[Samba] Upgrading from Samba 4.0.1 to 4.1.6

Jason Waters jwaters at h2os.com
Mon Mar 17 09:23:59 MDT 2014


I'm thinking I see a problem.  On this server when I do a dig I get 3 A
records back.  The other server, where the DNS is working fine, I only get
one.

root at fspa:~# dig fspa.tte.local

; <<>> DiG 9.8.1-P1 <<>> fspa.tte.local
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 36036
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;fspa.tte.local.                        IN      A

;; ANSWER SECTION:
fspa.tte.local.         900     IN      A       192.168.0.3
fspa.tte.local.         900     IN      A       10.0.0.116
fspa.tte.local.         900     IN      A       192.168.1.2


Only the 192.168.0.3 is valid...

I tried
samba-tool dns delete fspa tte.local fspa.tte.local A 10.0.0.116

But it just times out.

root at fspa:~# samba-tool dns delete fspa tte.local fspa.tte.local A
10.0.0.116
GENSEC backend 'gssapi_spnego' registered
GENSEC backend 'gssapi_krb5' registered
GENSEC backend 'gssapi_krb5_sasl' registered
GENSEC backend 'schannel' registered
GENSEC backend 'spnego' registered
GENSEC backend 'ntlmssp' registered
GENSEC backend 'krb5' registered
GENSEC backend 'fake_gssapi_krb5' registered
Using binding ncacn_ip_tcp:fspa[,sign]
Cannot reach a KDC we require in order to obtain a ticetk to
host/FSPA at TTE.LOCAL:  Miscellaneous failure (see text                  ):
unable to reach any KDC in realm TTE.LOCAL
SPNEGO(gssapi_krb5) creating NEG_TOKEN_INIT failed:
NT_STATUS_NO_LOGON_SERVERS
ERROR(runtime): uncaught exception - (-1073741643, 'NT_STATUS_IO_TIMEOUT')
  File
"/usr/local/samba/lib/python2.7/site-packages/samba/netcmd/__init__.py",
line 175, in _run
    return self.run(*args, **kwargs)
  File "/usr/local/samba/lib/python2.7/site-packages/samba/netcmd/dns.py",
line 1169, in run
    dns_conn = dns_connect(server, self.lp, self.creds)
  File "/usr/local/samba/lib/python2.7/site-packages/samba/netcmd/dns.py",
line 37, in dns_connect
    dns_conn = dnsserver.dnsserver(binding_str, lp, creds)





On Mon, Mar 17, 2014 at 11:07 AM, Jason Waters <jwaters at h2os.com> wrote:

> I am using the internal one.  It seemed to work fine with 4.0.1, not sure
> why it doesn't like 4.1.6.  I guess after house I can figure out how to
> switch it over.  Do I need to compile bind?  I'm using Ubuntu 12.04 LTS.
>  Thanks
>
> Jason
>
>
> On Mon, Mar 17, 2014 at 11:01 AM, Damien Dye <damien.dye at sondrel.com>wrote:
>
>> you using the internal samba DNS or bind via DLZ?
>>
>> if internal try switching to using bind with DLZ in my case it works much
>> better as the samba internal one doesn't cache so has high latency
>>
>> --
>>
>> Damien Dye
>>  IT Manager
>>  *Sondrel Ltd*
>>  Sondrel House, Theale Lakes Business Park
>> Moulden Way, Sulhamstead, Berkshire, RG7 4GB, UK
>>
>> Tel: +44(0)118 9838 550
>> www.sondrel.com
>>
>>  [image: Sondrel] <http://www.sondrel.com/>
>>
>> This e-mail and any attachments may be confidential or legally
>> privileged. If you are not the intended recipient, you should destroy the
>> e-mail message and any attachments, and inform us of the erroneous delivery
>> by return e-mail. You are prohibited from retaining, distributing,
>> disclosing or using any information contained herein. Internet
>> communications cannot be guaranteed to be timely, secure, error or
>> virus-free. Sondrel Ltd and the sender do not accept liability for any
>> errors or omissions, nor do we accept liability for the content of this
>> email, or for the consequences of any actions taken on the basis of the
>> information provided, unless that information is consequently confirmed in
>> writing under the personal signature of a duly authorised officer of
>> Sondrel Ltd.
>>
>> This email is sent on behalf of Sondrel Ltd registered in England with
>> number 4491953, registered office Sondrel House, Theale Lakes Business
>> Park, Moulden Way, Sulhamstead, Berkshire, RG7 4GB, UK.
>>
>>
>> On 17 March 2014 14:56, Jason Waters <jwaters at h2os.com> wrote:
>>
>>>  I added a realms section to my krb5.conf file and now I can at least run
>>> the kinit command.  But the samba-tool dns query fspa tte.local @ ALL
>>> command returns a bunch of entries now.  But takes forever.  Something is
>>> up with the DNS being very very slow.  Any thoughts of where to look?
>>>
>>>
>>>
>>>
>>> On Mon, Mar 17, 2014 at 8:35 AM, Jason Waters <jwaters at h2os.com> wrote:
>>>
>>> > When I put the right information, this is the error I get
>>> >
>>> > ERROR(runtime): uncaught exception - (-1073741643,
>>> 'NT_STATUS_IO_TIMEOUT')
>>> >   File
>>> >
>>> "/usr/local/samba/lib/python2.7/site-packages/samba/netcmd/__init__.py",
>>> > line 175, in _run
>>> >     return self.run(*args, **kwargs)
>>> >   File
>>> "/usr/local/samba/lib/python2.7/site-packages/samba/netcmd/dns.py",
>>> > line 984, in run
>>> >     dns_conn = dns_connect(server, self.lp, self.creds)
>>> >   File
>>> "/usr/local/samba/lib/python2.7/site-packages/samba/netcmd/dns.py",
>>> > line 37, in dns_connect
>>> >     dns_conn = dnsserver.dnsserver(binding_str, lp, creds)
>>> >
>>> >
>>> >
>>> > On Mon, Mar 17, 2014 at 8:25 AM, Jason Waters <jwaters at h2os.com>
>>> wrote:
>>> >
>>> >> I see why I got that error.  I needed to put the server and the
>>> domain.
>>> >>  my bad!  Still acting slow though.
>>> >>
>>> >>
>>> >> On Mon, Mar 17, 2014 at 8:14 AM, Jason Waters <jwaters at h2os.com>
>>> wrote:
>>> >>
>>> >>> root at fspa:~# kinit administrator
>>> >>> kinit: Cannot contact any KDC for realm 'ABC.LOCAL' while getting
>>> >>> initial credentials
>>> >>> root at fspa:~# samba-tool dns query SERVER DOMAIN @ ALL
>>> >>> ERROR(runtime): uncaught exception - (-1073741772,
>>> >>> 'NT_STATUS_OBJECT_NAME_NOT_FOUND')
>>> >>>   File
>>> >>>
>>> "/usr/local/samba/lib/python2.7/site-packages/samba/netcmd/__init__.py",
>>> >>> line 175, in _run
>>> >>>     return self.run(*args, **kwargs)
>>> >>>   File
>>> >>> "/usr/local/samba/lib/python2.7/site-packages/samba/netcmd/dns.py",
>>> line
>>> >>> 984, in run
>>> >>>     dns_conn = dns_connect(server, self.lp, self.creds)
>>> >>>   File
>>> >>> "/usr/local/samba/lib/python2.7/site-packages/samba/netcmd/dns.py",
>>> line
>>> >>> 37, in dns_connect
>>> >>>     dns_conn = dnsserver.dnsserver(binding_str, lp, creds)
>>> >>>
>>> >>>
>>> >>>
>>> >>> On Mon, Mar 17, 2014 at 8:12 AM, Jason Waters <jwaters at h2os.com>
>>> wrote:
>>> >>>
>>> >>>> I seem to be having a DNS issue.  The DNS server is really really
>>> slow
>>> >>>> when I use samba.  Any ideas?
>>> >>>>
>>> >>>> Jason
>>> >>>>
>>> >>>> root at fspa:~# ping google.com
>>> >>>> PING google.com (204.186.215.54) 56(84) bytes of data.
>>> >>>> 64 bytes from 204.186.215.54: icmp_req=1 ttl=61 time=13.7 ms
>>> >>>> 64 bytes from 204.186.215.54: icmp_req=2 ttl=61 time=11.1 ms
>>> >>>> 64 bytes from 204.186.215.54: icmp_req=3 ttl=61 time=10.9 ms
>>> >>>> 64 bytes from 204.186.215.54: icmp_req=4 ttl=61 time=13.8 ms
>>> >>>> ^C64 bytes from 204.186.215.54: icmp_req=5 ttl=61 time=13.1 ms
>>> >>>>
>>> >>>> --- google.com ping statistics ---
>>> >>>> 5 packets transmitted, 5 received, 0% packet loss, time 20179ms
>>> >>>> rtt min/avg/max/mdev = 10.907/12.562/13.896/1.284 ms
>>> >>>>
>>> >>>>
>>> >>>> See the 20179ms???
>>> >>>>
>>> >>>>
>>> >>>> On Sun, Mar 16, 2014 at 11:30 AM, Jason Waters <jwaters at h2os.com
>>> >wrote:
>>> >>>>
>>> >>>>> Marc,
>>> >>>>>   Sorry about just grepping the error.  Didn't know if that would
>>> flag
>>> >>>>> anything that you "knew" already.  Like the .pem issue before.  I
>>> figured
>>> >>>>> out the problem.  In smb.conf I had [print$] defined with a
>>> directory that
>>> >>>>> didn't exist.  As soon as I created it samba would start and stay
>>> running!
>>> >>>>>  Thank you for the help.  Also sorry about my calling it PDC/BDC.
>>>  I will
>>> >>>>> refer to them as domain controllers from now on! :)
>>> >>>>>
>>> >>>>> Jason
>>> >>>>>
>>> >>>>>
>>> >>>>> On Sat, Mar 15, 2014 at 9:44 PM, Marc Muehlfeld <
>>> >>>>> samba at marc-muehlfeld.de> wrote:
>>> >>>>>
>>> >>>>>> Am 16.03.2014 02:32, schrieb Jason Waters:
>>> >>>>>>
>>> >>>>>>  Got a little further.  I removed the pem files and then the
>>> one(PDC)
>>> >>>>>>> started and stayed working.  The BDC did not.  I got this when I
>>> >>>>>>> grep the
>>> >>>>>>> log file.
>>> >>>>>>>
>>> >>>>>>> root at fsZZ:/usr/local/samba-4.1.6/var# grep error log.samba
>>> >>>>>>>
>>> >>>>>>
>>> >>>>>> Please empty your logs, start samba and then have a look at _all_
>>> the
>>> >>>>>> messages are shown. Only with the lines containing the word
>>> "error" in
>>> >>>>>> lower cases it would be very hard to help.
>>> >>>>>>
>>> >>>>>>
>>> >>>>>> What do you mean with "one(PDC) started and stayed working. The
>>> BDC
>>> >>>>>> did not." What is not working? Are all processes running? If not,
>>> which is
>>> >>>>>> missing? It Samba listening on all ports it should? If not, which
>>> ports are
>>> >>>>>> not listening? ....
>>> >>>>>>
>>> >>>>>>
>>> >>>>>> Btw: You said you have a Samba AD, then you don't have PDC/BDCs.
>>> You
>>> >>>>>> have Domain Controllers. Please use this term, as PDC/BDC
>>> indicate that
>>> >>>>>> you're running a NT4-style domain. This confuses, as for a Samba4
>>> NT4-style
>>> >>>>>> domain you have to do different steps than for an AD DC.
>>> >>>>>>
>>> >>>>>>
>>> >>>>>>
>>> >>>>>> Regards,
>>> >>>>>> Marc
>>> >>>>>>
>>> >>>>>>
>>> >>>>>
>>> >>>>
>>> >>>
>>> >>
>>> >
>>> --
>>> To unsubscribe from this list go to the following URL and read the
>>> instructions:  https://lists.samba.org/mailman/options/samba
>>>
>>
>>
>


More information about the samba mailing list