.fr
Address: 216.58.206.227

Notre serveur DNS est bien 127.0.0.1#53

Voir aussi

Service Kerberos

Vous pourriez laisser un commentaire si vous étiez connecté.

Table des matières