[Samba] Logins differ for ip/DNS on ad dc

Rowland Penny rpenny at samba.org
Sun Nov 6 16:05:26 UTC 2016


On Sun, 6 Nov 2016 16:20:32 +0100
Maximilian Kirchner via samba <samba at lists.samba.org> wrote:

> Thanks a lot for your help so far. The main reason I do not use vms
> is that the server is pretty limited in RAM so this would only be my
> last resort. To prevent confusion: srv.wie (192.168.1.50) is the same
> machine as smb.wie (192.168.1.55), I seperated them just now to debug
> the problem.
> 
> 
> > These look like they are being run on the DC, what about from the
> > windows clients ?
> >
> 
> I did those via a linux client on the same network, here the results
> from windows (:
> C:\Users\kirchner.SMB>nslookup smb.wie
> Server:  srv.wie
> Address:  192.168.1.50
> Name:    smb.wie
> Address:  192.168.1.55
> C:\Users\kirchner.SMB>nslookup _ldap._tcp.smb.wie
> Server:  srv.wie
> Address:  192.168.1.50
> Name:    _ldap._tcp.smb.wie
> C:\Users\kirchner.SMB>nslookup _kerberos._tcp.smb.wie
> Server:  srv.wie
> Address:  192.168.1.50
> Name:    _kerberos._tcp.smb.wie
> 
> Can you post your bind9 conf files, there may be something relevant
> > there.
> >
> 
> named.conf:
> include "/etc/bind/named.conf.options";
> include "/etc/bind/named.conf.local";
> include "/etc/bind/named.conf.default-zones";
> include "/usr/local/samba/private/named.conf";
> 
> named.conf.options:
> options {
>         directory "/var/cache/bind";
>         forwarders {
>                 8.8.8.8;
>                 8.8.4.4;
>         };
> //========================================================================
>         // If BIND logs error messages about the root key being
> expired, // you will need to update your keys.  See
> https://www.isc.org/bind-keys
> //========================================================================
>         dnssec-validation auto;
>         auth-nxdomain no;    # conform to RFC1035
>         listen-on-v6 { any; };
>         tkey-gssapi-keytab "/usr/local/samba/private/dns.keytab";
> };
> 
> named.conf.local:
> zone "wie." {
> type master;
> file "/etc/bind/zones/db.wie";
> };
> zone "1.168.192.in-addr.arpa" {
> type master;
> file "/etc/bind/zones/db.1.168.192";
> };
> 
> named.conf.default-zones:
> // prime the server with knowledge of the root servers
> zone "." {
>         type hint;
>         file "/etc/bind/db.root";
> };
> // be authoritative for the localhost forward and reverse zones, and
> for // broadcast zones as per RFC 1912
> zone "localhost" {
>         type master;
>         file "/etc/bind/db.local";
> };
> zone "127.in-addr.arpa" {
>         type master;
>         file "/etc/bind/db.127";
> };
> zone "0.in-addr.arpa" {
>         type master;
>         file "/etc/bind/db.0";
> };
> zone "255.in-addr.arpa" {
>         type master;
>         file "/etc/bind/db.255";
> };
> 
> zones/db.wie:
> $TTL 604800
> @       IN      SOA  srv.wie. ns.wie. (
>                                 3      ; Serial
>                                 8H      ; Refresh
>                                 2H      ; Retry
>                                 4W      ; Expire
>                                 3H )    ; NX (TTL Negativ Cache)
> ; Nameservers
>         IN      NS      srv.wie.
> ; name servers - A records
> srv.wie.        IN      A       192.168.1.50
> ; Hostname records
> router.wie.     IN      A       192.168.1.1
> drucker.wie.    IN      A       192.168.1.25
> drucker2.wie.   IN      A       192.168.1.26
> wiesrv.wie.     IN      A       192.168.1.51
> smb.wie.        IN      A       192.168.1.55
> 
> zones/db.1.168.192:
> $TTL 2D
> @       IN      SOA     srv.wie. ns.wie. (
>                                         3      ; Serial
>                                         8H      ; Refresh
>                                         2H      ; Retry
>                                         4W      ; Expire
>                                         2D )    ; TTL Negative Cache
> ; name servers - NS records
>         IN      NS      srv.wie.
> ; PTR Records
> 1       IN      PTR     router.wie.
> 25      IN      PTR     drucker.wie.
> 26      IN      PTR     drucker2.wie.
> 50      IN      PTR     srv.wie.
> 55      IN      PTR     smb.wie.
> 51      IN      PTR     wiesrv.wie.

You are using Bind9 with flatfiles, this is NOT recommended.
If you are using the standard Ubuntu Bind9 package, you should be using
BIND9_DLZ and this stores the dns info in AD.

How did you provision the DC, was it with 'BIND9_FLATFILE' or
'BIND9_DLZ' ?
If it was the later, just remove the 'wie' zone and its reverse zone
from the bind conf file and restart bind9, if it was the former, you
will need to run 'samba_upgradedns' and remove the zones from the conf
file.

Rowland



More information about the samba mailing list