[Samba] Samba 4.2.14 Group Policy (GPO) sync error
L.P.H. van Belle
belle at bazuin.nl
Thu Aug 4 08:14:11 UTC 2016
Just I missed the correct IPv6 PTR record from the DNS.
Ok and whats obligated for a correct working kerberos environment.
Ahh.. Yes... dns A and PTR records. ;-) so one thing fixed thats ok..
The PC, ( ipconfig /all ) looks good now.
Next.. your hosts files...
> my /etc/hosts:
>
> # IPv4 and IPv6 localhost aliases
> 127.0.0.1 localhost
> ::1 localhost
>
> 10.0.1.6 skynet skynet.cyberdyne.local skynet.ad.cyberdyne.local
> fdea:5b48:d4c1:1:1::6 skynet skynet.cyberdyne.local
> skynet.ad.cyberdyne.local
Which looks ok but it isnt.
# look at this layout i made.. ( the localhost.localdomain is optional. )
127.0.0.1 localhost localhost.localdomain
#
10.0.1.6 skynet.ad.cyberdyne.local skynet
fdea:5b48:d4c1:1:1::6 skynet.ad.cyberdyne.local skynet
#
# The following lines are desirable for IPv6 capable hosts
::1 localhost ip6-localhost ip6-loopback
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters
Why above. :
> # Generated by net-scripts for interface lan0
> domain ad.cyberdyne.local
So you server is in domain ad.cyberdyne.local
Now after these changes reboot the server, when up, reboot the pc.
And check again.
For the : skynet.cyberdyne.local
setup an alias in your dns, if needed, but since you have dns search also to both domains that “should” not be needed.
Dont make an A record for this in .cyberdyne.local CNAME.
p.s. you do know that .local is reserved for apple’s mDNS (zeroconf ) and is “adviced” not to use.
https://en.wikipedia.org/wiki/.local
see also note 5 there.
But ! if your already up and running DONT change the domain, that wil give more problems..
Greetz,
Louis
> -----Oorspronkelijk bericht-----
> Van: samba [mailto:samba-bounces at lists.samba.org] Namens rme at bluemail.ch
> Verzonden: donderdag 4 augustus 2016 9:47
> Aan: samba at lists.samba.org
> Onderwerp: Re: [Samba] Samba 4.2.14 Group Policy (GPO) sync error
>
> Hello Louis,
>
> Thanks for your reply.
>
>
> > No, your output is not good.
>
> So let's have a look.
>
>
> > >C:\Temp>netdom verify cyb64w10-monster
> > >The format of the specified computer name is invalid.
> > Thats not good.
>
> Well, it quite clearly states the format is invalid. If I use the the FQDN
> of
> the AD domain it works fine. The DNS search is also including the AD
> domain as
> well as the primary DNS suffix is set to the AD domain (see below).
>
>
>
> > > C:\Temp>nslookup cyb64w10-monster
> > > Server: UnKnown
> > > Address: fdea:5b48:d4c1:1:1::6
> > Also not good.
>
> It resolves fine. Just I missed the correct IPv6 PTR record from the DNS.
>
> I did quickly fix this now (with no change to the result in GPO sync):
> C:\Temp>nslookup cyb64w10-monster
> Server: skynet.cyberdyne.local
> Address: fdea:5b48:d4c1:1:1::6
>
> Name: cyb64w10-monster.ad.cyberdyne.local
> Addresses: 2a02:120b:2c38:2951:8d95:bd76:deaa:73db
> fdea:5b48:d4c1:1:1::100
> fdea:5b48:d4c1:1:8d95:bd76:deaa:73db
> 10.0.1.119
>
>
> > open dos box and type ipconfig /all
>
> > check you primary dns suffix AND dns search.
> > Normaly these are the same, can you check this?
>
> > My guess, your missing the dns-search
>
>
> I actually get both suffixes and the primary DNS Suffix is set to
> ad.cyberdyne.local. The reason for this is that I am running a DNS zone
> including host data for my local LAN (cyberdyne.local) while the AD zone
> is
> entirely managed by bind_dlz (ad.cyberdyne.local). So in my DHCP
> configuration I
> am assigning the cyberdyne.local DNS domain name (dhcp.conf:
> option domain-name "cyberyne.local";
>
>
> C:\Temp>ipconfig /all
>
> Windows IP Configuration
>
> Host Name . . . . . . . . . . . . : cyb64w10-monster
> Primary Dns Suffix . . . . . . . : ad.cyberdyne.local
> Node Type . . . . . . . . . . . . : Hybrid
> IP Routing Enabled. . . . . . . . : No
> WINS Proxy Enabled. . . . . . . . : No
> DNS Suffix Search List. . . . . . : ad.cyberdyne.local
> cyberdyne.local
>
>
> > Are you using ipv6 in your lan? If not, try disable it.
> > And try again.
> > If your using ipv6, then disable it, try it and enable it back.
>
> Well, I am using IPv6 mainly for all services and don't want to disable
> it.
> Though I might try this temporary which will be quite a bunch of
> reconfiguration
> to disable IPv6 in all services
> later. . So I will come back with results on this
>
>
> > And post the resolv.conf and hosts files
>
> My resolv.conf:
>
> # Generated by net-scripts for interface lan0
> domain ad.cyberdyne.local
> search ad.cyberdyne.local cyberdyne.local
> nameserver fdea:5b48:d4c1:1:1::6
> nameserver 10.0.1.6
>
>
> my /etc/hosts:
>
> # IPv4 and IPv6 localhost aliases
> 127.0.0.1 localhost
> ::1 localhost
>
> 10.0.1.6 skynet skynet.cyberdyne.local skynet.ad.cyberdyne.local
> fdea:5b48:d4c1:1:1::6 skynet skynet.cyberdyne.local
> skynet.ad.cyberdyne.local
>
>
> On clients I don't have any modifications to the stock Windows 10 hosts
> file,
> just containing localhost entries.
>
>
> best regards,
> Rainer
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
More information about the samba
mailing list