My question is what is wrong and how do I fix the error in the title: Samba 4.0.9 samba-tool drs showrepl error Samba not running.

Background
I have two DC's in my network. Both are running Samba 4.0.9. I followed this guides to join dc02 as an additional Domain Controller: http://wiki.samba.org/index.php/Samba4/HOWTO/Join_a_domain_as_a_DC and http://ubuntuforums.org/showthread.php?t=2146198
I added these lines to /etc/krb5.conf.

[libdefaults]
dns_lookup_realm = true
dns_lookup_kdc = true
default_realm = JOBBFABRIKEN.LAN

I did kinit and klist -e


root@dc02:~# kinit administrator@JOBBFABRIKEN.LAN
Password for administrator@JOBBFABRIKEN.LAN:
root@dc02:~# klist -e
Ticket cache: FILE:/tmp/krb5cc_0
Default principal: administrator@JOBBFABRIKEN.LAN

Valid starting Expires Service principal
25/09/2013 10:59 25/09/2013 20:59 krbtgt/JOBBFABRIKEN.LAN@JOBBFABRIKEN.LAN
renew until 26/09/2013 10:59, Etype (skey, tkt): arcfour-hmac, arcfour-hmac


My first DNS server was already in my /etc/resolv.conf, you can't add anything to it anyway.


root@dc02:~# cat /etc/resolv.conf
# Dynamic resolv.conf(5) file for glibc resolver(3) generated by resolvconf(8)
# DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE OVERWRITTEN
nameserver 172.16.0.3
search JOBBFABRIKEN.LAN

I joined the domain with


root@dc02:~# samba-tool domain join jobbfabriken.lan DC -Uadministrator --realm=jobbfabriken.lan
Finding a writeable DC for domain 'jobbfabriken.lan'
Found DC dc01.jobbfabriken.lan
Password for [JOBBFABRIKEN\administrator]:
workgroup is JOBBFABRIKEN
realm is jobbfabriken.lan
checking sAMAccountName
Deleted CN=DC02,OU=Domain Controllers,DC=jobbfabriken,DC=lan
Deleted CN=NTDS Settings,CN=DC02,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=jobbfabriken,DC= lan
Deleted CN=DC02,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=jobbfabriken,DC= lan
Adding CN=DC02,OU=Domain Controllers,DC=jobbfabriken,DC=lan
Adding CN=DC02,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=jobbfabriken,DC= lan
Adding CN=NTDS Settings,CN=DC02,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=jobbfabriken,DC= lan
Adding SPNs to CN=DC02,OU=Domain Controllers,DC=jobbfabriken,DC=lan
Setting account password for DC02$
Enabling account
Calling bare provision
No IPv6 address will be assigned
Provision OK for domain DN DC=jobbfabriken,DC=lan
Starting replication
Schema-DN[CN=Schema,CN=Configuration,DC=jobbfabriken,DC=lan] objects[402/1550] linked_values[0/0]
Schema-DN[CN=Schema,CN=Configuration,DC=jobbfabriken,DC=lan] objects[804/1550] linked_values[0/0]
Schema-DN[CN=Schema,CN=Configuration,DC=jobbfabriken,DC=lan] objects[1206/1550] linked_values[0/0]
Schema-DN[CN=Schema,CN=Configuration,DC=jobbfabriken,DC=lan] objects[1550/1550] linked_values[0/0]
Analyze and apply schema objects
Partition[CN=Configuration,DC=jobbfabriken,DC=lan] objects[402/1618] linked_values[0/0]
Partition[CN=Configuration,DC=jobbfabriken,DC=lan] objects[804/1618] linked_values[0/0]
Partition[CN=Configuration,DC=jobbfabriken,DC=lan] objects[1206/1618] linked_values[0/0]
Partition[CN=Configuration,DC=jobbfabriken,DC=lan] objects[1608/1618] linked_values[0/0]
Partition[CN=Configuration,DC=jobbfabriken,DC=lan] objects[1618/1618] linked_values[28/0]
Replicating critical objects from the base DN of the domain
Partition[DC=jobbfabriken,DC=lan] objects[97/97] linked_values[28/0]
Partition[DC=jobbfabriken,DC=lan] objects[415/318] linked_values[87/0]
Done with always replicated NC (base, config, schema)
Replicating DC=DomainDnsZones,DC=jobbfabriken,DC=lan
Partition[DC=DomainDnsZones,DC=jobbfabriken,DC=lan] objects[111/111] linked_values[0/0]
Replicating DC=ForestDnsZones,DC=jobbfabriken,DC=lan
Partition[DC=ForestDnsZones,DC=jobbfabriken,DC=lan] objects[19/19] linked_values[0/0]
Partition[DC=ForestDnsZones,DC=jobbfabriken,DC=lan] objects[38/19] linked_values[0/0]
Committing SAM database
Sending DsReplicateUpdateRefs for all the replicated partitions
Setting isSynchronized and dsServiceName
Setting up secrets database
Joined domain JOBBFABRIKEN (SID S-1-5-21-2302854822-2011664250-2086380575) as a DC

Then I try to resolve its hostname from the new host:


root@dc02:~# host -t A dc02.jobbfabriken.lan.
dc02.jobbfabriken.lan has address 172.16.0.4

It worked so from the new DC I went on to check if objectGUID is resolvable


root@dc02:~# ldbsearch -H /usr/local/samba/private/sam.ldb '(invocationid=*)' --cross-ncs objectguid
# record 1
dn: CN=NTDS Settings,CN=DC02,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=jobbfabriken,DC= lan
objectGUID: 87988e2c-b943-47f4-8b17-f57a1c5bc153

# record 2
dn: CN=NTDS Settings,CN=DC01,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=jobbfabriken,DC= lan
objectGUID: 5a15d107-8d86-4a84-9d3e-f09b8bac3e27

# returned 2 records
# 2 entries
# 0 referrals

As far as I understood, this was the new servers objectGUID 87988e2c-b943-47f4-8b17-f57a1c5bc153:


# record 1
dn: CN=NTDS Settings,CN=DC02,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=jobbfabriken,DC= lan
objectGUID: 87988e2c-b943-47f4-8b17-f57a1c5bc153

So I went on to the next step with the CNAME/alias:


root@dc02:~# host -t CNAME 87988e2c-b943-47f4-8b17-f57a1c5bc153._msdcs.jobbfabriken.lan.
Host 87988e2c-b943-47f4-8b17-f57a1c5bc153._msdcs.jobbfabriken.lan. not found: 3(NXDOMAIN)
Because it couldn't find it's alias I added it with this:


root@dc02:~# samba-tool dns add 172.16.0.3 _msdcs.jobbfabriken.lan 87988e2c-b943-47f4-8b17-f57a1c5bc153 CNAME dc02.jobbfabriken.lan -Uadministrator
Password for [JOBBFABRIKEN\administrator]:
Record added successfully
I now added my new DC to resolv.conf

root@dc02:~# cat /etc/resolv.conf
# Dynamic resolv.conf(5) file for glibc resolver(3) generated by resolvconf(8)
# DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE OVERWRITTEN
nameserver 172.16.0.3
nameserver 172.16.0.4
search JOBBFABRIKEN.LAN

But as expected, it was overwritten. (You have to add the new DC to its own DNS in /etc/network/interfaces)
When I try to start Samba it starts but stops again


root@dc02:~# service samba4 start
samba4 start/running, process 2047
root@dc02:~# service samba4 status
samba4 stop/waiting

The error I get is this when i use samba-tool to show replication


root@dc02:~# samba-tool drs showrepl
Failed to connect host 172.16.0.4 on port 135 - NT_STATUS_CONNECTION_REFUSED
Failed to connect host 172.16.0.4 (dc02.jobbfabriken.lan) on port 135 - NT_STATUS_CONNECTION_REFUSED.
ERROR(<class 'samba.drs_utils.drsException'>): DRS connection to dc02.jobbfabriken.lan failed - drsException: DRS connection to dc02.jobbfabriken.lan failed: (-1073741258, 'The connection was refused')
File "/usr/local/samba/lib/python2.7/site-packages/samba/netcmd/drs.py", line 39, in drsuapi_connect
(ctx.drsuapi, ctx.drsuapi_handle, ctx.bind_supported_extensions) = drs_utils.drsuapi_connect(ctx.server, ctx.lp, ctx.creds)
File "/usr/local/samba/lib/python2.7/site-packages/samba/drs_utils.py", line 54, in drsuapi_connect
raise drsException("DRS connection to %s failed: %s" % (server, e))

I'm kind of stuck here. I can't get samba to run and if I try to demote the new server I get this:


root@dc02:~# samba-tool domain demote
Using dc01.jobbfabriken.lan as partner server for the demotion
Desactivating inbound replication
Asking partner server dc01.jobbfabriken.lan to synchronize from us
Error while demoting, re-enabling inbound replication
ERROR(<class 'samba.drs_utils.drsException'>): Error while sending a DsReplicaSync for partion CN=Schema,CN=Configuration,DC=jobbfabriken,DC=lan - drsException: DsReplicaSync failed (1225, 'WERR_CONNECTION_REFUSED')
File "/usr/local/samba/lib/python2.7/site-packages/samba/netcmd/domain.py", line 647, in run
sendDsReplicaSync(drsuapiBind, drsuapi_handle, ntds_guid, str(part), drsuapi.DRSUAPI_DRS_WRIT_REP)
File "/usr/local/samba/lib/python2.7/site-packages/samba/drs_utils.py", line 83, in sendDsReplicaSync
raise drsException("DsReplicaSync failed %s" % estr)

//edit
This is from syslog of dc01:

..............
Sep 25 14:05:16 dc01 samba[963]: Failed to connect host 172.16.0.4 (87988e2c-b943-47f4-8b17-f57a1c5bc153._msdcs.jobbfabriken.lan) on port 1024 - NT_STATUS_CONNECTION_REFUSED.
Sep 25 14:05:16 dc01 samba[963]: [2013/09/25 14:05:16.450061, 0] ../source4/librpc/rpc/dcerpc_sock.c:256(continue_socket_connect)
Sep 25 14:05:16 dc01 samba[963]: Failed to connect host 172.16.0.4 on port 1024 - NT_STATUS_CONNECTION_REFUSED
Sep 25 14:05:16 dc01 samba[963]: [2013/09/25 14:05:16.451387, 0] ../source4/librpc/rpc/dcerpc_sock.c:419(continue_ip_open_socket)
Sep 25 14:05:16 dc01 samba[963]: Failed to connect host 172.16.0.4 (87988e2c-b943-47f4-8b17-f57a1c5bc153._msdcs.jobbfabriken.lan) on port 1024 - NT_STATUS_CONNECTION_REFUSED.
Sep 25 14:05:16 dc01 samba[963]: [2013/09/25 14:05:16.489080, 0] ../source4/librpc/rpc/dcerpc_sock.c:256(continue_socket_connect)
Sep 25 14:05:16 dc01 samba[963]: Failed to connect host 172.16.0.4 on port 1024 - NT_STATUS_CONNECTION_REFUSED
Sep 25 14:05:16 dc01 samba[963]: [2013/09/25 14:05:16.490497, 0] ../source4/librpc/rpc/dcerpc_sock.c:419(continue_ip_open_socket)
Sep 25 14:05:16 dc01 samba[963]: Failed to connect host 172.16.0.4 (87988e2c-b943-47f4-8b17-f57a1c5bc153._msdcs.jobbfabriken.lan) on port 1024 - NT_STATUS_CONNECTION_REFUSED.

This is samba-tool drs showrepl from DC01, the initial server:

root@dc01:~# samba-tool drs showrepl
Default-First-Site-Name\DC01
DSA Options: 0x00000001
DSA object GUID: 5a15d107-8d86-4a84-9d3e-f09b8bac3e27
DSA invocationId: 58b559b3-6752-4305-9e60-59880619cdd1

==== INBOUND NEIGHBORS ====

DC=ForestDnsZones,DC=jobbfabriken,DC=lan
Default-First-Site-Name\DC02 via RPC
DSA object GUID: 87988e2c-b943-47f4-8b17-f57a1c5bc153
Last attempt @ Wed Sep 25 14:47:08 2013 CEST failed, result 1225 (WERR_CONNECTION_REFUSED)
33 consecutive failure(s).
Last success @ NTTIME(0)

DC=DomainDnsZones,DC=jobbfabriken,DC=lan
Default-First-Site-Name\DC02 via RPC
DSA object GUID: 87988e2c-b943-47f4-8b17-f57a1c5bc153
Last attempt @ Wed Sep 25 14:47:08 2013 CEST failed, result 1225 (WERR_CONNECTION_REFUSED)
33 consecutive failure(s).
Last success @ NTTIME(0)

DC=jobbfabriken,DC=lan
Default-First-Site-Name\DC02 via RPC
DSA object GUID: 87988e2c-b943-47f4-8b17-f57a1c5bc153
Last attempt @ Wed Sep 25 14:47:08 2013 CEST failed, result 1225 (WERR_CONNECTION_REFUSED)
33 consecutive failure(s).
Last success @ NTTIME(0)

CN=Schema,CN=Configuration,DC=jobbfabriken,DC=lan
Default-First-Site-Name\DC02 via RPC
DSA object GUID: 87988e2c-b943-47f4-8b17-f57a1c5bc153
Last attempt @ Wed Sep 25 14:47:08 2013 CEST failed, result 1225 (WERR_CONNECTION_REFUSED)
33 consecutive failure(s).
Last success @ NTTIME(0)

CN=Configuration,DC=jobbfabriken,DC=lan
Default-First-Site-Name\DC02 via RPC
DSA object GUID: 87988e2c-b943-47f4-8b17-f57a1c5bc153
Last attempt @ Wed Sep 25 14:47:08 2013 CEST failed, result 1225 (WERR_CONNECTION_REFUSED)
33 consecutive failure(s).
Last success @ NTTIME(0)

==== OUTBOUND NEIGHBORS ====

DC=ForestDnsZones,DC=jobbfabriken,DC=lan
Default-First-Site-Name\DC02 via RPC
DSA object GUID: 87988e2c-b943-47f4-8b17-f57a1c5bc153
Last attempt @ Wed Sep 25 14:50:20 2013 CEST failed, result 1225 (WERR_CONNECTION_REFUSED)
1972 consecutive failure(s).
Last success @ NTTIME(0)

DC=DomainDnsZones,DC=jobbfabriken,DC=lan
Default-First-Site-Name\DC02 via RPC
DSA object GUID: 87988e2c-b943-47f4-8b17-f57a1c5bc153
Last attempt @ Wed Sep 25 14:50:20 2013 CEST failed, result 1225 (WERR_CONNECTION_REFUSED)
1970 consecutive failure(s).
Last success @ NTTIME(0)

DC=jobbfabriken,DC=lan
Default-First-Site-Name\DC02 via RPC
DSA object GUID: 87988e2c-b943-47f4-8b17-f57a1c5bc153
Last attempt @ Wed Sep 25 14:50:20 2013 CEST failed, result 1225 (WERR_CONNECTION_REFUSED)
1970 consecutive failure(s).
Last success @ NTTIME(0)

CN=Schema,CN=Configuration,DC=jobbfabriken,DC=lan
Default-First-Site-Name\DC02 via RPC
DSA object GUID: 87988e2c-b943-47f4-8b17-f57a1c5bc153
Last attempt @ Wed Sep 25 14:50:20 2013 CEST failed, result 1225 (WERR_CONNECTION_REFUSED)
1969 consecutive failure(s).
Last success @ NTTIME(0)

CN=Configuration,DC=jobbfabriken,DC=lan
Default-First-Site-Name\DC02 via RPC
DSA object GUID: 87988e2c-b943-47f4-8b17-f57a1c5bc153
Last attempt @ Wed Sep 25 14:50:20 2013 CEST failed, result 1225 (WERR_CONNECTION_REFUSED)
1969 consecutive failure(s).
Last success @ NTTIME(0)

==== KCC CONNECTION OBJECTS ====

Connection --
Connection name: 10fc29bf-3371-4976-bb90-c64c4f20379a
Enabled : TRUE
Server DNS name : DC02.jobbfabriken.lan
Server DN name : CN=NTDS Settings,CN=DC02,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=jobbfabriken,DC= lan
TransportType: RPC
options: 0x00000001
Warning: No NC replicated for Connection!

A new error rose when I tried to demote it again:

root@dc02:/# samba-tool domain demote
Using dc01.jobbfabriken.lan as partner server for the demotion
Password for [JOBBFABRIKEN\root]:
Failed to bind to uuid e3514235-4b06-11d1-ab04-00c04fc2dcd2 for e3514235-4b06-11d1-ab04-00c04fc2dcd2@ncacn_ip_tcp:dc01.jobbfabriken.lan[1024,seal] NT_STATUS_NET_WRITE_FAULT
ERROR(<class 'samba.drs_utils.drsException'>): uncaught exception - drsException: DRS connection to dc01.jobbfabriken.lan failed: (-1073741614, 'NT_STATUS_NET_WRITE_FAULT')
File "/usr/local/samba/lib/python2.7/site-packages/samba/netcmd/__init__.py", line 175, in _run
return self.run(*args, **kwargs)
File "/usr/local/samba/lib/python2.7/site-packages/samba/netcmd/domain.py", line 628, in run
(drsuapiBind, drsuapi_handle, supportedExtensions) = drsuapi_connect(server, lp, creds)
File "/usr/local/samba/lib/python2.7/site-packages/samba/drs_utils.py", line 54, in drsuapi_connect
raise drsException("DRS connection to %s failed: %s" % (server, e))



I hope that I have provided useful information for you.

First I don't believe you can currently demote a server with Samba. You have to Use Windows Users and Computers snap in along with ADSI edit to remove the DC. I've done it several times.
The replication of course will fail from the PDC because Samba isn't running on your backup DC. Reboot your BDC and try /usr/local/samba/sbin/samba

And you can edit resolv.conf permanently but it shouldn't be necessary. I can go into detail if needed.

And you can edit resolv.conf permanently but it shouldn't be necessary. I can go into detail if needed.

If you don't mind, I would like to know how to edit it permanently.

If you don't mind, I would like to know how to edit it permanently.

Sure. Edit
vi /etc/resolvconf/resolv.conf.d/head to make permanent changes to your resolv.conf file. One other way is to make resolv.conf read only but this can have a dire consequence. You can no longer edit resolv.conf directly but you can indirectly.

/etc/resolvconf/resolv.conf.d/base
File containing basic resolver information. The lines in this
file are included in the resolver configuration file even when
no interfaces are configured.

/etc/resolvconf/resolv.conf.d/head
File to be prepended to the dynamically generated resolver
configuration file. Normally this is just a comment line.

/etc/resolvconf/resolv.conf.d/tail
File to be appended to the dynamically generated resolver
configuration file. To append nothing, make this an empty file.

First I don't believe you can currently demote a server with Samba. You have to Use Windows Users and Computers snap in along with ADSI edit to remove the DC. I've done it several times.
The replication of course will fail from the PDC because Samba isn't running on your backup DC. Reboot your BDC and try /usr/local/samba/sbin/samba

I have done it before. I installed a second DC but ran into the same problems with replication so I decided to demote it to remove it from AD Users and Computers. It was listed there as a second DC. After it finished the domain controller was gone from the Users and Computers snap-in.

I have done it before. I installed a second DC but ran into the same problems with replication so I decided to demote it to remove it from AD Users and Computers. It was listed there as a second DC. After it finished the domain controller was gone from the Users and Computers snap-in.

That's actually encouraging news. I've never been able to demote a server. I've been following the Samba mailing list and all I ever read is to use the tools Microsoft advises to remove a dead DC. Did you seize the roles before demoting?

Yes it is. I didn't have to seize fsmo roles because it was only the second domain controller. But there is the possibility to sieze all 5 roles. http://wiki.samba.org/index.php/Samba4/HOWTO/Join_a_domain_as_a_DC#FSMO_role_transfer

You can find more options coming with samba-tool by typing

root@dc01:~# samba-tool domain -h
Usage: samba-tool domain <subcommand>

Domain management.


Options:
-h, --help show this help message and exit


Available subcommands:
classicupgrade - Upgrade from Samba classic (NT4-like) database to Samba AD DC database.
dcpromo - Promote an existing domain member or NT4 PDC to an AD DC.
demote - Demote ourselves from the role of Domain Controller.
exportkeytab - Dump Kerberos keys of the domain into a keytab.
info - Print basic info about a domain and the DC passed as parameter.
join - Join domain as either member or backup domain controller.
level - Raise domain and forest function levels.
passwordsettings - Set password settings.
provision - Provision a domain.
For more help on a specific subcommand, please type: samba-tool domain <subcommand> (-h|--help)


I have put the path to samba in
/etc/environment

I don't know what's happening here. Is it possible that I have two different versions of samba running at the same time?
This is from syslog when I try to start samba with:

root@dc02:~# service samba4 start

Sep 27 11:00:03 dc02 samba[3762]: [2013/09/27 11:00:03.382124, 0] ../source4/smbd/server.c:370(binary_smbd_main)
Sep 27 11:00:03 dc02 samba[3762]: samba version 4.0.9 started.
Sep 27 11:00:03 dc02 samba[3762]: Copyright Andrew Tridgell and the Samba Team 1992-2012
Sep 27 11:00:04 dc02 samba[3763]: [2013/09/27 11:00:04.523218, 0] ../source4/smbd/server.c:482(binary_smbd_main)
Sep 27 11:00:04 dc02 samba[3763]: samba: using 'standard' process model
Sep 27 11:00:04 dc02 samba[3777]: [2013/09/27 11:00:04.704650, 0] ../source4/smbd/service_stream.c:346(stream_setup_socket)
Sep 27 11:00:04 dc02 samba[3777]: Failed to listen on 0.0.0.0:53 - NT_STATUS_ADDRESS_ALREADY_ASSOCIATED
Sep 27 11:00:04 dc02 samba[3777]: [2013/09/27 11:00:04.726603, 0] ../source4/dns_server/dns_server.c:616(dns_add_socket)
Sep 27 11:00:04 dc02 samba[3777]: Failed to bind to 0.0.0.0:53 TCP - NT_STATUS_ADDRESS_ALREADY_ASSOCIATED
Sep 27 11:00:04 dc02 samba[3777]: [2013/09/27 11:00:04.735648, 0] ../source4/smbd/service_task.c:35(task_server_terminate)
Sep 27 11:00:04 dc02 samba[3777]: task_server_terminate: [dns failed to setup interfaces]
Sep 27 11:00:04 dc02 samba[3763]: [2013/09/27 11:00:04.740293, 0] ../source4/smbd/server.c:211(samba_terminate)
Sep 27 11:00:04 dc02 samba[3763]: samba_terminate: dns failed to setup interfaces
Sep 27 11:00:04 dc02 smbd[3768]: [2013/09/27 11:00:04.861125, 0] ../source3/smbd/server.c:1281(main)
Sep 27 11:00:04 dc02 smbd[3768]: standard input is not a socket, assuming -D option
Sep 27 11:00:04 dc02 smbd[3768]: [2013/09/27 11:00:04.867658, 0] ../lib/util/pidfile.c:110(pidfile_create)
Sep 27 11:00:04 dc02 smbd[3768]: ERROR: smbd is already running. File /usr/local/samba/var/run/smbd.pid exists and process id 1024 is running.
Sep 27 11:00:04 dc02 samba[3764]: [2013/09/27 11:00:04.871023, 0] ../file_server/file_server.c:48(file_server_smbd_done)
Sep 27 11:00:04 dc02 samba[3764]: file_server smbd daemon exited normally
Sep 27 11:00:04 dc02 samba[3764]: [2013/09/27 11:00:04.872197, 0] ../source4/smbd/service_task.c:35(task_server_terminate)
Sep 27 11:00:04 dc02 samba[3764]: task_server_terminate: [smbd child process exited]




root@dc02:~# samba -V
Version 4.0.9
root@dc02:~# smbclient -V
Version 4.0.9



I need help here.

Another strange thing in, IMO, is that testparm and samba-tool testparm gives different results.

root@dc02:/# testparm
Load smb config files from /usr/local/samba/etc/smb.conf
rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384)
Processing section "[netlogon]"
Processing section "[sysvol]"
Loaded services file OK.
Server role: ROLE_ACTIVE_DIRECTORY_DC
Press enter to see a dump of your service definitions

[global]
workgroup = JOBBFABRIKEN
realm = jobbfabriken.lan
server role = active directory domain controller
passdb backend = samba_dsdb
rpc_server:tcpip = no
rpc_daemon:spoolssd = embedded
rpc_server:spoolss = embedded
rpc_server:winreg = embedded
rpc_server:ntsvcs = embedded
rpc_server:eventlog = embedded
rpc_server:srvsvc = embedded
rpc_server:svcctl = embedded
rpc_server:default = external
idmap config * : backend = tdb
map archive = No
map readonly = no
store dos attributes = Yes
vfs objects = dfs_samba4, acl_xattr

[netlogon]
path = /usr/local/samba/var/locks/sysvol/jobbfabriken.lan/scripts
read only = No

[sysvol]
path = /usr/local/samba/var/locks/sysvol
read only = No


root@dc02:/# samba-tool testparm
Press enter to see a dump of your service definitions

# Global parameters
[global]
workgroup = JOBBFABRIKEN
realm = jobbfabriken.lan
netbios name = DC02
server role = active directory domain controller

[netlogon]
path = /usr/local/samba/var/locks/sysvol/jobbfabriken.lan/scripts
read only = No

[sysvol]
path = /usr/local/samba/var/locks/sysvol
read only = No

samba-tool is designed for AD DC use. Testparm, smbpasswd, etc are made for the smbd daemon.

samba-tool is designed for AD DC use. Testparm, smbpasswd, etc are made for the smbd daemon.

Does that mean that I have the older samba version installed? I did
apt-get remove --purge samba and
apt-get remove --purge samba4 but no installation of samba from the repos was present.
I installed samba 4.0.9 from source.
But I upgraded samba from 4.0.6 to 4.0.9, but then again that shouldn't create duplicates of samba and absolutly not create smbd.

Samba3 comes preinstalled with Ubuntu as far as I know. When you use "testparm" you are calling Samba3. With "samba-tool testparm" you are calling Samba4.

Thank you lingpanda for your answers, but I stil need help with the initial questions. Based on the info I provided you, what could be wrong with my installation? Why doesn't samba start but at the same time report status "started"?

Thank you lingpanda for your answers, but I stil need help with the initial questions. Based on the info I provided you, what could be wrong with my installation? Why doesn't samba start but at the same time report status "started"?

I don't know why it wont start. But we can try a few things.


# killall samba
# /usr/local/samba/sbin/samba
# service samba4 status

Is it running?

I will do this first thing in the morning when I get to work. Thank you!

I did as you suggested but no samba service was running. I got tired of this problem so I started a new fresh install of ubuntu and samba 4.0.9.

Thank you.

This is a strange problem. I've just installed a new Ubuntu 12.04.2 server with Samba 4.0.9 and it won't start either. I believe the problem is that my smb.conf file is missing. I will try to copy the standard smb.conf and change it for my needs.

This problem is solved.
This is how I did it.
I copied the content of smb.conf from DC01 and pasted it in a new smb.conf on DC02, changed


[global]
netbios name = dc01 to dc02 in smb.conf. Then I used

samba-tool domain join jobbfabriken.lan DC -Uadministrator --realm=jobbfabriken.lan to add DC02 as an additional domain controller.

Started samba4 and then it replicated between the two DC's. It is tested and working. I created a user on DC02 and it was showing up on DC01 too.

This problem is solved.
This is how I did it.
I copied the content of smb.conf from DC01 and pasted it in a new smb.conf on DC02, changed


[global]
netbios name = dc01 to dc02 in smb.conf. Then I used

samba-tool domain join jobbfabriken.lan DC -Uadministrator --realm=jobbfabriken.lan to add DC02 as an additional domain controller.

Started samba4 and then it replicated between the two DC's. It is tested and working. I created a user on DC02 and it was showing up on DC01 too.

I know this is solved but you are not supposed to have a smb.conf file present before the join.

Yes, smb.conf is needed to be able to join. And if it doesn't exist after installation then samba will have problem starting. This is what happened to me. I created a new smb.conf on DC02 based on smb.conf from DC01 and changed the nebios name in smb.conf to DC02. Then I was able to start samba and use samba-tool to join the domain.

Yes, smb.conf is needed to be able to join. And if it doesn't exist after installation then samba will have problem starting. This is what happened to me. I created a new smb.conf on DC02 based on smb.conf from DC01 and changed the nebios name in smb.conf to DC02. Then I was able to start samba and use samba-tool to join the domain.

This is taken directly from the Wiki.


Getting ready for joining Samba as a DC to an existing domain

You need to install Samba as a DC, as described in the Samba AD DC HowTo (https://wiki.samba.org/index.php/Samba_AD_DC_HOWTO), but don't do the provision/classicupgrade step. If you choose BIND as DNS backend (https://wiki.samba.org/index.php/Dns-backend_bind), instead of the internal DNS, then you, of course, have to finish this before you continue. Depending on your needs, you can have different backends on each of your DC.



You should remove any existing smb.conf in /usr/local/samba/etc/.



Be sure, that you have your setup your existing domain correctly as your default realm in /etc/krb5.conf with the following options:


Not sure why you needed it.

This is taken directly from the Wiki.


Getting ready for joining Samba as a DC to an existing domain



You need to install Samba as a DC, as described in the Samba AD DC HowTo (https://wiki.samba.org/index.php/Samba_AD_DC_HOWTO), but don't do the provision/classicupgrade step. If you choose BIND as DNS backend (https://wiki.samba.org/index.php/Dns-backend_bind), instead of the internal DNS, then you, of course, have to finish this before you continue. Depending on your needs, you can have different backends on each of your DC.



You should remove any existing smb.conf in /usr/local/samba/etc/.



Be sure, that you have your setup your existing domain correctly as your default realm in /etc/krb5.conf with the following options:


Not sure why you needed it.
That is a very good question. But based on the problem I got, the solution I found was sufficient. I did search for smb.conf and couldn't find one. Samba didn't start until I added a smb.conf to
/usr/local/samba/etc
Not sure why it solved it, but it worked for me.

When I read through the thread I see that the first problem evolved into two. From the beginning I could run domain join on the server but samba stopped working after the join. Then I did a fresh install of ubuntu and samba and samba didn't work.