samba-tool gpo not finding DC's
L.P.H. van Belle
belle at bazuin.nl
Thu Jan 27 14:57:04 UTC 2022
If you have this in nsswitch.conf
hosts: files mdns4_minimal [NOTFOUND=return] dns
Change it to
hosts: files dns mdns4_minimal [NOTFOUND=return]
Since .lan is "also" a registered TLD for mDNS.
For these GPO problems, what is windows event viewer telling?
Greetz,
Louis
> -----Oorspronkelijk bericht-----
> Van: samba-technical
> [mailto:samba-technical-bounces at lists.samba.org] Namens
> Alecsandru Chirosca via samba-technical
> Verzonden: donderdag 27 januari 2022 15:04
> Aan: samba-technical at lists.samba.org
> Onderwerp: samba-tool gpo not finding DC's
>
> I have a strange issue with samba 4.13.14 on Ubuntu 20.04 LTS
> where almost
> all samba-tool functionalities are OK but the GPO options are
> not working
> with the following exception
>
> # samba-tool gpo listall -U Administrator -d3
> ...
> dns child failed to find name '_ldap._tcp.INOE.LAN' of type SRV
> resolve_lmhosts: Attempting lmhosts lookup for name
> _ldap._tcp.INOE.LAN<0x0>
> finddcs: Failed to find SRV record for _ldap._tcp.INOE.LAN
> ERROR(runtime): uncaught exception - ('Could not find a DC
> for domain',
> NTSTATUSError(3221225524, 'The object name is not found.'))
> File
> "/usr/lib/python3/dist-packages/samba/netcmd/__init__.py", line 186,
> in _run
> return self.run(*args, **kwargs)
> File "/usr/lib/python3/dist-packages/samba/netcmd/gpo.py",
> line 464, in
> run
> self.url = dc_url(self.lp, self.creds, H)
> File "/usr/lib/python3/dist-packages/samba/netcmd/gpo.py",
> line 127, in
> dc_url
> raise RuntimeError("Could not find a DC for domain", e)
>
> DNS is resolved against the integrated samba DNS server
> (127.0.0.1 and LAN
> address).
>
> Dig, on the other hand works as expected:
>
> # dig SRV _ldap._tcp.inoe.lan
>
> ; <<>> DiG 9.16.1-Ubuntu <<>> SRV _ldap._tcp.inoe.lan
> ;; global options: +cmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 22559
> ;; flags: qr aa rd ra ad; QUERY: 1, ANSWER: 2, AUTHORITY: 1,
> ADDITIONAL: 0
>
> ;; QUESTION SECTION:
> ;_ldap._tcp.inoe.lan. IN SRV
>
> ;; ANSWER SECTION:
> _ldap._tcp.inoe.lan. 900 IN SRV 0 100 389
> adc.inoe.lan.
> _ldap._tcp.inoe.lan. 900 IN SRV 0 100 389
> adc1.inoe.lan.
>
> ;; AUTHORITY SECTION:
> inoe.lan. 3600 IN SOA adc.inoe.lan.
> hostmaster.inoe.lan. 134 900 600 86400 3600
>
> ;; Query time: 0 msec
> ;; SERVER: ::1#53(::1)
> ;; WHEN: Thu Jan 27 15:50:07 EET 2022
> ;; MSG SIZE rcvd: 133
>
> same for samba-tool dns
>
> # samba-tool dns query 127.0.0.1 inoe.lan adc.inoe.lan ALL -U
> Administrator
> Password for [INOE\Administrator]:
> Name=, Records=1, Children=0
> A: xx.xxx.xx.xxx (flags=f0, serial=110, ttl=900)
>
>
> I am pursuing an issue related to the GPO's not being applied
> to domain
> computers (regarding department shares) when I encountered this issue.
> Can you please point me in the right direction regarding this issue?
>
> smb.conf (relevant part)
>
> [global]
> dns forwarder = 8.8.8.8
> netbios name = ADC
> realm = INOE.LAN
> server role = active directory domain controller
> workgroup = INOE
> idmap_ldb:use rfc2307 = yes
> allow dns updates = nonsecure
> full_audit: failure = none
> full_audit: success = pwrite write
> full_audit: prefix = IP=%I | USER=%u | MACHINE=%m | VOLUME=%S
> full_audit: facility = local7
> full_audit: priority = NOTICE
> interfaces = xx.xxx.xx.xxx/25 eno1 lo
> ldap server require strong auth = no
> log level = 1 auth_audit:3 dsdb_audit:3 dsdb_password_audit:3
> dsdb_transaction_audit:3
> min protocol = SMB2
> name resolve order = host wins lmhosts bcast
>
> samba-tool ntacl sysvolcheck and
> samba-tool ntacl sysvolreset
> work without any issues.
>
> RSAT does not report any issues.
> The main issue with GPO's is only related to new computers joining the
> domain (Windows 10), old computers work as expected.
>
> Best Regards,
> Alecsandru Chirosca
>
>
More information about the samba-technical
mailing list