[Samba] dns replication error due to deleted records
Luca Olivetti
luca at wetron.es
Thu Oct 10 19:35:43 UTC 2019
El 10/10/19 a les 21:07, Rowland penny via samba ha escrit:
>>
> It works in a similar way to how I update dns records and I have similar
> records in AD and they replicate.
Oh, but they do. Until the replication chokes on those deleted records.
Never happened until September 25 (though I realized only today when a
manually added host resolved erratically).
>
> Can you post your dhcpd.conf and smb.conf
Sure
========== dhcpd.conf
ddns-update-style none;
option domain-name "samba.wetron.es";
option domain-name-servers 192.168.90.2, 192.168.90.5;
option netbios-name-servers 192.168.90.2, 192.168.90.5;
option netbios-dd-server 192.168.90.2, 192.168.90.5;
option time-servers 192.168.90.2, 192.168.90.5;
option routers 192.168.1.1;
option wpad code 252 = text;
option wpad "http://wpad/proxy.pac\n";
option subnet-mask 255.255.255.0;
default-lease-time 86400; #un día
max-lease-time 86400; #un día
authoritative;
log-facility local7;
subnet 192.168.1.0 netmask 255.255.255.0 {
range 192.168.1.101 192.168.1.250;
on commit {
set noname = concat("dhcp-", binary-to-ascii(10, 8, "-",
leased-address));
set ClientIP = binary-to-ascii(10, 8, ".", leased-address);
set ClientName = pick-first-value(option host-name, host-decl-name,
config-option host-name, noname);
execute("/etc/dhcp/update.sh", "add", ClientIP, ClientName);
}
on release {
#ClientIP y ClientName estan asociado al lease
execute("/etc/dhcp/update.sh", "delete", ClientIP, ClientName);
}
on expiry {
#ClientIP y ClientName estan asociado al lease
execute("/etc/dhcp/update.sh", "delete", ClientIP, ClientName);
}
}
===== smb.conf (the other dc is the same, apart from the name)
# Global parameters
[global]
workgroup = WETRON
realm = SAMBA.WETRON.ES
netbios name = DC1
server role = active directory domain controller
idmap_ldb:use rfc2307 = yes
tls enabled = yes
tls keyfile = /var/lib/samba/private/tls/dc1.samba.wetron.es.key
tls certfile = /var/lib/samba/private/tls/dc1.samba.wetron.es.crt
tls cafile = /var/lib/samba/private/tls/wetron.crt
dns forwarder = 192.168.90.29
# todos estos parametros no sirven en el DC, que solo mira
# idmap_ldp:use rfc2307
#dedicated keytab file = /etc/krb5.keytab
#kerberos method = secrets and keytab
#idmap config *:backend = tdb
#idmap config *:range = 60001-69999
#idmap config WETRON:backend = ad
#idmap config WETRON:schema_mode = rfc2307
#idmap config WETRON:range = 490-60000
#idmap config WETRON:default = yes
#winbind nss info = rfc2307
#winbind trusted domains only = no
#winbind use default domain = yes
# enum users/group parece que funciona
winbind enum users = yes
winbind enum groups = yes
template homedir = /net/storage01/mnt/pool1/usuarios/%U
template shell = /bin/false
printing = bsd
printcap name = /dev/null
disable spoolss = yes
ldap server require strong auth = allow_sasl_over_tls
allow insecure wide links = yes
# para radius - a partir de 4.7 se puede cambiar el yes por
# mschapv2-and-ntlmv2-only
ntlm auth = yes
[netlogon]
path = /var/lib/samba/sysvol/samba.wetron.es/scripts
read only = No
[sysvol]
path = /var/lib/samba/sysvol
read only = No
wide links = Yes
--
Luca Olivetti
Wetron Automation Technology http://www.wetron.es/
Tel. +34 93 5883004 (Ext.3010) Fax +34 93 5883007
More information about the samba
mailing list