[Samba] Why is smbd looking for Kerberos principal cifs/host at DOMB when it is a member of DOMA?
Nathaniel W. Turner
nate at houseofnate.net
Wed Nov 20 17:54:49 UTC 2019
Hi Louis,
On Wed, Nov 20, 2019 at 3:27 AM L.P.H. van Belle via samba <
samba at lists.samba.org> wrote:
> Your config looks ok, as far i can tell.
>
> This : "cifs/kvm7246-vm022.maas.local at TC84.LOCAL"
> As it should spn/hostname.fqdn at REALM nothing wrong with that.
>
> But if i understand it right.
>
> Your server : kvm7246-vm022.maas.local is in REALM : TC83.LOCAL (
> NTDOM:TC83 )
> But you get TC84 back?.
>
> On the problem server run the following:
>
> dig a kvm7246-vm022.maas.local @IP_of_AD-DC
> Gives an Returned_IP
>
ubuntu at kvm7246-vm022:~/samba$ host -t srv _ldap._tcp.tc83.local
_ldap._tcp.tc83.local has SRV record 0 100 389 tc83dc2.tc83.local.
_ldap._tcp.tc83.local has SRV record 0 100 389 tc83dc.tc83.local.
ubuntu at kvm7246-vm022:~/samba$ host tc83dc2.tc83.local.
tc83dc2.tc83.local has address 172.21.83.6
ubuntu at kvm7246-vm022:~/samba$ host tc83dc.tc83.local.
tc83dc.tc83.local has address 172.21.83.4
ubuntu at kvm7246-vm022:~/samba$ dig a kvm7246-vm022.maas.local @172.21.83.4
; <<>> DiG 9.11.5-P4-5.1ubuntu2-Ubuntu <<>> a kvm7246-vm022.maas.local @
172.21.83.4
;; global options: +cmd
;; Got answer:
;; WARNING: .local is reserved for Multicast DNS
;; You are currently testing what happens when an mDNS query is leaked to
DNS
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 46573
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4000
;; QUESTION SECTION:
;kvm7246-vm022.maas.local. IN A
;; ANSWER SECTION:
kvm7246-vm022.maas.local. 26 IN A 172.23.4.52
;; Query time: 1 msec
;; SERVER: 172.21.83.4#53(172.21.83.4)
;; WHEN: Wed Nov 20 17:45:41 UTC 2019
;; MSG SIZE rcvd: 69
(The other DC gives the same answer.)
dig -x Returned_IP @IP_of_AD-DC
>
ubuntu at kvm7246-vm022:~/samba$ dig -x 172.23.4.52 @172.21.83.4
; <<>> DiG 9.11.5-P4-5.1ubuntu2-Ubuntu <<>> -x 172.23.4.52 @172.21.83.4
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 13322
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4000
;; QUESTION SECTION:
;52.4.23.172.in-addr.arpa. IN PTR
;; ANSWER SECTION:
52.4.23.172.in-addr.arpa. 25 IN PTR kvm7246-vm022.maas.local.
;; Query time: 2 msec
;; SERVER: 172.21.83.4#53(172.21.83.4)
;; WHEN: Wed Nov 20 17:46:07 UTC 2019
;; MSG SIZE rcvd: 91
(The other DC gives the same answer.)
> hostname -s
> hostname -f
> hostname -I
> hostname -A
>
ubuntu at kvm7246-vm022:~/samba$ hostname -s
kvm7246-vm022
ubuntu at kvm7246-vm022:~/samba$ hostname -f
kvm7246-vm022.maas.local
ubuntu at kvm7246-vm022:~/samba$ hostname -I
172.23.4.52
ubuntu at kvm7246-vm022:~/samba$ hostname -A
kvm7246-vm022.maas.local
> cat /etc/resolv.conf
>
ubuntu at kvm7246-vm022:~/samba$ grep -v ^# /etc/resolv.conf
nameserver 172.23.4.4
options edns0
search maas.local tc82.local local
(DNS is in sync between this nameserver and the DC, and it give the same
answers to the queries above.)
> route -n|grep default
>
I don't have the legacy route command installed, but I think this is what
you want:
ubuntu at kvm7246-vm022:~/samba$ ip route
default via 172.23.4.1 dev ens6 proto static
172.23.4.0/24 dev ens6 proto kernel scope link src 172.23.4.52
cat /etc/krb5.conf
>
ubuntu at kvm7246-vm022:~/samba$ cat /etc/krb5.conf
[libdefaults]
default_realm = TC83.LOCAL
dns_lookup_realm = false
dns_lookup_kdc = true
> Do you have 2 servers with the same hostname but in different DNS domains?
> Like this one vm7246-vm022 <<
>
No.
More information about the samba
mailing list