[Samba] dns replication error due to deleted records
Rowland penny
rpenny at samba.org
Thu Oct 10 20:05:26 UTC 2019
On 10/10/2019 20:35, Luca Olivetti via samba wrote:
> El 10/10/19 a les 21:07, Rowland penny via samba ha escrit:
>
>>>
>> It works in a similar way to how I update dns records and I have
>> similar records in AD and they replicate.
>
> Oh, but they do. Until the replication chokes on those deleted records.
I think you misunderstood what I tried to say, I have the deleted
records in AD and they replicate without problem.
> Never happened until September 25 (though I realized only today when a
> manually added host resolved erratically).
>
>>
>> Can you post your dhcpd.conf and smb.conf
>
> Sure
>
> ========== dhcpd.conf
> ddns-update-style none;
> option domain-name "samba.wetron.es";
> option domain-name-servers 192.168.90.2, 192.168.90.5;
> option netbios-name-servers 192.168.90.2, 192.168.90.5;
> option netbios-dd-server 192.168.90.2, 192.168.90.5;
> option time-servers 192.168.90.2, 192.168.90.5;
> option routers 192.168.1.1;
> option wpad code 252 = text;
> option wpad "http://wpad/proxy.pac\n";
> option subnet-mask 255.255.255.0;
>
> default-lease-time 86400; #un día
> max-lease-time 86400; #un día
>
> authoritative;
>
> log-facility local7;
>
> subnet 192.168.1.0 netmask 255.255.255.0 {
Hmm, I take it that 192.168.90.2 and 192.168.90.5 are your DCs, so why
are your clients in the '192.168.1.0/24' subnet ?
>
> range 192.168.1.101 192.168.1.250;
> on commit {
> set noname = concat("dhcp-", binary-to-ascii(10, 8, "-",
> leased-address));
> set ClientIP = binary-to-ascii(10, 8, ".", leased-address);
> set ClientName = pick-first-value(option host-name,
> host-decl-name, config-option host-name, noname);
> execute("/etc/dhcp/update.sh", "add", ClientIP, ClientName);
> }
>
> on release {
> #ClientIP y ClientName estan asociado al lease
> execute("/etc/dhcp/update.sh", "delete", ClientIP, ClientName);
> }
>
> on expiry {
> #ClientIP y ClientName estan asociado al lease
> execute("/etc/dhcp/update.sh", "delete", ClientIP, ClientName);
> }
How does it know which IP & Name to delete ?
>
> }
>
> ===== smb.conf (the other dc is the same, apart from the name)
>
> # Global parameters
> [global]
> workgroup = WETRON
> realm = SAMBA.WETRON.ES
> netbios name = DC1
> server role = active directory domain controller
> idmap_ldb:use rfc2307 = yes
>
> tls enabled = yes
> tls keyfile = /var/lib/samba/private/tls/dc1.samba.wetron.es.key
> tls certfile = /var/lib/samba/private/tls/dc1.samba.wetron.es.crt
> tls cafile = /var/lib/samba/private/tls/wetron.crt
>
> dns forwarder = 192.168.90.29
> # todos estos parametros no sirven en el DC, que solo mira
> # idmap_ldp:use rfc2307
> #dedicated keytab file = /etc/krb5.keytab
> #kerberos method = secrets and keytab
> #idmap config *:backend = tdb
> #idmap config *:range = 60001-69999
> #idmap config WETRON:backend = ad
> #idmap config WETRON:schema_mode = rfc2307
> #idmap config WETRON:range = 490-60000
> #idmap config WETRON:default = yes
>
> #winbind nss info = rfc2307
> #winbind trusted domains only = no
> #winbind use default domain = yes
>
> # enum users/group parece que funciona
>
> winbind enum users = yes
> winbind enum groups = yes
>
> template homedir = /net/storage01/mnt/pool1/usuarios/%U
> template shell = /bin/false
>
> printing = bsd
> printcap name = /dev/null
> disable spoolss = yes
>
> ldap server require strong auth = allow_sasl_over_tls
>
> allow insecure wide links = yes
>
> # para radius - a partir de 4.7 se puede cambiar el yes por
> # mschapv2-and-ntlmv2-only
>
> ntlm auth = yes
>
> [netlogon]
> path = /var/lib/samba/sysvol/samba.wetron.es/scripts
> read only = No
>
> [sysvol]
> path = /var/lib/samba/sysvol
> read only = No
> wide links = Yes
Why do you need 'wide links' in sysvol ?
Rowland
More information about the samba
mailing list