[Samba] samba4 internal dns Server ddns for the reverse lookup Zoneable

Markus Roth markusroth1983 at gmx.net
Tue Aug 26 12:27:14 MDT 2014


Hi Steve,

ok i deactivate the dns_update flag in the sssd.conf and did the rm and touch command, but no AD-users with getent passwd. Here is my sssd.conf:

[sssd]
services = nss, pam
config_file_version = 2
domains = winnet.local
[nss]
[pam]
[domain/winnet.local]
id_provider = ad
auth_provider = ad
access_provider = ad
ldap_id_mapping = False
dyndns_update = False
ad_hostname = server1.winnet.local
ad_server = server1.winnet.local
ad_domain = winnet.local

 
 

Gesendet: Dienstag, 26. August 2014 um 20:16 Uhr
Von: steve <steve at steve-ss.com>
An: "Markus Roth" <markusroth1983 at gmx.net>
Cc: samba at lists.samba.org
Betreff: Re: [Samba] samba4 internal dns Server ddns for the reverse lookup Zoneable
On Tue, 2014-08-26 at 19:59 +0200, Markus Roth wrote:
> Hi Steve,
>
> so i'm at home :-) I hope you had a good day and better weather than in germany :-) I added the ad_domain option and changed the /etc/hosts and /etc/hostname. getent passwd shows no AD-users :-(
> Now i get the following:
>
> [root at server1 var]# host server1.winnet.local
> server1.winnet.local has address 192.168.178.130
> [root at server1 var]# ping server1
> PING server1.winnet.local (192.168.178.130) 56(84) bytes of data.
> 64 bytes from server1.winnet.local (192.168.178.130): icmp_seq=1 ttl=64 time=0.018 ms
> 64 bytes from server1.winnet.local (192.168.178.130): icmp_seq=2 ttl=64 time=0.047 ms
> 64 bytes from server1.winnet.local (192.168.178.130): icmp_seq=3 ttl=64 time=0.029 ms
> ^C
> --- server1.winnet.local ping statistics ---
> 3 packets transmitted, 3 received, 0% packet loss, time 1999ms
> rtt min/avg/max/mdev = 0.018/0.031/0.047/0.012 ms
> [root at server1 var]# hostname -d
> winnet.local
> [root at server1 var]# hostname -f
> server1.winnet.local
> [root at server1 var]# hostname -s
> server1
>
> sssd-log:
>
> [root at server1 var]# sssd -i -d3
> (Tue Aug 26 19:50:25 2014) [sssd[be[winnet.local]]] [be_process_init] (0x0080): No SUDO module provided for [winnet.local] !!
> (Tue Aug 26 19:50:25 2014) [sssd[be[winnet.local]]] [be_process_init] (0x0080): No autofs module provided for [winnet.local] !!
> (Tue Aug 26 19:50:25 2014) [sssd[be[winnet.local]]] [be_process_init] (0x0020): No selinux module provided for [winnet.local] !!
> (Tue Aug 26 19:50:25 2014) [sssd[be[winnet.local]]] [be_process_init] (0x0020): No host info module provided for [winnet.local] !!
> (Tue Aug 26 19:50:25 2014) [sssd[be[winnet.local]]] [be_run_online_cb] (0x0080): Going online. Running callbacks.
> (Tue Aug 26 19:50:25 2014) [sssd[nss]] [sss_mc_create_file] (0x0010): Failed to lock file /var/lib/sss/mc/passwd.
> (Tue Aug 26 19:50:25 2014) [sssd[nss]] [sss_mc_create_file] (0x0010): Failed to lock file /var/lib/sss/mc/group.
> (Tue Aug 26 19:50:25 2014) [sssd[be[winnet.local]]] [ad_dyndns_nsupdate_done] (0x0040): DNS update finished
>
rm /var/lib/sss/mc/passwd /var/lib/sss/mc/group
touch /var/lib/sss/mc/passwd /var/lib/sss/mc/group
restart sssd

There should be no dns updates Please post sssd.conf


>
>
>
> Gesendet: Dienstag, 26. August 2014 um 00:07 Uhr
> Von: steve <steve at steve-ss.com>
> An: "Markus Roth" <markusroth1983 at gmx.net>
> Cc: samba at lists.samba.org
> Betreff: Re: [Samba] samba4 internal dns Server ddns for the reverse lookup Zoneable
> On Mon, 2014-08-25 at 23:41 +0200, Markus Roth wrote:
> > hi steve,
> >
> > ok, here we go :-)
> >
> > after i added the two lines in sssd.conf i get:
> >
> > [root at server1 run]# sssd -i -d3
> > (Mon Aug 25 23:22:48:345405 2014) [sssd] [server_setup] (0x0010): Error creating pidfile: /var/run/sssd! (17 [File exists])
> > [root at server1 run]# rm -dfr /var/run/sssd.pid
> > [root at server1 run]# sssd -i -d3
> > (Mon Aug 25 23:23:00 2014) [sssd[be[winnet.local]]] [be_process_init] (0x0080): No SUDO module provided for [winnet.local] !!
> > (Mon Aug 25 23:23:00 2014) [sssd[be[winnet.local]]] [be_process_init] (0x0080): No autofs module provided for [winnet.local] !!
> > (Mon Aug 25 23:23:00 2014) [sssd[be[winnet.local]]] [be_process_init] (0x0020): No selinux module provided for [winnet.local] !!
> > (Mon Aug 25 23:23:00 2014) [sssd[be[winnet.local]]] [be_process_init] (0x0020): No host info module provided for [winnet.local] !!
> > (Mon Aug 25 23:23:00 2014) [sssd[be[winnet.local]]] [be_run_online_cb] (0x0080): Going online. Running callbacks.
> > (Mon Aug 25 23:23:00 2014) [sssd[nss]] [sss_mc_create_file] (0x0010): Failed to lock file /var/lib/sss/mc/passwd.
> > (Mon Aug 25 23:23:00 2014) [sssd[nss]] [sss_mc_create_file] (0x0010): Failed to lock file /var/lib/sss/mc/group.
> > (Mon Aug 25 23:23:00 2014) [sssd[be[winnet.local]]] [ad_dyndns_nsupdate_done] (0x0040): DNS update finished
> >
> OK, the hammer did the trick. We're connected.
> Did you try getent passwd <domain-user> ?
> > -----------------------------------------------------------------------------------------------------------------------------------
> >
> > [root at server1 run]# host server1.winnet.local
> > server1.winnet.local has address 192.168.178.130
> >
> > [root at server1 run]# ping server1
> > PING server1 (192.168.178.130) 56(84) bytes of data.
> > 64 bytes from server1 (192.168.178.130): icmp_seq=1 ttl=64 time=0.040 ms
> > 64 bytes from server1 (192.168.178.130): icmp_seq=2 ttl=64 time=0.046 ms
> > 64 bytes from server1 (192.168.178.130): icmp_seq=3 ttl=64 time=0.039 ms
> >
> > [root at server1 run]# hostname -d
>
> Add:
> ad_domain winnet.local
> to the domain section of sssd.conf
>
> > [root at server1 run]# hostname -f
> > server1
> we need:
> server1.winnet.local here but let's ignore that for now.
> > [root at server1 run]# hostname -s
> > server1
> >
> > -----------------------------------------------------------------------------------------------------------------------------------
> >
> > Aug 25 23:35:16 server1 samba[15291]: [2014/08/25 23:35:16.725551, 0] ../source4/smbd/server.c:370(binary_smbd_main)
> > Aug 25 23:35:16 server1 samba[15291]: samba version 4.1.11 started.
> > Aug 25 23:35:16 server1 samba[15291]: Copyright Andrew Tridgell and the Samba Team 1992-2013
> > Aug 25 23:35:16 server1 samba4: Starting samba4: [ OK ]
> > Aug 25 23:35:16 server1 systemd: Started LSB: start and stop samba4.
> > Aug 25 23:35:17 server1 samba[15292]: [2014/08/25 23:35:17.282959, 0] ../source4/smbd/server.c:488(binary_smbd_main)
> > Aug 25 23:35:17 server1 samba[15292]: samba: using 'standard' process model
> > Aug 25 23:35:17 server1 samba[15292]: [2014/08/25 23:35:17.295902, 0] ../lib/util/become_daemon.c:136(daemon_ready)
> > Aug 25 23:35:17 server1 smbd[15296]: [2014/08/25 23:35:17.558980, 0] ../lib/util/become_daemon.c:136(daemon_ready)
> > Aug 25 23:35:24 server1 systemd: Starting System Security Services Daemon...
> > Aug 25 23:35:24 server1 sssd: Starting up
> > Aug 25 23:35:24 server1 sssd[be[winnet.local]]: Starting up
> > Aug 25 23:35:24 server1 sssd[nss]: Starting up
> > Aug 25 23:35:24 server1 sssd[pam]: Starting up
> > Aug 25 23:35:24 server1 systemd: Started System Security Services Daemon.
> > Aug 25 23:35:24 server1 named[12755]: samba_dlz: starting transaction on zone winnet.local
> > Aug 25 23:35:24 server1 named[12755]: samba_dlz: allowing update of signer=server1\$\@WINNET.LOCAL name=server1.winnet.local tcpaddr=192.168.178.130 type=A key=3076625766.sig-server1.winnet.local/160/0
> > Aug 25 23:35:24 server1 named[12755]: client 192.168.178.130#35678/key server1\$\@WINNET.LOCAL: updating zone 'winnet.local/NONE': deleting rrset at 'server1.winnet.local' A
> > Aug 25 23:35:24 server1 named[12755]: samba_dlz: subtracted rdataset server1.winnet.local 'server1.winnet.local. 3600 IN A 192.168.178.130'
> > Aug 25 23:35:24 server1 named[12755]: samba_dlz: subtracted rdataset winnet.local 'winnet.local. 3600 IN SOA server1.winnet.local. hostmaster.winnet.local. 67 900 600 86400 0'
> > Aug 25 23:35:24 server1 named[12755]: samba_dlz: added rdataset winnet.local 'winnet.local. 3600 IN SOA server1.winnet.local. hostmaster.winnet.local. 68 900 600 86400 0'
> > Aug 25 23:35:24 server1 named[12755]: samba_dlz: committed transaction on zone winnet.local
> > Aug 25 23:35:24 server1 named[12755]: samba_dlz: starting transaction on zone winnet.local
> > Aug 25 23:35:24 server1 named[12755]: samba_dlz: allowing update of signer=server1\$\@WINNET.LOCAL name=server1.winnet.local tcpaddr=192.168.178.130 type=AAAA key=1651992907.sig-server1.winnet.local/160/0
> > Aug 25 23:35:24 server1 named[12755]: client 192.168.178.130#55338/key server1\$\@WINNET.LOCAL: updating zone 'winnet.local/NONE': deleting rrset at 'server1.winnet.local' AAAA
> > Aug 25 23:35:24 server1 named[12755]: samba_dlz: committed transaction on zone winnet.local
> > Aug 25 23:35:24 server1 named[12755]: samba_dlz: starting transaction on zone winnet.local
> > Aug 25 23:35:24 server1 named[12755]: samba_dlz: allowing update of signer=server1\$\@WINNET.LOCAL name=server1.winnet.local tcpaddr=192.168.178.130 type=A key=1121994789.sig-server1.winnet.local/160/0
> > Aug 25 23:35:24 server1 named[12755]: client 192.168.178.130#46781/key server1\$\@WINNET.LOCAL: updating zone 'winnet.local/NONE': adding an RR at 'server1.winnet.local' A
> > Aug 25 23:35:24 server1 named[12755]: samba_dlz: added rdataset server1.winnet.local 'server1.winnet.local. 3600 IN A 192.168.178.130'
> > Aug 25 23:35:24 server1 named[12755]: samba_dlz: subtracted rdataset winnet.local 'winnet.local. 3600 IN SOA server1.winnet.local. hostmaster.winnet.local. 68 900 600 86400 0'
> > Aug 25 23:35:24 server1 named[12755]: samba_dlz: added rdataset winnet.local 'winnet.local. 3600 IN SOA server1.winnet.local. hostmaster.winnet.local. 69 900 600 86400 0'
> > Aug 25 23:35:24 server1 named[12755]: samba_dlz: committed transaction on zone winnet.local
> > Aug 25 23:35:24 server1 named[12755]: samba_dlz: starting transaction on zone 178.168.192.in-addr.arpa
> > Aug 25 23:35:24 server1 named[12755]: samba_dlz: allowing update of signer=server1\$\@WINNET.LOCAL name=130.178.168.192.in-addr.arpa tcpaddr=192.168.178.130 type=PTR key=651940748.sig-server1.winnet.local/160/0
> > Aug 25 23:35:24 server1 named[12755]: samba_dlz: allowing update of signer=server1\$\@WINNET.LOCAL name=130.178.168.192.in-addr.arpa tcpaddr=192.168.178.130 type=PTR key=651940748.sig-server1.winnet.local/160/0
> > Aug 25 23:35:24 server1 named[12755]: client 192.168.178.130#43966/key server1\$\@WINNET.LOCAL: updating zone '178.168.192.in-addr.arpa/NONE': deleting rrset at '130.178.168.192.in-addr.arpa' PTR
> > Aug 25 23:35:24 server1 named[12755]: samba_dlz: subtracted rdataset 130.178.168.192.in-addr.arpa '130.178.168.192.in-addr.arpa. 3600 IN PTR server1.winnet.local.'
> > Aug 25 23:35:24 server1 named[12755]: client 192.168.178.130#43966/key server1\$\@WINNET.LOCAL: updating zone '178.168.192.in-addr.arpa/NONE': adding an RR at '130.178.168.192.in-addr.arpa' PTR
> > Aug 25 23:35:24 server1 named[12755]: samba_dlz: added rdataset 130.178.168.192.in-addr.arpa '130.178.168.192.in-addr.arpa. 3600 IN PTR server1.winnet.local.'
> > Aug 25 23:35:24 server1 named[12755]: samba_dlz: committed transaction on zone 178.168.192.in-addr.arpa
> >
> OK, We're missing the part where sssd connects. We need to know what
> ticket is being requested and which hostname is being sent.
> > -----------------------------------------------------------------------------------------------------------------------------------
> >
> > 27.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
> > ::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
> > 192.168.178.130 server1 server1.winnet.local
> >
> > -----------------------------------------------------------------------------------------------------------------------------------
> >
> This is a test domain no? Simplify to:
> 127.0.0.1 localhost
> 192.168.178.130 server1.winnet.local server1
> > hostname shows:
> >
> > server1.winnet.local
> change it to:
> server1
>
> Restart everything and go through the previous post again.
> Oh, and don't forget to test the getent command;)
>
> We'll be offline now 'til 06:00 CEST, so,
> Cheers and good luck
> Steve
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba

 


More information about the samba mailing list