burnbabyburn
commented
2 years ago I'll merge your commit on my next push. thx for contributing
Closed cfoellmann closed 2 years ago
burnbabyburn
commented
2 years ago I'll merge your commit on my next push. thx for contributing
cfoellmann
commented
2 years ago thanks. Are you also from Germany? Saw some German comment in there 😉
Any idea why ntpd is not reachable? I just tested on a dirty VM. Maybe it is "just" a problem on my end there.
"We" also need to update the readme and send this whole thing to the upstream!!
cfoellmann
commented
2 years ago this is obsolete now
cfoellmann
commented
2 years ago @burnbabyburn sorry for spamming this PR.
with your last commits ntpd seems to be running smoothly
cfoellmann
commented
2 years ago me again.
This is the result of my last container deployment:
root@dc101:/etc# more krb5.conf
[libdefaults]
dns_lookup_realm = false
dns_lookup_kdc = true
default_realm = AD.MYDOMAIN.COM
# forwardable = true
# rdns = false
# ticket_lifetime = 24h
# renew_lifetime = 7d
[logging]
default = CONSOLE
default = FILE:/var/log/samba/krb5libs.log
kdc = CONSOLE
kdc = FILE:/var/log/samba/krb5kdc.log
admin_server = CONSOLE
admin_server = FILE:/var/log/samba/kadmind.log
#[realms]
# AD.MYDOMAIN.COM = {
# kdc = dc101.AD.MYDOMAIN.COM
# default_domain = AD.MYDOMAIN.COM
# }
#[domain_realm]
# .ad.MYDOMAIN.com = AD.MYDOMAIN.COM
# ad.MYDOMAIN.com = AD.MYDOMAIN.COMI haven't tested kerberos yet but is it the intention to have duplicate logging destinations? and have the realms and domain_realm commented out?
cfoellmann
commented
2 years ago @burnbabyburn ntp again:
https://github.com/burnbabyburn/docker-ubuntu-samba-dc/blob/3cd6506074a92f83ae5d23c011d7dc5bc96be5f1/init.sh#L369-L380 is buggin out on redeployment of the image. The ntp server entries will be lost in ntp.conf if the container is started on persistent data
burnbabyburn
commented
2 years ago me again.
This is the result of my last container deployment:
root@dc101:/etc# more krb5.conf [libdefaults] dns_lookup_realm = false dns_lookup_kdc = true default_realm = AD.MYDOMAIN.COM # forwardable = true # rdns = false # ticket_lifetime = 24h # renew_lifetime = 7d [logging] default = CONSOLE default = FILE:/var/log/samba/krb5libs.log kdc = CONSOLE kdc = FILE:/var/log/samba/krb5kdc.log admin_server = CONSOLE admin_server = FILE:/var/log/samba/kadmind.log #[realms] # AD.MYDOMAIN.COM = { # kdc = dc101.AD.MYDOMAIN.COM # default_domain = AD.MYDOMAIN.COM # } #[domain_realm] # .ad.MYDOMAIN.com = AD.MYDOMAIN.COM # ad.MYDOMAIN.com = AD.MYDOMAIN.COMI haven't tested kerberos yet but is it the intention to have duplicate logging destinations? and have the realms and domain_realm commented out?
Thx for the hint will check that. Did quite some breaking pushes without checking on github
cfoellmann
commented
2 years ago the image is really advanced but overall working great. This should result in a standard for samba DCs
burnbabyburn
commented
2 years ago the image is really advanced but overall working great. This should result in a standard for samba DCs
Checked krb5.conf. Duplicates in logging are ok. Log to console is the default. If ENABLE_LOGS=1 the script will add the FILE: logging params to get some log files. it's untested though
NTP part of the script used a wrong IFS. That should be fixed now. Starting an existing container without a docker-compose down works again.
cfoellmann
commented
2 years ago @burnbabyburn The most current version is looking good but I get this ntp issue all the time: ´ 7 Jun 12:54:50 ntpd[723]: frequency file /var/lib/ntp/ntp.drift.TEMP: Permission denied´
I have no idea why and how to fix it. The config does not reference this file and root should not have any permission issues, right?
burnbabyburn
commented
2 years ago driftfile /var/lib/ntp/ntp.drift
i'll check that out. Probably the folder does not exist
cfoellmann
commented
2 years ago Does not exist.
I just did a touch /var/lib/ntp/ntp.drift and a restart.
Will see if that solves it
cfoellmann
commented
2 years ago just touching the file did not do the trick.
I did a touch /var/lib/ntp/ntp.drift.TEMP but that didn't feel right to me.
I did this:
-rw-r--r--. 1 root root 0 Jun 28 23:33 ntp.drift.TEMP
root@dc102:/var/lib/ntp# ps -u root
PID TTY TIME CMD
1 ? 00:00:00 bash
671 ? 00:00:09 supervisord
672 ? 00:00:03 ntpd
673 ? 00:00:00 samba
676 ? 00:00:00 tfork(677)
677 ? 00:00:00 s3fs[master]
678 ? 00:00:00 tfork(680)
679 ? 00:00:00 tfork(682)
680 ? 00:00:00 rpc[master]
681 ? 00:00:00 tfork(683)
682 ? 00:00:01 smbd
683 ? 00:00:00 nbt[master]
684 ? 00:00:00 tfork(686)
685 ? 00:00:00 tfork(687)
686 ? 00:00:11 rpc(0)
687 ? 00:00:00 wrepl[master]
688 ? 00:00:00 tfork(690)
689 ? 00:00:00 tfork(691)
690 ? 00:00:00 rpc(1)
691 ? 00:00:01 ldap[master]
692 ? 00:00:00 tfork(694)
693 ? 00:00:00 tfork(695)
694 ? 00:00:00 cldap[master]
695 ? 00:00:00 rpc(2)
696 ? 00:00:00 tfork(697)
697 ? 00:00:00 kdc[master]
698 ? 00:00:00 tfork(699)
699 ? 00:00:00 rpc(3)
700 ? 00:00:00 tfork(702)
701 ? 00:00:00 tfork(703)
702 ? 00:00:32 drepl[master]
703 ? 00:00:00 kdc(0)
704 ? 00:00:00 tfork(706)
705 ? 00:00:00 tfork(707)
706 ? 00:00:00 winbindd[master
707 ? 00:00:00 kdc(1)
708 ? 00:00:00 tfork(710)
709 ? 00:00:00 tfork(712)
710 ? 00:00:00 ntp_signd[maste
711 ? 00:00:00 tfork(714)
712 ? 00:00:01 winbindd
713 ? 00:00:00 tfork(715)
714 ? 00:00:00 kdc(2)
715 ? 00:00:00 kcc[master]
716 ? 00:00:00 tfork(719)
717 ? 00:00:00 tfork(718)
718 ? 00:00:00 kdc(3)
719 ? 00:00:00 dnsupdate[maste
720 ? 00:00:00 tfork(721)
721 ? 00:00:02 dns[master]
728 ? 00:00:00 smbd-notifyd
729 ? 00:00:00 cleanupd
730 ? 00:00:00 winbindd
731 ? 00:00:00 tfork(732)
732 ? 00:00:00 ldap(0)
733 ? 00:00:00 tfork(734)
734 ? 00:00:00 ldap(1)
735 ? 00:00:00 tfork(736)
736 ? 00:00:00 ldap(2)
737 ? 00:00:00 tfork(738)
738 ? 00:00:00 ldap(3)
941 ? 00:00:00 winbindd
8123 pts/0 00:00:00 bash
8147 pts/0 00:00:00 ps
root@dc102:/var/lib/ntp# ls -l
total 0
-rw-r--r--. 1 root root 0 Jun 28 15:16 ntp.drift
-rw-r--r--. 1 root root 0 Jun 28 23:33 ntp.drift.TEMP
root@dc102:/var/lib/ntp# cd ..
root@dc102:/var/lib# ls -l
total 68
drwxr-xr-x. 1 root root 4096 Apr 14 09:53 apt
drwxr-xr-x. 2 root root 4096 Apr 14 09:53 dbus
drwxr-xr-x. 1 root root 4096 Apr 14 09:53 dpkg
drwxr-xr-x. 2 root root 4096 Jan 24 16:37 logrotate
drwxr-xr-x. 2 root root 4096 Mar 23 10:42 misc
drwxr-xr-x. 1 ntp ntp 4096 Jun 28 23:33 ntp
drwxr-xr-x. 1 root root 4096 Apr 14 09:53 pam
drwxr-xr-x. 2 root root 4096 Apr 14 09:53 python
drwxr-xr-x. 7 root root 4096 Jun 28 15:17 samba
-rw-r--r--. 1 root root 0 Apr 5 10:16 shells.state
drwxr-xr-x. 2 root root 4096 Apr 14 09:53 sntp
drwxr-xr-x. 1 root root 4096 Apr 14 09:53 systemd
drwxr-xr-x. 3 root root 4096 Apr 14 09:53 ucfWhat does seem wrong is that ntpd is run by root
672 ? 00:00:03 ntpd
but the folder is owned by the ntp user
drwxr-xr-x. 1 ntp ntp 4096 Jun 28 23:33 ntp
cfoellmann
commented
2 years ago I did chown root:root ntp/ on dc1 and not on dc2-
It did fix the issue for me.
Maybe a fix is need in the container image?
cfoellmann
commented
2 years ago Smooth sailing with the fixed ntp folder chown.
burnbabyburn
commented
2 years ago Smooth sailing with the fixed ntp folder chown.
pls run a git pull :)
cfoellmann
commented
2 years ago I will test that next week. Thanks in advance.
Maybe you should decouple from the "upstream" and publish to dockerhub or github container registry!!!!
burnbabyburn
commented
2 years ago I will test that next week. Thanks in advance.
Maybe you should decouple from the "upstream" and publish to dockerhub or github container registry!!!!
thx for the input. was long overdue to implement some more working actions :)
docker pull ghcr.io/burnbabyburn/docker-ubuntu-samba-dc:latest
cfoellmann
commented
2 years ago How about activating issues?
burnbabyburn
commented
2 years ago How about activating issues?
done!
hi,
respect for all the work you have done with your fork. Please consider sending this to the @fmstrat repo.
I have another issue with nptd. I can not query ntp from external machines