[Samba] inconsistent DNS information, windows domain member issues..
Jo
j.o.l at live.com
Sun Jun 5 09:05:34 UTC 2016
I joined a Windows 10 Pro system to my (still experimental) domain. The
windows system actually hosts DC2 as a VM, and another Windows (Server 2008
R2) at another location hosts DC1 also as a VM. The two locations are
connected via a VPN, both systems run only when needed. The windows system
does not directly use DC2 for DNS but instead talks to a DNS resolver that
delegates the samba Domain to DC2. DC2 uses itself as nameserver.
I am observing the following issues that may be related or not:
* When I do a nslookup samba.domain DC2 I get the address of DC1,
nslookup DC2.sambadomain DC2 fails. Nslookup DC1.samba.domain DC2 works.
When I use dig @DC2 samba.domain it returns DC1 only. Dig samba.domain ANY
returns
;; ANSWER SECTION:
samba.domain. 3600 IN SOA dc2.samba. domain. hostmaster.samba.
domain. 1 900 600 86400 3600
samba. domain. 900 IN NS dc1.samba. domain.
samba. domain. 900 IN A 192.168.177.21
;; ADDITIONAL SECTION:
dc1.samba. domain. 900 IN A 192.168.177.21
Same information @DC2 or the local resolver of the network
* On windows nslookup -type=ANY samba.domain. (note the .)
Server: netgear.local
Address: 192.168.15.2
samba.domain
primary name server = dc2.samba. domain
responsible mail addr = hostmaster.samba.domain
serial = 1
refresh = 900 (15 mins)
retry = 600 (10 mins)
expire = 86400 (1 day)
default TTL = 3600 (1 hour)
samba. domain nameserver = dc1.samba. domain
samba. domain internet address = 192.168.177.21
dc1.samba. domain internet address = 192.168.177.21
* windows nslookup -type=ANY samba.domain (without .) looks for
samba.domain.domain. Is this OK or does it point to a problematic search
configuration?
* When I use the DNS mmc snap-in I can see a host record for dc2. I
can also see a host record for the windows system reflecting the IP address
before the system moved to the other location. I tried to update that, but
got an error message (translated from German) like the database of the
local security authority is internally inconsistent. The snap-in is ultra
slow via VPN, but what makes me more nervous are the to me inconsistent
views on the DNS nslookup showing DC2, mmc showing DC1 as the NS.
* In windows management console, only some of the domain
users&principals are shown with the name domain\identity, most of them are
shown S-xxx. With the one use shown domain\user I can logon to the windows
system however (likely with cached credentials, but don´t dare to change
them to confirm)
* When I try to modify folder permissions on the windows system, I get
a message Unable to contact Active Directory to access or verify claim
types
* On DC2: kinit Administrator returns kinit: Cannot contact any KDC
for realm samba.domain while getting initial credentials. This one was
easy to fix by adding the domain to /etc/krb5.conf. I am putting this in as
I changed configuration at this point..
* In an attempt to get Samba return DC2 as a nameserver I tried
samba-tool dns add dc2 samba.domain @ NS dc2.samba.domain.
Password for [Administrator at SAMBA.DOMAIN]:
ERROR(runtime): uncaught exception - (-1073741643, '{Device Timeout} The
specified I/O operation on %hs was not completed before the time-out period
expired.')
File "/usr/lib/python2.7/dist-packages/samba/netcmd/__init__.py", line
175, in _run
return self.run(*args, **kwargs)
File "/usr/lib/python2.7/dist-packages/samba/netcmd/dns.py", line 1062, in
run
dns_conn = dns_connect(server, self.lp, self.creds)
File "/usr/lib/python2.7/dist-packages/samba/netcmd/dns.py", line 40, in
dns_connect
dns_conn = dnsserver.dnsserver(binding_str, lp, creds)
in another attempt the command produced Record added successfully, but
using dig or nslookup I cannot find it. It is shown in the DNS mmc snap-in
(at least now). Restarting bind did not help.
* Following
https://wiki.samba.org/index.php/Check_and_fix_DNS_entries_on_DC_joins I
tried
root at dc2:/etc/bind# samba-tool dns add dc1 samba.domain DC2 A 192.168.15.22
-UAdministrator
Password for [SAMBA\Administrator]:
ERROR: Record already exists
root at dc2:/etc/bind# samba-tool dns add dc2 samba.domain DC2 A 192.168.15.22
-UAdministrator
Password for [SAMBA\Administrator]:
ERROR: Record already exists
root at dc2:/etc/bind# host -t A DC2.samba.domain
Host DC2.samba.lindenberg.one not found: 3(NXDOMAIN)
How should I proceed there?
I don´t know how to fix the inconsistent DNS entries and get windows to
work. Please advise.
Thanks, Joachim
More information about the samba
mailing list