[Samba] Serverinfo Error
Robert A Wooldridge
bob.wooldridge at edm-inc.com
Fri Jul 26 16:20:32 UTC 2019
On 07/26/2019 01:19 AM, L.P.H. van Belle via samba wrote:
> Hai,
>
> Ok, below looks ok, as Rowland also said.
>
> But i have one more thing.
>
>>> Checking file: /etc/krb5.conf
>>>
>>> [libdefaults]
>>> dns_lookup_realm = false
>>> dns_lookup_kdc = true
>>> default_realm = EDM-INC.COM
>>> default_tgs_enctypes = arcfour-hmac-md5 des-cbc-crc des-cbc-md5
>>> default_tkt_enctypes = arcfour-hmac-md5 des-cbc-crc des-cbc-md5
> Remove the 2 default_*_enctypes lines.
>
> Or set:
> default_tgs_enctypes = aes128-cts-hmac-sha1-96 aes256-cts-hmac-sha1-96 rc4-hmac des-cbc-crc des-cbc-md5
> default_tkt_enctypes = aes128-cts-hmac-sha1-96 aes256-cts-hmac-sha1-96 rc4-hmac des-cbc-crc des-cbc-md5
> permitted_enctypes = aes128-cts-hmac-sha1-96 aes256-cts-hmac-sha1-96 rc4-hmac des-cbc-crc des-cbc-md5
Using this, I needed to put those two lines in because I couldn't join
the domain without them
>
> And does it work if you run it like this :
> samba-tool dns serverinfo athena -Uadministrator
No:
athena:~# samba-tool dns serverinfo athena -Uadministrator
Password for [EDM\administrator]:
ERROR(runtime): uncaught exception - (9717, 'WERR_DNS_ERROR_DS_UNAVAILABLE')
File "/usr/lib/python2.7/dist-packages/samba/netcmd/__init__.py",
line 177, in _run
return self.run(*args, **kwargs)
File "/usr/lib/python2.7/dist-packages/samba/netcmd/dns.py", line
564, in run
None, 'ServerInfo')
>
> And test the following.
>
> hostname -s
athena:~# hostname -s
athena
> hostname -d
athena:~# hostname -d
edm-inc.com
>
> nslookup $(hostname -f)
athena:~# nslookup $(hostname -f)
Server: 10.10.1.10
Address: 10.10.1.10#53
Name: athena.edm-inc.com
Address: 10.10.1.10
> dig A $(hostname -f)
athena:~# dig A $(hostname -f)
; <<>> DiG 9.11.5-P4-5.1-Debian <<>> A athena.edm-inc.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 54135
;; flags: qr aa rd ra ad; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 0
;; QUESTION SECTION:
;athena.edm-inc.com. IN A
;; ANSWER SECTION:
athena.edm-inc.com. 900 IN A 10.10.1.10
;; AUTHORITY SECTION:
edm-inc.com. 3600 IN SOA athena.edm-inc.com.
hostmaster.edm-inc.com. 148 900 600 86400 3600
;; Query time: 0 msec
;; SERVER: 10.10.1.10#53(10.10.1.10)
;; WHEN: Fri Jul 26 11:06:31 CDT 2019
;; MSG SIZE rcvd: 99
> dig -x $(hostname -i)
athena:~# dig -x $(hostname -i)
; <<>> DiG 9.11.5-P4-5.1-Debian <<>> -x 10.10.1.10
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 59884
;; flags: qr aa rd ra ad; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 0
;; QUESTION SECTION:
;10.1.10.10.in-addr.arpa. IN PTR
;; ANSWER SECTION:
10.1.10.10.in-addr.arpa. 3600 IN PTR athena.
;; AUTHORITY SECTION:
10.10.in-addr.arpa. 3600 IN SOA athena.edm-inc.com.
hostmaster.edm-inc.com. 1 900 600 86400 3600
;; Query time: 0 msec
;; SERVER: 10.10.1.10#53(10.10.1.10)
;; WHEN: Fri Jul 26 11:06:51 CDT 2019
;; MSG SIZE rcvd: 126
>
> And can you show the output of :
> egrep -ri "samba|winbind" /etc/apparmor.d/*
athena:~# egrep -ri "samba|winbind" /etc/apparmor.d/*
/etc/apparmor.d/abstractions/authentication: # winbind
/etc/apparmor.d/abstractions/authentication: #include
<abstractions/winbind>
/etc/apparmor.d/abstractions/smbpass: /var/lib/samba/*.[lt]db rwk,
/etc/apparmor.d/abstractions/samba: /etc/samba/* r,
/etc/apparmor.d/abstractions/samba: /usr/lib*/samba/ldb/*.so mr,
/etc/apparmor.d/abstractions/samba: /usr/share/samba/*.dat r,
/etc/apparmor.d/abstractions/samba:
/usr/share/samba/codepages/{lowcase,upcase,valid}.dat r,
/etc/apparmor.d/abstractions/samba: /var/cache/samba/ w,
/etc/apparmor.d/abstractions/samba: /var/cache/samba/lck/* rwk,
/etc/apparmor.d/abstractions/samba: /var/lib/samba/** rwk,
/etc/apparmor.d/abstractions/samba: /var/log/samba/cores/ rw,
/etc/apparmor.d/abstractions/samba: /var/log/samba/cores/** rw,
/etc/apparmor.d/abstractions/samba: /var/log/samba/* w,
/etc/apparmor.d/abstractions/samba: /{,var/}run/samba/ w,
/etc/apparmor.d/abstractions/samba: /{,var/}run/samba/*.tdb rw,
/etc/apparmor.d/abstractions/nameservice: /etc/samba/lmhosts r,
/etc/apparmor.d/abstractions/nameservice: # winbind
/etc/apparmor.d/abstractions/nameservice: #include <abstractions/winbind>
/etc/apparmor.d/abstractions/winbind: # pam_winbindd
/etc/apparmor.d/abstractions/winbind: /tmp/.winbindd/pipe rw,
/etc/apparmor.d/abstractions/winbind:
/var/{lib,run}/samba/winbindd_privileged/pipe rw,
/etc/apparmor.d/abstractions/winbind: /etc/samba/smb.conf r,
/etc/apparmor.d/abstractions/winbind: /etc/samba/dhcp.conf r,
/etc/apparmor.d/abstractions/winbind: /usr/lib*/samba/valid.dat r,
/etc/apparmor.d/abstractions/winbind: /usr/lib*/samba/upcase.dat r,
/etc/apparmor.d/abstractions/winbind: /usr/lib*/samba/lowcase.dat r,
/etc/apparmor.d/abstractions/winbind:
/usr/share/samba/codepages/{lowcase,upcase,valid}.dat r,
/etc/apparmor.d/samba/smbd-shares:# autogenerated by
update-apparmor-samba-profile 1.2+deb at samba start - do not edit!
/etc/apparmor.d/samba/smbd-shares:"/var/lib/samba/sysvol/edm-inc.com/scripts/"
rk,
/etc/apparmor.d/samba/smbd-shares:"/var/lib/samba/sysvol/edm-inc.com/scripts/**"
rwkl,
/etc/apparmor.d/samba/smbd-shares:"/var/lib/samba/sysvol/" rk,
/etc/apparmor.d/samba/smbd-shares:"/var/lib/samba/sysvol/**" rwkl,
/etc/apparmor.d/usr.sbin.ntpd: # samba4 ntp signing socket
/etc/apparmor.d/usr.sbin.ntpd: /{,var/}run/samba/ntp_signd/socket rw,
/etc/apparmor.d/usr.sbin.ntpd: # samba4 winbindd pipe
/etc/apparmor.d/usr.sbin.ntpd: /run/samba/winbindd/pipe rw,
>
> And maybe its an option to try the 4.10.6 package i supply.
> Debian buster packages are updated within 1-2 hours.
I had to comment out some lines of python to get this far. Should those
files be replaced?
--
Bob Wooldridge
EDM Incorporated
More information about the samba
mailing list