[Samba] Upgrading from Samba 4.0.1 to 4.1.6

steve steve at steve-ss.com
Mon Mar 17 09:57:20 MDT 2014 

On Mon, 2014-03-17 at 11:23 -0400, Jason Waters wrote:
> I'm thinking I see a problem.  On this server when I do a dig I get 3 A
> records back.  The other server, where the DNS is working fine, I only get
> one.
> 
> root at fspa:~# dig fspa.tte.local
> 
> ; <<>> DiG 9.8.1-P1 <<>> fspa.tte.local
> ;; global options: +cmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 36036
> ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 0, ADDITIONAL: 0
> 
> ;; QUESTION SECTION:
> ;fspa.tte.local.                        IN      A
> 
> ;; ANSWER SECTION:
> fspa.tte.local.         900     IN      A       192.168.0.3
> fspa.tte.local.         900     IN      A       10.0.0.116
> fspa.tte.local.         900     IN      A       192.168.1.2
> 
> 
> Only the 192.168.0.3 is valid...
> 
> I tried
> samba-tool dns delete fspa tte.local fspa.tte.local A 10.0.0.116
> 
> But it just times out.
> 
> root at fspa:~# samba-tool dns delete fspa tte.local fspa.tte.local A
> 10.0.0.116
> GENSEC backend 'gssapi_spnego' registered
> GENSEC backend 'gssapi_krb5' registered
> GENSEC backend 'gssapi_krb5_sasl' registered
> GENSEC backend 'schannel' registered
> GENSEC backend 'spnego' registered
> GENSEC backend 'ntlmssp' registered
> GENSEC backend 'krb5' registered
> GENSEC backend 'fake_gssapi_krb5' registered
> Using binding ncacn_ip_tcp:fspa[,sign]
> Cannot reach a KDC we require in order to obtain a ticetk to
> host/FSPA at TTE.LOCAL:  Miscellaneous failure (see text                  ):
> unable to reach any KDC in realm TTE.LOCAL
> SPNEGO(gssapi_krb5) creating NEG_TOKEN_INIT failed:
> NT_STATUS_NO_LOGON_SERVERS
> ERROR(runtime): uncaught exception - (-1073741643, 'NT_STATUS_IO_TIMEOUT')
>   File
> "/usr/local/samba/lib/python2.7/site-packages/samba/netcmd/__init__.py",
> line 175, in _run
>     return self.run(*args, **kwargs)
>   File "/usr/local/samba/lib/python2.7/site-packages/samba/netcmd/dns.py",
> line 1169, in run
>     dns_conn = dns_connect(server, self.lp, self.creds)
>   File "/usr/local/samba/lib/python2.7/site-packages/samba/netcmd/dns.py",
> line 37, in dns_connect
>     dns_conn = dnsserver.dnsserver(binding_str, lp, creds)
> 
> 
> 
> 
> 
> On Mon, Mar 17, 2014 at 11:07 AM, Jason Waters <jwaters at h2os.com> wrote:
> 
> > I am using the internal one.  It seemed to work fine with 4.0.1, not sure
> > why it doesn't like 4.1.6.  I guess after house I can figure out how to
> > switch it over.  Do I need to compile bind?  I'm using Ubuntu 12.04 LTS.
> >  Thanks
> >
> > Jason
> >
> >
> > On Mon, Mar 17, 2014 at 11:01 AM, Damien Dye <damien.dye at sondrel.com>wrote:
> >
> >> you using the internal samba DNS or bind via DLZ?
> >>
> >> if internal try switching to using bind with DLZ in my case it works much
> >> better as the samba internal one doesn't cache so has high latency
> >>
> >> --
> >>
> >> Damien Dye
> >>  IT Manager
> >>  *Sondrel Ltd*
> >>  Sondrel House, Theale Lakes Business Park
> >> Moulden Way, Sulhamstead, Berkshire, RG7 4GB, UK
> >>
> >> Tel: +44(0)118 9838 550
> >> www.sondrel.com
> >>
> >>  [image: Sondrel] <http://www.sondrel.com/>
> >>
> >> This e-mail and any attachments may be confidential or legally
> >> privileged. If you are not the intended recipient, you should destroy the
> >> e-mail message and any attachments, and inform us of the erroneous delivery
> >> by return e-mail. You are prohibited from retaining, distributing,
> >> disclosing or using any information contained herein. Internet
> >> communications cannot be guaranteed to be timely, secure, error or
> >> virus-free. Sondrel Ltd and the sender do not accept liability for any
> >> errors or omissions, nor do we accept liability for the content of this
> >> email, or for the consequences of any actions taken on the basis of the
> >> information provided, unless that information is consequently confirmed in
> >> writing under the personal signature of a duly authorised officer of
> >> Sondrel Ltd.
> >>
> >> This email is sent on behalf of Sondrel Ltd registered in England with
> >> number 4491953, registered office Sondrel House, Theale Lakes Business
> >> Park, Moulden Way, Sulhamstead, Berkshire, RG7 4GB, UK.
> >>
> >>
> >> On 17 March 2014 14:56, Jason Waters <jwaters at h2os.com> wrote:
> >>
> >>>  I added a realms section to my krb5.conf file and now I can at least run
> >>> the kinit command.  But the samba-tool dns query fspa tte.local @ ALL
> >>> command returns a bunch of entries now.  But takes forever.  Something is
> >>> up with the DNS being very very slow.  Any thoughts of where to look?
> >>>
> >>>
> >>>
> >>>
> >>> On Mon, Mar 17, 2014 at 8:35 AM, Jason Waters <jwaters at h2os.com> wrote:
> >>>
> >>> > When I put the right information, this is the error I get
> >>> >
> >>> > ERROR(runtime): uncaught exception - (-1073741643,
> >>> 'NT_STATUS_IO_TIMEOUT')
> >>> >   File
> >>> >
> >>> "/usr/local/samba/lib/python2.7/site-packages/samba/netcmd/__init__.py",
> >>> > line 175, in _run
> >>> >     return self.run(*args, **kwargs)
> >>> >   File
> >>> "/usr/local/samba/lib/python2.7/site-packages/samba/netcmd/dns.py",
> >>> > line 984, in run
> >>> >     dns_conn = dns_connect(server, self.lp, self.creds)
> >>> >   File
> >>> "/usr/local/samba/lib/python2.7/site-packages/samba/netcmd/dns.py",
> >>> > line 37, in dns_connect
> >>> >     dns_conn = dnsserver.dnsserver(binding_str, lp, creds)
> >>> >
> >>> >
> >>> >
> >>> > On Mon, Mar 17, 2014 at 8:25 AM, Jason Waters <jwaters at h2os.com>
> >>> wrote:
> >>> >
> >>> >> I see why I got that error.  I needed to put the server and the
> >>> domain.
> >>> >>  my bad!  Still acting slow though.
> >>> >>
> >>> >>
> >>> >> On Mon, Mar 17, 2014 at 8:14 AM, Jason Waters <jwaters at h2os.com>
> >>> wrote:
> >>> >>
> >>> >>> root at fspa:~# kinit administrator
> >>> >>> kinit: Cannot contact any KDC for realm 'ABC.LOCAL' while getting
> >>> >>> initial credentials
> >>> >>> root at fspa:~# samba-tool dns query SERVER DOMAIN @ ALL
> >>> >>> ERROR(runtime): uncaught exception - (-1073741772,
> >>> >>> 'NT_STATUS_OBJECT_NAME_NOT_FOUND')
> >>> >>>   File
> >>> >>>
> >>> "/usr/local/samba/lib/python2.7/site-packages/samba/netcmd/__init__.py",
> >>> >>> line 175, in _run
> >>> >>>     return self.run(*args, **kwargs)
> >>> >>>   File
> >>> >>> "/usr/local/samba/lib/python2.7/site-packages/samba/netcmd/dns.py",
> >>> line
> >>> >>> 984, in run
> >>> >>>     dns_conn = dns_connect(server, self.lp, self.creds)
> >>> >>>   File
> >>> >>> "/usr/local/samba/lib/python2.7/site-packages/samba/netcmd/dns.py",
> >>> line
> >>> >>> 37, in dns_connect
> >>> >>>     dns_conn = dnsserver.dnsserver(binding_str, lp, creds)
> >>> >>>
> >>> >>>
> >>> >>>
> >>> >>> On Mon, Mar 17, 2014 at 8:12 AM, Jason Waters <jwaters at h2os.com>
> >>> wrote:
> >>> >>>
> >>> >>>> I seem to be having a DNS issue.  The DNS server is really really
> >>> slow
> >>> >>>> when I use samba.  Any ideas?
> >>> >>>>
> >>> >>>> Jason
> >>> >>>>
> >>> >>>> root at fspa:~# ping google.com
> >>> >>>> PING google.com (204.186.215.54) 56(84) bytes of data.
> >>> >>>> 64 bytes from 204.186.215.54: icmp_req=1 ttl=61 time=13.7 ms
> >>> >>>> 64 bytes from 204.186.215.54: icmp_req=2 ttl=61 time=11.1 ms
> >>> >>>> 64 bytes from 204.186.215.54: icmp_req=3 ttl=61 time=10.9 ms
> >>> >>>> 64 bytes from 204.186.215.54: icmp_req=4 ttl=61 time=13.8 ms
> >>> >>>> ^C64 bytes from 204.186.215.54: icmp_req=5 ttl=61 time=13.1 ms
> >>> >>>>
> >>> >>>> --- google.com ping statistics ---
> >>> >>>> 5 packets transmitted, 5 received, 0% packet loss, time 20179ms
> >>> >>>> rtt min/avg/max/mdev = 10.907/12.562/13.896/1.284 ms
> >>> >>>>
> >>> >>>>
> >>> >>>> See the 20179ms???
> >>> >>>>

Hi
What do you have in:
/etc/krb5.conf

Steve

More information about the samba mailing list