[Samba] Horrible BIND9_DLZ DNS breakage after DC replaced and samba-tool domain demote --remove-other-dead-server

L.P.H. van Belle belle at bazuin.nl
Mon Aug 15 14:20:14 UTC 2016 

In addition with Rowlands comment. 

I suggest you try 
/etc/hosts   add only 
127.0.0.1 localhost 

Now type 

Hostname -f
Hostname -s
Hostname -d
Hostname -I

Are these all correct? > No, 
Edit resolv.conf
domain samba.ifa.net
search samba.ifa.net ifa.net
nameserver 127.0.0.1


What happens now if you try the above command. 
Correct? Yes => correct your hosts and resolv.conf
 No
 ||
 \/ change resolv.conf to 
nameserver IP_of_server

Still not working, error in named.conf or no entries in the AD DNS. 

Try it out.

Greetz, 

Louis



> -----Oorspronkelijk bericht-----
> Van: samba [mailto:samba-bounces at lists.samba.org] Namens Rowland Penny via
> samba
> Verzonden: maandag 15 augustus 2016 15:45
> Aan: samba at lists.samba.org
> Onderwerp: Re: [Samba] Horrible BIND9_DLZ DNS breakage after DC replaced
> and samba-tool domain demote --remove-other-dead-server
> 
> On Sun, 14 Aug 2016 23:17:57 +0100
> Alex Crow via samba <samba at lists.samba.org> wrote:
> 
> >
> >
> > On 14/08/16 22:14, Rowland Penny via samba wrote:
> > > On Sun, 14 Aug 2016 21:52:43 +0100
> > > Alex Crow via samba <samba at lists.samba.org> wrote:
> > >
> > >>> I am fairly sure this is your problem, it should be able to find
> > >>> the KDC on its own DC. Have you checked /etc/krb5.conf, /etc/hosts
> > >>> and /etc/resolv.conf ?
> > >> With the BIND server not running, and this krb5.conf:
> > >>
> > >> [libdefaults]
> > >>         default_realm = SAMBA.IFA.NET
> > >>         dns_lookup_realm = false
> > >>         dns_lookup_kdc = true
> > >> ~
> > >>
> > >> samba_dnsupdate cannot find the KDC. Even if I add:
> > >>
> > >> [realms]
> > >>     SAMBA4.IFA.NET {
> > >>     kdc= 172.31.0.10
> > >> }
> > >>
> > > Well, I don't think you can find the KDC if the DNS server isn't
> > > running, you could try changing 'dns_lookup_kdc = true' to false
> > I think I tried that, but I'm not 100% sure. I tried a lot of things
> > to get back on track.
> >
> > >
> > >> it still complains about not finding a KDC and does not complete.
> > >>
> > >> Oddly if I can use the output to figure out the DNS entries I need
> > >> to add, so I thought "ah, cool, I'll use samba-tool dns" to add
> > >> them back in. To my great surprise, when I try to add each entry
> > >> that samba_dnsupdate says is missing, samba-tool tells me it
> > >> already exists!!
> > > OK, try running:
> > >
> > > ldbedit -e nano -H /usr/local/samba/private/sam.ldb --cross-ncs
> > > --show-binary
> > >
> > > replace nano with your favourite editor and
> > > '/usr/local/samba/private/sam.ldb' with the path to your sam.ldb.
> > >
> > > You should now be able to search the entire AD and see if your
> > > entries do exist.
> >
> > I did had a quick look with ldbedit before this last email. There were
> > indeed a number of DNS nodes but perhaps as I didn't use "
> >
> > --show-binary
> >
> > "
> >
> > I was missing something.
> 
> Just had a thought, how is /etc/resolv.conf set up ?
> Is it set up so that each DC uses the other first ?
> 
> If it is, then this 'could' be your problem, your second DC tries to
> find the KDC, so it asks DNS (via resolv.conf) for the KDCs address.
> now if the other DC is first in line and doesn't exist, it will have
> to timeout before it will try the next nameserver and most probably
> will give up and tell you it cannot find the KDC
> 
> Rowland
> 
> 
> 
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba

More information about the samba mailing list