Reporting success this past year + new Issues Adding a new Samba 4 DC to existing Samba 4 AD

Aubrey Ekstrom aekstrom at proclivitysystems.com
Fri Dec 9 14:06:58 MST 2011 

That was what I just tried doing (before I saw this). Same error from Samba
4 DNS Update test though:

$ sudo /usr/local/samba/sbin/samba_dnsupdate --verbose
IPs: ['XX.XX.XX.44']
Looking for DNS entry A not.our.domain XX.XX.XX.44 as not.our.domain.
Looking for DNS entry A opdc0.not.our.domain XX.XX.XX.44 as
opdc0.not.our.domain.
Looking for DNS entry CNAME
b36cf7ca-5d1f-4720-9cc1-3034b87312c4._msdcs.corp.core opdc0.not.our.domain
as b36cf7ca-5d1f-4720-9cc1-3034b87312c4._msdcs.not.our.domain.
Looking for DNS entry SRV
_kerberos._tcp.default-first-site-name._sites.dc._msdcs.not.our.domain
opdc0.not.our.domain 88 as
_kerberos._tcp.default-first-site-name._sites.dc._msdcs.not.our.domain.
Looking for DNS entry SRV
_ldap._tcp.default-first-site-name._sites.dc._msdcs.not.our.domainopdc0.not.our.domain
389 as
_ldap._tcp.default-first-site-name._sites.dc._msdcs.not.our.domain.
Looking for DNS entry SRV _kerberos._tcp.dc._msdcs.not.our.domain
opdc0.not.our.domain 88 as _kerberos._tcp.dc._msdcs.not.our.domain.
Looking for DNS entry SRV _ldap._tcp.dc._msdcs.not.our.domain
opdc0.not.our.domain 389 as _ldap._tcp.dc._msdcs.not.our.domain.
Looking for DNS entry SRV
_ldap._tcp.a3d53761-ad10-49af-9c68-9f08ebf3fb88.domains._msdcs.not.our.domain
opdc0.not.our.domain 389 as
_ldap._tcp.a3d53761-ad10-49af-9c68-9f08ebf3fb88.domains._msdcs.not.our.domain.
Looking for DNS entry SRV
_ldap._tcp.default-first-site-name._sites.gc._msdcs.corp.core
opdc0.not.our.domain 3268 as
_ldap._tcp.default-first-site-name._sites.gc._ms
dcs.not.our.domain.
Looking for DNS entry SRV _ldap._tcp.gc._msdcs.not.our.domain
opdc0.not.our.domain 3268 as _ldap._tcp.gc._msdcs.not.our.domain.
Looking for DNS entry SRV _ldap._tcp.pdc._msdcs.not.our.domain
opdc0.not.our.domain 389 as _ldap._tcp.pdc._msdcs.not.our.domain.
Looking for DNS entry SRV
_gc._tcp.default-first-site-name._sites.not.our.domain opdc0.not.our.domain
3268 as _gc._tcp.default-first-site-name._sites.not.our.domain.
Looking for DNS entry SRV _kerberos._tcp.default-first-site-name._sites.
not.our.domain opdc0.not.our.domain 88 as
_kerberos._tcp.default-first-site-name._sites.not.our.domain.
Looking for DNS entry SRV
_ldap._tcp.default-first-site-name._sites.not.our.domain
opdc0.not.our.domain 389 as
_ldap._tcp.default-first-site-name._sites.not.our.domain.
Looking for DNS entry SRV _gc._tcp.not.our.domain opdc0.not.our.domain 3268
as _gc._tcp.corp.core.
Looking for DNS entry SRV _kerberos._tcp.not.our.domain
opdc0.not.our.domain 88 as _kerberos._tcp.not.our.domain.
Looking for DNS entry SRV _kpasswd._tcp.not.our.domain opdc0.not.our.domain
464 as _kpasswd._tcp.not.our.domain.
Looking for DNS entry SRV _ldap._tcp.not.our.domain opdc0.not.our.domain
389 as _ldap._tcp.not.our.domain.
Looking for DNS entry SRV _kerberos._udp.not.our.domain
opdc0.not.our.domain 88 as _kerberos._udp.not.our.domain.
Looking for DNS entry SRV _kpasswd._udp.not.our.domain opdc0.not.our.domain
464 as _kpasswd._udp.not.our.domain.
Traceback (most recent call last):
  File "/usr/local/samba/sbin/samba_dnsupdate", line 397, in <module>
    get_credentials(lp)
  File "/usr/local/samba/sbin/samba_dnsupdate", line 106, in get_credentials
    creds.get_named_ccache(lp, ccachename)
RuntimeError: kinit for OPDC0$@not.our.domain failed (Cannot contact any
KDC for requested realm: unable to reach any KDC in realm not.our.domain)

Cheers,*

Aubrey Ekstrom | *Systems Administrator
Proclivity Systems
22 West 19th St., Ninth Floor
New York, NY 10011
p 646.380.2416
aekstrom at proclivitysystems.com
www.proclivitysystems.com

*Proclivity® | We Value Your Customers™*


This message is the property of Proclivity Systems, Inc. and is intended
only for the use of the addressee(s), and may contain material that is
confidential and privileged for the sole use of the intended recipient.  If
you are not the intended recipient, reliance or forwarding without express
permission is strictly prohibited; please contact the sender and delete all
copies.







On Fri, Dec 9, 2011 at 3:55 PM, David Pollack <
dpollack at proclivitysystems.com> wrote:

> It may be a good idea to kill all the bind instances & restart.
>
> On Fri, Dec 9, 2011 at 3:43 PM, Aubrey Ekstrom <
> aekstrom at proclivitysystems.com> wrote:
>
>> Hi Andrew,
>>
>> I hope you are well today! Thanks as always for the reply. I have checked
>> this before.
>>
>> The logs also show DNS activity, so it has been running.
>>
>> PS also says it is running, and if I start it again I just get a another
>> instance:
>>
>> ps -Af | grep named
>> bind      4481     1  0 Dec05 ?        00:00:03 /usr/local/sbin/named -u
>> bind
>> bind      9136     1  0 Dec06 ?        00:01:38 /usr/local/sbin/named -u
>> bind
>> bind     12623     1  0 15:35 ?        00:00:00 /usr/local/sbin/named -u
>> bind
>>
>>
>> Cheers,*
>>
>> Aubrey Ekstrom | *Systems Administrator
>> Proclivity Systems
>> 22 West 19th St., Ninth Floor
>> New York, NY 10011
>> p 646.380.2416
>> aekstrom at proclivitysystems.com
>> www.proclivitysystems.com
>>
>> *Proclivity® | We Value Your Customers™*
>>
>>
>> This message is the property of Proclivity Systems, Inc. and is intended
>> only for the use of the addressee(s), and may contain material that is
>> confidential and privileged for the sole use of the intended recipient.  If
>> you are not the intended recipient, reliance or forwarding without express
>> permission is strictly prohibited; please contact the sender and delete all
>> copies.
>>
>>
>>
>>
>>
>>
>>
>> On Fri, Dec 9, 2011 at 3:30 PM, Andrew Bartlett <abartlet at samba.org>wrote:
>>
>>> On Fri, 2011-12-09 at 12:20 -0500, Aubrey Ekstrom wrote:
>>> > Hi Andrew,
>>> >
>>> > I find the below error this in both /var/log/daemon.log &
>>> var/log/syslog
>>> > for process named:
>>> >
>>> > *invalid command from 127.0.0.1#40623: bad auth*
>>> >
>>> > To recap the error bind9 reload displays:
>>> >
>>> > $ sudo /etc/init.d/bind9 reload
>>> > Reloading domain name service...: bind9rndc: connection to remote host
>>> > closed
>>>
>>> Clearly bind is not running on this host at this time.  What happens if
>>> you simply start it?
>>>
>>> sudo /etc/init.d/bind9 start
>>>
>>> Andrew Bartlett
>>>
>>> --
>>> Andrew Bartlett
>>> http://samba.org/~abartlet/
>>> Authentication Developer, Samba Team           http://samba.org
>>>
>>>
>>
>
>
> --
> *David Pollack | *Director of IT
> Proclivity Systems
> 22 West 19th St., Ninth Floor
> New York, NY 10011
> p 646.237.3726
> dpollack at proclivitysystems.com
> www.proclivitysystems.com
>
> *Proclivity® | We Value Your Customers™*
> *
> *
> This message is the property of Proclivity Systems, Inc. and is intended
> only for the use of the addressee(s), and may contain material that is
> confidential and privileged for the sole use of the intended recipient.  If
> you are not the intended recipient, reliance or forwarding without express
> permission is strictly prohibited; please contact the sender and delete all
> copies.
>
>
>

More information about the samba-technical mailing list