[Samba] GPO infrastructure? -> 4.8.x to 4.9.x

L.P.H. van Belle belle at bazuin.nl
Fri Jul 12 12:41:12 UTC 2019 

Then you might have hitted this bug.

https://bugzilla.samba.org/show_bug.cgi?id=13969 

Patch is to be tested atm. 

Greetz, 

Louis


> -----Oorspronkelijk bericht-----
> Van: samba [mailto:samba-bounces at lists.samba.org] Namens 
> Stefan G. Weichinger via samba
> Verzonden: vrijdag 12 juli 2019 14:28
> Aan: samba at lists.samba.org
> Onderwerp: Re: [Samba] GPO infrastructure? -> 4.8.x to 4.9.x
> 
> Am 12.07.19 um 11:56 schrieb L.P.H. van Belle via samba:
> >  
> > 
> >> -----Oorspronkelijk bericht-----
> >> Van: samba [mailto:samba-bounces at lists.samba.org] Namens 
> >> Stefan G. Weichinger via samba
> >> Verzonden: vrijdag 12 juli 2019 10:24
> >> Aan: samba at lists.samba.org
> >> Onderwerp: Re: [Samba] GPO infrastructure? -> 4.8.x to 4.9.x
> >>
> >> Am 10.07.19 um 08:40 schrieb Stefan G. Weichinger via samba:
> >>
> >>> more of this:
> >>>
> >>> Jul 10 08:16:36 pre01svdeb02 samba[25451]: task[dnsupdate][25451]:
> >>> [2019/07/10 08:16:36.662971,  0]
> >>> ../source4/dsdb/dns/dns_update.c:353(dnsupdate_spnupdate_done)
> >>> Jul 10 08:16:36 pre01svdeb02 samba[25451]: task[dnsupdate][25451]:
> >>> ../source4/dsdb/dns/dns_update.c:353: Failed SPN update - 
> >> with error code 1
> >>> Jul 10 08:26:36 pre01svdeb02 samba[25451]: task[dnsupdate][25451]:
> >>> [2019/07/10 08:26:36.544214,  0]
> >>> ../source4/dsdb/dns/dns_update.c:353(dnsupdate_spnupdate_done)
> >>> Jul 10 08:26:36 pre01svdeb02 samba[25451]: task[dnsupdate][25451]:
> >>> ../source4/dsdb/dns/dns_update.c:353: Failed SPN update - 
> >> with error code 1
> >>>
> >>>
> >>> Added A-record myself.
> >>>
> >>> Still issues with RSAT and GPO editing (access denied etc)
> >>>
> >>> -
> >>>
> >>> network: it is set up as domain network ... firewall 
> >> activated. But it
> >>> seems I can't see all the other computers in Windows 
> >> Explorer, Network.
> >>>
> >>> disabled firewall for a test ... reset to standards.
> >>
> >> am I missing something, did I make some stupid mistake or 
> is there any
> >> other reason why noone replies to this thread anymore?
> > 
> > Hai, a quick response.. 
> > Failed SPN update -  
> > Verify the dns.keytab files its location if you upgraded, 
> you might need to move that from /var/lib/samba/private to 
> /var/lib/samba/bind-dns
> > You need :  -rw-r-----  1 root bind  877 Apr 28  2015 dns.keytab
> > 
> > Verify if : /var/lib/samba/bind-dns/named.conf is updated 
> to the correct bind version. 
> 
> hi, thanks for the reply
> 
> 1. I use the internal DNS; not BIND
> 
> 2. there is no dns.keytab anywhere (looking on the first of the DCs
> right now) and no dir /var/lib/samba/bind-dns
> 
> I find old stuff like
> 
> /var/lib/samba/private/dns_update_cache
> 
> .../dns/update_list
> .../spn_update_list
> 
> 
> > And run : samba_dnsupdate --verbose 
> > Post that output. 
> 
> IPs: ['192.168.16.205']
> Looking for DNS entry A dc.mydomain.at 192.168.16.205 as 
> dc.mydomain.at.
> Looking for DNS entry A mydomain.at 192.168.16.205 as mydomain.at.
> Looking for DNS entry SRV _ldap._tcp.mydomain.at dc.mydomain.at 389 as
> _ldap._tcp.mydomain.at.
> Checking 0 100 389 pre01svdeb03.mydomain.at. against SRV
> _ldap._tcp.mydomain.at dc.mydomain.at 389
> Checking 0 100 389 dc.mydomain.at. against SRV _ldap._tcp.mydomain.at
> dc.mydomain.at 389
> Looking for DNS entry SRV _ldap._tcp.dc._msdcs.mydomain.at
> dc.mydomain.at 389 as _ldap._tcp.dc._msdcs.mydomain.at.
> Checking 0 100 389 pre01svdeb03.mydomain.at. against SRV
> _ldap._tcp.dc._msdcs.mydomain.at dc.mydomain.at 389
> Checking 0 100 389 dc.mydomain.at. against SRV
> _ldap._tcp.dc._msdcs.mydomain.at dc.mydomain.at 389
> Looking for DNS entry SRV
> _ldap._tcp.317d1ccc-8df7-4ec6-9a6b-031a060da9b7.domains._msdcs
> .mydomain.at
> dc.mydomain.at 389 as
> _ldap._tcp.317d1ccc-8df7-4ec6-9a6b-031a060da9b7.domains._msdcs
> .mydomain.at.
> Checking 0 100 389 pre01svdeb03.mydomain.at. against SRV
> _ldap._tcp.317d1ccc-8df7-4ec6-9a6b-031a060da9b7.domains._msdcs
> .mydomain.at
> dc.mydomain.at 389
> Checking 0 100 389 dc.mydomain.at. against SRV
> _ldap._tcp.317d1ccc-8df7-4ec6-9a6b-031a060da9b7.domains._msdcs
> .mydomain.at
> dc.mydomain.at 389
> Looking for DNS entry SRV _kerberos._tcp.mydomain.at dc.mydomain.at 88
> as _kerberos._tcp.mydomain.at.
> Checking 0 100 88 pre01svdeb03.mydomain.at. against SRV
> _kerberos._tcp.mydomain.at dc.mydomain.at 88
> Checking 0 100 88 dc.mydomain.at. against SRV 
> _kerberos._tcp.mydomain.at
> dc.mydomain.at 88
> Looking for DNS entry SRV _kerberos._udp.mydomain.at dc.mydomain.at 88
> as _kerberos._udp.mydomain.at.
> Checking 0 100 88 pre01svdeb03.mydomain.at. against SRV
> _kerberos._udp.mydomain.at dc.mydomain.at 88
> Checking 0 100 88 dc.mydomain.at. against SRV 
> _kerberos._udp.mydomain.at
> dc.mydomain.at 88
> Looking for DNS entry SRV _kerberos._tcp.dc._msdcs.mydomain.at
> dc.mydomain.at 88 as _kerberos._tcp.dc._msdcs.mydomain.at.
> Checking 0 100 88 pre01svdeb03.mydomain.at. against SRV
> _kerberos._tcp.dc._msdcs.mydomain.at dc.mydomain.at 88
> Checking 0 100 88 dc.mydomain.at. against SRV
> _kerberos._tcp.dc._msdcs.mydomain.at dc.mydomain.at 88
> Looking for DNS entry SRV _kpasswd._tcp.mydomain.at dc.mydomain.at 464
> as _kpasswd._tcp.mydomain.at.
> Checking 0 100 464 pre01svdeb03.mydomain.at. against SRV
> _kpasswd._tcp.mydomain.at dc.mydomain.at 464
> Checking 0 100 464 dc.mydomain.at. against SRV 
> _kpasswd._tcp.mydomain.at
> dc.mydomain.at 464
> Looking for DNS entry SRV _kpasswd._udp.mydomain.at dc.mydomain.at 464
> as _kpasswd._udp.mydomain.at.
> Checking 0 100 464 pre01svdeb03.mydomain.at. against SRV
> _kpasswd._udp.mydomain.at dc.mydomain.at 464
> Checking 0 100 464 dc.mydomain.at. against SRV 
> _kpasswd._udp.mydomain.at
> dc.mydomain.at 464
> Looking for DNS entry CNAME
> e5922d4b-9bf0-4c79-b256-ff5f75a3e4f4._msdcs.mydomain.at dc.mydomain.at
> as e5922d4b-9bf0-4c79-b256-ff5f75a3e4f4._msdcs.mydomain.at.
> Looking for DNS entry SRV
> _ldap._tcp.Default-First-Site-Name._sites.mydomain.at 
> dc.mydomain.at 389
> as _ldap._tcp.Default-First-Site-Name._sites.mydomain.at.
> Checking 0 100 389 pre01svdeb03.mydomain.at. against SRV
> _ldap._tcp.Default-First-Site-Name._sites.mydomain.at 
> dc.mydomain.at 389
> Checking 0 100 389 dc.mydomain.at. against SRV
> _ldap._tcp.Default-First-Site-Name._sites.mydomain.at 
> dc.mydomain.at 389
> Looking for DNS entry SRV
> _ldap._tcp.Default-First-Site-Name._sites.dc._msdcs.mydomain.at
> dc.mydomain.at 389 as
> _ldap._tcp.Default-First-Site-Name._sites.dc._msdcs.mydomain.at.
> Checking 0 100 389 pre01svdeb03.mydomain.at. against SRV
> _ldap._tcp.Default-First-Site-Name._sites.dc._msdcs.mydomain.at
> dc.mydomain.at 389
> Checking 0 100 389 dc.mydomain.at. against SRV
> _ldap._tcp.Default-First-Site-Name._sites.dc._msdcs.mydomain.at
> dc.mydomain.at 389
> Looking for DNS entry SRV
> _kerberos._tcp.Default-First-Site-Name._sites.mydomain.at 
> dc.mydomain.at
> 88 as _kerberos._tcp.Default-First-Site-Name._sites.mydomain.at.
> Checking 0 100 88 pre01svdeb03.mydomain.at. against SRV
> _kerberos._tcp.Default-First-Site-Name._sites.mydomain.at 
> dc.mydomain.at 88
> Checking 0 100 88 dc.mydomain.at. against SRV
> _kerberos._tcp.Default-First-Site-Name._sites.mydomain.at 
> dc.mydomain.at 88
> Looking for DNS entry SRV
> _kerberos._tcp.Default-First-Site-Name._sites.dc._msdcs.mydomain.at
> dc.mydomain.at 88 as
> _kerberos._tcp.Default-First-Site-Name._sites.dc._msdcs.mydomain.at.
> Checking 0 100 88 pre01svdeb03.mydomain.at. against SRV
> _kerberos._tcp.Default-First-Site-Name._sites.dc._msdcs.mydomain.at
> dc.mydomain.at 88
> Checking 0 100 88 dc.mydomain.at. against SRV
> _kerberos._tcp.Default-First-Site-Name._sites.dc._msdcs.mydomain.at
> dc.mydomain.at 88
> Looking for DNS entry SRV _ldap._tcp.pdc._msdcs.mydomain.at
> dc.mydomain.at 389 as _ldap._tcp.pdc._msdcs.mydomain.at.
> Checking 0 100 389 dc.mydomain.at. against SRV
> _ldap._tcp.pdc._msdcs.mydomain.at dc.mydomain.at 389
> Looking for DNS entry A gc._msdcs.mydomain.at 192.168.16.205 as
> gc._msdcs.mydomain.at.
> Looking for DNS entry SRV _gc._tcp.mydomain.at dc.mydomain.at 3268 as
> _gc._tcp.mydomain.at.
> Checking 0 100 3268 pre01svdeb03.mydomain.at. against SRV
> _gc._tcp.mydomain.at dc.mydomain.at 3268
> Checking 0 100 3268 dc.mydomain.at. against SRV _gc._tcp.mydomain.at
> dc.mydomain.at 3268
> Looking for DNS entry SRV _ldap._tcp.gc._msdcs.mydomain.at
> dc.mydomain.at 3268 as _ldap._tcp.gc._msdcs.mydomain.at.
> Checking 0 100 3268 pre01svdeb03.mydomain.at. against SRV
> _ldap._tcp.gc._msdcs.mydomain.at dc.mydomain.at 3268
> Checking 0 100 3268 dc.mydomain.at. against SRV
> _ldap._tcp.gc._msdcs.mydomain.at dc.mydomain.at 3268
> Looking for DNS entry SRV
> _gc._tcp.Default-First-Site-Name._sites.mydomain.at 
> dc.mydomain.at 3268
> as _gc._tcp.Default-First-Site-Name._sites.mydomain.at.
> Checking 0 100 3268 pre01svdeb03.mydomain.at. against SRV
> _gc._tcp.Default-First-Site-Name._sites.mydomain.at 
> dc.mydomain.at 3268
> Checking 0 100 3268 dc.mydomain.at. against SRV
> _gc._tcp.Default-First-Site-Name._sites.mydomain.at 
> dc.mydomain.at 3268
> Looking for DNS entry SRV
> _ldap._tcp.Default-First-Site-Name._sites.gc._msdcs.mydomain.at
> dc.mydomain.at 3268 as
> _ldap._tcp.Default-First-Site-Name._sites.gc._msdcs.mydomain.at.
> Checking 0 100 3268 pre01svdeb03.mydomain.at. against SRV
> _ldap._tcp.Default-First-Site-Name._sites.gc._msdcs.mydomain.at
> dc.mydomain.at 3268
> Checking 0 100 3268 dc.mydomain.at. against SRV
> _ldap._tcp.Default-First-Site-Name._sites.gc._msdcs.mydomain.at
> dc.mydomain.at 3268
> Looking for DNS entry A DomainDnsZones.mydomain.at 192.168.16.205 as
> DomainDnsZones.mydomain.at.
> Looking for DNS entry SRV _ldap._tcp.DomainDnsZones.mydomain.at
> dc.mydomain.at 389 as _ldap._tcp.DomainDnsZones.mydomain.at.
> Checking 0 100 389 pre01svdeb03.mydomain.at. against SRV
> _ldap._tcp.DomainDnsZones.mydomain.at dc.mydomain.at 389
> Checking 0 100 389 dc.mydomain.at. against SRV
> _ldap._tcp.DomainDnsZones.mydomain.at dc.mydomain.at 389
> Looking for DNS entry SRV
> _ldap._tcp.Default-First-Site-Name._sites.DomainDnsZones.mydomain.at
> dc.mydomain.at 389 as
> _ldap._tcp.Default-First-Site-Name._sites.DomainDnsZones.mydomain.at.
> Checking 0 100 389 pre01svdeb03.mydomain.at. against SRV
> _ldap._tcp.Default-First-Site-Name._sites.DomainDnsZones.mydomain.at
> dc.mydomain.at 389
> Checking 0 100 389 dc.mydomain.at. against SRV
> _ldap._tcp.Default-First-Site-Name._sites.DomainDnsZones.mydomain.at
> dc.mydomain.at 389
> Looking for DNS entry A ForestDnsZones.mydomain.at 192.168.16.205 as
> ForestDnsZones.mydomain.at.
> Looking for DNS entry SRV _ldap._tcp.ForestDnsZones.mydomain.at
> dc.mydomain.at 389 as _ldap._tcp.ForestDnsZones.mydomain.at.
> Checking 0 100 389 pre01svdeb03.mydomain.at. against SRV
> _ldap._tcp.ForestDnsZones.mydomain.at dc.mydomain.at 389
> Checking 0 100 389 dc.mydomain.at. against SRV
> _ldap._tcp.ForestDnsZones.mydomain.at dc.mydomain.at 389
> Looking for DNS entry SRV
> _ldap._tcp.Default-First-Site-Name._sites.ForestDnsZones.mydomain.at
> dc.mydomain.at 389 as
> _ldap._tcp.Default-First-Site-Name._sites.ForestDnsZones.mydomain.at.
> Checking 0 100 389 pre01svdeb03.mydomain.at. against SRV
> _ldap._tcp.Default-First-Site-Name._sites.ForestDnsZones.mydomain.at
> dc.mydomain.at 389
> Checking 0 100 389 dc.mydomain.at. against SRV
> _ldap._tcp.Default-First-Site-Name._sites.ForestDnsZones.mydomain.at
> dc.mydomain.at 389
> No DNS updates needed
> 
> 
> 
> 
> > Network, the AD-DC dont run NMBD. If you want to "see" 
> netbiosnames in the explorer, enable NMBD on one member server. 
> > See if that helps you. That is by design. 
> > 
> > 
> > Greetz, 
> > 
> > Louis
> > 
> > 
> > 
> > 
> 
> 
> -- 
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
> 
>

More information about the samba mailing list