[Samba] Ubuntu client ddns failure
steve
steve at steve-ss.com
Tue May 20 09:46:12 MDT 2014
On 20/05/14 17:21, Rowland Penny wrote:
> On 20/05/14 16:03, steve wrote:
>> On 20/05/14 16:50, L.P.H. van Belle wrote:
>>> ok post.
>>>
>>> cat /etc/network/interfaces
>> auto lo
>> iface lo inet loopback
>>
>>> cat /etc/resolv.conf
>> nameserver 192.168.1.16
>> nameserver 127.0.1.1
>> search hh3.site dragonet.es
>>
>>> cat /etc/nsswitch.conf
>> passwd: compat sss
>> group: compat sss
>> shadow: compat
>>
>> #hosts: files dns mdns4_minimal [NOTFOUND=return] dns mdns4
>> hosts: files dns
>> networks: files
>>
>> protocols: db files
>> services: db files
>> ethers: db files
>> rpc: db files
>> automount: sss
>> netgroup: nis sss
>> sudoers: files sss
>>
>>
>>> cat /etc/krb5.conf
>> [libdefaults]
>> default_realm = HH3.SITE
>> dns_lookup_realm = false
>> dns_lookup_kdc = true
>>
>>
>>> cat /etc/dhcp/dhclient.conf
>> option rfc3442-classless-static-routes code 121 = array of unsigned
>> integer 8;
>> send host-name = gethostname();
>> request subnet-mask, broadcast-address, time-offset, routers,
>> domain-name, domain-name-servers, domain-search, host-name,
>> dhcp6.name-servers, dhcp6.domain-search,
>> netbios-name-servers, netbios-scope, interface-mtu,
>> rfc3442-classless-static-routes, ntp-servers,
>> dhcp6.fqdn, dhcp6.sntp-servers;
>>
>>>
>>> dpkg -l | egrep "avahi|resolv|bind"
>> ii avahi-daemon 0.6.31-4ubuntu1 i386 Avahi
>> mDNS/DNS-SD daemon
>> ii bind9-host 1:9.9.5.dfsg-3 i386 Version
>> of 'host' bundled with BIND 9.X
>> ii gir1.2-gtk-3.0 3.10.8-0ubuntu1 i386 GTK+
>> graphical user interface library -- gir bindings
>> ii gir1.2-pango-1.0 1.36.3-1ubuntu1 i386 Layout
>> and rendering of internationalized text - gir bindings
>> ii libapparmor-perl 2.8.95~2430-0ubuntu5
>> i386 AppArmor library Perl bindings
>> ii libavahi-client3:i386 0.6.31-4ubuntu1 i386 Avahi
>> client library
>> ii libavahi-common-data:i386 0.6.31-4ubuntu1 i386 Avahi
>> common data files
>> ii libavahi-common3:i386 0.6.31-4ubuntu1 i386 Avahi
>> common library
>> ii libavahi-core7:i386 0.6.31-4ubuntu1 i386 Avahi's
>> embeddable mDNS/DNS-SD library
>> ii libavahi-glib1:i386 0.6.31-4ubuntu1 i386 Avahi
>> GLib integration library
>> ii libbind9-90 1:9.9.5.dfsg-3 i386 BIND9
>> Shared Library used by BIND
>> ii libc-ares2:i386 1.10.0-2 i386 asynchronous
>> name resolver
>> ii libgeoip1:i386 1.6.0-1 i386 non-DNS
>> IP-to-country resolver library
>> ii libgmpxx4ldbl:i386 2:5.1.3+dfsg-1ubuntu1
>> i386 Multiprecision arithmetic library (C++ bindings)
>> ii libindicator3-7 12.10.2+14.04.20140402-0ubuntu1 i386 panel
>> indicator applet - shared library
>> ii libindicator7 12.10.2+14.04.20140402-0ubuntu1 i386 panel
>> indicator applet - shared library
>> ii libnet-dbus-perl 1.0.0-2build1 i386 Perl
>> extension for the DBus bindings
>> ii libunity-protocol-private0:i386 7.1.4+14.04.20140210-0ubuntu1
>> i386 binding to get places into the launcher - private
>> library
>> ii libunity-scopes-json-def-desktop 7.1.4+14.04.20140210-0ubuntu1
>> all binding to get places into the launcher - desktop
>> def file
>> ii libunity9:i386 7.1.4+14.04.20140210-0ubuntu1 i386 binding to
>> get places into the launcher - shared library
>> ii libwbclient0:i386 2:4.1.6+dfsg-1ubuntu2.14.04.1 i386 Samba
>> winbind client library
>> ii python-cairo 1.8.8-1ubuntu5 i386 Python
>> bindings for the Cairo vector graphics library
>> ii python-cups 1.9.66-0ubuntu2 i386 Python
>> bindings for CUPS
>> ii python-gi 3.12.0-1 i386 Python
>> 2.x bindings for gobject-introspection libraries
>> ii python-gnomekeyring 2.32.0+dfsg-3 i386 Python
>> bindings for the GNOME keyring library
>> ii python-gobject 3.12.0-1 all Python
>> 2.x bindings for GObject - transitional package
>> ii python-gobject-2 2.28.6-12build1 i386
>> deprecated static Python bindings for the GObject library
>> ii python-gtk2 2.24.0-3ubuntu3 i386 Python
>> bindings for the GTK+ widget set
>> ii python-gudev 147.2-3 i386 Python
>> bindings for gudev
>> ii python-ldb 1:1.1.16-1 i386 Python
>> bindings for LDB
>> ii python-libxml2 2.9.1+dfsg1-3ubuntu4.1
>> i386 Python bindings for the GNOME XML library
>> ii python-notify 0.1.1-3ubuntu2 i386 Python
>> bindings for libnotify
>> ii python-ntdb 1.0-2ubuntu1 i386 Python
>> bindings for NTDB
>> ii python-pycurl 7.19.3-0ubuntu3 i386 Python
>> bindings to libcurl
>> ii python-samba 2:4.1.6+dfsg-1ubuntu2.14.04.1 i386 Python
>> bindings for Samba
>> ii python-smbc 1.0.14.1-0ubuntu2
>> i386 Python bindings for Samba clients (libsmbclient)
>> ii python-talloc 2.1.0-1 i386 hierarchical
>> pool based memory allocator - Python bindings
>> ii python-tdb 1.2.12-1 i386 Python
>> bindings for TDB
>> ii python-xklavier 0.4-4 i386 Python
>> binding for libxklavier, an X Keyboard Extension API
>> ii python3-commandnotfound 0.3ubuntu12 all Python 3
>> bindings for command-not-found.
>> ii python3-gi 3.12.0-1 i386 Python
>> 3 bindings for gobject-introspection libraries
>> ii python3-pycurl 7.19.3-0ubuntu3 i386 Python 3
>> bindings to libcurl
>> ii resolvconf 1.69ubuntu1 all name
>> server information handler
>> ii rpcbind 0.2.1-2ubuntu1 i386 converts
>> RPC program numbers into universal addresses
>>
>> TIA, but be gentle. We're not very debianified down here;)
>>
>>
>>>
>>>
>>>
>>>> -----Oorspronkelijk bericht-----
>>>> Van: steve at steve-ss.com [mailto:samba-bounces at lists.samba.org]
>>>> Namens steve
>>>> Verzonden: dinsdag 20 mei 2014 16:49
>>>> Aan: samba at lists.samba.org
>>>> Onderwerp: Re: [Samba] Ubuntu client ddns failure
>>>>
>>>> On 20/05/14 16:28, Rowland Penny wrote:
>>>>> On 20/05/14 15:10, steve wrote:
>>>>>> On 20/05/14 15:35, Rowland Penny wrote:
>>>>>>> 127.0.0.1 localhost
>>>>>>> 127.0.1.1 lubuntu-laptop.hh3.site lubuntu-laptop
>>>>>>
>>>>>> 'Fraid not. Now it's looking for 'LOCAL':
>>>>>>
>>>>>> Kerberos: ENC-TS Pre-authentication succeeded --
>>>>>> LUBUNTU-LAPTOP$@HH3.SITE using arcfour-hmac-md5
>>>>>> Kerberos: AS-REQ authtime: 2014-05-20T16:06:34 starttime: unset
>>>>>> endtime: 2014-05-21T02:06:34 renew till: 2014-05-21T16:06:34
>>>>>> Kerberos: Client supported enctypes: aes256-cts-hmac-sha1-96,
>>>>>> aes128-cts-hmac-sha1-96, arcfour-hmac-md5, des3-cbc-sha1, 25, 26,
>>>>>> using arcfour-hmac-md5/arcfour-hmac-md5
>>>>>> Kerberos: Requested flags: renewable-ok
>>>>>> Kerberos: TGS-REQ LUBUNTU-LAPTOP$@HH3.SITE from
>>>>>> ipv4:192.168.1.22:58376 for ldap/hh16.local at HH3.SITE [canonicalize,
>>>>>> renewable]
>>>>>> Kerberos: Searching referral for hh16.local
>>>>>> Kerberos: Returning a referral to realm LOCAL for server
>>>>>> ldap/hh16.local at HH3.SITE that was not found
>>>>>> Failed find a single entry for
>>>>>>
>>>> (&(objectClass=trustedDomain)(|(flatname=LOCAL)(trustPartner=LOCAL))):
>>>>>> got 0
>>>>>> Kerberos: samba_kdc_fetch: could not find principal in DB
>>>>>>
>>>>>> and sssd just gives up:
>>>>>> (Tue May 20 16:09:14 2014) [sssd[be[hh3.site]]] [sasl_bind_send]
>>>>>> (0x0080): Extended failure message: [SASL(-1): generic
>>>> failure: GSSAPI
>>>>>> Error: Unspecified GSS failure. Minor code may provide more
>>>>>> information (Server not found in Kerberos database)]
>>>>>> (Tue May 20 16:09:14 2014) [sssd[be[hh3.site]]] [be_run_offline_cb]
>>>>>> (0x0080): Going offline. Running callbacks.
>>>>>> (Tue May 20 16:09:14 2014) [sssd[be[hh3.site]]]
>>>>>> [ad_subdomains_get_conn_done] (0x0080): No AD server is available,
>>>>>> cannot get the subdomain list while offline
>>>>>>
>>>>>>
>>>>> OK, so where does 'LOCAL' come from ??
>>>>>
>>>>> Try this on the client:
>>>>>
>>>>> nano /etc/nsswitch.conf
>>>>>
>>>>> Change:
>>>>>
>>>>> hosts: files mdns4_minimal [NOTFOUND=return] dns mdns4
>>>>>
>>>>> To:
>>>>>
>>>>> hosts: files dns
>>>>>
>>>>> See if that cures your problems.
>>>>>
>>>>> Rowland
>>>>>
>>>> No:( It's insisting on the a.root.servers
>>>>
>>>> --
>>>> To unsubscribe from this list go to the following URL and read the
>>>> instructions: https://lists.samba.org/mailman/options/samba
>>>>
>>>>
>>>
>>
> OK, the only difference that I can see between your laptops settings and
> mine is /etc/resolv.conf. As I said mine is written by the resolvconf
> package and only has this in it:
>
> # Dynamic resolv.conf(5) file for glibc resolver(3) generated by
> resolvconf(8)
> # DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE OVERWRITTEN
> nameserver 192.168.0.5
> search example.com
>
> 192.168.0.5 is the DC that samba4, Bind9 & DHCP are running on
> example.com is the samba4 domain name
>
> Could you try setting your resolv.conf to be similar to this, one
> nameserver and one search domain.
>
> Rowland
>
Yep. Still looks out to root.servers:(
Narrowing it down a bit:
dig lubuntu-laptop:
looks out to root.servers
dig lubuntu-laptop.hh3.site
resolves correctly to named on the DC
fqdn works, short hostname, nada.
Give up?
Cheers,
Steve
More information about the samba
mailing list