[Samba] Samba 4.2.14 Group Policy (GPO) sync error

rme at bluemail.ch rme at bluemail.ch
Thu Aug 4 09:12:20 UTC 2016 

Hello

 > > Just I missed the correct IPv6 PTR record from the DNS. 


 > Ok and whats obligated for a correct working kerberos environment.

Well, I thought Samba bind_dlz is going to configure also the required PTR and 
all other kerberos DNS entries in ad.cbyerdyne.local zone which is entirely 
managed by Samba.

I don't intend to run any Kerberos services in cyberdyne.local DNS domain.


 > Next.. your hosts files...

Updated according to your suggestions:

# IPv4 and IPv6 localhost aliases
127.0.0.1       localhost localhost.localdomain
10.0.1.6        skynet.ad.cyberdyne.local skynet
fdea:5b48:d4c1:1:1::6   skynet.ad.cyberdyne.local skynet

::1             localhost ip6-localhost ip6-loopback
ff02::1         ip6-allnodes
ff02::2         ip6-allrouters

And just for testing to resolve the client I am currently testing with:

# nslookup cyb64w10-hpnb
Server:         10.0.1.6
Address:        10.0.1.6#53

Name:   cyb64w10-hpnb.ad.cyberdyne.local
Address: 10.0.1.186



 > Why above. :
 > > # Generated by net-scripts for interface lan0
 > > domain ad.cyberdyne.local

 > So you server is in domain ad.cyberdyne.local

Well actually this was a mistake inserted manually during tests (my bad).
The DNS domain for the server should be cyberdyne.local.

This if fixed after the suggested reboot, the resolv.conf looks as follows:
# Generated by net-scripts for interface lan0
domain cyberdyne.local
search ad.cyberdyne.local cyberdyne.local
nameserver 10.0.1.6
nameserver 10.0.2.6


(yes the server got 2 IPv4 interfaces)
I have assigned both of the DNS search suffix though.



 > Now after these changes reboot the server, when up, reboot the pc.
 > And check again.

Just did that. Tried gpupdate on the client with IPv6 disabled with the same result.



 > For the : skynet.cyberdyne.local
 > setup an alias in your dns, if needed, but since you have dns search also to 
both domains that “should” not be needed.

I can resolve this name properly as the DNS zone is managed by the server:

C:\Temp>nslookup skynet
Server:  skynet.cyberdyne.local
Address:  10.0.1.6

Name:    skynet.ad.cyberdyne.local
Address:  10.0.1.6


C:\Temp>nslookup skynet.cyberdyne.local
Server:  skynet.cyberdyne.local
Address:  10.0.1.6

Name:    skynet.cyberdyne.local
Addresses:  fdea:5b48:d4c1:1:1::6
           10.0.1.6
           10.0.2.6

(from client with IPv6 disabled)

 > Dont make an A record for this in .cyberdyne.local CNAME.

Not sure what you mean by this. Of course the host has an A record 
"skynet.cyberdyne.local". The zone ad.cyberdyne.local is managed by bind_dlz and 
cyberdyne.local is having it's own A recoreds (for example for the various 
network devices, printers etc.).


 > p.s. you do know that .local is reserved for apple’s mDNS (zeroconf ) and is 
“adviced” not to use.
 > https://en.wikipedia.org/wiki/.local

I know about this. This Samba domain is runing since > 10 years and got upgraded 
to Samba AD somewhen last year. I don't intend to run any mDNS stuff and never 
experienced any issues with this. Moreover I don't intend to register a domain 
just for internal tests and this is exaclty what .local was meant to be. In 
general I can't imagine this issue to be connected to the .local domain.


Meanwhile I have tried also to configure Samba to listen only on IPv4 
interfaces. Though this didn't do any change either.


Again, many thanks for your investigations.

More information about the samba mailing list