[Samba] samba 4.8.3 samba_dnsupdate odd long timeouts

Kacper Wirski kacper.wirski at gmail.com
Thu Jun 28 16:20:24 UTC 2018


Hello,
I'll try to be as brief as possible.
I'm testing samba 4.8.3 on centos 7.5.
Fresh installation joined to existing AD domain that was ran with samba
4.7.6.

I did add 2 DC's with 4.8.3, then removed all 4.7.6 DC's. Everything seemed
to work fine, except for adding DNS entries on one of the machines.

Samba by itself was unable to add them throwing error in log that dnsupdate
failed.
When running it with "samba_dnsupdate --verbose -d 10" it does eventually
complete, but it takes FOREVER, roughly 300 seconds to complete each update.

DNS backend is BIND, it's not my first adventure with samba 4 AD, so I t h
i n k I covered most of the basics, that is:
- proper ownership of files for "named"
- trying with and without SELinux
- veryfing /etc/krb5.conf /usr/local/samba/etc/smb.conf and /etc/named.conf
for oddities, but I'm at a loss.

Both 4.8.3 machines were created from same template, just different host
names and IP addresses.

One machine works perfectly fine (upgradedns finishes in ~2 seconds or
less), other one needs 5 minutes per entry (times 20+... yeah, forever).

What I already checked:
obviously connection between both  boxes exists (replication works fine for
example)
both machines are VM's running inside same hypervisor,

Right now both DC's use each other as DNS (so DC1 -> DC2 and DC2 -> DC1). I
tried changing it in whatever way, but resulstts were the same, DC2 works
prefectly, DC1 is unable to complete this job in reasonable time.

My smb.conf is pretty basic (standard what was created during join) + added
secure dns updates.

On the machine with slow dns update kerberos ticket is obtained without
issues, but for whatever reason it just takes time, as if machine was
timing out on something.

Also, there are no errors, and each timeout is roughly 250-300 seconds..

Regards,
Kacper


More information about the samba mailing list