[Samba] Invalid PTR record in reverse lookup zone

Rowland penny rpenny at samba.org
Sun Nov 10 11:00:20 UTC 2019


On 10/11/2019 10:49, andi via samba wrote:
> Hello,
>
> I have configured an samba AD DC for use with
> some windows and linux machines. The linux machines use
> samba for user auth and also as kerberos kdc for
> nfs mounts. This works fine so far but after a while
> the user can not access the nfs shares anymore.
>
> I tried to analyze the problem and finally found, that
> the obtaining a ticket for nfs service failes in this
> case because of a wrong spn: nfs/servername at ... instead of
> nfs/fqdnservername at ... is used by the clients to get the
> ticket.
>
> I tracked the problem down to an invalid PTR record for
> the DC in the reverse lookup zone. The ptr record
> had only the hostname but not the fqdn set.
>
> I manually fixed this using samba-tool dns add/delete and nfs
> mount worked again. Unfortunately after a while the record
> gets changed back again. I was unable to figure out how this
> happens. It seems that the change occurs while 'samba_dnsupdate'
> tool is running but I didn't found were in 'samba_dnsupdate'
> the PTR record is set. I didn't found a suitable log
> setting in smb.conf which would help me to find the origin
> of the dns change (loglevel 12 for dns produces lots of output
> but nothing related to setting PTR records)
>
> samba version is 4.9.5-Debian
>
> Any ideas/help?
>
> cheers,
> Andreas
>
OK, lets start by making sure your DC and clients are set up correctly, 
can you download this:

https://github.com/thctlo/samba4/blob/master/samba-collect-debug-info.sh

Run it on the Samba AD DC and a Unix client, then post the output into a 
reply to this thread, do not attach it, this list strips attachments.

Rowland






More information about the samba mailing list