Replication to a Windows 2008 R2 fails

David Gonzalez info at dghvoip.com
Thu Sep 16 19:53:17 MDT 2010 

Hey again,

I followed your guidelines and stopped named on my 2nd DC but I still get
there errors when starting samba:

/usr/local/samba/sbin/samba_dnsupdate: could not talk to any default name
server
/usr/local/samba/sbin/samba_dnsupdate: ; Communication with
192.168.254.130#53 failed: operation canceled
/usr/local/samba/sbin/samba_dnsupdate: could not talk to any default name
server
/usr/local/samba/sbin/samba_dnsupdate: ; Communication with
192.168.254.130#53 failed: operation canceled

When using samba_dnsupdate --verbose

; Communication with 192.168.254.130#53 failed: operation canceled
could not talk to any default name server
Calling nsupdate for SRV _kpasswd._tcp.samba.dghvoip.com
vpnserver.samba.dghvoip.com 464
Outgoing update query:
;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id:      0
;; flags: ; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0
;; UPDATE SECTION:
_kpasswd._tcp.samba.dghvoip.com. 900 IN SRV     0 100 464
vpnserver.samba.dghvoip.com.

; Communication with 192.168.254.130#53 failed: operation canceled
could not talk to any default name server
Calling nsupdate for SRV _ldap._tcp.samba.dghvoip.com
vpnserver.samba.dghvoip.com 389
Outgoing update query:
;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id:      0
;; flags: ; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0
;; UPDATE SECTION:
_ldap._tcp.samba.dghvoip.com. 900 IN    SRV     0 100 389
vpnserver.samba.dghvoip.com.

; Communication with 192.168.254.130#53 failed: operation canceled
could not talk to any default name server
Calling nsupdate for SRV _kerberos._udp.samba.dghvoip.com
vpnserver.samba.dghvoip.com 88
Outgoing update query:
;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id:      0
;; flags: ; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0
;; UPDATE SECTION:
_kerberos._udp.samba.dghvoip.com. 900 IN SRV    0 100 88
vpnserver.samba.dghvoip.com.

; Communication with 192.168.254.130#53 failed: operation canceled
could not talk to any default name server
Calling nsupdate for SRV _kpasswd._udp.samba.dghvoip.com
vpnserver.samba.dghvoip.com 464
Outgoing update query:
;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id:      0
;; flags: ; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0
;; UPDATE SECTION:
_kpasswd._udp.samba.dghvoip.com. 900 IN SRV     0 100 464
vpnserver.samba.dghvoip.com.

; Communication with 192.168.254.130#53 failed: operation canceled
could not talk to any default name server

It's still trying to connect to 192.168.254.130 which is himslef, it should
contact 192.168.254.1, is there any default DNS server parameter on
smb.conf?. I changed dns proxy = Yes to No, but I still get this error. Also
doing

from the 2nd samba DC
[root at vpnserver source]# host -t SRV _ldap._tcp.samba.dghvoip,com.
Host _ldap._tcp.samba.dghvoip,com. not found: 3(NXDOMAIN)

My resolv.conf on the 2nd Samba DC just has one nameserver entry pointing at
192.168.254.1, dig workss well and queries my main DNS server, ping also
works.

I'll keep on investigating this and debugging bind to see what comes out of
this.

Thanks for your patience.

---
... Chi va piano va sano e va lontano.
David Gonzalez H.
DGHVoIP - OPEN SOURCE TELEPHONY SOLUTIONS
Phone Bogotá: +(57-1)289-1168
Phone Medellin: +(57-4)247-0985
Mobile: +(57)315-838-8326
MSN: david at planetaradio.net
Skype: davidgonzalezh
WEB: http://www.dghvoip.com/
Linux User #294661


On Thu, Sep 16, 2010 at 8:09 PM, Andrew Bartlett <abartlet at samba.org> wrote:

> On Thu, 2010-09-16 at 19:55 -0500, David Gonzalez wrote:
> > Well Andrew,
> >
> > Thank you very much for you insights on this topic, I appreciate your
> time
> > and that from other samba members.
> >
> > As I told you I've checked the latest git and installed it and Oh!,
> surprise
> > dynamic updates are working fine securely as expected, nice job those MS
> > guys will be very pleased with the progress  that samba is making.
> >
> > Also I tried joinig my W2k8 machine and it successfully does it, but the
> > DRS_ACCESS_DENIED error keeps showing up, I'm trying to debug that so I
> can
> > see what is going on.
> >
> > Also I tried joining another Samba DC with net vampire it looked good and
> > it's replicating fine, but as I asked on a previous message, when I start
> > samba or samba_dnsupdate I see that it's trying to update service names
> on
> > itself, I'd like to make that script point to my DNS server at
> 192.168.254.1
> > where also samba is running.
>
> You should ensure your resolv.conf points at the other machine, and you
> never set up a BIND on more than one machine.  (Note that we have not
> tested or prepared for bind slaves).
>
> You will note that the provision does prepare an example DNS
> configuration on all installations of Samba4.  I'll see about
> suppressing that when we are in the vampire case, as clearly then
> someone else already holds the DNS role.
>
> Andrew Bartlett
> --
> Andrew Bartlett                                http://samba.org/~abartlet/<http://samba.org/%7Eabartlet/>
> Authentication Developer, Samba Team           http://samba.org
> Samba Developer, Cisco Inc.
>

More information about the samba-technical mailing list