[Samba] Ubuntu client ddns failure

steve steve at steve-ss.com
Tue May 20 10:15:22 MDT 2014


On 20/05/14 17:58, Rowland Penny wrote:
> On 20/05/14 16:46, steve wrote:
>> On 20/05/14 17:21, Rowland Penny wrote:
>>> On 20/05/14 16:03, steve wrote:
>>>> On 20/05/14 16:50, L.P.H. van Belle wrote:
>>>>> ok post.
>>>>>
>>>>> cat /etc/network/interfaces
>>>> auto lo
>>>> iface lo inet loopback
>>>>
>>>>> cat /etc/resolv.conf
>>>> nameserver 192.168.1.16
>>>> nameserver 127.0.1.1
>>>> search hh3.site dragonet.es
>>>>
>>>>> cat /etc/nsswitch.conf
>>>> passwd:         compat sss
>>>> group:          compat sss
>>>> shadow:         compat
>>>>
>>>> #hosts:          files dns mdns4_minimal [NOTFOUND=return] dns mdns4
>>>> hosts:          files dns
>>>> networks:       files
>>>>
>>>> protocols:      db files
>>>> services:       db files
>>>> ethers:         db files
>>>> rpc:            db files
>>>> automount:    sss
>>>> netgroup:       nis sss
>>>> sudoers:        files sss
>>>>
>>>>
>>>>> cat /etc/krb5.conf
>>>> [libdefaults]
>>>>         default_realm = HH3.SITE
>>>>         dns_lookup_realm = false
>>>>         dns_lookup_kdc = true
>>>>
>>>>
>>>>> cat /etc/dhcp/dhclient.conf
>>>> option rfc3442-classless-static-routes code 121 = array of unsigned
>>>> integer 8;
>>>> send host-name = gethostname();
>>>> request subnet-mask, broadcast-address, time-offset, routers,
>>>>     domain-name, domain-name-servers, domain-search, host-name,
>>>>     dhcp6.name-servers, dhcp6.domain-search,
>>>>     netbios-name-servers, netbios-scope, interface-mtu,
>>>>     rfc3442-classless-static-routes, ntp-servers,
>>>>     dhcp6.fqdn, dhcp6.sntp-servers;
>>>>
>>>>>
>>>>> dpkg -l | egrep "avahi|resolv|bind"
>>>> ii  avahi-daemon                         0.6.31-4ubuntu1 i386 Avahi
>>>> mDNS/DNS-SD daemon
>>>> ii  bind9-host                           1:9.9.5.dfsg-3 i386 Version
>>>> of 'host' bundled with BIND 9.X
>>>> ii  gir1.2-gtk-3.0                       3.10.8-0ubuntu1 i386 GTK+
>>>> graphical user interface library -- gir bindings
>>>> ii  gir1.2-pango-1.0                     1.36.3-1ubuntu1 i386 Layout
>>>> and rendering of internationalized text - gir bindings
>>>> ii  libapparmor-perl                     2.8.95~2430-0ubuntu5
>>>> i386         AppArmor library Perl bindings
>>>> ii  libavahi-client3:i386                0.6.31-4ubuntu1 i386 Avahi
>>>> client library
>>>> ii  libavahi-common-data:i386            0.6.31-4ubuntu1 i386 Avahi
>>>> common data files
>>>> ii  libavahi-common3:i386                0.6.31-4ubuntu1 i386 Avahi
>>>> common library
>>>> ii  libavahi-core7:i386                  0.6.31-4ubuntu1 i386 Avahi's
>>>> embeddable mDNS/DNS-SD library
>>>> ii  libavahi-glib1:i386                  0.6.31-4ubuntu1 i386 Avahi
>>>> GLib integration library
>>>> ii  libbind9-90                          1:9.9.5.dfsg-3 i386 BIND9
>>>> Shared Library used by BIND
>>>> ii  libc-ares2:i386                      1.10.0-2 i386 asynchronous
>>>> name resolver
>>>> ii  libgeoip1:i386                       1.6.0-1 i386 non-DNS
>>>> IP-to-country resolver library
>>>> ii  libgmpxx4ldbl:i386                   2:5.1.3+dfsg-1ubuntu1
>>>> i386         Multiprecision arithmetic library (C++ bindings)
>>>> ii  libindicator3-7 12.10.2+14.04.20140402-0ubuntu1      i386 panel
>>>> indicator applet - shared library
>>>> ii  libindicator7 12.10.2+14.04.20140402-0ubuntu1      i386 panel
>>>> indicator applet - shared library
>>>> ii  libnet-dbus-perl                     1.0.0-2build1 i386 Perl
>>>> extension for the DBus bindings
>>>> ii  libunity-protocol-private0:i386 7.1.4+14.04.20140210-0ubuntu1
>>>>       i386         binding to get places into the launcher - private
>>>> library
>>>> ii  libunity-scopes-json-def-desktop 7.1.4+14.04.20140210-0ubuntu1
>>>>       all          binding to get places into the launcher - desktop
>>>> def file
>>>> ii  libunity9:i386 7.1.4+14.04.20140210-0ubuntu1       i386 binding to
>>>> get places into the launcher - shared library
>>>> ii  libwbclient0:i386 2:4.1.6+dfsg-1ubuntu2.14.04.1       i386 Samba
>>>> winbind client library
>>>> ii  python-cairo                         1.8.8-1ubuntu5 i386 Python
>>>> bindings for the Cairo vector graphics library
>>>> ii  python-cups                          1.9.66-0ubuntu2 i386 Python
>>>> bindings for CUPS
>>>> ii  python-gi                            3.12.0-1 i386 Python
>>>> 2.x bindings for gobject-introspection libraries
>>>> ii  python-gnomekeyring                  2.32.0+dfsg-3 i386 Python
>>>> bindings for the GNOME keyring library
>>>> ii  python-gobject                       3.12.0-1 all Python
>>>> 2.x bindings for GObject - transitional package
>>>> ii  python-gobject-2                     2.28.6-12build1 i386
>>>> deprecated static Python bindings for the GObject library
>>>> ii  python-gtk2                          2.24.0-3ubuntu3 i386 Python
>>>> bindings for the GTK+ widget set
>>>> ii  python-gudev                         147.2-3 i386 Python
>>>> bindings for gudev
>>>> ii  python-ldb                           1:1.1.16-1 i386 Python
>>>> bindings for LDB
>>>> ii  python-libxml2 2.9.1+dfsg1-3ubuntu4.1
>>>> i386         Python bindings for the GNOME XML library
>>>> ii  python-notify                        0.1.1-3ubuntu2 i386 Python
>>>> bindings for libnotify
>>>> ii  python-ntdb                          1.0-2ubuntu1 i386 Python
>>>> bindings for NTDB
>>>> ii  python-pycurl                        7.19.3-0ubuntu3 i386 Python
>>>> bindings to libcurl
>>>> ii  python-samba 2:4.1.6+dfsg-1ubuntu2.14.04.1       i386 Python
>>>> bindings for Samba
>>>> ii  python-smbc                          1.0.14.1-0ubuntu2
>>>> i386         Python bindings for Samba clients (libsmbclient)
>>>> ii  python-talloc                        2.1.0-1 i386 hierarchical
>>>> pool based memory allocator - Python bindings
>>>> ii  python-tdb                           1.2.12-1 i386 Python
>>>> bindings for TDB
>>>> ii  python-xklavier                      0.4-4       i386 Python
>>>> binding for libxklavier, an X Keyboard Extension API
>>>> ii  python3-commandnotfound              0.3ubuntu12 all Python 3
>>>> bindings for command-not-found.
>>>> ii  python3-gi                           3.12.0-1 i386 Python
>>>> 3 bindings for gobject-introspection libraries
>>>> ii  python3-pycurl                       7.19.3-0ubuntu3 i386 Python 3
>>>> bindings to libcurl
>>>> ii  resolvconf                           1.69ubuntu1 all          name
>>>> server information handler
>>>> ii  rpcbind                              0.2.1-2ubuntu1 i386 converts
>>>> RPC program numbers into universal addresses
>>>>
>>>> TIA, but be gentle. We're not very debianified down here;)
>>>>
>>>>
>>>>>
>>>>>
>>>>>
>>>>>> -----Oorspronkelijk bericht-----
>>>>>> Van: steve at steve-ss.com [mailto:samba-bounces at lists.samba.org]
>>>>>> Namens steve
>>>>>> Verzonden: dinsdag 20 mei 2014 16:49
>>>>>> Aan: samba at lists.samba.org
>>>>>> Onderwerp: Re: [Samba] Ubuntu client ddns failure
>>>>>>
>>>>>> On 20/05/14 16:28, Rowland Penny wrote:
>>>>>>> On 20/05/14 15:10, steve wrote:
>>>>>>>> On 20/05/14 15:35, Rowland Penny wrote:
>>>>>>>>> 127.0.0.1    localhost
>>>>>>>>> 127.0.1.1    lubuntu-laptop.hh3.site lubuntu-laptop
>>>>>>>>
>>>>>>>> 'Fraid not. Now it's looking for 'LOCAL':
>>>>>>>>
>>>>>>>> Kerberos: ENC-TS Pre-authentication succeeded --
>>>>>>>> LUBUNTU-LAPTOP$@HH3.SITE using arcfour-hmac-md5
>>>>>>>> Kerberos: AS-REQ authtime: 2014-05-20T16:06:34 starttime: unset
>>>>>>>> endtime: 2014-05-21T02:06:34 renew till: 2014-05-21T16:06:34
>>>>>>>> Kerberos: Client supported enctypes: aes256-cts-hmac-sha1-96,
>>>>>>>> aes128-cts-hmac-sha1-96, arcfour-hmac-md5, des3-cbc-sha1, 25, 26,
>>>>>>>> using arcfour-hmac-md5/arcfour-hmac-md5
>>>>>>>> Kerberos: Requested flags: renewable-ok
>>>>>>>> Kerberos: TGS-REQ LUBUNTU-LAPTOP$@HH3.SITE from
>>>>>>>> ipv4:192.168.1.22:58376 for ldap/hh16.local at HH3.SITE [canonicalize,
>>>>>>>> renewable]
>>>>>>>> Kerberos: Searching referral for hh16.local
>>>>>>>> Kerberos: Returning a referral to realm LOCAL for server
>>>>>>>> ldap/hh16.local at HH3.SITE that was not found
>>>>>>>> Failed find a single entry for
>>>>>>>>
>>>>>> (&(objectClass=trustedDomain)(|(flatname=LOCAL)(trustPartner=LOCAL))):
>>>>>>
>>>>>>>> got 0
>>>>>>>> Kerberos: samba_kdc_fetch: could not find principal in DB
>>>>>>>>
>>>>>>>> and sssd just gives up:
>>>>>>>> (Tue May 20 16:09:14 2014) [sssd[be[hh3.site]]] [sasl_bind_send]
>>>>>>>> (0x0080): Extended failure message: [SASL(-1): generic
>>>>>> failure: GSSAPI
>>>>>>>> Error: Unspecified GSS failure. Minor code may provide more
>>>>>>>> information (Server not found in Kerberos database)]
>>>>>>>> (Tue May 20 16:09:14 2014) [sssd[be[hh3.site]]] [be_run_offline_cb]
>>>>>>>> (0x0080): Going offline. Running callbacks.
>>>>>>>> (Tue May 20 16:09:14 2014) [sssd[be[hh3.site]]]
>>>>>>>> [ad_subdomains_get_conn_done] (0x0080): No AD server is available,
>>>>>>>> cannot get the subdomain list while offline
>>>>>>>>
>>>>>>>>
>>>>>>> OK, so where does 'LOCAL' come from ??
>>>>>>>
>>>>>>> Try this on the client:
>>>>>>>
>>>>>>> nano /etc/nsswitch.conf
>>>>>>>
>>>>>>> Change:
>>>>>>>
>>>>>>> hosts:          files mdns4_minimal [NOTFOUND=return] dns mdns4
>>>>>>>
>>>>>>> To:
>>>>>>>
>>>>>>> hosts:          files dns
>>>>>>>
>>>>>>> See if that cures your problems.
>>>>>>>
>>>>>>> Rowland
>>>>>>>
>>>>>> No:( It's insisting on the a.root.servers
>>>>>>
>>>>>> --
>>>>>> To unsubscribe from this list go to the following URL and read the
>>>>>> instructions: https://lists.samba.org/mailman/options/samba
>>>>>>
>>>>>>
>>>>>
>>>>
>>> OK, the only difference that I can see between your laptops settings and
>>> mine is /etc/resolv.conf. As I said mine is written by the resolvconf
>>> package and only has this in it:
>>>
>>> # Dynamic resolv.conf(5) file for glibc resolver(3) generated by
>>> resolvconf(8)
>>> #     DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE OVERWRITTEN
>>> nameserver 192.168.0.5
>>> search example.com
>>>
>>> 192.168.0.5 is the DC that samba4, Bind9 & DHCP are running on
>>> example.com is the samba4 domain name
>>>
>>> Could you try setting your resolv.conf to be similar to this, one
>>> nameserver and one search domain.
>>>
>>> Rowland
>>>
>> Yep. Still looks out to root.servers:(
>>
>> Narrowing it down a bit:
>> dig lubuntu-laptop:
>> looks out to root.servers
>>
>> dig lubuntu-laptop.hh3.site
>> resolves correctly to named on the DC
>>
>> fqdn works, short hostname, nada.
>
> I take it you mean:
>
> hostname -f returns 'lubuntu-laptop.hh3.site'
> hostname returns nothing

No, that returns correctly:
hostname
lubuntu-laptop

hostname -f
lubuntu-laptop.hh3.site

>
> if so, what does 'cat /etc/hostname'  return ?
lubuntu-laptop
All OK there too.

For good measure, we set it to 1.23 and:
samba-tool dns update hh16 hh3.site lubuntu-laptop A 192.168.1.23 
192.168.1.22
Password for [Administrator at HH3.SITE]:
Record updated successfully

nslookup finds it:
nslookup lubuntu-laptop
Server:		192.168.1.16
Address:	192.168.1.16#53
Name:	lubuntu-laptop.hh3.site
Address: 192.168.1.22

So it's there, but neither dig nor nsupdate recognises it as the short 
hostname. Were assuming that's what we're up against.
Steve



More information about the samba mailing list