DNS and GENSEC issues when running the samba binary
Eduardo Lima
eduardoll at gmail.com
Wed Nov 11 14:22:54 MST 2009
Hi Tridge,
Is it possible to this problem be a bug in the samba's code?
Everything was configured as expected. Provision and Vampire were working
well, but the replication was failing. Then I did a "git pull" and the
"GENSEC" message is not appearing anymore but the replication is only
working from Windows to Samba. From Samba to Windows it is still not
replicating.
Thanks.
--
Eduardo Lima
Sent from Campinas, SP, Brazil
2009/11/8 <tridge at samba.org>
> Hi Eduardo and Erick,
>
> This almost certainly means your bind9 configuration is incorrect. To
> diagnose/fix these types of problems you should do this:
>
> 1) first check that you can resolve the name using the 'host' command
> on Linux, pointing it directly at the windows box. For example:
>
> host -t SRV _ldap._tcp.DOMAIN 143.106.167.147
>
> where DOMAIN is the DNS domain name you are looking for. In the
> example Erick gave this would be:
>
> winserverad.ltc.inovasoft.unicamp.br
>
> You should get back something like this:
>
> _ldap._tcp.DOMAIN has SRV record 0 100 389 xxx.DOMAIN
>
> where 'xxx' is the hostname of the DC.
>
> If that doesn't work, then either you have the wrong name, or your
> windows DC is not configured correctly. Is 'winserverad' really the
> name of the Windows domain?
>
> 2) when that works, then try it on the name that is failing in the
> logs (the GUID name in _msdcs). It is probably a CNAME so change the
> query from a SRV record to a CNAME
>
> 3) once that works, you need to make sure your local bind9 config is
> right. For example, in /etc/named.conf.local you may have an entry
> like this:
>
> zone "winserverad.ltc.inovasoft.unicamp.br" IN {
> type forward;
> forwarders {
> 143.106.167.147;
> };
> };
>
> Alternatively, you may be using a include file. Now restart bind
> (with /etc/init.d/bind9 restart) and look in its syslog file (try
> /var/log/daemon.log). Does it report any errors? A very common cause
> of errors is apparmor restrictions. Try running aa-logprof and see
> if bind9 is asking for permissions on any files that apparmore is
> denying.
>
> 3) when you think you have the bind9 config right, try the 'host'
> command again but pointing at localhost:
>
> host -t SRV _ldap._tcp.DOMAIN 127.0.0.1
>
> If it doesn't work then look carefully again at your bind9
> config. Check for errors in the bind9 log file.
>
>
> Cheers, Tridge
>
More information about the samba-technical
mailing list