[Samba] trying to add DC to existing domain

Tue Feb 18 09:20:40 MST 2014

Am 16/02/14 10:46, schrieb Marc Muehlfeld:
> Hello Andreas,
>
> Am 16.02.2014 10:03, schrieb Andreas Oster:
>> "getent hosts localhost" gives me the following output:
>>
>> ::1             localhost ip6-localhost ip6-loopback
>
> Sorry, my fault. "getent ahosts localhost" should return both (IPv4/IPv6).
>
>
>
> Have you ever tried to let smbclient connect to the IP instead of
> localhost?
>
>
>
> Can you set
>    log level = 10
> in your smb.conf, start samba normal and have a look in your logs when
> you try to connect? You should find the NT_STATUS_OBJECT_NAME_NOT_FOUND
> in the logs then.
>
>
>
> Regards,
> Marc

Hello Marc,

it has turned out, that it has been a regression in the sources 
introduced by some patches which have been added lately. The patches 
have been removed from master and after a git pull and recompile sysvol 
and netlogon are available again.

But now I have run into another issue regarding dns update.  I use bind9 
with bind_dlz.  I have recognized that the new server is not able to 
register some of the required DNS entries. To see what is going wrong I 
have manually executed samba_dnsupdate:

  /usr/local/samba/sbin/samba_dnsupdate --verbose
IPs: ['10.2.1.18']
Skipping PDC entry (SRV _ldap._tcp.pdc._msdcs.${DNSDOMAIN} 
      ${HOSTNAME} 389) as we are not a PDC
Skipping PDC entry (SRV _ldap._tcp.pdc._msdcs.${DNSFOREST} 
      ${HOSTNAME} 389) as we are not a PDC
Looking for DNS entry A samdomain.local 10.2.1.18 as samdomain.local.
Failed to find matching DNS entry A samdomain.local 10.2.1.18
Looking for DNS entry A novadc03.samdomain.local 10.2.1.18 as 
novadc03.samdomain.local.
Looking for DNS entry A gc._msdcs.samdomain.local 10.2.1.18 as 
gc._msdcs.samdomain.local.
Failed to find matching DNS entry A gc._msdcs.samdomain.local 10.2.1.18
Looking for DNS entry CNAME 
94534f65-5d06-41f5-844d-a58a0bc03c93._msdcs.samdomain.local 
novadc03.samdomain.local as 
94534f65-5d06-41f5-844d-a58a0bc03c93._msdcs.samdomain.local.
Looking for DNS entry SRV _kpasswd._tcp.samdomain.local 
novadc03.samdomain.local 464 as _kpasswd._tcp.samdomain.local.
Checking 0 100 464 novadc03.samdomain.local. against SRV 
_kpasswd._tcp.samdomain.local novadc03.samdomain.local 464
Looking for DNS entry SRV _kpasswd._udp.samdomain.local 
novadc03.samdomain.local 464 as _kpasswd._udp.samdomain.local.
Checking 0 100 464 novadc03.samdomain.local. against SRV 
_kpasswd._udp.samdomain.local novadc03.samdomain.local 464
Looking for DNS entry SRV _kerberos._tcp.samdomain.local 
novadc03.samdomain.local 88 as _kerberos._tcp.samdomain.local.
Checking 0 100 88 NOVADC01.samdomain.local. against SRV 
_kerberos._tcp.samdomain.local novadc03.samdomain.local 88
Checking 0 100 88 novadc02.samdomain.local. against SRV 
_kerberos._tcp.samdomain.local novadc03.samdomain.local 88
Checking 0 100 88 novadc03.samdomain.local. against SRV 
_kerberos._tcp.samdomain.local novadc03.samdomain.local 88
Looking for DNS entry SRV _kerberos._tcp.dc._msdcs.samdomain.local 
novadc03.samdomain.local 88 as _kerberos._tcp.dc._msdcs.samdomain.local.
Checking 0 100 88 NOVADC01.samdomain.local. against SRV 
_kerberos._tcp.dc._msdcs.samdomain.local novadc03.samdomain.local 88
Checking 0 100 88 novadc02.samdomain.local. against SRV 
_kerberos._tcp.dc._msdcs.samdomain.local novadc03.samdomain.local 88
Failed to find matching DNS entry SRV 
_kerberos._tcp.dc._msdcs.samdomain.local novadc03.samdomain.local 88
Looking for DNS entry SRV 
_kerberos._tcp.standardname-des-ersten-standorts._sites.samdomain.local 
novadc03.samdomain.local 88 as 
_kerberos._tcp.standardname-des-ersten-standorts._sites.samdomain.local.
Checking 0 100 88 novadc03.samdomain.local. against SRV 
_kerberos._tcp.standardname-des-ersten-standorts._sites.samdomain.local 
novadc03.samdomain.local 88
Looking for DNS entry SRV 
_kerberos._tcp.standardname-des-ersten-standorts._sites.dc._msdcs.samdomain.local 
novadc03.samdomain.local 88 as 
_kerberos._tcp.standardname-des-ersten-standorts._sites.dc._msdcs.samdomain.local.
Checking 0 100 88 NOVADC01.samdomain.local. against SRV 
_kerberos._tcp.standardname-des-ersten-standorts._sites.dc._msdcs.samdomain.local 
novadc03.samdomain.local 88
Checking 0 100 88 novadc02.samdomain.local. against SRV 
_kerberos._tcp.standardname-des-ersten-standorts._sites.dc._msdcs.samdomain.local 
novadc03.samdomain.local 88
Failed to find matching DNS entry SRV 
_kerberos._tcp.standardname-des-ersten-standorts._sites.dc._msdcs.samdomain.local 
novadc03.samdomain.local 88
Looking for DNS entry SRV _kerberos._udp.samdomain.local 
novadc03.samdomain.local 88 as _kerberos._udp.samdomain.local.
Checking 0 100 88 novadc02.samdomain.local. against SRV 
_kerberos._udp.samdomain.local novadc03.samdomain.local 88
Checking 0 100 88 novadc03.samdomain.local. against SRV 
_kerberos._udp.samdomain.local novadc03.samdomain.local 88
Looking for DNS entry SRV _ldap._tcp.samdomain.local 
novadc03.samdomain.local 389 as _ldap._tcp.samdomain.local.
Checking 0 100 389 NOVADC01.samdomain.local. against SRV 
_ldap._tcp.samdomain.local novadc03.samdomain.local 389
Checking 0 100 389 novadc02.samdomain.local. against SRV 
_ldap._tcp.samdomain.local novadc03.samdomain.local 389
Checking 0 100 389 novadc03.samdomain.local. against SRV 
_ldap._tcp.samdomain.local novadc03.samdomain.local 389
Looking for DNS entry SRV _ldap._tcp.dc._msdcs.samdomain.local 
novadc03.samdomain.local 389 as _ldap._tcp.dc._msdcs.samdomain.local.
Checking 0 100 389 NOVADC01.samdomain.local. against SRV 
_ldap._tcp.dc._msdcs.samdomain.local novadc03.samdomain.local 389
Checking 0 100 389 novadc02.samdomain.local. against SRV 
_ldap._tcp.dc._msdcs.samdomain.local novadc03.samdomain.local 389
Failed to find matching DNS entry SRV 
_ldap._tcp.dc._msdcs.samdomain.local novadc03.samdomain.local 389
Looking for DNS entry SRV _ldap._tcp.gc._msdcs.samdomain.local 
novadc03.samdomain.local 3268 as _ldap._tcp.gc._msdcs.samdomain.local.
Checking 0 100 3268 novadc02.samdomain.local. against SRV 
_ldap._tcp.gc._msdcs.samdomain.local novadc03.samdomain.local 3268
Checking 0 100 3268 NOVADC01.samdomain.local. against SRV 
_ldap._tcp.gc._msdcs.samdomain.local novadc03.samdomain.local 3268
Failed to find matching DNS entry SRV 
_ldap._tcp.gc._msdcs.samdomain.local novadc03.samdomain.local 3268
Looking for DNS entry SRV 
_ldap._tcp.standardname-des-ersten-standorts._sites.samdomain.local 
novadc03.samdomain.local 389 as 
_ldap._tcp.standardname-des-ersten-standorts._sites.samdomain.local.
Checking 0 100 389 novadc02.samdomain.local. against SRV 
_ldap._tcp.standardname-des-ersten-standorts._sites.samdomain.local 
novadc03.samdomain.local 389
Checking 0 100 389 novadc03.samdomain.local. against SRV 
_ldap._tcp.standardname-des-ersten-standorts._sites.samdomain.local 
novadc03.samdomain.local 389
Looking for DNS entry SRV 
_ldap._tcp.standardname-des-ersten-standorts._sites.dc._msdcs.samdomain.local 
novadc03.samdomain.local 389 as 
_ldap._tcp.standardname-des-ersten-standorts._sites.dc._msdcs.samdomain.local.
Checking 0 100 389 novadc02.samdomain.local. against SRV 
_ldap._tcp.standardname-des-ersten-standorts._sites.dc._msdcs.samdomain.local 
novadc03.samdomain.local 389
Checking 0 100 389 NOVADC01.samdomain.local. against SRV 
_ldap._tcp.standardname-des-ersten-standorts._sites.dc._msdcs.samdomain.local 
novadc03.samdomain.local 389
Failed to find matching DNS entry SRV 
_ldap._tcp.standardname-des-ersten-standorts._sites.dc._msdcs.samdomain.local 
novadc03.samdomain.local 389
Looking for DNS entry SRV 
_ldap._tcp.standardname-des-ersten-standorts._sites.gc._msdcs.samdomain.local 
novadc03.samdomain.local 3268 as 
_ldap._tcp.standardname-des-ersten-standorts._sites.gc._msdcs.samdomain.local.
Checking 0 100 3268 NOVADC01.samdomain.local. against SRV 
_ldap._tcp.standardname-des-ersten-standorts._sites.gc._msdcs.samdomain.local 
novadc03.samdomain.local 3268
Checking 0 100 3268 novadc02.samdomain.local. against SRV 
_ldap._tcp.standardname-des-ersten-standorts._sites.gc._msdcs.samdomain.local 
novadc03.samdomain.local 3268
Failed to find matching DNS entry SRV 
_ldap._tcp.standardname-des-ersten-standorts._sites.gc._msdcs.samdomain.local 
novadc03.samdomain.local 3268
Looking for DNS entry SRV 
_ldap._tcp.c334d5b7-2ce8-451f-9815-705beec2a5c2.domains._msdcs.samdomain.local 
novadc03.samdomain.local 389 as 
_ldap._tcp.c334d5b7-2ce8-451f-9815-705beec2a5c2.domains._msdcs.samdomain.local.
Checking 0 100 389 novadc02.samdomain.local. against SRV 
_ldap._tcp.c334d5b7-2ce8-451f-9815-705beec2a5c2.domains._msdcs.samdomain.local 
novadc03.samdomain.local 389
Checking 0 100 389 NOVADC01.samdomain.local. against SRV 
_ldap._tcp.c334d5b7-2ce8-451f-9815-705beec2a5c2.domains._msdcs.samdomain.local 
novadc03.samdomain.local 389
Failed to find matching DNS entry SRV 
_ldap._tcp.c334d5b7-2ce8-451f-9815-705beec2a5c2.domains._msdcs.samdomain.local 
novadc03.samdomain.local 389
Looking for DNS entry SRV _gc._tcp.samdomain.local 
novadc03.samdomain.local 3268 as _gc._tcp.samdomain.local.
Checking 0 100 3268 NOVADC01.samdomain.local. against SRV 
_gc._tcp.samdomain.local novadc03.samdomain.local 3268
Checking 0 100 3268 novadc02.samdomain.local. against SRV 
_gc._tcp.samdomain.local novadc03.samdomain.local 3268
Checking 0 100 3268 novadc03.samdomain.local. against SRV 
_gc._tcp.samdomain.local novadc03.samdomain.local 3268
Looking for DNS entry SRV 
_gc._tcp.standardname-des-ersten-standorts._sites.samdomain.local 
novadc03.samdomain.local 3268 as 
_gc._tcp.standardname-des-ersten-standorts._sites.samdomain.local.
Checking 0 100 3268 novadc02.samdomain.local. against SRV 
_gc._tcp.standardname-des-ersten-standorts._sites.samdomain.local 
novadc03.samdomain.local 3268
Checking 0 100 3268 novadc03.samdomain.local. against SRV 
_gc._tcp.standardname-des-ersten-standorts._sites.samdomain.local 
novadc03.samdomain.local 3268
Calling nsupdate for A samdomain.local 10.2.1.18
Outgoing update query:
;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id:      0
;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0
;; UPDATE SECTION:
samdomain.local.	900	IN	A	10.2.1.18

update failed: NOTAUTH
Failed nsupdate: 2
Calling nsupdate for A gc._msdcs.samdomain.local 10.2.1.18
Outgoing update query:
;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id:      0
;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0
;; UPDATE SECTION:
gc._msdcs.samdomain.local. 900	IN	A	10.2.1.18

update failed: NOTAUTH
Failed nsupdate: 2
Calling nsupdate for SRV _kerberos._tcp.dc._msdcs.samdomain.local 
novadc03.samdomain.local 88
Outgoing update query:
;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id:      0
;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0
;; UPDATE SECTION:
_kerberos._tcp.dc._msdcs.samdomain.local. 900 IN SRV 0 100 88 
novadc03.samdomain.local.

update failed: NOTAUTH
Failed nsupdate: 2
Calling nsupdate for SRV 
_kerberos._tcp.standardname-des-ersten-standorts._sites.dc._msdcs.samdomain.local 
novadc03.samdomain.local 88
Outgoing update query:
;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id:      0
;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0
;; UPDATE SECTION:
_kerberos._tcp.standardname-des-ersten-standorts._sites.dc._msdcs.samdomain.local. 
900 IN SRV 0 100 88 novadc03.samdomain.local.

update failed: NOTAUTH
Failed nsupdate: 2
Calling nsupdate for SRV _ldap._tcp.dc._msdcs.samdomain.local 
novadc03.samdomain.local 389
Outgoing update query:
;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id:      0
;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0
;; UPDATE SECTION:
_ldap._tcp.dc._msdcs.samdomain.local. 900 IN SRV 0 100 389 
novadc03.samdomain.local.

update failed: NOTAUTH
Failed nsupdate: 2
Calling nsupdate for SRV _ldap._tcp.gc._msdcs.samdomain.local 
novadc03.samdomain.local 3268
Outgoing update query:
;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id:      0
;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0
;; UPDATE SECTION:
_ldap._tcp.gc._msdcs.samdomain.local. 900 IN SRV 0 100 3268 
novadc03.samdomain.local.

update failed: NOTAUTH
Failed nsupdate: 2
Calling nsupdate for SRV 
_ldap._tcp.standardname-des-ersten-standorts._sites.dc._msdcs.samdomain.local 
novadc03.samdomain.local 389
Outgoing update query:
;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id:      0
;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0
;; UPDATE SECTION:
_ldap._tcp.standardname-des-ersten-standorts._sites.dc._msdcs.samdomain.local. 
900 IN SRV 0 100 389 novadc03.samdomain.local.

update failed: NOTAUTH
Failed nsupdate: 2
Calling nsupdate for SRV 
_ldap._tcp.standardname-des-ersten-standorts._sites.gc._msdcs.samdomain.local 
novadc03.samdomain.local 3268
Outgoing update query:
;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id:      0
;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0
;; UPDATE SECTION:
_ldap._tcp.standardname-des-ersten-standorts._sites.gc._msdcs.samdomain.local. 
900 IN SRV 0 100 3268 novadc03.samdomain.local.

update failed: NOTAUTH
Failed nsupdate: 2
Calling nsupdate for SRV 
_ldap._tcp.c334d5b7-2ce8-451f-9815-705beec2a5c2.domains._msdcs.samdomain.local 
novadc03.samdomain.local 389
Outgoing update query:
;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id:      0
;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0
;; UPDATE SECTION:
_ldap._tcp.c334d5b7-2ce8-451f-9815-705beec2a5c2.domains._msdcs.samdomain.local. 
900 IN SRV 0 100 389 novadc03.samdomain.local.

update failed: NOTAUTH
Failed nsupdate: 2
Failed update of 9 entries

 From the output it seems, that there is something wrong with 
authentication. I have verified, that the dns.keytab file exists in the 
private directory.

Do you have an idea what could be the cause of that ?

Thank you for your kind help

best regards

Andreas