[Samba] net ads info: failed to get server's current time
Guy-Laurent Subri
guy-laurent at subri.ch
Wed Oct 28 13:03:57 UTC 2015
On Wed, Oct 28, 2015 at 10:32:31AM +0000, Rowland Penny wrote:
>On 28/10/15 10:09, Guy-Laurent Subri wrote:
>
>> My version of Samba is 4.1.17. I don't think this changes anything, but
>> I can try to upgrade if needed.
>
>OK, looks like you are running Debian, either wheezy using backports or
>Jessie and my old DC is running wheezy and net ads info works on that.
>
>> Here are the files:
>>
>> /etc/ntp.conf
>> -------------
>> driftfile /var/lib/ntp/ntp.drift
>> ntpsigndsocket /var/lib/samba/ntp_signd
>>
>> statsdir /var/log/ntpstats/
>>
>> server 0.ch.pool.ntp.org
>> server 1.ch.pool.ntp.org
>> server 2.ch.pool.ntp.org
>> server 3.ch.pool.ntp.org
>>
>> restrict -4 default kod notrap nomodify nopeer noquery mssntp
>> restrict -6 default kod notrap nomodify nopeer noquery mssntp
>>
>> restrict 127.0.0.1
>> restrict ::1
>>
>> restrict 0.ch.pool.ntp.org mask 255.255.255 nomodify notrap nopeer
>> noquery
>>
>> broadcast 192.168.123.255
>>
>
>I would suggest that you either remove the last 3 'server' lines or add
>another 3 'restrict' lines to cover them.
>
>> /etc/bind/named.conf
>> --------------------
>> include "/etc/bind/named.conf.options";
>> include "/etc/bind/named.conf.local";
>> include "/etc/bind/named.conf.default-zones";
>> include "/var/lib/samba/private/named.conf";
>>
>> /etc/bind/named.conf.options
>> ----------------------------
>> options {
>> directory "/var/cache/bind";
>>
>> forwarders {
>> 192.168.1.185;
>> };
>
>What is the forwarder ?
I deleted the forwarder as we don't need it anymore. Thanks for
reminding me it was there!
>> dnssec-validation auto;
>>
>> auth-nxdomain no;
>> allow-query { localhost; any; };
>> listen-on port 53 { 127.0.0.1; 192.168.1.17; };
>> listen-on-v6 { any; };
>> };
>>
>> /etc/bind/named.conf.local --------------------------
>> is empty
>>
>> /etc/bind/named.conf.default-zones
>> ----------------------------------
>> zone "." {
>> type hint;
>> file "/etc/bind/db.root";
>> };
>>
>> zone "localhost" {
>> type master;
>> file "/etc/bind/db.local";
>> };
>>
>> zone "127.in-addr.arpa" {
>> type master;
>> file "/etc/bind/db.127";
>> };
>>
>> zone "0.in-addr.arpa" {
>> type master;
>> file "/etc/bind/db.0";
>> };
>>
>> zone "255.in-addr.arpa" {
>> type master;
>> file "/etc/bind/db.255";
>> };
>>
>> /var/lib/samba/private/named.conf
>> ---------------------------------
>> zone "trs-ch.com." IN {
>> type master;
>> file "/var/lib/samba/private/dns/trs-ch.com.zone";
>> include "/var/lib/samba/private/named.conf.update";
>> check-names ignore;
>> };
>
>This is wrong, /var/lib/samba/private/named.conf should be:
>
>dlz "AD DNS Zone" {
> # For BIND 9.8.0
> #database "dlopen /usr/lib/x86_64-linux-gnu/samba/bind9/dlz_bind9.so";
>
> # For BIND 9.9.0
> database "dlopen /usr/lib/x86_64-linux-gnu/samba/bind9/dlz_bind9_9.so";
>};
Ok. I tried this but I've got an error:
samba_dlz: Unable to get basedn for /var/lib/samba/private/dns/sam.ldb
- NULL Base DN invalid for a base search
>>
>> resolv.conf
>> -----------
>> search trs-ch.com
>> nameserver 192.168.1.17
>> nameserver 192.168.1.7
>>
>
>What is the second nameserver ? if it is a second DC, swap them around,
>otherwise remove it.
It's another DC, but not for the same realm. I swaped them.
>> krb5.conf
>> ---------
>> [libdefaults]
>> default_realm = TRS-CH.COM
>> dns_lookup_realm = false
>> dns_lookup_kdc = true
>> [realms]
>> TRS-CH.COM = {
>> kdc = 192.168.1.17
>> admin_server = 192.168.1.17
>> default_domain = trs-ch.com
>> }
>> [TRS-CH.COM]
>> .trs-ch.com = TRS-CH.COM
>> trs.ch.com =
>> TRS-CH.COM
>>
>
>You only need this in /etc/krb5.conf
>
>[libdefaults]
>default_realm = TRS-CH.COM
>dns_lookup_realm = false
>dns_lookup_kdc = true
Ok, I modified it accordingly
Do you know why I have this error ? BTW, sam.ldb is owned by root:root
and is set to rw for user and none to group and world, is this ok ?
Thanks again,
Guy-Laurent
More information about the samba
mailing list