[Samba] GPO infrastructure? -> 4.8.x to 4.9.x
Stefan G. Weichinger
lists at xunil.at
Fri Jul 12 12:27:58 UTC 2019
Am 12.07.19 um 11:56 schrieb L.P.H. van Belle via samba:
>
>
>> -----Oorspronkelijk bericht-----
>> Van: samba [mailto:samba-bounces at lists.samba.org] Namens
>> Stefan G. Weichinger via samba
>> Verzonden: vrijdag 12 juli 2019 10:24
>> Aan: samba at lists.samba.org
>> Onderwerp: Re: [Samba] GPO infrastructure? -> 4.8.x to 4.9.x
>>
>> Am 10.07.19 um 08:40 schrieb Stefan G. Weichinger via samba:
>>
>>> more of this:
>>>
>>> Jul 10 08:16:36 pre01svdeb02 samba[25451]: task[dnsupdate][25451]:
>>> [2019/07/10 08:16:36.662971, 0]
>>> ../source4/dsdb/dns/dns_update.c:353(dnsupdate_spnupdate_done)
>>> Jul 10 08:16:36 pre01svdeb02 samba[25451]: task[dnsupdate][25451]:
>>> ../source4/dsdb/dns/dns_update.c:353: Failed SPN update -
>> with error code 1
>>> Jul 10 08:26:36 pre01svdeb02 samba[25451]: task[dnsupdate][25451]:
>>> [2019/07/10 08:26:36.544214, 0]
>>> ../source4/dsdb/dns/dns_update.c:353(dnsupdate_spnupdate_done)
>>> Jul 10 08:26:36 pre01svdeb02 samba[25451]: task[dnsupdate][25451]:
>>> ../source4/dsdb/dns/dns_update.c:353: Failed SPN update -
>> with error code 1
>>>
>>>
>>> Added A-record myself.
>>>
>>> Still issues with RSAT and GPO editing (access denied etc)
>>>
>>> -
>>>
>>> network: it is set up as domain network ... firewall
>> activated. But it
>>> seems I can't see all the other computers in Windows
>> Explorer, Network.
>>>
>>> disabled firewall for a test ... reset to standards.
>>
>> am I missing something, did I make some stupid mistake or is there any
>> other reason why noone replies to this thread anymore?
>
> Hai, a quick response..
> Failed SPN update -
> Verify the dns.keytab files its location if you upgraded, you might need to move that from /var/lib/samba/private to /var/lib/samba/bind-dns
> You need : -rw-r----- 1 root bind 877 Apr 28 2015 dns.keytab
>
> Verify if : /var/lib/samba/bind-dns/named.conf is updated to the correct bind version.
hi, thanks for the reply
1. I use the internal DNS; not BIND
2. there is no dns.keytab anywhere (looking on the first of the DCs
right now) and no dir /var/lib/samba/bind-dns
I find old stuff like
/var/lib/samba/private/dns_update_cache
.../dns/update_list
.../spn_update_list
> And run : samba_dnsupdate --verbose
> Post that output.
IPs: ['192.168.16.205']
Looking for DNS entry A dc.mydomain.at 192.168.16.205 as dc.mydomain.at.
Looking for DNS entry A mydomain.at 192.168.16.205 as mydomain.at.
Looking for DNS entry SRV _ldap._tcp.mydomain.at dc.mydomain.at 389 as
_ldap._tcp.mydomain.at.
Checking 0 100 389 pre01svdeb03.mydomain.at. against SRV
_ldap._tcp.mydomain.at dc.mydomain.at 389
Checking 0 100 389 dc.mydomain.at. against SRV _ldap._tcp.mydomain.at
dc.mydomain.at 389
Looking for DNS entry SRV _ldap._tcp.dc._msdcs.mydomain.at
dc.mydomain.at 389 as _ldap._tcp.dc._msdcs.mydomain.at.
Checking 0 100 389 pre01svdeb03.mydomain.at. against SRV
_ldap._tcp.dc._msdcs.mydomain.at dc.mydomain.at 389
Checking 0 100 389 dc.mydomain.at. against SRV
_ldap._tcp.dc._msdcs.mydomain.at dc.mydomain.at 389
Looking for DNS entry SRV
_ldap._tcp.317d1ccc-8df7-4ec6-9a6b-031a060da9b7.domains._msdcs.mydomain.at
dc.mydomain.at 389 as
_ldap._tcp.317d1ccc-8df7-4ec6-9a6b-031a060da9b7.domains._msdcs.mydomain.at.
Checking 0 100 389 pre01svdeb03.mydomain.at. against SRV
_ldap._tcp.317d1ccc-8df7-4ec6-9a6b-031a060da9b7.domains._msdcs.mydomain.at
dc.mydomain.at 389
Checking 0 100 389 dc.mydomain.at. against SRV
_ldap._tcp.317d1ccc-8df7-4ec6-9a6b-031a060da9b7.domains._msdcs.mydomain.at
dc.mydomain.at 389
Looking for DNS entry SRV _kerberos._tcp.mydomain.at dc.mydomain.at 88
as _kerberos._tcp.mydomain.at.
Checking 0 100 88 pre01svdeb03.mydomain.at. against SRV
_kerberos._tcp.mydomain.at dc.mydomain.at 88
Checking 0 100 88 dc.mydomain.at. against SRV _kerberos._tcp.mydomain.at
dc.mydomain.at 88
Looking for DNS entry SRV _kerberos._udp.mydomain.at dc.mydomain.at 88
as _kerberos._udp.mydomain.at.
Checking 0 100 88 pre01svdeb03.mydomain.at. against SRV
_kerberos._udp.mydomain.at dc.mydomain.at 88
Checking 0 100 88 dc.mydomain.at. against SRV _kerberos._udp.mydomain.at
dc.mydomain.at 88
Looking for DNS entry SRV _kerberos._tcp.dc._msdcs.mydomain.at
dc.mydomain.at 88 as _kerberos._tcp.dc._msdcs.mydomain.at.
Checking 0 100 88 pre01svdeb03.mydomain.at. against SRV
_kerberos._tcp.dc._msdcs.mydomain.at dc.mydomain.at 88
Checking 0 100 88 dc.mydomain.at. against SRV
_kerberos._tcp.dc._msdcs.mydomain.at dc.mydomain.at 88
Looking for DNS entry SRV _kpasswd._tcp.mydomain.at dc.mydomain.at 464
as _kpasswd._tcp.mydomain.at.
Checking 0 100 464 pre01svdeb03.mydomain.at. against SRV
_kpasswd._tcp.mydomain.at dc.mydomain.at 464
Checking 0 100 464 dc.mydomain.at. against SRV _kpasswd._tcp.mydomain.at
dc.mydomain.at 464
Looking for DNS entry SRV _kpasswd._udp.mydomain.at dc.mydomain.at 464
as _kpasswd._udp.mydomain.at.
Checking 0 100 464 pre01svdeb03.mydomain.at. against SRV
_kpasswd._udp.mydomain.at dc.mydomain.at 464
Checking 0 100 464 dc.mydomain.at. against SRV _kpasswd._udp.mydomain.at
dc.mydomain.at 464
Looking for DNS entry CNAME
e5922d4b-9bf0-4c79-b256-ff5f75a3e4f4._msdcs.mydomain.at dc.mydomain.at
as e5922d4b-9bf0-4c79-b256-ff5f75a3e4f4._msdcs.mydomain.at.
Looking for DNS entry SRV
_ldap._tcp.Default-First-Site-Name._sites.mydomain.at dc.mydomain.at 389
as _ldap._tcp.Default-First-Site-Name._sites.mydomain.at.
Checking 0 100 389 pre01svdeb03.mydomain.at. against SRV
_ldap._tcp.Default-First-Site-Name._sites.mydomain.at dc.mydomain.at 389
Checking 0 100 389 dc.mydomain.at. against SRV
_ldap._tcp.Default-First-Site-Name._sites.mydomain.at dc.mydomain.at 389
Looking for DNS entry SRV
_ldap._tcp.Default-First-Site-Name._sites.dc._msdcs.mydomain.at
dc.mydomain.at 389 as
_ldap._tcp.Default-First-Site-Name._sites.dc._msdcs.mydomain.at.
Checking 0 100 389 pre01svdeb03.mydomain.at. against SRV
_ldap._tcp.Default-First-Site-Name._sites.dc._msdcs.mydomain.at
dc.mydomain.at 389
Checking 0 100 389 dc.mydomain.at. against SRV
_ldap._tcp.Default-First-Site-Name._sites.dc._msdcs.mydomain.at
dc.mydomain.at 389
Looking for DNS entry SRV
_kerberos._tcp.Default-First-Site-Name._sites.mydomain.at dc.mydomain.at
88 as _kerberos._tcp.Default-First-Site-Name._sites.mydomain.at.
Checking 0 100 88 pre01svdeb03.mydomain.at. against SRV
_kerberos._tcp.Default-First-Site-Name._sites.mydomain.at dc.mydomain.at 88
Checking 0 100 88 dc.mydomain.at. against SRV
_kerberos._tcp.Default-First-Site-Name._sites.mydomain.at dc.mydomain.at 88
Looking for DNS entry SRV
_kerberos._tcp.Default-First-Site-Name._sites.dc._msdcs.mydomain.at
dc.mydomain.at 88 as
_kerberos._tcp.Default-First-Site-Name._sites.dc._msdcs.mydomain.at.
Checking 0 100 88 pre01svdeb03.mydomain.at. against SRV
_kerberos._tcp.Default-First-Site-Name._sites.dc._msdcs.mydomain.at
dc.mydomain.at 88
Checking 0 100 88 dc.mydomain.at. against SRV
_kerberos._tcp.Default-First-Site-Name._sites.dc._msdcs.mydomain.at
dc.mydomain.at 88
Looking for DNS entry SRV _ldap._tcp.pdc._msdcs.mydomain.at
dc.mydomain.at 389 as _ldap._tcp.pdc._msdcs.mydomain.at.
Checking 0 100 389 dc.mydomain.at. against SRV
_ldap._tcp.pdc._msdcs.mydomain.at dc.mydomain.at 389
Looking for DNS entry A gc._msdcs.mydomain.at 192.168.16.205 as
gc._msdcs.mydomain.at.
Looking for DNS entry SRV _gc._tcp.mydomain.at dc.mydomain.at 3268 as
_gc._tcp.mydomain.at.
Checking 0 100 3268 pre01svdeb03.mydomain.at. against SRV
_gc._tcp.mydomain.at dc.mydomain.at 3268
Checking 0 100 3268 dc.mydomain.at. against SRV _gc._tcp.mydomain.at
dc.mydomain.at 3268
Looking for DNS entry SRV _ldap._tcp.gc._msdcs.mydomain.at
dc.mydomain.at 3268 as _ldap._tcp.gc._msdcs.mydomain.at.
Checking 0 100 3268 pre01svdeb03.mydomain.at. against SRV
_ldap._tcp.gc._msdcs.mydomain.at dc.mydomain.at 3268
Checking 0 100 3268 dc.mydomain.at. against SRV
_ldap._tcp.gc._msdcs.mydomain.at dc.mydomain.at 3268
Looking for DNS entry SRV
_gc._tcp.Default-First-Site-Name._sites.mydomain.at dc.mydomain.at 3268
as _gc._tcp.Default-First-Site-Name._sites.mydomain.at.
Checking 0 100 3268 pre01svdeb03.mydomain.at. against SRV
_gc._tcp.Default-First-Site-Name._sites.mydomain.at dc.mydomain.at 3268
Checking 0 100 3268 dc.mydomain.at. against SRV
_gc._tcp.Default-First-Site-Name._sites.mydomain.at dc.mydomain.at 3268
Looking for DNS entry SRV
_ldap._tcp.Default-First-Site-Name._sites.gc._msdcs.mydomain.at
dc.mydomain.at 3268 as
_ldap._tcp.Default-First-Site-Name._sites.gc._msdcs.mydomain.at.
Checking 0 100 3268 pre01svdeb03.mydomain.at. against SRV
_ldap._tcp.Default-First-Site-Name._sites.gc._msdcs.mydomain.at
dc.mydomain.at 3268
Checking 0 100 3268 dc.mydomain.at. against SRV
_ldap._tcp.Default-First-Site-Name._sites.gc._msdcs.mydomain.at
dc.mydomain.at 3268
Looking for DNS entry A DomainDnsZones.mydomain.at 192.168.16.205 as
DomainDnsZones.mydomain.at.
Looking for DNS entry SRV _ldap._tcp.DomainDnsZones.mydomain.at
dc.mydomain.at 389 as _ldap._tcp.DomainDnsZones.mydomain.at.
Checking 0 100 389 pre01svdeb03.mydomain.at. against SRV
_ldap._tcp.DomainDnsZones.mydomain.at dc.mydomain.at 389
Checking 0 100 389 dc.mydomain.at. against SRV
_ldap._tcp.DomainDnsZones.mydomain.at dc.mydomain.at 389
Looking for DNS entry SRV
_ldap._tcp.Default-First-Site-Name._sites.DomainDnsZones.mydomain.at
dc.mydomain.at 389 as
_ldap._tcp.Default-First-Site-Name._sites.DomainDnsZones.mydomain.at.
Checking 0 100 389 pre01svdeb03.mydomain.at. against SRV
_ldap._tcp.Default-First-Site-Name._sites.DomainDnsZones.mydomain.at
dc.mydomain.at 389
Checking 0 100 389 dc.mydomain.at. against SRV
_ldap._tcp.Default-First-Site-Name._sites.DomainDnsZones.mydomain.at
dc.mydomain.at 389
Looking for DNS entry A ForestDnsZones.mydomain.at 192.168.16.205 as
ForestDnsZones.mydomain.at.
Looking for DNS entry SRV _ldap._tcp.ForestDnsZones.mydomain.at
dc.mydomain.at 389 as _ldap._tcp.ForestDnsZones.mydomain.at.
Checking 0 100 389 pre01svdeb03.mydomain.at. against SRV
_ldap._tcp.ForestDnsZones.mydomain.at dc.mydomain.at 389
Checking 0 100 389 dc.mydomain.at. against SRV
_ldap._tcp.ForestDnsZones.mydomain.at dc.mydomain.at 389
Looking for DNS entry SRV
_ldap._tcp.Default-First-Site-Name._sites.ForestDnsZones.mydomain.at
dc.mydomain.at 389 as
_ldap._tcp.Default-First-Site-Name._sites.ForestDnsZones.mydomain.at.
Checking 0 100 389 pre01svdeb03.mydomain.at. against SRV
_ldap._tcp.Default-First-Site-Name._sites.ForestDnsZones.mydomain.at
dc.mydomain.at 389
Checking 0 100 389 dc.mydomain.at. against SRV
_ldap._tcp.Default-First-Site-Name._sites.ForestDnsZones.mydomain.at
dc.mydomain.at 389
No DNS updates needed
> Network, the AD-DC dont run NMBD. If you want to "see" netbiosnames in the explorer, enable NMBD on one member server.
> See if that helps you. That is by design.
>
>
> Greetz,
>
> Louis
>
>
>
>
More information about the samba
mailing list