Приветствую всех!
Пытаемся перевести нашу школу на отечественное ПО. Развернули домен, всё работало нормально, но в какой то момент перестало.
Помогите разобраться почему перестал работать контроллер домена на Samba DC
# systemctl
в списке служб, не работает:
● samba.service loaded failed failed Samba AD Daemon
# systemctl status samba.service
Спойлер
× samba.service - Samba AD Daemon
Loaded: loaded (/lib/systemd/system/samba.service; enabled; vendor preset: disabled)
Active: failed (Result: exit-code) since Thu 2023-07-20 16:35:38 MSK; 23min ago
Docs: man:samba(8)
man:samba(7)
man:smb.conf(5)
Process: 2840 ExecStart=/usr/sbin/samba --no-process-group $SAMBAOPTIONS (code=exited, status=0/SUCCESS)
Main PID: 3289 (code=exited, status=1/FAILURE)
CPU: 1.083s
Jul 20 16:35:38 bas-dc01 samba[3289]: binary_smbd_main: samba: using 'prefork' process model
Jul 20 16:35:38 bas-dc01 samba[3327]: [2023/07/20 16:35:38.586598, 0] ../../source4/samba/service_task.c:36(task_server_terminate)
Jul 20 16:35:38 bas-dc01 samba[3327]: task_server_terminate: task_server_terminate: [Failed to obtain server credentials for DNS, despite finding it the samdb! NT_STATUS_CANT_ACCESS_DOMAIN_INFO
Jul 20 16:35:38 bas-dc01 samba[3327]: ]
Jul 20 16:35:38 bas-dc01 samba[3289]: [2023/07/20 16:35:38.638559, 0] ../../source4/samba/server.c:391(samba_terminate)
Jul 20 16:35:38 bas-dc01 samba[3289]: samba_terminate: samba_terminate of samba 3289: Failed to obtain server credentials for DNS, despite finding it it in the samdb! NT_STATUS_CANT_ACCESS_DOMAIN_INFO
Jul 20 16:35:38 bas-dc01 samba[3289]:
Jul 20 16:35:38 bas-dc01 systemd[1]: samba.service: Main process exited, code=exited, status=1/FAILURE
Jul 20 16:35:38 bas-dc01 systemd[1]: samba.service: Failed with result 'exit-code'.
Jul 20 16:35:38 bas-dc01 systemd[1]: samba.service: Consumed 1.083s CPU time.
# testparm
Спойлер
Load smb config files from /etc/samba/smb.conf
Loaded services file OK.
Weak crypto is allowed
Server role: ROLE_ACTIVE_DIRECTORY_DC
Press enter to see a dump of your service definitions
# Global parameters
[global]
dns forwarder = 95.167.167.95
passdb backend = samba_dsdb
realm = BASOVA.LAN
server role = active directory domain controller
workgroup = BASOVA
rpc_server:tcpip = no
rpc_daemon:spoolssd = embedded
rpc_server:spoolss = embedded
rpc_server:winreg = embedded
rpc_server:ntsvcs = embedded
rpc_server:eventlog = embedded
rpc_server:srvsvc = embedded
rpc_server:svcctl = embedded
rpc_server:default = external
winbindd:use external pipes = true
idmap_ldb:use rfc2307 = yes
idmap config * : backend = tdb
map archive = No
vfs objects = dfs_samba4 acl_xattr
[sysvol]
path = /var/lib/samba/sysvol
read only = No
[netlogon]
path = /var/lib/samba/sysvol/basova.lan/scripts
read only = No
# alterator-cmdline /net-domain action read
Спойлер
domain:
domain_type:ad
resolver:OK
access:ERROR: FQDN is unpingable
ldap:ERROR: no slapd conffile for dn: 'dc=bas-dc01'
kdc:ERROR: krb5kdc service is stopped
ERROR: No slapd conffile for dn: 'dc=bas-dc01'
smb:ERROR: smbd service is stopped
dhcpd:ERROR: Domain name bas-dc01 is not provided to clients
master:#f
ad_dns:95.167.167.95
ad_service:%(_ 'NOT OK (samba service is stopped)')
ad_domain:--
ad_realm:--
ad_dc_name:--
ad_ldap_server:--
ad_kdc_server:--
ipa_installed:#f
ipa_uninstalled:#t
ipa_install_running:#f
altdomain_available:#f
ad_available:#t
ipa_available:#f
Во вложении скриншот вэб интерфейса, вкладка "домен", раньше в строчке "Имя домена: " было собственно имя домена
DHCP сервер включён, работает, адреса выдаёт
DNS не отрабатывает, ping на имена не идёт
в вэб интерфейсе вкладка "DNS сервер" не открывается
----------------
В документации:
- Альт Сервер 10,1
- Часть VIII. Корпоративная инфраструктура
- 40.5. Проверка работоспособности
# samba-tool domain info 127.0.0.1
ERROR: Invalid IP address '127.0.0.1'!
при этом ping на 127.0.0.1 идёт
# smbclient -L localhost -Uadministrator
do_connect: Connection to localhost failed (Error NT_STATUS_CONNECTION_REFUSED)
# cat /etc/resolv.conf
Спойлер
# Generated by resolvconf
# Do not edit manually, use
# /etc/net/ifaces/<interface>/resolv.conf instead.
search basova.lan
nameserver 127.0.0.1
# kinit administrator@basova.lan
kinit: Cannot find KDC for realm "basova.lan" while getting initial credentials
# klist
klist: No credentials cache found (filename: /tmp/krb5cc_0)
Подскажите как вернуть к жизни домен?
Заранее благодарю за помощь!