Closed cfoellmann closed 2 years ago
I'll merge your commit on my next push. thx for contributing
thanks. Are you also from Germany? Saw some German comment in there 😉
Any idea why ntpd is not reachable? I just tested on a dirty VM. Maybe it is "just" a problem on my end there.
"We" also need to update the readme and send this whole thing to the upstream!!
this is obsolete now
@burnbabyburn sorry for spamming this PR.
with your last commits ntpd seems to be running smoothly
me again.
This is the result of my last container deployment:
root@dc101:/etc# more krb5.conf
[libdefaults]
dns_lookup_realm = false
dns_lookup_kdc = true
default_realm = AD.MYDOMAIN.COM
# forwardable = true
# rdns = false
# ticket_lifetime = 24h
# renew_lifetime = 7d
[logging]
default = CONSOLE
default = FILE:/var/log/samba/krb5libs.log
kdc = CONSOLE
kdc = FILE:/var/log/samba/krb5kdc.log
admin_server = CONSOLE
admin_server = FILE:/var/log/samba/kadmind.log
#[realms]
# AD.MYDOMAIN.COM = {
# kdc = dc101.AD.MYDOMAIN.COM
# default_domain = AD.MYDOMAIN.COM
# }
#[domain_realm]
# .ad.MYDOMAIN.com = AD.MYDOMAIN.COM
# ad.MYDOMAIN.com = AD.MYDOMAIN.COM
I haven't tested kerberos yet but is it the intention to have duplicate logging destinations? and have the realms and domain_realm commented out?
@burnbabyburn ntp again:
https://github.com/burnbabyburn/docker-ubuntu-samba-dc/blob/3cd6506074a92f83ae5d23c011d7dc5bc96be5f1/init.sh#L369-L380 is buggin out on redeployment of the image. The ntp server entries will be lost in ntp.conf if the container is started on persistent data
me again.
This is the result of my last container deployment:
root@dc101:/etc# more krb5.conf [libdefaults] dns_lookup_realm = false dns_lookup_kdc = true default_realm = AD.MYDOMAIN.COM # forwardable = true # rdns = false # ticket_lifetime = 24h # renew_lifetime = 7d [logging] default = CONSOLE default = FILE:/var/log/samba/krb5libs.log kdc = CONSOLE kdc = FILE:/var/log/samba/krb5kdc.log admin_server = CONSOLE admin_server = FILE:/var/log/samba/kadmind.log #[realms] # AD.MYDOMAIN.COM = { # kdc = dc101.AD.MYDOMAIN.COM # default_domain = AD.MYDOMAIN.COM # } #[domain_realm] # .ad.MYDOMAIN.com = AD.MYDOMAIN.COM # ad.MYDOMAIN.com = AD.MYDOMAIN.COM
I haven't tested kerberos yet but is it the intention to have duplicate logging destinations? and have the realms and domain_realm commented out?
Thx for the hint will check that. Did quite some breaking pushes without checking on github
the image is really advanced but overall working great. This should result in a standard for samba DCs
the image is really advanced but overall working great. This should result in a standard for samba DCs
Checked krb5.conf. Duplicates in logging are ok. Log to console is the default. If ENABLE_LOGS=1 the script will add the FILE: logging params to get some log files. it's untested though
NTP part of the script used a wrong IFS. That should be fixed now. Starting an existing container without a docker-compose down works again.
@burnbabyburn The most current version is looking good but I get this ntp issue all the time: ´ 7 Jun 12:54:50 ntpd[723]: frequency file /var/lib/ntp/ntp.drift.TEMP: Permission denied´
I have no idea why and how to fix it. The config does not reference this file and root should not have any permission issues, right?
driftfile /var/lib/ntp/ntp.drift
i'll check that out. Probably the folder does not exist
Does not exist.
I just did a touch /var/lib/ntp/ntp.drift
and a restart.
Will see if that solves it
just touching the file did not do the trick.
I did a touch /var/lib/ntp/ntp.drift.TEMP
but that didn't feel right to me.
I did this:
-rw-r--r--. 1 root root 0 Jun 28 23:33 ntp.drift.TEMP
root@dc102:/var/lib/ntp# ps -u root
PID TTY TIME CMD
1 ? 00:00:00 bash
671 ? 00:00:09 supervisord
672 ? 00:00:03 ntpd
673 ? 00:00:00 samba
676 ? 00:00:00 tfork(677)
677 ? 00:00:00 s3fs[master]
678 ? 00:00:00 tfork(680)
679 ? 00:00:00 tfork(682)
680 ? 00:00:00 rpc[master]
681 ? 00:00:00 tfork(683)
682 ? 00:00:01 smbd
683 ? 00:00:00 nbt[master]
684 ? 00:00:00 tfork(686)
685 ? 00:00:00 tfork(687)
686 ? 00:00:11 rpc(0)
687 ? 00:00:00 wrepl[master]
688 ? 00:00:00 tfork(690)
689 ? 00:00:00 tfork(691)
690 ? 00:00:00 rpc(1)
691 ? 00:00:01 ldap[master]
692 ? 00:00:00 tfork(694)
693 ? 00:00:00 tfork(695)
694 ? 00:00:00 cldap[master]
695 ? 00:00:00 rpc(2)
696 ? 00:00:00 tfork(697)
697 ? 00:00:00 kdc[master]
698 ? 00:00:00 tfork(699)
699 ? 00:00:00 rpc(3)
700 ? 00:00:00 tfork(702)
701 ? 00:00:00 tfork(703)
702 ? 00:00:32 drepl[master]
703 ? 00:00:00 kdc(0)
704 ? 00:00:00 tfork(706)
705 ? 00:00:00 tfork(707)
706 ? 00:00:00 winbindd[master
707 ? 00:00:00 kdc(1)
708 ? 00:00:00 tfork(710)
709 ? 00:00:00 tfork(712)
710 ? 00:00:00 ntp_signd[maste
711 ? 00:00:00 tfork(714)
712 ? 00:00:01 winbindd
713 ? 00:00:00 tfork(715)
714 ? 00:00:00 kdc(2)
715 ? 00:00:00 kcc[master]
716 ? 00:00:00 tfork(719)
717 ? 00:00:00 tfork(718)
718 ? 00:00:00 kdc(3)
719 ? 00:00:00 dnsupdate[maste
720 ? 00:00:00 tfork(721)
721 ? 00:00:02 dns[master]
728 ? 00:00:00 smbd-notifyd
729 ? 00:00:00 cleanupd
730 ? 00:00:00 winbindd
731 ? 00:00:00 tfork(732)
732 ? 00:00:00 ldap(0)
733 ? 00:00:00 tfork(734)
734 ? 00:00:00 ldap(1)
735 ? 00:00:00 tfork(736)
736 ? 00:00:00 ldap(2)
737 ? 00:00:00 tfork(738)
738 ? 00:00:00 ldap(3)
941 ? 00:00:00 winbindd
8123 pts/0 00:00:00 bash
8147 pts/0 00:00:00 ps
root@dc102:/var/lib/ntp# ls -l
total 0
-rw-r--r--. 1 root root 0 Jun 28 15:16 ntp.drift
-rw-r--r--. 1 root root 0 Jun 28 23:33 ntp.drift.TEMP
root@dc102:/var/lib/ntp# cd ..
root@dc102:/var/lib# ls -l
total 68
drwxr-xr-x. 1 root root 4096 Apr 14 09:53 apt
drwxr-xr-x. 2 root root 4096 Apr 14 09:53 dbus
drwxr-xr-x. 1 root root 4096 Apr 14 09:53 dpkg
drwxr-xr-x. 2 root root 4096 Jan 24 16:37 logrotate
drwxr-xr-x. 2 root root 4096 Mar 23 10:42 misc
drwxr-xr-x. 1 ntp ntp 4096 Jun 28 23:33 ntp
drwxr-xr-x. 1 root root 4096 Apr 14 09:53 pam
drwxr-xr-x. 2 root root 4096 Apr 14 09:53 python
drwxr-xr-x. 7 root root 4096 Jun 28 15:17 samba
-rw-r--r--. 1 root root 0 Apr 5 10:16 shells.state
drwxr-xr-x. 2 root root 4096 Apr 14 09:53 sntp
drwxr-xr-x. 1 root root 4096 Apr 14 09:53 systemd
drwxr-xr-x. 3 root root 4096 Apr 14 09:53 ucf
What does seem wrong is that ntpd is run by root
672 ? 00:00:03 ntpd
but the folder is owned by the ntp
user
drwxr-xr-x. 1 ntp ntp 4096 Jun 28 23:33 ntp
I did chown root:root ntp/
on dc1 and not on dc2-
It did fix the issue for me.
Maybe a fix is need in the container image?
Smooth sailing with the fixed ntp folder chown.
Smooth sailing with the fixed ntp folder chown.
pls run a git pull :)
I will test that next week. Thanks in advance.
Maybe you should decouple from the "upstream" and publish to dockerhub or github container registry!!!!
I will test that next week. Thanks in advance.
Maybe you should decouple from the "upstream" and publish to dockerhub or github container registry!!!!
thx for the input. was long overdue to implement some more working actions :)
docker pull ghcr.io/burnbabyburn/docker-ubuntu-samba-dc:latest
How about activating issues?
How about activating issues?
done!
hi,
respect for all the work you have done with your fork. Please consider sending this to the @fmstrat repo.
I have another issue with nptd. I can not query ntp from external machines