[Samba] Upgrading from Samba 4.0.1 to 4.1.6

Jason Waters jwaters at h2os.com
Mon Mar 17 10:03:27 MDT 2014 

[libdefaults]
        default_realm = TTE.LOCAL
        dns_lookup_realm = true
        dns_lookup_kdc = true

[realms]
TTE.LOCAL = {
        kdc = fspa.tte.local
        kdc = fsin.tte.local
        admin_server = fspa.tte.local
}



On Mon, Mar 17, 2014 at 11:57 AM, steve <steve at steve-ss.com> wrote:

> On Mon, 2014-03-17 at 11:23 -0400, Jason Waters wrote:
> > I'm thinking I see a problem.  On this server when I do a dig I get 3 A
> > records back.  The other server, where the DNS is working fine, I only
> get
> > one.
> >
> > root at fspa:~# dig fspa.tte.local
> >
> > ; <<>> DiG 9.8.1-P1 <<>> fspa.tte.local
> > ;; global options: +cmd
> > ;; Got answer:
> > ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 36036
> > ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 0, ADDITIONAL: 0
> >
> > ;; QUESTION SECTION:
> > ;fspa.tte.local.                        IN      A
> >
> > ;; ANSWER SECTION:
> > fspa.tte.local.         900     IN      A       192.168.0.3
> > fspa.tte.local.         900     IN      A       10.0.0.116
> > fspa.tte.local.         900     IN      A       192.168.1.2
> >
> >
> > Only the 192.168.0.3 is valid...
> >
> > I tried
> > samba-tool dns delete fspa tte.local fspa.tte.local A 10.0.0.116
> >
> > But it just times out.
> >
> > root at fspa:~# samba-tool dns delete fspa tte.local fspa.tte.local A
> > 10.0.0.116
> > GENSEC backend 'gssapi_spnego' registered
> > GENSEC backend 'gssapi_krb5' registered
> > GENSEC backend 'gssapi_krb5_sasl' registered
> > GENSEC backend 'schannel' registered
> > GENSEC backend 'spnego' registered
> > GENSEC backend 'ntlmssp' registered
> > GENSEC backend 'krb5' registered
> > GENSEC backend 'fake_gssapi_krb5' registered
> > Using binding ncacn_ip_tcp:fspa[,sign]
> > Cannot reach a KDC we require in order to obtain a ticetk to
> > host/FSPA at TTE.LOCAL:  Miscellaneous failure (see text
>  ):
> > unable to reach any KDC in realm TTE.LOCAL
> > SPNEGO(gssapi_krb5) creating NEG_TOKEN_INIT failed:
> > NT_STATUS_NO_LOGON_SERVERS
> > ERROR(runtime): uncaught exception - (-1073741643,
> 'NT_STATUS_IO_TIMEOUT')
> >   File
> > "/usr/local/samba/lib/python2.7/site-packages/samba/netcmd/__init__.py",
> > line 175, in _run
> >     return self.run(*args, **kwargs)
> >   File
> "/usr/local/samba/lib/python2.7/site-packages/samba/netcmd/dns.py",
> > line 1169, in run
> >     dns_conn = dns_connect(server, self.lp, self.creds)
> >   File
> "/usr/local/samba/lib/python2.7/site-packages/samba/netcmd/dns.py",
> > line 37, in dns_connect
> >     dns_conn = dnsserver.dnsserver(binding_str, lp, creds)
> >
> >
> >
> >
> >
> > On Mon, Mar 17, 2014 at 11:07 AM, Jason Waters <jwaters at h2os.com> wrote:
> >
> > > I am using the internal one.  It seemed to work fine with 4.0.1, not
> sure
> > > why it doesn't like 4.1.6.  I guess after house I can figure out how to
> > > switch it over.  Do I need to compile bind?  I'm using Ubuntu 12.04
> LTS.
> > >  Thanks
> > >
> > > Jason
> > >
> > >
> > > On Mon, Mar 17, 2014 at 11:01 AM, Damien Dye <damien.dye at sondrel.com
> >wrote:
> > >
> > >> you using the internal samba DNS or bind via DLZ?
> > >>
> > >> if internal try switching to using bind with DLZ in my case it works
> much
> > >> better as the samba internal one doesn't cache so has high latency
> > >>
> > >> --
> > >>
> > >> Damien Dye
> > >>  IT Manager
> > >>  *Sondrel Ltd*
> > >>  Sondrel House, Theale Lakes Business Park
> > >> Moulden Way, Sulhamstead, Berkshire, RG7 4GB, UK
> > >>
> > >> Tel: +44(0)118 9838 550
> > >> www.sondrel.com
> > >>
> > >>  [image: Sondrel] <http://www.sondrel.com/>
> > >>
> > >> This e-mail and any attachments may be confidential or legally
> > >> privileged. If you are not the intended recipient, you should destroy
> the
> > >> e-mail message and any attachments, and inform us of the erroneous
> delivery
> > >> by return e-mail. You are prohibited from retaining, distributing,
> > >> disclosing or using any information contained herein. Internet
> > >> communications cannot be guaranteed to be timely, secure, error or
> > >> virus-free. Sondrel Ltd and the sender do not accept liability for any
> > >> errors or omissions, nor do we accept liability for the content of
> this
> > >> email, or for the consequences of any actions taken on the basis of
> the
> > >> information provided, unless that information is consequently
> confirmed in
> > >> writing under the personal signature of a duly authorised officer of
> > >> Sondrel Ltd.
> > >>
> > >> This email is sent on behalf of Sondrel Ltd registered in England with
> > >> number 4491953, registered office Sondrel House, Theale Lakes Business
> > >> Park, Moulden Way, Sulhamstead, Berkshire, RG7 4GB, UK.
> > >>
> > >>
> > >> On 17 March 2014 14:56, Jason Waters <jwaters at h2os.com> wrote:
> > >>
> > >>>  I added a realms section to my krb5.conf file and now I can at
> least run
> > >>> the kinit command.  But the samba-tool dns query fspa tte.local @ ALL
> > >>> command returns a bunch of entries now.  But takes forever.
>  Something is
> > >>> up with the DNS being very very slow.  Any thoughts of where to look?
> > >>>
> > >>>
> > >>>
> > >>>
> > >>> On Mon, Mar 17, 2014 at 8:35 AM, Jason Waters <jwaters at h2os.com>
> wrote:
> > >>>
> > >>> > When I put the right information, this is the error I get
> > >>> >
> > >>> > ERROR(runtime): uncaught exception - (-1073741643,
> > >>> 'NT_STATUS_IO_TIMEOUT')
> > >>> >   File
> > >>> >
> > >>>
> "/usr/local/samba/lib/python2.7/site-packages/samba/netcmd/__init__.py",
> > >>> > line 175, in _run
> > >>> >     return self.run(*args, **kwargs)
> > >>> >   File
> > >>> "/usr/local/samba/lib/python2.7/site-packages/samba/netcmd/dns.py",
> > >>> > line 984, in run
> > >>> >     dns_conn = dns_connect(server, self.lp, self.creds)
> > >>> >   File
> > >>> "/usr/local/samba/lib/python2.7/site-packages/samba/netcmd/dns.py",
> > >>> > line 37, in dns_connect
> > >>> >     dns_conn = dnsserver.dnsserver(binding_str, lp, creds)
> > >>> >
> > >>> >
> > >>> >
> > >>> > On Mon, Mar 17, 2014 at 8:25 AM, Jason Waters <jwaters at h2os.com>
> > >>> wrote:
> > >>> >
> > >>> >> I see why I got that error.  I needed to put the server and the
> > >>> domain.
> > >>> >>  my bad!  Still acting slow though.
> > >>> >>
> > >>> >>
> > >>> >> On Mon, Mar 17, 2014 at 8:14 AM, Jason Waters <jwaters at h2os.com>
> > >>> wrote:
> > >>> >>
> > >>> >>> root at fspa:~# kinit administrator
> > >>> >>> kinit: Cannot contact any KDC for realm 'ABC.LOCAL' while getting
> > >>> >>> initial credentials
> > >>> >>> root at fspa:~# samba-tool dns query SERVER DOMAIN @ ALL
> > >>> >>> ERROR(runtime): uncaught exception - (-1073741772,
> > >>> >>> 'NT_STATUS_OBJECT_NAME_NOT_FOUND')
> > >>> >>>   File
> > >>> >>>
> > >>>
> "/usr/local/samba/lib/python2.7/site-packages/samba/netcmd/__init__.py",
> > >>> >>> line 175, in _run
> > >>> >>>     return self.run(*args, **kwargs)
> > >>> >>>   File
> > >>> >>>
> "/usr/local/samba/lib/python2.7/site-packages/samba/netcmd/dns.py",
> > >>> line
> > >>> >>> 984, in run
> > >>> >>>     dns_conn = dns_connect(server, self.lp, self.creds)
> > >>> >>>   File
> > >>> >>>
> "/usr/local/samba/lib/python2.7/site-packages/samba/netcmd/dns.py",
> > >>> line
> > >>> >>> 37, in dns_connect
> > >>> >>>     dns_conn = dnsserver.dnsserver(binding_str, lp, creds)
> > >>> >>>
> > >>> >>>
> > >>> >>>
> > >>> >>> On Mon, Mar 17, 2014 at 8:12 AM, Jason Waters <jwaters at h2os.com>
> > >>> wrote:
> > >>> >>>
> > >>> >>>> I seem to be having a DNS issue.  The DNS server is really
> really
> > >>> slow
> > >>> >>>> when I use samba.  Any ideas?
> > >>> >>>>
> > >>> >>>> Jason
> > >>> >>>>
> > >>> >>>> root at fspa:~# ping google.com
> > >>> >>>> PING google.com (204.186.215.54) 56(84) bytes of data.
> > >>> >>>> 64 bytes from 204.186.215.54: icmp_req=1 ttl=61 time=13.7 ms
> > >>> >>>> 64 bytes from 204.186.215.54: icmp_req=2 ttl=61 time=11.1 ms
> > >>> >>>> 64 bytes from 204.186.215.54: icmp_req=3 ttl=61 time=10.9 ms
> > >>> >>>> 64 bytes from 204.186.215.54: icmp_req=4 ttl=61 time=13.8 ms
> > >>> >>>> ^C64 bytes from 204.186.215.54: icmp_req=5 ttl=61 time=13.1 ms
> > >>> >>>>
> > >>> >>>> --- google.com ping statistics ---
> > >>> >>>> 5 packets transmitted, 5 received, 0% packet loss, time 20179ms
> > >>> >>>> rtt min/avg/max/mdev = 10.907/12.562/13.896/1.284 ms
> > >>> >>>>
> > >>> >>>>
> > >>> >>>> See the 20179ms???
> > >>> >>>>
>
> Hi
> What do you have in:
> /etc/krb5.conf
>
> Steve
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
>

More information about the samba mailing list