[Samba] samba_dnsupdate failed with RuntimeError: kinit for SMB4ECONOMIA$@ECONOMIA failed (Cannot contact any KDC for requested realm)
Dania Ramirez Moya
dania181087 at gmail.com
Fri Mar 27 13:32:16 MDT 2015
2015-03-27 14:00 GMT-04:00 <samba-request at lists.samba.org>:
> Send samba mailing list submissions to
> samba at lists.samba.org
>
> To subscribe or unsubscribe via the World Wide Web, visit
> https://lists.samba.org/mailman/listinfo/samba
> or, via email, send a message with subject or body 'help' to
> samba-request at lists.samba.org
>
> You can reach the person managing the list at
> samba-owner at lists.samba.org
>
> When replying, please edit your Subject line so it is more specific
> than "Re: Contents of samba digest..."
>
> Today's Topics:
>
> 1. BAD_NETWORK_NAME (jd at ionica.lv)
> 2. Samba 4 join AD by samba (Krutskikh Ivan)
> 3. Re: Samba 4 join AD by samba (L.P.H. van Belle)
> 4. Re: BAD_NETWORK_NAME (L.P.H. van Belle)
> 5. winbindd: Failed to fetch our own, local AD domain join
> password for winbindd's internal use (Tom)
> 6. Re: winbindd: Failed to fetch our own, local AD domain join
> password for winbindd's internal use (L.P.H. van Belle)
> 7. Re: winbindd: Failed to fetch our own, local AD domain join
> password for winbindd's internal use (Rowland Penny)
> 8. Re: winbindd: Failed to fetch our own, local AD domain join
> password for winbindd's internal use (L.P.H. van Belle)
> 9. Win 2008srv to Samba4 DNS problems (Sam)
> 10. Replication error after trying to sync sysvol
> (Johannes Amorosa | Celluloid VFX)
> 11. Re: Replication error after trying to sync sysvol
> (Johannes Amorosa | Celluloid VFX)
> 12. Re: Replication error after trying to sync sysvol
> (Johannes Amorosa | Celluloid VFX)
> 13. Re: Win 2008srv to Samba4 DNS problems (Rowland Penny)
> 14. samba_dnsupdate failed with RuntimeError: kinit for
> SMB4ECONOMIA$@ECONOMIA failed (Cannot contact any KDC for
> requested realm) (Dania Ramirez Moya)
> 15. Re: samba_dnsupdate failed with RuntimeError: kinit for
> SMB4ECONOMIA$@ECONOMIA failed (Cannot contact any KDC for
> requested realm) (Rowland Penny)
> 16. Weird issue - STATUS_DISK_FULL (Ciaran Scolard)
> 17. Re: Weird issue - STATUS_DISK_FULL (David Disseldorp)
> 18. Re: Weird issue - STATUS_DISK_FULL (Ciaran Scolard)
> 19. Re: Weird issue - STATUS_DISK_FULL (David Disseldorp)
>
>
> ---------- Mensaje reenviado ----------
> From: jd at ionica.lv
> To: samba at lists.samba.org
> Cc:
> Date: Thu, 26 Mar 2015 20:38:22 +0200
> Subject: [Samba] BAD_NETWORK_NAME
> H!
>
> I am getting such messages in log.samba:
> ../source4/nbt_server/dgram netlogon.c:198(nbtd_mailslot_netlogon_handler)
> nbtd netlogon handler failed from 192.168.0.125:138 to DOMAIN<1c> -
> NT_STATUS_BAD_NETWORK_NAME
>
> What means that <1c>? seems like special char...
>
> There are two domains sharing one network - one - NT-style named DOMAIN
> and the second, AD, named DOMAIN2
>
> (samba 4.2.0/slack64-14.1)
>
> Janis
>
>
>
>
> ---------- Mensaje reenviado ----------
> From: Krutskikh Ivan <stein.hak at gmail.com>
> To: samba at lists.samba.org
> Cc:
> Date: Fri, 27 Mar 2015 08:32:49 +0300
> Subject: [Samba] Samba 4 join AD by samba
> Hi,
>
> I have a task which requires AD + windows roaming profiles + automatic
> backups.
>
> I want to use samba 4 AD server (debian jessie) + samba 4 file server for
> user's home profiles (opensuse 13.1) + zfs for storage backend.
>
> The reason why I need 2 servers (actually a server with hosted lxc
> container) is because opensuse has kerberos mit by default (
> samba at lists.samba.org.)
>
> I've succesfully provisioned a samba dc on debian jessie container using
> https://wiki.samba.org/index.php/Samba_AD_DC_HOWTO and samba binary samba
> from repo After that I've added a bunch of win machines to it. Everything
> is working except for dns resolving of hosts ( i can only ping my dc
> server).
>
> After that I wanted to join my 2nd server to AD. I've used the manual from
> https://wiki.samba.org/index.php/Setup_a_Samba_AD_Member_Server and got
> everything working except for user map. Examples:
>
> linux-abx8:/etc/samba # wbinfo -g
> allowed rodc password replication group
> enterprise read-only domain controllers
> denied rodc password replication group
> read-only domain controllers
> group policy creator owners
> video administrators
> ras and ias servers
> domain controllers
> enterprise admins
> domain computers
> cert publishers
> dnsupdateproxy
> domain admins
> domain guests
> schema admins
> domain users
> video users
> dnsadmins
>
> linux-abx8:/etc/samba # wbinfo -u
> bastion
> administrator
> krbtgt
> guest
>
>
> linux-abx8:/etc/samba # wbinfo -i administrator ( waits for a long time,
> maybe fails on timeout =( )
> failed to call wbcGetpwnam: WBC_ERR_DOMAIN_NOT_FOUND
> Could not get info for user administrator
>
> linux-abx8:/etc/samba # id administrator
> id: administrator:no such user
>
>
> This is very disappointing. What can I do about it?
>
> Some details about the installation:
>
> smb.conf from ad dc server:
>
> root at DC01:/etc/samba# cat ./smb.conf
> # Global parameters
> [global]
> workgroup = OFFICE
> realm = OFFICE.MTT
> netbios name = DC
> server role = active directory domain controller
> dns forwarder = 192.168.0.107
> idmap_ldb:use rfc2307 = yes
> log level = 2
>
> [netlogon]
> path = /var/lib/samba/sysvol/mtt/scripts
> read only = No
>
> [sysvol]
> path = /var/lib/samba/sysvol
> read only = No
>
> [profiles] # <---- ADD here
> path = /var/lib/samba/sysvol/office.mtt/profiles
> read only = no
>
> [New_Profile]
> root preexec = mkdir -p /srv/samba/Profiles/%U
> path = /srv/samba/Profiles/%U
> read only = no
> store dos attributes = Yes
> create mask = 0600
> directory mask = 0700
> profile acls = yes
> csc policy = disable
>
>
> smb.conf from 2nd server with opensuse and zfs:
>
>
> linux-abx8:/etc/samba # cat ./smb.conf
> [global]
>
> netbios name = Melchior
> workgroup = OFFICE
> security = ADS
> realm = OFFICE.MTT
> dedicated keytab file = /etc/krb5.keytab
> kerberos method = secrets and keytab
> # password server = 192.168.0.50
> log level = 2
> idmap config *:backend = tdb
> idmap config *:range = 2000-9999
> # idmap config * : base_rid = 0
> idmap config OFFICE:backend = ad
> idmap config OFFICE:schema_mode = rfc2307
> idmap config OFFICE:range = 10000-99999
>
> winbind nss info = rfc2307
> winbind trusted domains only = no
> winbind use default domain = yes
> winbind enum users = yes
> winbind enum groups = yes
> winbind refresh tickets = Yes
> winbind normalize names = Yes
>
> [archive]
> path = /archive/video
> read only = no
> writable = yes
> force user = root
>
> I'll try to provide any other information if needed. Thanks in advance!
>
>
>
> ---------- Mensaje reenviado ----------
> From: "L.P.H. van Belle" <belle at bazuin.nl>
> To: "samba at lists.samba.org" <samba at lists.samba.org>
> Cc:
> Date: Fri, 27 Mar 2015 08:45:14 +0100
> Subject: Re: [Samba] Samba 4 join AD by samba
> Hai Ivan,
>
> sofare what i see is correct.
>
> for you profiles .. both these :
> >[profiles] # <---- ADD here
> > path = /var/lib/samba/sysvol/office.mtt/profiles
> > read only = no
> >
> >[New_Profile]
> > root preexec = mkdir -p /srv/samba/Profiles/%U
> > path = /srv/samba/Profiles/%U
> > read only = no
> > store dos attributes = Yes
> > create mask = 0600
> > directory mask = 0700
> > profile acls = yes
> > csc policy = disable
>
> are not good.
>
> the second is better,
> but i suggest this :
>
>
> ## the profiles share is hidden
> [profiles]
> path = /srv/samba/Profiles/%U
> browseable = Yes
> read only = No
> acl_xattr:ignore system acl = yes ## windows only rights,
> better support for profiles..
>
> and optional. if acl_xattr not is used..
> chmod the srv/samba/Profiles 1777 BEFORE setting the rights on the share.
>
>
> setup the rights as the wiki says, and then you can hide the profiles
> share, by setting browsable = No
> when you read: https://wiki.samba.org/index.php/Samba_%26_Windows_Profiles
> choose or AD ACL style, OR NT POSTIX stile.. not both..
>
> On the DC..
> the "no id administrator"
> set /etc/nsswitch.conf
> passwd: compat winbind
> group: compat winbind
>
> and on the AD DC's then you wil see something like.
> uid=0(root) gid=10000(OFFICE\Domain Users)
> groups=0(root),10000(OFFICE\Domain Users),3000009(OFFICE\Group Policy
> Creator Owners),3000007(OFFICE\Enterprise Admins),3000008(OFFICE\Domain
> Admins),3000017(OFFICE\Schema Admins)
> read here : https://wiki.samba.org/index.php/Using_RFC2307_on_a_Samba_DC
>
>
> but on the MEMBER SERVER, id adminstrator, wont give results back.
> for that.
> 1) or dont use administrator, and map user root to adminstrator and set
> the SE Provileges.
> 2) or set the backend to RID
> this wil give automaticly the id's. this works fine if you
> - only use the DC as DC ( and dns/time server )
> ( profiles share wil work ok also, but better to put this on the
> member server )
> - only have 1 member server.
> - you dont copy files from DC to member server.
>
> why, the ID's on DC wil be different then on the member server.
> About this is lots to find in the samba list.
>
>
> For the DNS.
> i guest this ip: 192.168.0.107 is a router or something
> if not, than what is it..
>
> for the DC, set resolv.conf like
> search yourdomain.tld.
> nameserver IP_OF_AD_DC_SERVER ( or 127.0.0.1 )
> optional
> nameserver dns_of_provider.
> make user your server is first in resolv.conf
> 2 DC's
> the set it like this.
> DC1.
> search yourdomain.tld.
> nameserver IP_OF_AD_DC2_SERVER ( or 127.0.0.1 )
> nameserver IP_OF_AD_DC1_SERVER ( or 127.0.0.1 )
>
> DC2.
> search yourdomain.tld.
> nameserver IP_OF_AD_DC1_SERVER ( or 127.0.0.1 )
> nameserver IP_OF_AD_DC2_SERVER ( or 127.0.0.1 )
>
> Point the member server to the DC's
> Point the PC's tot the DC's
>
> AND. for you pcs
> you can set the search domain of needed, if you use pc's with static ip.s
> test:
> ping pc_name
> and pc_name.domain.tld
>
> if only the last resolves then your : domain/search is nog correct setup.
>
> If you have more questions,
> mail the list again..
>
> Greetz,
>
> Louis
>
>
>
>
> >-----Oorspronkelijk bericht-----
> >Van: stein.hak at gmail.com
> >[mailto:samba-bounces at lists.samba.org] Namens Krutskikh Ivan
> >Verzonden: vrijdag 27 maart 2015 6:33
> >Aan: samba at lists.samba.org
> >Onderwerp: [Samba] Samba 4 join AD by samba
> >
> >Hi,
> >
> >I have a task which requires AD + windows roaming profiles + automatic
> >backups.
> >
> >I want to use samba 4 AD server (debian jessie) + samba 4 file
> >server for
> >user's home profiles (opensuse 13.1) + zfs for storage backend.
> >
> >The reason why I need 2 servers (actually a server with hosted lxc
> >container) is because opensuse has kerberos mit by default (
> >samba at lists.samba.org.)
> >
> >I've succesfully provisioned a samba dc on debian jessie
> >container using
> >https://wiki.samba.org/index.php/Samba_AD_DC_HOWTO and samba
> >binary samba
> >from repo After that I've added a bunch of win machines to it.
> >Everything
> >is working except for dns resolving of hosts ( i can only ping my dc
> >server).
> >
> >After that I wanted to join my 2nd server to AD. I've used the
> >manual from
> >https://wiki.samba.org/index.php/Setup_a_Samba_AD_Member_Server and got
> >everything working except for user map. Examples:
> >
> >linux-abx8:/etc/samba # wbinfo -g
> >allowed rodc password replication group
> >enterprise read-only domain controllers
> >denied rodc password replication group
> >read-only domain controllers
> >group policy creator owners
> >video administrators
> >ras and ias servers
> >domain controllers
> >enterprise admins
> >domain computers
> >cert publishers
> >dnsupdateproxy
> >domain admins
> >domain guests
> >schema admins
> >domain users
> >video users
> >dnsadmins
> >
> >linux-abx8:/etc/samba # wbinfo -u
> >bastion
> >administrator
> >krbtgt
> >guest
> >
> >
> >linux-abx8:/etc/samba # wbinfo -i administrator ( waits for a
> >long time,
> >maybe fails on timeout =( )
> >failed to call wbcGetpwnam: WBC_ERR_DOMAIN_NOT_FOUND
> >Could not get info for user administrator
> >
> >linux-abx8:/etc/samba # id administrator
> >id: administrator:no such user
> >
> >
> >This is very disappointing. What can I do about it?
> >
> >Some details about the installation:
> >
> >smb.conf from ad dc server:
> >
> >root at DC01:/etc/samba# cat ./smb.conf
> ># Global parameters
> >[global]
> > workgroup = OFFICE
> > realm = OFFICE.MTT
> > netbios name = DC
> > server role = active directory domain controller
> > dns forwarder = 192.168.0.107
> > idmap_ldb:use rfc2307 = yes
> > log level = 2
> >
> >[netlogon]
> > path = /var/lib/samba/sysvol/mtt/scripts
> > read only = No
> >
> >[sysvol]
> > path = /var/lib/samba/sysvol
> > read only = No
> >
> >[profiles] # <---- ADD here
> > path = /var/lib/samba/sysvol/office.mtt/profiles
> > read only = no
> >
> >[New_Profile]
> > root preexec = mkdir -p /srv/samba/Profiles/%U
> > path = /srv/samba/Profiles/%U
> > read only = no
> > store dos attributes = Yes
> > create mask = 0600
> > directory mask = 0700
> > profile acls = yes
> > csc policy = disable
> >
> >
> >smb.conf from 2nd server with opensuse and zfs:
> >
> >
> >linux-abx8:/etc/samba # cat ./smb.conf
> >[global]
> >
> > netbios name = Melchior
> > workgroup = OFFICE
> > security = ADS
> > realm = OFFICE.MTT
> > dedicated keytab file = /etc/krb5.keytab
> > kerberos method = secrets and keytab
> ># password server = 192.168.0.50
> > log level = 2
> > idmap config *:backend = tdb
> > idmap config *:range = 2000-9999
> ># idmap config * : base_rid = 0
> > idmap config OFFICE:backend = ad
> > idmap config OFFICE:schema_mode = rfc2307
> > idmap config OFFICE:range = 10000-99999
> >
> > winbind nss info = rfc2307
> > winbind trusted domains only = no
> > winbind use default domain = yes
> > winbind enum users = yes
> > winbind enum groups = yes
> > winbind refresh tickets = Yes
> > winbind normalize names = Yes
> >
> >[archive]
> > path = /archive/video
> > read only = no
> > writable = yes
> > force user = root
> >
> >I'll try to provide any other information if needed. Thanks in advance!
> >--
> >To unsubscribe from this list go to the following URL and read the
> >instructions: https://lists.samba.org/mailman/options/samba
> >
> >
>
>
>
>
> ---------- Mensaje reenviado ----------
> From: "L.P.H. van Belle" <belle at bazuin.nl>
> To: "samba at lists.samba.org" <samba at lists.samba.org>
> Cc:
> Date: Fri, 27 Mar 2015 08:49:13 +0100
> Subject: Re: [Samba] BAD_NETWORK_NAME
> Hai Janis,
>
> This is save to ignore, provided that the IP address and the
> name (DOMAIN) are referencing an old, previous or same-subnet domain.
> This is just a warning about a recieved netbios name that is being ignored
> cause it's not part of our AD.
>
>
> Louis
>
>
> >-----Oorspronkelijk bericht-----
> >Van: jd at ionica.lv [mailto:samba-bounces at lists.samba.org]
> >Namens jd at ionica.lv
> >Verzonden: donderdag 26 maart 2015 19:38
> >Aan: samba at lists.samba.org
> >Onderwerp: [Samba] BAD_NETWORK_NAME
> >
> >H!
> >
> >I am getting such messages in log.samba:
> >../source4/nbt_server/dgram
> >netlogon.c:198(nbtd_mailslot_netlogon_handler)
> > nbtd netlogon handler failed from 192.168.0.125:138 to
> >DOMAIN<1c> -
> >NT_STATUS_BAD_NETWORK_NAME
> >
> >What means that <1c>? seems like special char...
> >
> >There are two domains sharing one network - one - NT-style named
> >DOMAIN and the second, AD, named DOMAIN2
> >
> >(samba 4.2.0/slack64-14.1)
> >
> >Janis
> >
> >--
> >To unsubscribe from this list go to the following URL and read the
> >instructions: https://lists.samba.org/mailman/options/samba
> >
> >
>
>
>
>
> ---------- Mensaje reenviado ----------
> From: Tom <tsml412101 at gmail.com>
> To: samba-technical at lists.samba.org, samba at lists.samba.org
> Cc:
> Date: Thu, 26 Mar 2015 15:18:03 -0400
> Subject: [Samba] winbindd: Failed to fetch our own, local AD domain join
> password for winbindd's internal use
> Hello,
>
> I apologize in advance for cross-posting (and posting for help) to
> samba-technical, but I've been seeking help on the samba list and bugzilla
> since last week and have had no replies. Using Google, I've found this
> issue referenced only once on the mailing list and once in a bugzilla bug
> (10991). Unfortunately, I've found no resolutions.
>
> The problem appears to be specific to Samba 4.2, where domains were
> provisioned using classicupgrade. In my case, the classicupgrade provision
> was performed just a few weeks after 4.0.0 was released, going from version
> 3.6.x > 4.0.0. I have since kept my install fairly up to date throughout
> the 4.0 and 4.1 cycles. I am currently trying to upgrade from 4.1.16 to
> 4.2.0. After this latest upgrade, S4 fails to start, with the above
> mentioned error being logged to log.winbindd. I have found that adding
> "server services = -winbindd +winbind" allows 4.2.0 to start correctly.
> That said, I decided to revert to the 4.1.16 backup that I took immediately
> before the upgrade. I did this just to be safe, as it appears to be
> something specific to my AD directory, possibly related to the
> classicupgrade. I say this because I do not have the issue with my test
> domain, which was newly provisioned from 4.0.0.
>
> I have moved a copy of my live 4.1.16 instance to a VM environment for
> testing, and have duplicated the problem in testing. My goal was to upgrade
> to 4.2.0 and setup a secondary DC here on-site before standing up 3 more
> DCs at branch offices. I am wary of moving forward with this deployment
> knowing this problem exists, or without at least better understanding what
> is happening. The concern that something wrong with my AD directory
> (stemming from the classicupgrade) is what really worries me and I
> certainly don't want to start replicating "bad" data to remote sites.
>
> If anyone has the time and can help me figure out this issue, it would be
> much appreciated. I have included links to the bugzilla entry and the only
> reference to this issue that I could find. If someone could help me
> understand, what is Winbindd looking for when it throws the error "Failed
> to fetch our own, local AD domain join password for winbindd's internal
> use", perhaps that would get me looking in the right direction.
>
> Bugzilla:
> https://bugzilla.samba.org/show_bug.cgi?id=10991
>
> Samba List:
> https://lists.samba.org/archive/samba/2014-September/185031.html
>
> log.winbindd
> /usr/local/samba/sbin/winbindd: winbindd version 4.2.0 started.
> /usr/local/samba/sbin/winbindd: Copyright Andrew Tridgell and the Samba
> Team 1992-2014
> /usr/local/samba/sbin/winbindd: Maximum core file size limits now
> 16777216(soft) -1(hard)
> /usr/local/samba/sbin/winbindd: Registered MSG_REQ_POOL_USAGE
> /usr/local/samba/sbin/winbindd: Registered MSG_REQ_DMALLOC_MARK and
> LOG_CHANGED
> /usr/local/samba/sbin/winbindd: lp_load_ex: refreshing parameters
> /usr/local/samba/sbin/winbindd: Initialising global parameters
> /usr/local/samba/sbin/winbindd: rlimit_max: increasing rlimit_max (1024) to
> minimum Windows limit (16384)
> /usr/local/samba/sbin/winbindd: Processing section "[global]"
> /usr/local/samba/sbin/winbindd: added interface enp0s3 ip=10.0.2.100
> bcast=10.0.2.255 netmask=255.255.255.0
> /usr/local/samba/sbin/winbindd: added interface enp0s3 ip=10.0.2.100
> bcast=10.0.2.255 netmask=255.255.255.0
> /usr/local/samba/sbin/winbindd: initialize_winbindd_cache: clearing cache
> and re-creating with version number 2
> /usr/local/samba/sbin/winbindd: Added domain BUILTIN (null) S-1-5-32
> /usr/local/samba/sbin/winbindd: Added domain TESTDOM internal.testdom.com
> SID_REMOVED
> /usr/local/samba/sbin/winbindd: Failed to fetch our own, local AD domain
> join password for winbindd's internal use
> /usr/local/samba/sbin/winbindd: unable to initialize domain list
> Child /usr/local/samba/sbin/winbindd exited with status 1 - Operation not
> permitted
> winbindd daemon died with exit status 1
> task_server_terminate: [winbindd child process exited]
> samba_terminate: winbindd child process exited
>
>
>
> ---------- Mensaje reenviado ----------
> From: "L.P.H. van Belle" <belle at bazuin.nl>
> To: "samba at lists.samba.org" <samba at lists.samba.org>
> Cc:
> Date: Fri, 27 Mar 2015 10:38:30 +0100
> Subject: Re: [Samba] winbindd: Failed to fetch our own, local AD domain
> join password for winbindd's internal use
> Hai Tom,
>
> Im not in 4.2 yet, but maybe i can help analize your problem. ( as long
> its possible, big power outage in the netherlands.. )
>
> this : https://lists.samba.org/archive/samba/2014-September/185031.html
> is a good example how not to setup your samba server.
>
> so before we can think with, please post (and sorry if its again) some
> info.
>
> Your OS?
> Compiles samba or os provided samba, or sernet samba?
> and the output of :
> cat /etc/hosts
> cat /etc/resolv.conf
> cat /etc/hostname
> cat /etc/nsswitch.conf
> cat /etc/samba/smb.conf
>
> some commands you can use to check your setup.
> sudo net ads info
> sudo net ads lookup
> wbinfo -D TESTDOM
>
> Louis
>
>
>
>
>
> >-----Oorspronkelijk bericht-----
> >Van: tsml412101 at gmail.com
> >[mailto:samba-bounces at lists.samba.org] Namens Tom
> >Verzonden: donderdag 26 maart 2015 20:18
> >Aan: samba-technical at lists.samba.org; samba at lists.samba.org
> >Onderwerp: [Samba] winbindd: Failed to fetch our own, local AD
> >domain join password for winbindd's internal use
> >
> >Hello,
> >
> >I apologize in advance for cross-posting (and posting for help) to
> >samba-technical, but I've been seeking help on the samba list
> >and bugzilla
> >since last week and have had no replies. Using Google, I've found this
> >issue referenced only once on the mailing list and once in a
> >bugzilla bug
> >(10991). Unfortunately, I've found no resolutions.
> >
> >The problem appears to be specific to Samba 4.2, where domains were
> >provisioned using classicupgrade. In my case, the
> >classicupgrade provision
> >was performed just a few weeks after 4.0.0 was released, going
> >from version
> >3.6.x > 4.0.0. I have since kept my install fairly up to date
> >throughout
> >the 4.0 and 4.1 cycles. I am currently trying to upgrade from 4.1.16 to
> >4.2.0. After this latest upgrade, S4 fails to start, with the above
> >mentioned error being logged to log.winbindd. I have found that adding
> >"server services = -winbindd +winbind" allows 4.2.0 to start correctly.
> >That said, I decided to revert to the 4.1.16 backup that I
> >took immediately
> >before the upgrade. I did this just to be safe, as it appears to be
> >something specific to my AD directory, possibly related to the
> >classicupgrade. I say this because I do not have the issue with my test
> >domain, which was newly provisioned from 4.0.0.
> >
> >I have moved a copy of my live 4.1.16 instance to a VM environment for
> >testing, and have duplicated the problem in testing. My goal
> >was to upgrade
> >to 4.2.0 and setup a secondary DC here on-site before standing
> >up 3 more
> >DCs at branch offices. I am wary of moving forward with this deployment
> >knowing this problem exists, or without at least better
> >understanding what
> >is happening. The concern that something wrong with my AD directory
> >(stemming from the classicupgrade) is what really worries me and I
> >certainly don't want to start replicating "bad" data to remote sites.
> >
> >If anyone has the time and can help me figure out this issue,
> >it would be
> >much appreciated. I have included links to the bugzilla entry
> >and the only
> >reference to this issue that I could find. If someone could help me
> >understand, what is Winbindd looking for when it throws the
> >error "Failed
> >to fetch our own, local AD domain join password for winbindd's internal
> >use", perhaps that would get me looking in the right direction.
> >
> >Bugzilla:
> >https://bugzilla.samba.org/show_bug.cgi?id=10991
> >
> >Samba List:
> >https://lists.samba.org/archive/samba/2014-September/185031.html
> >
> >log.winbindd
> >/usr/local/samba/sbin/winbindd: winbindd version 4.2.0 started.
> >/usr/local/samba/sbin/winbindd: Copyright Andrew Tridgell and the Samba
> >Team 1992-2014
> >/usr/local/samba/sbin/winbindd: Maximum core file size limits now
> >16777216(soft) -1(hard)
> >/usr/local/samba/sbin/winbindd: Registered MSG_REQ_POOL_USAGE
> >/usr/local/samba/sbin/winbindd: Registered MSG_REQ_DMALLOC_MARK and
> >LOG_CHANGED
> >/usr/local/samba/sbin/winbindd: lp_load_ex: refreshing parameters
> >/usr/local/samba/sbin/winbindd: Initialising global parameters
> >/usr/local/samba/sbin/winbindd: rlimit_max: increasing
> >rlimit_max (1024) to
> >minimum Windows limit (16384)
> >/usr/local/samba/sbin/winbindd: Processing section "[global]"
> >/usr/local/samba/sbin/winbindd: added interface enp0s3 ip=10.0.2.100
> >bcast=10.0.2.255 netmask=255.255.255.0
> >/usr/local/samba/sbin/winbindd: added interface enp0s3 ip=10.0.2.100
> >bcast=10.0.2.255 netmask=255.255.255.0
> >/usr/local/samba/sbin/winbindd: initialize_winbindd_cache:
> >clearing cache
> >and re-creating with version number 2
> >/usr/local/samba/sbin/winbindd: Added domain BUILTIN (null) S-1-5-32
> >/usr/local/samba/sbin/winbindd: Added domain TESTDOM
> >internal.testdom.com
> >SID_REMOVED
> >/usr/local/samba/sbin/winbindd: Failed to fetch our own, local
> >AD domain
> >join password for winbindd's internal use
> >/usr/local/samba/sbin/winbindd: unable to initialize domain list
> >Child /usr/local/samba/sbin/winbindd exited with status 1 -
> >Operation not
> >permitted
> >winbindd daemon died with exit status 1
> >task_server_terminate: [winbindd child process exited]
> >samba_terminate: winbindd child process exited
> >--
> >To unsubscribe from this list go to the following URL and read the
> >instructions: https://lists.samba.org/mailman/options/samba
> >
> >
>
>
>
>
> ---------- Mensaje reenviado ----------
> From: Rowland Penny <rowlandpenny at googlemail.com>
> To: samba at lists.samba.org
> Cc:
> Date: Fri, 27 Mar 2015 10:21:38 +0000
> Subject: Re: [Samba] winbindd: Failed to fetch our own, local AD domain
> join password for winbindd's internal use
> On 27/03/15 09:38, L.P.H. van Belle wrote:
>
>> Hai Tom,
>>
>> Im not in 4.2 yet, but maybe i can help analize your problem. ( as long
>> its possible, big power outage in the netherlands.. )
>>
>> this : https://lists.samba.org/archive/samba/2014-September/185031.html
>> is a good example how not to setup your samba server.
>>
>
> Er, which part is incorrect ??
>
> Rowland
>
>
>> so before we can think with, please post (and sorry if its again) some
>> info.
>>
>> Your OS?
>> Compiles samba or os provided samba, or sernet samba?
>> and the output of :
>> cat /etc/hosts
>> cat /etc/resolv.conf
>> cat /etc/hostname
>> cat /etc/nsswitch.conf
>> cat /etc/samba/smb.conf
>>
>> some commands you can use to check your setup.
>> sudo net ads info
>> sudo net ads lookup
>> wbinfo -D TESTDOM
>>
>> Louis
>>
>>
>>
>>
>>
>>
>>
>
>
>
> ---------- Mensaje reenviado ----------
> From: "L.P.H. van Belle" <belle at bazuin.nl>
> To: "samba at lists.samba.org" <samba at lists.samba.org>
> Cc:
> Date: Fri, 27 Mar 2015 11:27:16 +0100
> Subject: Re: [Samba] winbindd: Failed to fetch our own, local AD domain
> join password for winbindd's internal use
> # cat /etc/resolv.conf
> > domain dc1.domain.com.br
> > search domain.com.br
> > nameserver 172.17.0.4
> >
>
> more cosmetic yes, because of the first domain then search.
> but there should not be domain dc1.domain.com.br there.
> this can mislead others. a "hostname" is not a domain..
>
>
>
> >-----Oorspronkelijk bericht-----
> >Van: rowlandpenny at googlemail.com
> >[mailto:samba-bounces at lists.samba.org] Namens Rowland Penny
> >Verzonden: vrijdag 27 maart 2015 11:22
> >Aan: samba at lists.samba.org
> >Onderwerp: Re: [Samba] winbindd: Failed to fetch our own,
> >local AD domain join password for winbindd's internal use
> >
> >On 27/03/15 09:38, L.P.H. van Belle wrote:
> >> Hai Tom,
> >>
> >> Im not in 4.2 yet, but maybe i can help analize your
> >problem. ( as long its possible, big power outage in the
> >netherlands.. )
> >>
> >> this :
> >https://lists.samba.org/archive/samba/2014-September/185031.html
> >> is a good example how not to setup your samba server.
> >
> >Er, which part is incorrect ??
> >
> >Rowland
> >
> >>
> >> so before we can think with, please post (and sorry if its
> >again) some info.
> >>
> >> Your OS?
> >> Compiles samba or os provided samba, or sernet samba?
> >> and the output of :
> >> cat /etc/hosts
> >> cat /etc/resolv.conf
> >> cat /etc/hostname
> >> cat /etc/nsswitch.conf
> >> cat /etc/samba/smb.conf
> >>
> >> some commands you can use to check your setup.
> >> sudo net ads info
> >> sudo net ads lookup
> >> wbinfo -D TESTDOM
> >>
> >> Louis
> >>
> >>
> >>
> >>
> >>
> >>
> >
> >--
> >To unsubscribe from this list go to the following URL and read the
> >instructions: https://lists.samba.org/mailman/options/samba
> >
> >
>
>
>
>
> ---------- Mensaje reenviado ----------
> From: Sam <sr42354 at gmail.com>
> To: "samba at lists.samba.org" <samba at lists.samba.org>
> Cc:
> Date: Fri, 27 Mar 2015 11:57:18 +0100
> Subject: [Samba] Win 2008srv to Samba4 DNS problems
> Hello,
>
> I try to migrate form an old windows AD ( win 2000 )
> So I use a temporary windows2008R2 to move AD from win2000 to S4.
> Forest and domain level are W2008R2.
> Now I have some problems with the dns in samba4. I have no answers even in
> local from samba4.
>
> If I try to move from a new empty windows 2008 ad, The service start and
> answer well...
> So I think something in my old DNS database is missing or disturbing...
>
> I just have done this on the dns : (http://support.microsoft.com/
> fr-fr/kb/817470)
>
>
> But in the new Windows 2008, I can see something that I don't have in the
> old:
>
>
> What I am missing? Is there a best practice guide for preparing DNS to
> follow before joining a samba4? ( remove windows 2000 AD compatibility for
> instance...)
>
> Thanks all!
>
> Samuel
>
> ps : here is my syslog details :
>
> Mar 27 11:46:00 S4 named[2226]: starting BIND 9.8.4-rpz2+rl005.12-P1 -u
> bind -4
> Mar 27 11:46:00 S4 named[2226]: built with '--prefix=/usr'
> '--mandir=/usr/share/man' '--infodir=/usr/share/info'
> '--sysconfdir=/etc/bind' '--localstatedir=/var' '--enable-threads'
> '--enable-largefile' '--with-libtool' '--enable-shared' '--enable-static'
> '--with-openssl=/usr' '--with-gssapi=/usr' '--with-gnu-ld'
> '--with-geoip=/usr' '--enable-ipv6' 'CFLAGS=-fno-strict-aliasing
> -DDIG_SIGCHASE -O2'
> Mar 27 11:46:00 S4 named[2226]: ------------------------------
> ----------------------
> Mar 27 11:46:00 S4 named[2226]: BIND 9 is maintained by Internet Systems
> Consortium,
> Mar 27 11:46:00 S4 named[2226]: Inc. (ISC), a non-profit 501(c)(3)
> public-benefit
> Mar 27 11:46:00 S4 named[2226]: corporation. Support and training for
> BIND 9 are
> Mar 27 11:46:00 S4 named[2226]: available at https://www.isc.org/support
> Mar 27 11:46:00 S4 named[2226]: ------------------------------
> ----------------------
> Mar 27 11:46:00 S4 named[2226]: adjusted limit on open files from 4096 to
> 1048576
> Mar 27 11:46:00 S4 named[2226]: found 2 CPUs, using 2 worker threads
> Mar 27 11:46:00 S4 named[2226]: using up to 4096 sockets
> Mar 27 11:46:00 S4 named[2226]: loading configuration from
> '/etc/bind/named.conf'
> Mar 27 11:46:00 S4 named[2226]: reading built-in trusted keys from file
> '/etc/bind/bind.keys'
> Mar 27 11:46:00 S4 named[2226]: using default UDP/IPv4 port range: [1024,
> 65535]
> Mar 27 11:46:00 S4 named[2226]: using default UDP/IPv6 port range: [1024,
> 65535]
> Mar 27 11:46:00 S4 named[2226]: no IPv6 interfaces found
> Mar 27 11:46:00 S4 named[2226]: listening on IPv4 interface lo,
> 127.0.0.1#53
> Mar 27 11:46:00 S4 named[2226]: listening on IPv4 interface eth0,
> 172.20.2.2#53
> Mar 27 11:46:00 S4 named[2226]: generating session key for dynamic DNS
> Mar 27 11:46:00 S4 named[2226]: sizing zone task pool based on 5 zones
> Mar 27 11:46:01 S4 named[2226]: Loading 'AD DNS Zone' using driver dlopen
> Mar 27 11:46:01 S4 ntpd[2301]: ntpd 4.2.6p5 at 1.2349-o Sat Feb 7 11:05:48
> UTC 2015 (1)
> Mar 27 11:46:01 S4 ntpd[2302]: proto: precision = 0.100 usec
> Mar 27 11:46:01 S4 ntpd[2302]: Listen normally on 0 lo 127.0.0.1 UDP 123
> Mar 27 11:46:01 S4 ntpd[2302]: Listen normally on 1 eth0 172.20.2.2 UDP 123
> Mar 27 11:46:01 S4 ntpd[2302]: peers refreshed
> Mar 27 11:46:01 S4 ntpd[2302]: Listening on routing socket on fd #18 for
> interface updates
> Mar 27 11:46:01 S4 ntpd[2302]: MS-SNTP signd operations currently block
> ntpd degrading service to all clients.
> Mar 27 11:46:02 S4 samba[2374]: [2015/03/27 11:46:02.896676, 0]
> ../source4/smbd/server.c:370(binary_smbd_main)
> Mar 27 11:46:02 S4 samba[2374]: samba version
> 4.1.17-SerNet-Debian-10.wheezy started.
> Mar 27 11:46:02 S4 samba[2374]: Copyright Andrew Tridgell and the Samba
> Team 1992-2013
> Mar 27 11:46:03 S4 named[2226]: samba_dlz: started for DN
> DC=ariane,DC=intra
> Mar 27 11:46:03 S4 named[2226]: samba_dlz: starting configure
> Mar 27 11:46:03 S4 named[2226]: samba_dlz: configured writeable zone
> '_msdcs.ariane.intra'
> Mar 27 11:46:03 S4 named[2226]: using built-in root key for view _default
> Mar 27 11:46:03 S4 named[2226]: set up managed keys zone for view
> _default, file 'managed-keys.bind'
> Mar 27 11:46:03 S4 named[2226]: command channel listening on 127.0.0.1#953
> Mar 27 11:46:03 S4 named[2226]: zone 0.in-addr.arpa/IN: loaded serial 1
> Mar 27 11:46:03 S4 named[2226]: zone 127.in-addr.arpa/IN: loaded serial 1
> Mar 27 11:46:03 S4 named[2226]: zone 255.in-addr.arpa/IN: loaded serial 1
> Mar 27 11:46:03 S4 named[2226]: zone localhost/IN: loaded serial 2
> Mar 27 11:46:03 S4 named[2226]: managed-keys-zone ./IN: loaded serial 2
> Mar 27 11:46:03 S4 named[2226]: running
> Mar 27 11:46:04 S4 ntpdate[1701]: the NTP socket is in use, exiting
> Mar 27 11:46:04 S4 ntpdate[1670]: the NTP socket is in use, exiting
> Mar 27 11:46:04 S4 ntpdate[1668]: the NTP socket is in use, exiting
> Mar 27 11:46:04 S4 /usr/sbin/cron[2525]: (CRON) INFO (pidfile fd = 3)
> Mar 27 11:46:04 S4 /usr/sbin/cron[2527]: (CRON) STARTUP (fork ok)
> Mar 27 11:46:04 S4 /usr/sbin/cron[2527]: (CRON) INFO (Running @reboot jobs)
> Mar 27 11:46:04 S4 samba[2376]: [2015/03/27 11:46:04.862709, 0]
> ../source4/smbd/server.c:488(binary_smbd_main)
> Mar 27 11:46:04 S4 samba[2376]: samba: using 'standard' process model
> Mar 27 11:46:04 S4 samba[2376]: [2015/03/27 11:46:04.885661, 0]
> ../lib/util/become_daemon.c:136(daemon_ready)
> Mar 27 11:46:07 S4 kernel: [ 17.220877] eth0: no IPv6 routers present
> Mar 27 11:46:07 S4 samba[2792]: [2015/03/27 11:46:07.388008, 0]
> ../source4/librpc/rpc/dcerpc_util.c:681(dcerpc_pipe_auth_recv)
> Mar 27 11:46:07 S4 samba[2792]: Failed to bind to uuid
> 12345678-1234-abcd-ef00-01234567cffb for 12345678-1234-abcd-ef00-
> 01234567cffb at ncalrpc:127.0.0.1[DEFAULT,sign,seal] NT_STATUS_ACCESS_DENIED
> Mar 27 11:46:07 S4 smbd[2785]: [2015/03/27 11:46:07.551928, 0]
> ../lib/util/become_daemon.c:136(daemon_ready)
> Mar 27 11:46:08 S4 kernel: [ 17.940675] eth1: no IPv6 routers present
> Mar 27 11:46:21 S4 samba[2791]: [2015/03/27 11:46:21.280522, 0]
> ../source4/dsdb/repl/replicated_objects.c:818(dsdb_
> replicated_objects_commit)
> Mar 27 11:46:21 S4 samba[2791]: ../source4/dsdb/repl/replicated_objects.c:818
> Failed to prepare commit of transaction: operations error at
> ../source4/dsdb/samdb/ldb_modules/descriptor.c:1147
> Mar 27 11:46:21 S4 samba[2791]: [2015/03/27 11:46:21.283141, 0]
> ../source4/dsdb/repl/drepl_out_helpers.c:758(dreplsrv_op_
> pull_source_apply_changes_trigger)
> Mar 27 11:46:21 S4 samba[2791]: Failed to commit objects:
> WERR_GENERAL_FAILURE/NT_STATUS_INVALID_NETWORK_RESPONSE
>
>
>
>
> ---------- Mensaje reenviado ----------
> From: "Johannes Amorosa | Celluloid VFX" <johannesa at celluloid-vfx.com>
> To: samba at lists.samba.org
> Cc:
> Date: Fri, 27 Mar 2015 13:14:35 +0100
> Subject: [Samba] Replication error after trying to sync sysvol
> I tried to synchronize the sysvol folders, on two dcs. Something went
> wrong since yesterday we have replication problems:
> One machine shows this, while the other one is happy.
>
> samba-tool drs showrepl
>
> ==== INBOUND NEIGHBORS ====
>
> DC=DomainDnsZones,DC=ourdomain,DC=com
> Default-First-Site-Name\DC03 via RPC
> DSA object GUID: af610e1a-9e3b-4cdd-a36b-c296d77a9479
> Last attempt @ Fri Mar 27 12:58:42 2015 CET failed, result 121
> (WERR_SEM_TIMEOUT)
> 126 consecutive failure(s).
> Last success @ Fri Mar 27 03:40:24 2015 CET
>
> DC=ForestDnsZones,DC=ourdomain,DC=com
> Default-First-Site-Name\DC04 via RPC
> DSA object GUID: af610e1a-9e3b-4cdd-a36b-c296d77a9479
> Last attempt @ Fri Mar 27 12:51:41 2015 CET failed, result 121
> (WERR_SEM_TIMEOUT)
> 102 consecutive failure(s).
> Last success @ Fri Mar 27 03:40:24 2015 CET
>
> DC=ourdomain,DC=com
> Default-First-Site-Name\DC03 via RPC
> DSA object GUID: af610e1a-9e3b-4cdd-a36b-c296d77a9479
> Last attempt @ Fri Mar 27 12:57:42 2015 CET failed, result 121
> (WERR_SEM_TIMEOUT)
> 106 consecutive failure(s).
> Last success @ Fri Mar 27 03:40:25 2015 CET
>
> CN=Configuration,DC=ourdomain,DC=com
> Default-First-Site-Name\DC03 via RPC
> DSA object GUID: af610e1a-9e3b-4cdd-a36b-c296d77a9479
> Last attempt @ Fri Mar 27 12:53:41 2015 CET failed, result 121
> (WERR_SEM_TIMEOUT)
> 102 consecutive failure(s).
> Last success @ Fri Mar 27 03:40:26 2015 CET
>
> CN=Schema,CN=Configuration,DC=ourdomain,DC=com
> Default-First-Site-Name\DC03 via RPC
> DSA object GUID: af610e1a-9e3b-4cdd-a36b-c296d77a9479
> Last attempt @ Fri Mar 27 12:54:41 2015 CET failed, result 121
> (WERR_SEM_TIMEOUT)
> 102 consecutive failure(s).
> Last success @ Fri Mar 27 03:40:28 2015 CET
> <snip>
>
> Every service still seems to work - but we're quite nervous - this is a
> production system(lesson learned!).
>
> I tried to force sync
> samba-tool drs replicate --full-sync DC04 DC03 dc=ourdomain,dc=com
> ERROR(<class 'samba.drs_utils.drsException'>): DsReplicaSync failed -
> drsException: DsReplicaSync failed (-1073741643, 'NT_STATUS_IO_TIMEOUT')
>
> Or setup:
> sernet-samba 99:4.1.17-10
>
> [global]
> workgroup = OURDOMAIN
> realm = OURDOMAIN.COM
> netbios name = DC04
> log level = 3
>
> server role = active directory domain controller
> dns forwarder = 192.168.1.254
> <snip>
>
> Ubuntu 12.04
>
> How can I fix this. Any help is highly appreciated.
> Joe
>
> --
> Johannes Amorosa | Celluloid VFX
>
>
>
>
> ---------- Mensaje reenviado ----------
> From: "Johannes Amorosa | Celluloid VFX" <johannesa at celluloid-vfx.com>
> To: samba at lists.samba.org
> Cc:
> Date: Fri, 27 Mar 2015 14:12:34 +0100
> Subject: Re: [Samba] Replication error after trying to sync sysvol
> Found the problem. There is a DNS Problem on one machine. This happend
> because I was testing some samba AD settings in a virtual machine,
> without knowing that NAT isn't shielding this properly - this vm
> propagated the "new" IP to one of the dcs.
>
> DC04> ping DC03
> gives wrong IP!
>
> This should be fixable with the samba-tool dns update?
>
>
> On 03/27/2015 01:14 PM, Johannes Amorosa | Celluloid VFX wrote:
>
>> I tried to synchronize the sysvol folders, on two dcs. Something went
>> wrong since yesterday we have replication problems:
>> One machine shows this, while the other one is happy.
>>
>> samba-tool drs showrepl
>>
>> ==== INBOUND NEIGHBORS ====
>>
>> DC=DomainDnsZones,DC=ourdomain,DC=com
>> Default-First-Site-Name\DC03 via RPC
>> DSA object GUID: af610e1a-9e3b-4cdd-a36b-c296d77a9479
>> Last attempt @ Fri Mar 27 12:58:42 2015 CET failed, result 121
>> (WERR_SEM_TIMEOUT)
>> 126 consecutive failure(s).
>> Last success @ Fri Mar 27 03:40:24 2015 CET
>>
>> DC=ForestDnsZones,DC=ourdomain,DC=com
>> Default-First-Site-Name\DC04 via RPC
>> DSA object GUID: af610e1a-9e3b-4cdd-a36b-c296d77a9479
>> Last attempt @ Fri Mar 27 12:51:41 2015 CET failed, result 121
>> (WERR_SEM_TIMEOUT)
>> 102 consecutive failure(s).
>> Last success @ Fri Mar 27 03:40:24 2015 CET
>>
>> DC=ourdomain,DC=com
>> Default-First-Site-Name\DC03 via RPC
>> DSA object GUID: af610e1a-9e3b-4cdd-a36b-c296d77a9479
>> Last attempt @ Fri Mar 27 12:57:42 2015 CET failed, result 121
>> (WERR_SEM_TIMEOUT)
>> 106 consecutive failure(s).
>> Last success @ Fri Mar 27 03:40:25 2015 CET
>>
>> CN=Configuration,DC=ourdomain,DC=com
>> Default-First-Site-Name\DC03 via RPC
>> DSA object GUID: af610e1a-9e3b-4cdd-a36b-c296d77a9479
>> Last attempt @ Fri Mar 27 12:53:41 2015 CET failed, result 121
>> (WERR_SEM_TIMEOUT)
>> 102 consecutive failure(s).
>> Last success @ Fri Mar 27 03:40:26 2015 CET
>>
>> CN=Schema,CN=Configuration,DC=ourdomain,DC=com
>> Default-First-Site-Name\DC03 via RPC
>> DSA object GUID: af610e1a-9e3b-4cdd-a36b-c296d77a9479
>> Last attempt @ Fri Mar 27 12:54:41 2015 CET failed, result 121
>> (WERR_SEM_TIMEOUT)
>> 102 consecutive failure(s).
>> Last success @ Fri Mar 27 03:40:28 2015 CET
>> <snip>
>>
>> Every service still seems to work - but we're quite nervous - this is a
>> production system(lesson learned!).
>>
>> I tried to force sync
>> samba-tool drs replicate --full-sync DC04 DC03 dc=ourdomain,dc=com
>> ERROR(<class 'samba.drs_utils.drsException'>): DsReplicaSync failed -
>> drsException: DsReplicaSync failed (-1073741643, 'NT_STATUS_IO_TIMEOUT')
>>
>> Or setup:
>> sernet-samba 99:4.1.17-10
>>
>> [global]
>> workgroup = OURDOMAIN
>> realm = OURDOMAIN.COM
>> netbios name = DC04
>> log level = 3
>>
>> server role = active directory domain controller
>> dns forwarder = 192.168.1.254
>> <snip>
>>
>> Ubuntu 12.04
>>
>> How can I fix this. Any help is highly appreciated.
>> Joe
>>
>>
> --
> Johannes Amorosa | Celluloid VFX
>
>
>
>
> ---------- Mensaje reenviado ----------
> From: "Johannes Amorosa | Celluloid VFX" <johannesa at celluloid-vfx.com>
> To: samba at lists.samba.org
> Cc:
> Date: Fri, 27 Mar 2015 14:59:54 +0100
> Subject: Re: [Samba] Replication error after trying to sync sysvol
> for the records:
> samba-tool dns delete DC03 ourdomain.inc DC03 A 10.0.2.15 -U administrator
>
> On 03/27/2015 02:12 PM, Johannes Amorosa | Celluloid VFX wrote:
>
>> Found the problem. There is a DNS Problem on one machine. This happend
>> because I was testing some samba AD settings in a virtual machine,
>> without knowing that NAT isn't shielding this properly - this vm
>> propagated the "new" IP to one of the dcs.
>>
>> DC04> ping DC03
>> gives wrong IP!
>>
>> This should be fixable with the samba-tool dns update?
>>
>>
>> On 03/27/2015 01:14 PM, Johannes Amorosa | Celluloid VFX wrote:
>>
>>> I tried to synchronize the sysvol folders, on two dcs. Something went
>>> wrong since yesterday we have replication problems:
>>> One machine shows this, while the other one is happy.
>>>
>>> samba-tool drs showrepl
>>>
>>> ==== INBOUND NEIGHBORS ====
>>>
>>> DC=DomainDnsZones,DC=ourdomain,DC=com
>>> Default-First-Site-Name\DC03 via RPC
>>> DSA object GUID: af610e1a-9e3b-4cdd-a36b-c296d77a9479
>>> Last attempt @ Fri Mar 27 12:58:42 2015 CET failed, result 121
>>> (WERR_SEM_TIMEOUT)
>>> 126 consecutive failure(s).
>>> Last success @ Fri Mar 27 03:40:24 2015 CET
>>>
>>> DC=ForestDnsZones,DC=ourdomain,DC=com
>>> Default-First-Site-Name\DC04 via RPC
>>> DSA object GUID: af610e1a-9e3b-4cdd-a36b-c296d77a9479
>>> Last attempt @ Fri Mar 27 12:51:41 2015 CET failed, result 121
>>> (WERR_SEM_TIMEOUT)
>>> 102 consecutive failure(s).
>>> Last success @ Fri Mar 27 03:40:24 2015 CET
>>>
>>> DC=ourdomain,DC=com
>>> Default-First-Site-Name\DC03 via RPC
>>> DSA object GUID: af610e1a-9e3b-4cdd-a36b-c296d77a9479
>>> Last attempt @ Fri Mar 27 12:57:42 2015 CET failed, result 121
>>> (WERR_SEM_TIMEOUT)
>>> 106 consecutive failure(s).
>>> Last success @ Fri Mar 27 03:40:25 2015 CET
>>>
>>> CN=Configuration,DC=ourdomain,DC=com
>>> Default-First-Site-Name\DC03 via RPC
>>> DSA object GUID: af610e1a-9e3b-4cdd-a36b-c296d77a9479
>>> Last attempt @ Fri Mar 27 12:53:41 2015 CET failed, result 121
>>> (WERR_SEM_TIMEOUT)
>>> 102 consecutive failure(s).
>>> Last success @ Fri Mar 27 03:40:26 2015 CET
>>>
>>> CN=Schema,CN=Configuration,DC=ourdomain,DC=com
>>> Default-First-Site-Name\DC03 via RPC
>>> DSA object GUID: af610e1a-9e3b-4cdd-a36b-c296d77a9479
>>> Last attempt @ Fri Mar 27 12:54:41 2015 CET failed, result 121
>>> (WERR_SEM_TIMEOUT)
>>> 102 consecutive failure(s).
>>> Last success @ Fri Mar 27 03:40:28 2015 CET
>>> <snip>
>>>
>>> Every service still seems to work - but we're quite nervous - this is a
>>> production system(lesson learned!).
>>>
>>> I tried to force sync
>>> samba-tool drs replicate --full-sync DC04 DC03 dc=ourdomain,dc=com
>>> ERROR(<class 'samba.drs_utils.drsException'>): DsReplicaSync failed -
>>> drsException: DsReplicaSync failed (-1073741643, 'NT_STATUS_IO_TIMEOUT')
>>>
>>> Or setup:
>>> sernet-samba 99:4.1.17-10
>>>
>>> [global]
>>> workgroup = OURDOMAIN
>>> realm = OURDOMAIN.COM
>>> netbios name = DC04
>>> log level = 3
>>>
>>> server role = active directory domain controller
>>> dns forwarder = 192.168.1.254
>>> <snip>
>>>
>>> Ubuntu 12.04
>>>
>>> How can I fix this. Any help is highly appreciated.
>>> Joe
>>>
>>>
>>
> --
> Johannes Amorosa | Celluloid VFX
>
>
>
>
> ---------- Mensaje reenviado ----------
> From: Rowland Penny <rowlandpenny at googlemail.com>
> To: samba at lists.samba.org
> Cc:
> Date: Fri, 27 Mar 2015 15:13:17 +0000
> Subject: Re: [Samba] Win 2008srv to Samba4 DNS problems
> On 27/03/15 10:57, Sam wrote:
>
>> Hello,
>>
>> I try to migrate form an old windows AD ( win 2000 )
>> So I use a temporary windows2008R2 to move AD from win2000 to S4.
>> Forest and domain level are W2008R2.
>> Now I have some problems with the dns in samba4. I have no answers even
>> in local from samba4.
>>
>> If I try to move from a new empty windows 2008 ad, The service start and
>> answer well...
>> So I think something in my old DNS database is missing or disturbing...
>>
>> I just have done this on the dns : (http://support.microsoft.com/
>> fr-fr/kb/817470)
>>
>>
>> But in the new Windows 2008, I can see something that I don't have in the
>> old:
>>
>>
>> What I am missing? Is there a best practice guide for preparing DNS to
>> follow before joining a samba4? ( remove windows 2000 AD compatibility for
>> instance...)
>>
>> Thanks all!
>>
>> Samuel
>>
>> ps : here is my syslog details :
>>
>> Mar 27 11:46:00 S4 named[2226]: starting BIND 9.8.4-rpz2+rl005.12-P1 -u
>> bind -4
>> Mar 27 11:46:00 S4 named[2226]: built with '--prefix=/usr'
>> '--mandir=/usr/share/man' '--infodir=/usr/share/info'
>> '--sysconfdir=/etc/bind' '--localstatedir=/var' '--enable-threads'
>> '--enable-largefile' '--with-libtool' '--enable-shared' '--enable-static'
>> '--with-openssl=/usr' '--with-gssapi=/usr' '--with-gnu-ld'
>> '--with-geoip=/usr' '--enable-ipv6' 'CFLAGS=-fno-strict-aliasing
>> -DDIG_SIGCHASE -O2'
>> Mar 27 11:46:00 S4 named[2226]: ------------------------------
>> ----------------------
>> Mar 27 11:46:00 S4 named[2226]: BIND 9 is maintained by Internet Systems
>> Consortium,
>> Mar 27 11:46:00 S4 named[2226]: Inc. (ISC), a non-profit 501(c)(3)
>> public-benefit
>> Mar 27 11:46:00 S4 named[2226]: corporation. Support and training for
>> BIND 9 are
>> Mar 27 11:46:00 S4 named[2226]: available at https://www.isc.org/support
>> Mar 27 11:46:00 S4 named[2226]: ------------------------------
>> ----------------------
>> Mar 27 11:46:00 S4 named[2226]: adjusted limit on open files from 4096 to
>> 1048576
>> Mar 27 11:46:00 S4 named[2226]: found 2 CPUs, using 2 worker threads
>> Mar 27 11:46:00 S4 named[2226]: using up to 4096 sockets
>> Mar 27 11:46:00 S4 named[2226]: loading configuration from
>> '/etc/bind/named.conf'
>> Mar 27 11:46:00 S4 named[2226]: reading built-in trusted keys from file
>> '/etc/bind/bind.keys'
>> Mar 27 11:46:00 S4 named[2226]: using default UDP/IPv4 port range: [1024,
>> 65535]
>> Mar 27 11:46:00 S4 named[2226]: using default UDP/IPv6 port range: [1024,
>> 65535]
>> Mar 27 11:46:00 S4 named[2226]: no IPv6 interfaces found
>> Mar 27 11:46:00 S4 named[2226]: listening on IPv4 interface lo,
>> 127.0.0.1#53
>> Mar 27 11:46:00 S4 named[2226]: listening on IPv4 interface eth0,
>> 172.20.2.2#53
>> Mar 27 11:46:00 S4 named[2226]: generating session key for dynamic DNS
>> Mar 27 11:46:00 S4 named[2226]: sizing zone task pool based on 5 zones
>> Mar 27 11:46:01 S4 named[2226]: Loading 'AD DNS Zone' using driver dlopen
>> Mar 27 11:46:01 S4 ntpd[2301]: ntpd 4.2.6p5 at 1.2349-o Sat Feb 7 11:05:48
>> UTC 2015 (1)
>> Mar 27 11:46:01 S4 ntpd[2302]: proto: precision = 0.100 usec
>> Mar 27 11:46:01 S4 ntpd[2302]: Listen normally on 0 lo 127.0.0.1 UDP 123
>> Mar 27 11:46:01 S4 ntpd[2302]: Listen normally on 1 eth0 172.20.2.2 UDP
>> 123
>> Mar 27 11:46:01 S4 ntpd[2302]: peers refreshed
>> Mar 27 11:46:01 S4 ntpd[2302]: Listening on routing socket on fd #18 for
>> interface updates
>> Mar 27 11:46:01 S4 ntpd[2302]: MS-SNTP signd operations currently block
>> ntpd degrading service to all clients.
>> Mar 27 11:46:02 S4 samba[2374]: [2015/03/27 11:46:02.896676, 0]
>> ../source4/smbd/server.c:370(binary_smbd_main)
>> Mar 27 11:46:02 S4 samba[2374]: samba version
>> 4.1.17-SerNet-Debian-10.wheezy started.
>> Mar 27 11:46:02 S4 samba[2374]: Copyright Andrew Tridgell and the Samba
>> Team 1992-2013
>> Mar 27 11:46:03 S4 named[2226]: samba_dlz: started for DN
>> DC=ariane,DC=intra
>> Mar 27 11:46:03 S4 named[2226]: samba_dlz: starting configure
>> Mar 27 11:46:03 S4 named[2226]: samba_dlz: configured writeable zone
>> '_msdcs.ariane.intra'
>> Mar 27 11:46:03 S4 named[2226]: using built-in root key for view _default
>> Mar 27 11:46:03 S4 named[2226]: set up managed keys zone for view
>> _default, file 'managed-keys.bind'
>> Mar 27 11:46:03 S4 named[2226]: command channel listening on 127.0.0.1#953
>> Mar 27 11:46:03 S4 named[2226]: zone 0.in-addr.arpa/IN: loaded serial 1
>> Mar 27 11:46:03 S4 named[2226]: zone 127.in-addr.arpa/IN: loaded serial 1
>> Mar 27 11:46:03 S4 named[2226]: zone 255.in-addr.arpa/IN: loaded serial 1
>> Mar 27 11:46:03 S4 named[2226]: zone localhost/IN: loaded serial 2
>> Mar 27 11:46:03 S4 named[2226]: managed-keys-zone ./IN: loaded serial 2
>> Mar 27 11:46:03 S4 named[2226]: running
>> Mar 27 11:46:04 S4 ntpdate[1701]: the NTP socket is in use, exiting
>> Mar 27 11:46:04 S4 ntpdate[1670]: the NTP socket is in use, exiting
>> Mar 27 11:46:04 S4 ntpdate[1668]: the NTP socket is in use, exiting
>> Mar 27 11:46:04 S4 /usr/sbin/cron[2525]: (CRON) INFO (pidfile fd = 3)
>> Mar 27 11:46:04 S4 /usr/sbin/cron[2527]: (CRON) STARTUP (fork ok)
>> Mar 27 11:46:04 S4 /usr/sbin/cron[2527]: (CRON) INFO (Running @reboot
>> jobs)
>> Mar 27 11:46:04 S4 samba[2376]: [2015/03/27 11:46:04.862709, 0]
>> ../source4/smbd/server.c:488(binary_smbd_main)
>> Mar 27 11:46:04 S4 samba[2376]: samba: using 'standard' process model
>> Mar 27 11:46:04 S4 samba[2376]: [2015/03/27 11:46:04.885661, 0]
>> ../lib/util/become_daemon.c:136(daemon_ready)
>> Mar 27 11:46:07 S4 kernel: [ 17.220877] eth0: no IPv6 routers present
>> Mar 27 11:46:07 S4 samba[2792]: [2015/03/27 11:46:07.388008, 0]
>> ../source4/librpc/rpc/dcerpc_util.c:681(dcerpc_pipe_auth_recv)
>> Mar 27 11:46:07 S4 samba[2792]: Failed to bind to uuid
>> 12345678-1234-abcd-ef00-01234567cffb for 12345678-1234-abcd-ef00-
>> 01234567cffb at ncalrpc:127.0.0.1[DEFAULT,sign,seal] NT_STATUS_ACCESS_DENIED
>> Mar 27 11:46:07 S4 smbd[2785]: [2015/03/27 11:46:07.551928, 0]
>> ../lib/util/become_daemon.c:136(daemon_ready)
>> Mar 27 11:46:08 S4 kernel: [ 17.940675] eth1: no IPv6 routers present
>> Mar 27 11:46:21 S4 samba[2791]: [2015/03/27 11:46:21.280522, 0]
>> ../source4/dsdb/repl/replicated_objects.c:818(dsdb_
>> replicated_objects_commit)
>> Mar 27 11:46:21 S4 samba[2791]: ../source4/dsdb/repl/replicated_objects.c:818
>> Failed to prepare commit of transaction: operations error at
>> ../source4/dsdb/samdb/ldb_modules/descriptor.c:1147
>> Mar 27 11:46:21 S4 samba[2791]: [2015/03/27 11:46:21.283141, 0]
>> ../source4/dsdb/repl/drepl_out_helpers.c:758(dreplsrv_op_
>> pull_source_apply_changes_trigger)
>> Mar 27 11:46:21 S4 samba[2791]: Failed to commit objects:
>> WERR_GENERAL_FAILURE/NT_STATUS_INVALID_NETWORK_RESPONSE
>>
>>
> Hi, never had this problem, but I wonder if this would work, join a samba
> 4 DC directly to the 2K Server and then run 'samba_upgradedns'
>
> Worth a try on a test network, there is this in the middle of the
> 'samba_upgradedns' python code:
>
> # dnsprovision creates application partitions for AD based DNS mainly if
> the existing
> # provision was created using earlier snapshots of samba4 which did not
> have support
> # for DNS partitions
>
> Rowland
>
>
>
>
> ---------- Mensaje reenviado ----------
> From: Dania Ramirez Moya <dania181087 at gmail.com>
> To: samba <samba at lists.samba.org>
> Cc:
> Date: Fri, 27 Mar 2015 11:28:10 -0400
> Subject: [Samba] samba_dnsupdate failed with RuntimeError: kinit for
> SMB4ECONOMIA$@ECONOMIA failed (Cannot contact any KDC for requested realm)
> Hi list:
>
> I joined Samba4.1.7 to Windows2k3 R2 domain, when I run:
> *samba_dnsupdate --verbose --all-names*
>
>
> IPs: ['192.168.186.137']
> Skipping PDC entry (SRV
> _ldap._tcp.pdc._msdcs.${DNSDOMAIN} ${HOSTNAME} 389) as we
> are not a PDC
> Skipping PDC entry (SRV
> _ldap._tcp.pdc._msdcs.${DNSFOREST} ${HOSTNAME} 389) as we
> are not a PDC
> Traceback (most recent call last):
> File "/usr/sbin/samba_dnsupdate", line 510, in <module>
> get_credentials(lp)
> File "/usr/sbin/samba_dnsupdate", line 123, in get_credentials
> raise e
> *RuntimeError: kinit for SMB4ECONOMIA$@ECONOMIA failed (Cannot contact any
> KDC for requested realm)*
>
> Kinit works fine. This is mi /etc/resolv.conf:
> domain economia
> search economia
> nameserver 127.0.0.1
> nameserver 192.168.186.234 (Windows2k3)
>
> samba dns server works fine too.
> I haven't run fsmo transfer to samba4 nor w2k3 demote dc yet
> Is this error important?
> I would appreciate any help
> Best regards
>
>
>
> ---------- Mensaje reenviado ----------
> From: Rowland Penny <rowlandpenny at googlemail.com>
> To: samba at lists.samba.org
> Cc:
> Date: Fri, 27 Mar 2015 15:48:29 +0000
> Subject: Re: [Samba] samba_dnsupdate failed with RuntimeError: kinit for
> SMB4ECONOMIA$@ECONOMIA failed (Cannot contact any KDC for requested realm)
> On 27/03/15 15:28, Dania Ramirez Moya wrote:
>
>> Hi list:
>>
>> I joined Samba4.1.7 to Windows2k3 R2 domain, when I run:
>> *samba_dnsupdate --verbose --all-names*
>>
>>
>> IPs: ['192.168.186.137']
>> Skipping PDC entry (SRV
>> _ldap._tcp.pdc._msdcs.${DNSDOMAIN} ${HOSTNAME} 389) as
>> we
>> are not a PDC
>> Skipping PDC entry (SRV
>> _ldap._tcp.pdc._msdcs.${DNSFOREST} ${HOSTNAME} 389) as
>> we
>> are not a PDC
>> Traceback (most recent call last):
>> File "/usr/sbin/samba_dnsupdate", line 510, in <module>
>> get_credentials(lp)
>> File "/usr/sbin/samba_dnsupdate", line 123, in get_credentials
>> raise e
>> *RuntimeError: kinit for SMB4ECONOMIA$@ECONOMIA failed (Cannot contact any
>> KDC for requested realm)*
>>
>> Kinit works fine. This is mi /etc/resolv.conf:
>> domain economia
>> search economia
>> nameserver 127.0.0.1
>> nameserver 192.168.186.234 (Windows2k3)
>>
>> samba dns server works fine too.
>> I haven't run fsmo transfer to samba4 nor w2k3 demote dc yet
>> Is this error important?
>> I would appreciate any help
>> Best regards
>>
>
> Is your kerberos realm really 'ECONOMIA' ?
> It is usually in the format 'EXAMPLE.COM'
>
> You can remove the domain line from /etc/resolv.conf, you cannot have both
> 'domain' and 'search' and the second to be found will be used. You should
> also have the other DC first in the list, so your DC uses the other DC for
> dns unless that fails.
>
> What have you got in /etc/krb5.conf ?
>
> Rowland
>
>
>
>
>
>
> ---------- Mensaje reenviado ----------
> From: Ciaran Scolard <Ciaran at phonovation.com>
> To: "'samba at lists.samba.org'" <samba at lists.samba.org>
> Cc:
> Date: Fri, 27 Mar 2015 15:35:12 +0000
> Subject: [Samba] Weird issue - STATUS_DISK_FULL
> Hi All,
>
> I've a share on a btrfs volume that is reporting that there isn't enough
> disk space for a backup.
> Which is odd as the file is about 300GB in size and df -h reports 5TB
> free.
> Any ideas?
>
> testparm -s
> Load smb config files from /etc/samba/smb.conf
> Processing section "[BACKUP00]"
> Loaded services file OK.
> Server role: ROLE_STANDALONE
> [global]
> map to guest = Bad User
> log file = /var/log/samba/log.%m
> max xmit = 65535
> deadtime = 15
> socket options = TCP_NODELAY IPTOS_LOWDELAY
> load printers = No
> printcap name = /dev/null
> disable spoolss = Yes
> idmap config * : backend = tdb
> use sendfile = Yes
> write cache size = 1048576
> printing = bsd
> print command = lpr -r -P'%p' %s
> lpq command = lpq -P'%p'
> lprm command = lprm -P'%p' %j
>
> [BACKUP00]
> comment = BACKUPS
> path = /BACKUP00/Shared/
> read only = No
> guest only = Yes
> guest ok = Yes
> vfs objects = btrfs
>
>
>
> ---------- Mensaje reenviado ----------
> From: David Disseldorp <ddiss at suse.de>
> To: Ciaran Scolard <Ciaran at phonovation.com>
> Cc: "'samba at lists.samba.org'" <samba at lists.samba.org>
> Date: Fri, 27 Mar 2015 17:10:42 +0100
> Subject: Re: [Samba] Weird issue - STATUS_DISK_FULL
> Hi Ciaran,
>
> On Fri, 27 Mar 2015 15:35:12 +0000, Ciaran Scolard wrote:
>
> > I've a share on a btrfs volume that is reporting that there isn't enough
> disk space for a backup.
> > Which is odd as the file is about 300GB in size and df -h reports 5TB
> free.
> > Any ideas?
>
> Free space tracking in Btrfs (and other CoW filesystems) is generally
> complex. I'd suggest you take a look at the Btrfs documentation at:
>
> https://btrfs.wiki.kernel.org/index.php/FAQ#Help.21_I_ran_out_of_disk_space.21
>
> Cheers, David
>
>
>
> ---------- Mensaje reenviado ----------
> From: Ciaran Scolard <Ciaran at phonovation.com>
> To: "'David Disseldorp'" <ddiss at suse.de>
> Cc: "'samba at lists.samba.org'" <samba at lists.samba.org>
> Date: Fri, 27 Mar 2015 16:23:41 +0000
> Subject: Re: [Samba] Weird issue - STATUS_DISK_FULL
> Thanks David.
>
> It's a brand new array but I've double checked and there's not much space
> used and plenty free.
>
>
> -----Original Message-----
> From: David Disseldorp [mailto:ddiss at suse.de]
> Sent: 27 March 2015 16:11
> To: Ciaran Scolard
> Cc: 'samba at lists.samba.org'
> Subject: Re: [Samba] Weird issue - STATUS_DISK_FULL
>
> Hi Ciaran,
>
> On Fri, 27 Mar 2015 15:35:12 +0000, Ciaran Scolard wrote:
>
> > I've a share on a btrfs volume that is reporting that there isn't enough
> disk space for a backup.
> > Which is odd as the file is about 300GB in size and df -h reports 5TB
> free.
> > Any ideas?
>
> Free space tracking in Btrfs (and other CoW filesystems) is generally
> complex. I'd suggest you take a look at the Btrfs documentation at:
>
> https://btrfs.wiki.kernel.org/index.php/FAQ#Help.21_I_ran_out_of_disk_space.21
>
> Cheers, David
>
>
>
> ---------- Mensaje reenviado ----------
> From: David Disseldorp <ddiss at suse.de>
> To: Ciaran Scolard <Ciaran at phonovation.com>
> Cc: "'samba at lists.samba.org'" <samba at lists.samba.org>
> Date: Fri, 27 Mar 2015 17:35:33 +0100
> Subject: Re: [Samba] Weird issue - STATUS_DISK_FULL
> On Fri, 27 Mar 2015 16:23:41 +0000, Ciaran Scolard wrote:
>
> > Thanks David.
> >
> > It's a brand new array but I've double checked and there's not much
> space used and plenty free.
>
> Which kernel version are you using. Which version of Samba are you
> running? Can you reproduce the ENOSPC error doing a similar IO on the
> local filesystem, or only via Samba?
>
> Finally, have you tried running "btrfs fi balance ..." on the
> filesystem?
>
> Cheers, David
>
>
> _______________________________________________
> samba mailing list
> samba at lists.samba.org
> https://lists.samba.org/mailman/listinfo/samba
>
>
Hello, thank you Rowland for you response
Yes, it is.This domain was installed with a single label, just ECONOMIA.
Is that a problem?
Thit is my /etc/krb5.conf
[libdefaults]
default_realm = ECONOMIA
dns_lookup_realm = true
dns_lookup_kdc = true
I made the changes that you suggest me but I continue to get the same
result RuntimeError: kinit for SMB4ECONOMIA$@ECONOMIA failed (Cannot
contact any KDC for)
*samba_dnsupdate --verboseIPs: ['192.168.186.137']Skipping PDC entry (SRV
_ldap._tcp.pdc._msdcs.${DNSDOMAIN} ${HOSTNAME} 389) as we
are not a PDCSkipping PDC entry (SRV
_ldap._tcp.pdc._msdcs.${DNSFOREST} ${HOSTNAME} 389) as we
are not a PDCLooking for DNS entry A economia 192.168.186.137 as
economia.Failed to find matching DNS entry A economia
192.168.186.137Looking for DNS entry A smb4economia.economia
192.168.186.137 as smb4economia.economia.Looking for DNS entry A
gc._msdcs.economia 192.168.186.137 as gc._msdcs.economia.Failed to find
matching DNS entry A gc._msdcs.economia 192.168.186.137Looking for DNS
entry CNAME 207c6ca4-3976-4aaf-b60a-bc98093df340._msdcs.economia
smb4economia.economia as
207c6ca4-3976-4aaf-b60a-bc98093df340._msdcs.economia.Looking for DNS entry
SRV _kpasswd._tcp.economia smb4economia.economia 464 as
_kpasswd._tcp.economia.Checking 0 100 464 dc.economia. against SRV
_kpasswd._tcp.economia smb4economia.economia 464Failed to find matching DNS
entry SRV _kpasswd._tcp.economia smb4economia.economia 464Looking for DNS
entry SRV _kpasswd._udp.economia smb4economia.economia 464 as
_kpasswd._udp.economia.Checking 0 100 464 dc.economia. against SRV
_kpasswd._udp.economia smb4economia.economia 464Failed to find matching DNS
entry SRV _kpasswd._udp.economia smb4economia.economia 464Looking for DNS
entry SRV _kerberos._tcp.economia smb4economia.economia 88 as
_kerberos._tcp.economia.Checking 0 100 88 dc.economia. against SRV
_kerberos._tcp.economia smb4economia.economia 88Failed to find matching DNS
entry SRV _kerberos._tcp.economia smb4economia.economia 88Looking for DNS
entry SRV _kerberos._tcp.dc._msdcs.economia smb4economia.economia 88 as
_kerberos._tcp.dc._msdcs.economia.Checking 0 100 88 dc.economia. against
SRV _kerberos._tcp.dc._msdcs.economia smb4economia.economia 88Failed to
find matching DNS entry SRV _kerberos._tcp.dc._msdcs.economia
smb4economia.economia 88Looking for DNS entry SRV
_kerberos._tcp.default-first-site-name._sites.economia
smb4economia.economia 88 as
_kerberos._tcp.default-first-site-name._sites.economia.Checking 0 100 88
dc.economia. against SRV
_kerberos._tcp.default-first-site-name._sites.economia
smb4economia.economia 88Failed to find matching DNS entry SRV
_kerberos._tcp.default-first-site-name._sites.economia
smb4economia.economia 88Looking for DNS entry SRV
_kerberos._tcp.default-first-site-name._sites.dc._msdcs.economia
smb4economia.economia 88 as
_kerberos._tcp.default-first-site-name._sites.dc._msdcs.economia.Checking 0
100 88 dc.economia. against SRV
_kerberos._tcp.default-first-site-name._sites.dc._msdcs.economia
smb4economia.economia 88Failed to find matching DNS entry SRV
_kerberos._tcp.default-first-site-name._sites.dc._msdcs.economia
smb4economia.economia 88Looking for DNS entry SRV _kerberos._udp.economia
smb4economia.economia 88 as _kerberos._udp.economia.Checking 0 100 88
dc.economia. against SRV _kerberos._udp.economia smb4economia.economia
88Failed to find matching DNS entry SRV _kerberos._udp.economia
smb4economia.economia 88Looking for DNS entry SRV _ldap._tcp.economia
smb4economia.economia 389 as _ldap._tcp.economia.Checking 0 100 389
dc.economia. against SRV _ldap._tcp.economia smb4economia.economia
389Failed to find matching DNS entry SRV _ldap._tcp.economia
smb4economia.economia 389Looking for DNS entry SRV
_ldap._tcp.dc._msdcs.economia smb4economia.economia 389 as
_ldap._tcp.dc._msdcs.economia.Checking 0 100 389 dc.economia. against SRV
_ldap._tcp.dc._msdcs.economia smb4economia.economia 389Failed to find
matching DNS entry SRV _ldap._tcp.dc._msdcs.economia smb4economia.economia
389Looking for DNS entry SRV _ldap._tcp.gc._msdcs.economia
smb4economia.economia 3268 as _ldap._tcp.gc._msdcs.economia.Checking 0 100
3268 dc.economia. against SRV _ldap._tcp.gc._msdcs.economia
smb4economia.economia 3268Failed to find matching DNS entry SRV
_ldap._tcp.gc._msdcs.economia smb4economia.economia 3268Looking for DNS
entry SRV _ldap._tcp.default-first-site-name._sites.economia
smb4economia.economia 389 as
_ldap._tcp.default-first-site-name._sites.economia.Checking 0 100 389
dc.economia. against SRV _ldap._tcp.default-first-site-name._sites.economia
smb4economia.economia 389Failed to find matching DNS entry SRV
_ldap._tcp.default-first-site-name._sites.economia smb4economia.economia
389Looking for DNS entry SRV
_ldap._tcp.default-first-site-name._sites.dc._msdcs.economia
smb4economia.economia 389 as
_ldap._tcp.default-first-site-name._sites.dc._msdcs.economia.Checking 0 100
389 dc.economia. against SRV
_ldap._tcp.default-first-site-name._sites.dc._msdcs.economia
smb4economia.economia 389Failed to find matching DNS entry SRV
_ldap._tcp.default-first-site-name._sites.dc._msdcs.economia
smb4economia.economia 389Looking for DNS entry SRV
_ldap._tcp.default-first-site-name._sites.gc._msdcs.economia
smb4economia.economia 3268 as
_ldap._tcp.default-first-site-name._sites.gc._msdcs.economia.Checking 0 100
3268 dc.economia. against SRV
_ldap._tcp.default-first-site-name._sites.gc._msdcs.economia
smb4economia.economia 3268Failed to find matching DNS entry SRV
_ldap._tcp.default-first-site-name._sites.gc._msdcs.economia
smb4economia.economia 3268Looking for DNS entry SRV
_ldap._tcp.2dcb8925-d286-4995-8b9a-3cbc85a636b0.domains._msdcs.economia
smb4economia.economia 389 as
_ldap._tcp.2dcb8925-d286-4995-8b9a-3cbc85a636b0.domains._msdcs.economia.Checking
0 100 389 dc.economia. against SRV
_ldap._tcp.2dcb8925-d286-4995-8b9a-3cbc85a636b0.domains._msdcs.economia
smb4economia.economia 389Failed to find matching DNS entry SRV
_ldap._tcp.2dcb8925-d286-4995-8b9a-3cbc85a636b0.domains._msdcs.economia
smb4economia.economia 389Looking for DNS entry SRV _gc._tcp.economia
smb4economia.economia 3268 as _gc._tcp.economia.Checking 0 100 3268
dc.economia. against SRV _gc._tcp.economia smb4economia.economia 3268Failed
to find matching DNS entry SRV _gc._tcp.economia smb4economia.economia
3268Looking for DNS entry SRV
_gc._tcp.default-first-site-name._sites.economia smb4economia.economia 3268
as _gc._tcp.default-first-site-name._sites.economia.Checking 0 100 3268
dc.economia. against SRV _gc._tcp.default-first-site-name._sites.economia
smb4economia.economia 3268Failed to find matching DNS entry SRV
_gc._tcp.default-first-site-name._sites.economia smb4economia.economia
3268Traceback (most recent call last): File "/usr/sbin/samba_dnsupdate",
line 510, in <module> get_credentials(lp) File
"/usr/sbin/samba_dnsupdate", line 123, in get_credentials raise
eRuntimeError: kinit for SMB4ECONOMIA$@ECONOMIA failed (Cannot contact any
KDC for requested realm)*
More information about the samba
mailing list