[Samba] Ubuntu client ddns failure

steve steve at steve-ss.com
Tue May 20 09:46:12 MDT 2014 

On 20/05/14 17:21, Rowland Penny wrote:
> On 20/05/14 16:03, steve wrote:
>> On 20/05/14 16:50, L.P.H. van Belle wrote:
>>> ok post.
>>>
>>> cat /etc/network/interfaces
>> auto lo
>> iface lo inet loopback
>>
>>> cat /etc/resolv.conf
>> nameserver 192.168.1.16
>> nameserver 127.0.1.1
>> search hh3.site dragonet.es
>>
>>> cat /etc/nsswitch.conf
>> passwd:         compat sss
>> group:          compat sss
>> shadow:         compat
>>
>> #hosts:          files dns mdns4_minimal [NOTFOUND=return] dns mdns4
>> hosts:          files dns
>> networks:       files
>>
>> protocols:      db files
>> services:       db files
>> ethers:         db files
>> rpc:            db files
>> automount:    sss
>> netgroup:       nis sss
>> sudoers:        files sss
>>
>>
>>> cat /etc/krb5.conf
>> [libdefaults]
>>         default_realm = HH3.SITE
>>         dns_lookup_realm = false
>>         dns_lookup_kdc = true
>>
>>
>>> cat /etc/dhcp/dhclient.conf
>> option rfc3442-classless-static-routes code 121 = array of unsigned
>> integer 8;
>> send host-name = gethostname();
>> request subnet-mask, broadcast-address, time-offset, routers,
>>     domain-name, domain-name-servers, domain-search, host-name,
>>     dhcp6.name-servers, dhcp6.domain-search,
>>     netbios-name-servers, netbios-scope, interface-mtu,
>>     rfc3442-classless-static-routes, ntp-servers,
>>     dhcp6.fqdn, dhcp6.sntp-servers;
>>
>>>
>>> dpkg -l | egrep "avahi|resolv|bind"
>> ii  avahi-daemon                         0.6.31-4ubuntu1 i386 Avahi
>> mDNS/DNS-SD daemon
>> ii  bind9-host                           1:9.9.5.dfsg-3 i386 Version
>> of 'host' bundled with BIND 9.X
>> ii  gir1.2-gtk-3.0                       3.10.8-0ubuntu1 i386 GTK+
>> graphical user interface library -- gir bindings
>> ii  gir1.2-pango-1.0                     1.36.3-1ubuntu1 i386 Layout
>> and rendering of internationalized text - gir bindings
>> ii  libapparmor-perl                     2.8.95~2430-0ubuntu5
>> i386         AppArmor library Perl bindings
>> ii  libavahi-client3:i386                0.6.31-4ubuntu1 i386 Avahi
>> client library
>> ii  libavahi-common-data:i386            0.6.31-4ubuntu1 i386 Avahi
>> common data files
>> ii  libavahi-common3:i386                0.6.31-4ubuntu1 i386 Avahi
>> common library
>> ii  libavahi-core7:i386                  0.6.31-4ubuntu1 i386 Avahi's
>> embeddable mDNS/DNS-SD library
>> ii  libavahi-glib1:i386                  0.6.31-4ubuntu1 i386 Avahi
>> GLib integration library
>> ii  libbind9-90                          1:9.9.5.dfsg-3 i386 BIND9
>> Shared Library used by BIND
>> ii  libc-ares2:i386                      1.10.0-2 i386 asynchronous
>> name resolver
>> ii  libgeoip1:i386                       1.6.0-1 i386         non-DNS
>> IP-to-country resolver library
>> ii  libgmpxx4ldbl:i386                   2:5.1.3+dfsg-1ubuntu1
>> i386         Multiprecision arithmetic library (C++ bindings)
>> ii  libindicator3-7 12.10.2+14.04.20140402-0ubuntu1      i386 panel
>> indicator applet - shared library
>> ii  libindicator7 12.10.2+14.04.20140402-0ubuntu1      i386 panel
>> indicator applet - shared library
>> ii  libnet-dbus-perl                     1.0.0-2build1 i386 Perl
>> extension for the DBus bindings
>> ii  libunity-protocol-private0:i386 7.1.4+14.04.20140210-0ubuntu1
>>       i386         binding to get places into the launcher - private
>> library
>> ii  libunity-scopes-json-def-desktop 7.1.4+14.04.20140210-0ubuntu1
>>       all          binding to get places into the launcher - desktop
>> def file
>> ii  libunity9:i386 7.1.4+14.04.20140210-0ubuntu1       i386 binding to
>> get places into the launcher - shared library
>> ii  libwbclient0:i386 2:4.1.6+dfsg-1ubuntu2.14.04.1       i386 Samba
>> winbind client library
>> ii  python-cairo                         1.8.8-1ubuntu5 i386 Python
>> bindings for the Cairo vector graphics library
>> ii  python-cups                          1.9.66-0ubuntu2 i386 Python
>> bindings for CUPS
>> ii  python-gi                            3.12.0-1 i386         Python
>> 2.x bindings for gobject-introspection libraries
>> ii  python-gnomekeyring                  2.32.0+dfsg-3 i386 Python
>> bindings for the GNOME keyring library
>> ii  python-gobject                       3.12.0-1 all          Python
>> 2.x bindings for GObject - transitional package
>> ii  python-gobject-2                     2.28.6-12build1 i386
>> deprecated static Python bindings for the GObject library
>> ii  python-gtk2                          2.24.0-3ubuntu3 i386 Python
>> bindings for the GTK+ widget set
>> ii  python-gudev                         147.2-3 i386         Python
>> bindings for gudev
>> ii  python-ldb                           1:1.1.16-1 i386 Python
>> bindings for LDB
>> ii  python-libxml2                       2.9.1+dfsg1-3ubuntu4.1
>> i386         Python bindings for the GNOME XML library
>> ii  python-notify                        0.1.1-3ubuntu2 i386 Python
>> bindings for libnotify
>> ii  python-ntdb                          1.0-2ubuntu1 i386 Python
>> bindings for NTDB
>> ii  python-pycurl                        7.19.3-0ubuntu3 i386 Python
>> bindings to libcurl
>> ii  python-samba 2:4.1.6+dfsg-1ubuntu2.14.04.1       i386 Python
>> bindings for Samba
>> ii  python-smbc                          1.0.14.1-0ubuntu2
>> i386         Python bindings for Samba clients (libsmbclient)
>> ii  python-talloc                        2.1.0-1 i386 hierarchical
>> pool based memory allocator - Python bindings
>> ii  python-tdb                           1.2.12-1 i386         Python
>> bindings for TDB
>> ii  python-xklavier                      0.4-4       i386 Python
>> binding for libxklavier, an X Keyboard Extension API
>> ii  python3-commandnotfound              0.3ubuntu12 all Python 3
>> bindings for command-not-found.
>> ii  python3-gi                           3.12.0-1 i386         Python
>> 3 bindings for gobject-introspection libraries
>> ii  python3-pycurl                       7.19.3-0ubuntu3 i386 Python 3
>> bindings to libcurl
>> ii  resolvconf                           1.69ubuntu1 all          name
>> server information handler
>> ii  rpcbind                              0.2.1-2ubuntu1 i386 converts
>> RPC program numbers into universal addresses
>>
>> TIA, but be gentle. We're not very debianified down here;)
>>
>>
>>>
>>>
>>>
>>>> -----Oorspronkelijk bericht-----
>>>> Van: steve at steve-ss.com [mailto:samba-bounces at lists.samba.org]
>>>> Namens steve
>>>> Verzonden: dinsdag 20 mei 2014 16:49
>>>> Aan: samba at lists.samba.org
>>>> Onderwerp: Re: [Samba] Ubuntu client ddns failure
>>>>
>>>> On 20/05/14 16:28, Rowland Penny wrote:
>>>>> On 20/05/14 15:10, steve wrote:
>>>>>> On 20/05/14 15:35, Rowland Penny wrote:
>>>>>>> 127.0.0.1    localhost
>>>>>>> 127.0.1.1    lubuntu-laptop.hh3.site    lubuntu-laptop
>>>>>>
>>>>>> 'Fraid not. Now it's looking for 'LOCAL':
>>>>>>
>>>>>> Kerberos: ENC-TS Pre-authentication succeeded --
>>>>>> LUBUNTU-LAPTOP$@HH3.SITE using arcfour-hmac-md5
>>>>>> Kerberos: AS-REQ authtime: 2014-05-20T16:06:34 starttime: unset
>>>>>> endtime: 2014-05-21T02:06:34 renew till: 2014-05-21T16:06:34
>>>>>> Kerberos: Client supported enctypes: aes256-cts-hmac-sha1-96,
>>>>>> aes128-cts-hmac-sha1-96, arcfour-hmac-md5, des3-cbc-sha1, 25, 26,
>>>>>> using arcfour-hmac-md5/arcfour-hmac-md5
>>>>>> Kerberos: Requested flags: renewable-ok
>>>>>> Kerberos: TGS-REQ LUBUNTU-LAPTOP$@HH3.SITE from
>>>>>> ipv4:192.168.1.22:58376 for ldap/hh16.local at HH3.SITE [canonicalize,
>>>>>> renewable]
>>>>>> Kerberos: Searching referral for hh16.local
>>>>>> Kerberos: Returning a referral to realm LOCAL for server
>>>>>> ldap/hh16.local at HH3.SITE that was not found
>>>>>> Failed find a single entry for
>>>>>>
>>>> (&(objectClass=trustedDomain)(|(flatname=LOCAL)(trustPartner=LOCAL))):
>>>>>> got 0
>>>>>> Kerberos: samba_kdc_fetch: could not find principal in DB
>>>>>>
>>>>>> and sssd just gives up:
>>>>>> (Tue May 20 16:09:14 2014) [sssd[be[hh3.site]]] [sasl_bind_send]
>>>>>> (0x0080): Extended failure message: [SASL(-1): generic
>>>> failure: GSSAPI
>>>>>> Error: Unspecified GSS failure. Minor code may provide more
>>>>>> information (Server not found in Kerberos database)]
>>>>>> (Tue May 20 16:09:14 2014) [sssd[be[hh3.site]]] [be_run_offline_cb]
>>>>>> (0x0080): Going offline. Running callbacks.
>>>>>> (Tue May 20 16:09:14 2014) [sssd[be[hh3.site]]]
>>>>>> [ad_subdomains_get_conn_done] (0x0080): No AD server is available,
>>>>>> cannot get the subdomain list while offline
>>>>>>
>>>>>>
>>>>> OK, so where does 'LOCAL' come from ??
>>>>>
>>>>> Try this on the client:
>>>>>
>>>>> nano /etc/nsswitch.conf
>>>>>
>>>>> Change:
>>>>>
>>>>> hosts:          files mdns4_minimal [NOTFOUND=return] dns mdns4
>>>>>
>>>>> To:
>>>>>
>>>>> hosts:          files dns
>>>>>
>>>>> See if that cures your problems.
>>>>>
>>>>> Rowland
>>>>>
>>>> No:( It's insisting on the a.root.servers
>>>>
>>>> --
>>>> To unsubscribe from this list go to the following URL and read the
>>>> instructions:  https://lists.samba.org/mailman/options/samba
>>>>
>>>>
>>>
>>
> OK, the only difference that I can see between your laptops settings and
> mine is /etc/resolv.conf. As I said mine is written by the resolvconf
> package and only has this in it:
>
> # Dynamic resolv.conf(5) file for glibc resolver(3) generated by
> resolvconf(8)
> #     DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE OVERWRITTEN
> nameserver 192.168.0.5
> search example.com
>
> 192.168.0.5 is the DC that samba4, Bind9 & DHCP are running on
> example.com is the samba4 domain name
>
> Could you try setting your resolv.conf to be similar to this, one
> nameserver and one search domain.
>
> Rowland
>
Yep. Still looks out to root.servers:(

Narrowing it down a bit:
dig lubuntu-laptop:
looks out to root.servers

dig lubuntu-laptop.hh3.site
resolves correctly to named on the DC

fqdn works, short hostname, nada.

Give up?
Cheers,
Steve

More information about the samba mailing list