[Samba] New PTR records not visible
Christian Naumer
cn at brain-biotech.de
Thu Feb 27 09:33:15 UTC 2020
Hello Lois,
thanks for looking into this. Have you looked at what the original
poster shared in the bug report?
https://bugzilla.samba.org/show_bug.cgi?id=14268
I don't have a big problem with this, just trying to help. Maybe the
original poster can say more with regards of the problem he has with this.
here are more of my details.
Regards
#####samba-debug-info.txt##############
Collected config --- 2020-02-27-10:17 -----------
Hostname: dc1
DNS Domain: ad.domain.de
FQDN: DC1.ad.domain.de
ipaddress: 192.168.0.90
-----------
Kerberos SRV _kerberos._tcp.ad.domain.de record verified ok, sample output:
Server: 192.168.0.90
Address: 192.168.0.90#53
_kerberos._tcp.ad.domain.de service = 0 100 88 dc1.ad.domain.de.
_kerberos._tcp.ad.domain.de service = 0 100 88 dc3.ad.domain.de.
_kerberos._tcp.ad.domain.de service = 0 100 88 dc2.ad.domain.de.
_kerberos._tcp.ad.domain.de service = 0 100 88 dc4.ad.domain.de.
Samba is running as an AD DC
-----------
Checking file: /etc/os-release
NAME="CentOS Linux"
VERSION="7 (Core)"
ID="centos"
ID_LIKE="rhel fedora"
VERSION_ID="7"
PRETTY_NAME="CentOS Linux 7 (Core)"
ANSI_COLOR="0;31"
CPE_NAME="cpe:/o:centos:centos:7"
HOME_URL="https://www.centos.org/"
BUG_REPORT_URL="https://bugs.centos.org/"
CENTOS_MANTISBT_PROJECT="CentOS-7"
CENTOS_MANTISBT_PROJECT_VERSION="7"
REDHAT_SUPPORT_PRODUCT="centos"
REDHAT_SUPPORT_PRODUCT_VERSION="7"
-----------
This computer is running an unknown distribution x86_64
-----------
running command : ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN
group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
inet6 ::1/128 scope host
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP
group default qlen 1000
link/ether 6e:48:a7:59:a3:e4 brd ff:ff:ff:ff:ff:ff
inet 192.168.0.90/21 brd 192.168.7.255 scope global eth0
inet6 fe80::6c48:a7ff:fe59:a3e4/64 scope link
-----------
Checking file: /etc/hosts
127.0.0.1 localhost localhost.localdomain localhost4
localhost4.localdomain4
::1 localhost localhost.localdomain localhost6
localhost6.localdomain6
192.168.0.90 DC1.ad.domain.de DC1
192.168.0.91 DC2.ad.domain.de DC2
192.168.0.106 DC4.ad.domain.de DC4
192.168.0.190 DC3.ad.domain.de DC3
-----------
Checking file: /etc/resolv.conf
# Generated by NetworkManager
search ad.domain.de domain.de domain.com domain.de. domain.com. domain.de
nameserver 192.168.0.90
nameserver 192.168.0.91
nameserver 192.168.0.106
-----------
Checking file: /etc/krb5.conf
[logging]
default = FILE:/var/log/krb5libs.log
kdc = FILE:/var/log/krb5kdc.log
admin_server = FILE:/var/log/kadmind.log
[libdefaults]
default_realm = ad.domain.DE
dns_lookup_realm = true
dns_lookup_kdc = true
ticket_lifetime = 24h
renew_lifetime = 7d
forwardable = true
-----------
Checking file: /etc/nsswitch.conf
#
# /etc/nsswitch.conf
#
# An example Name Service Switch config file. This file should be
# sorted with the most-used services at the beginning.
#
# The entry '[NOTFOUND=return]' means that the search for an
# entry should stop if the search in the previous entry turned
# up nothing. Note that if the search failed due to some other reason
# (like no NIS server responding) then the search continues with the
# next entry.
#
# Valid entries include:
#
# nisplus Use NIS+ (NIS version 3)
# nis Use NIS (NIS version 2), also called YP
# dns Use DNS (Domain Name Service)
# files Use the local files
# db Use the local database (.db) files
# compat Use NIS on compat mode
# hesiod Use Hesiod for user lookups
# [NOTFOUND=return] Stop searching if not found so far
#
# To use db, put the "db" in front of "files" for entries you want to be
# looked up first in the databases
#
# Example:
#passwd: db files nisplus nis
#shadow: db files nisplus nis
#group: db files nisplus nis
passwd: files winbind
shadow: files winbind
group: files winbind
#initgroups: files
#hosts: db files nisplus nis dns
hosts: files dns myhostname
# Example - obey only what nisplus tells us...
#services: nisplus [NOTFOUND=return] files
#networks: nisplus [NOTFOUND=return] files
#protocols: nisplus [NOTFOUND=return] files
#rpc: nisplus [NOTFOUND=return] files
#ethers: nisplus [NOTFOUND=return] files
#netmasks: nisplus [NOTFOUND=return] files
bootparams: nisplus [NOTFOUND=return] files
ethers: files
netmasks: files
networks: files
protocols: files
rpc: files
services: files sss
netgroup: files sss
publickey: nisplus
automount: files sss
aliases: files nisplus
-----------
Checking file: /etc/samba/smb.conf
# Global parameters
[global]
netbios name = DC1
realm = ad.domain.DE
server services = s3fs, rpc, wrepl, ldap, cldap, kdc, drepl, winbindd,
ntp_signd, kcc, dnsupdate
workgroup = DOMAIN-02
logging =syslog
log level = 1 auth_audit:4 dsdb_password_audit:5
dsdb_transaction_audit:5 dsdb_group_audit:5
#log level = 3 auth_audit:4
server role = active directory domain controller
idmap_ldb:use rfc2307 = yes
template shell = /bin/bash
template homedir = /home/%U
#username map = /etc/samba/smbusers
#ntlm auth = yes
ntlm auth = mschapv2-and-ntlmv2-only
#rpc server dynamic port range = 1024-1300
disable netbios = yes
smb ports = 445
server min protocol = SMB2
client min protocol = SMB2
tls enabled = yes
tls keyfile = tls/server_de.key
tls certfile = tls/server.pem
tls cafile = tls/ca.pem
[netlogon]
path = /var/lib/samba/sysvol/ad.domain.de/scripts
read only = No
[sysvol]
path = /var/lib/samba/sysvol
read only = No
-----------
You have a user.map set in your smb.conf
This is not allowed because Samba is running as a DC
-----------
Detected bind DLZ enabled..
Warning, detected bind is enabled in smb.conf, but no /etc/bind
directory found
-----------
Installed packages:
-----------
##########named.conf###################
# /etc/named.conf
# Global BIND configuration options
include "/var/lib/samba/private/named.conf";
options {
tkey-gssapi-keytab "/var/lib/samba/private/dns.keytab";
auth-nxdomain yes;
directory "/var/named";
notify no;
empty-zones-enable no;
allow-query {
127.0.0.1;
192.168.0.0/16;
# add other networks you want to allow to query your DNS
};
allow-recursion {
192.168.0.0/16;
# add other networks you want to allow to do recursive queries
};
forwarders {
# Google public DNS server here - replace with your own if necessary
8.8.8.8;
8.8.4.4;
};
allow-transfer {
# this config is for a single master DNS server
none;
};
};
# Root servers (required zone for recursive queries)
zone "." {
type hint;
file "named.root";
};
# Required localhost forward-/reverse zones
zone "localhost" {
type master;
file "master/localhost.zone";
};
zone "0.0.127.in-addr.arpa" {
type master;
file "master/0.0.127.zone";
};
Am 27.02.20 um 09:53 schrieb L.P.H. van Belle via samba:
> Ok, new test.
>
> Besides that i dont like the python errors shown, this still looks good.
> So i dont know.. See below, i can not make it error.
>
>
> for x in 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 ; do samba-tool dns add dc1.internal.dom.tld $x.249.10.in-addr.arpa 158 PTR host-test.extrazone.dom.tld ; done
>
> Record added successfully
> Record added successfully
> Record added successfully
> Record added successfully
> Record added successfully
> ERROR: Zone does not exist; record coud not be added.
> ERROR: Zone does not exist; record could not be added.
> ERROR: Zone does not exist; record could not be added.
> ERROR: Zone does not exist; record could not be added.
> ERROR: Zone does not exist; record could not be added.
> ERROR: Zone does not exist; record could not be added.
> ERROR: Zone does not exist; record could not be added.
> ERROR: Zone does not exist; record could not be added.
> ERROR: Zone does not exist; record could not be added.
> ERROR: Zone does not exist; record could not be added.
> ERROR: Zone does not exist; record could not be added.
>
>
>
> for x in 0 1 2 3 4 5 6 7 ; do samba-tool dns add dc1.internal.dom.tld $x.249.10.in-addr.arpa 158 PTR host-test.extrazone.dom.tld ; done
> ERROR(runtime): uncaught exception - (9711, 'WERR_DNS_ERROR_RECORD_ALREADY_EXISTS')
> File "/usr/lib/python3/dist-packages/samba/netcmd/__init__.py", line 186, in _run
> return self.run(*args, **kwargs)
> File "/usr/lib/python3/dist-packages/samba/netcmd/dns.py", line 945, in run
> raise e
> File "/usr/lib/python3/dist-packages/samba/netcmd/dns.py", line 941, in run
> 0, server, zone, name, add_rec_buf, None)
> ERROR(runtime): uncaught exception - (9711, 'WERR_DNS_ERROR_RECORD_ALREADY_EXISTS')
> File "/usr/lib/python3/dist-packages/samba/netcmd/__init__.py", line 186, in _run
> return self.run(*args, **kwargs)
> File "/usr/lib/python3/dist-packages/samba/netcmd/dns.py", line 945, in run
> raise e
> File "/usr/lib/python3/dist-packages/samba/netcmd/dns.py", line 941, in run
> 0, server, zone, name, add_rec_buf, None)
> ERROR(runtime): uncaught exception - (9711, 'WERR_DNS_ERROR_RECORD_ALREADY_EXISTS')
> File "/usr/lib/python3/dist-packages/samba/netcmd/__init__.py", line 186, in _run
> return self.run(*args, **kwargs)
> File "/usr/lib/python3/dist-packages/samba/netcmd/dns.py", line 945, in run
> raise e
> File "/usr/lib/python3/dist-packages/samba/netcmd/dns.py", line 941, in run
> 0, server, zone, name, add_rec_buf, None)
> ERROR(runtime): uncaught exception - (9711, 'WERR_DNS_ERROR_RECORD_ALREADY_EXISTS')
> File "/usr/lib/python3/dist-packages/samba/netcmd/__init__.py", line 186, in _run
> return self.run(*args, **kwargs)
> File "/usr/lib/python3/dist-packages/samba/netcmd/dns.py", line 945, in run
> raise e
> File "/usr/lib/python3/dist-packages/samba/netcmd/dns.py", line 941, in run
> 0, server, zone, name, add_rec_buf, None)
> ERROR(runtime): uncaught exception - (9711, 'WERR_DNS_ERROR_RECORD_ALREADY_EXISTS')
> File "/usr/lib/python3/dist-packages/samba/netcmd/__init__.py", line 186, in _run
> return self.run(*args, **kwargs)
> File "/usr/lib/python3/dist-packages/samba/netcmd/dns.py", line 945, in run
> raise e
> File "/usr/lib/python3/dist-packages/samba/netcmd/dns.py", line 941, in run
> 0, server, zone, name, add_rec_buf, None)
> ERROR: Zone does not exist; record could not be added.
> ERROR: Zone does not exist; record could not be added.
> ERROR: Zone does not exist; record could not be added.
>
> for x in 0 1 2 3 4 5 6 7 ; do nslookup 10.249.$x.158 ; done
> 158.0.249.10.in-addr.arpa name = host-test.extrazone.dom.tld.
>
> 158.1.249.10.in-addr.arpa name = host-test.extrazone.dom.tld.
>
> 158.2.249.10.in-addr.arpa name = host-test.extrazone.dom.tld.
>
> 158.3.249.10.in-addr.arpa name = host-test.extrazone.dom.tld.
>
> 158.4.249.10.in-addr.arpa name = host-test.extrazone.dom.tld.
>
> ** server can't find 158.5.249.10.in-addr.arpa: NXDOMAIN
>
> ** server can't find 158.6.249.10.in-addr.arpa: NXDOMAIN
>
> ** server can't find 158.7.249.10.in-addr.arpa: NXDOMAIN
>
>
> Other range since you mentioned, this was in 192.168.x zones.
> So here you go.
>
> for x in 0 1 2 3 4 5 6 ; do samba-tool dns zonecreate dc1.internal.dom.tld $x.168.192.in-addr.arpa ; done
> Zone 0.168.192.in-addr.arpa created successfully
> Zone 1.168.192.in-addr.arpa created successfully
> Zone 2.168.192.in-addr.arpa created successfully
> Zone 3.168.192.in-addr.arpa created successfully
> Zone 4.168.192.in-addr.arpa created successfully
> Zone 5.168.192.in-addr.arpa created successfully
> Zone 6.168.192.in-addr.arpa created successfully
>
> for x in 0 1 2 3 4 5 6 ; do samba-tool dns add dc1.internal.dom.tld $x.168.192.in-addr.arpa 1 PTR host-test.extrazone.dom.tld ; done
> Record added successfully
> Record added successfully
> Record added successfully
> Record added successfully
> Record added successfully
> Record added successfully
> Record added successfully
>
> for x in 0 1 2 3 4 5 6 ; do nslookup 192.168.$x.1 ; done
> 1.0.168.192.in-addr.arpa name = host-test.extrazone.dom.tld.
>
> 1.1.168.192.in-addr.arpa name = host-test.extrazone.dom.tld.
>
> 1.2.168.192.in-addr.arpa name = host-test.extrazone.dom.tld.
>
> 1.3.168.192.in-addr.arpa name = host-test.extrazone.dom.tld.
>
> 1.4.168.192.in-addr.arpa name = host-test.extrazone.dom.tld.
>
> 1.5.168.192.in-addr.arpa name = host-test.extrazone.dom.tld.
>
> 1.6.168.192.in-addr.arpa name = host-test.extrazone.dom.tld.
>
>
>
> Did you run my debugscript already, can you post it
> https://github.com/thctlo/samba4/raw/master/samba-collect-debug-info.sh
>
>
> Greetz,
>
> Louis
>
>
>
>
>
>
>
>
>> -----Oorspronkelijk bericht-----
>> Van: samba [mailto:samba-bounces at lists.samba.org] Namens
>> Christian Naumer via samba
>> Verzonden: donderdag 27 februari 2020 9:24
>> Aan: samba at lists.samba.org
>> Onderwerp: Re: [Samba] New PTR records not visible
>>
>> Hi,
>> have you tried adding an entry to another host on 157? For me it only
>> produces the error with 0.168.192.in-addr.arpa and
>> 2.168.192.in-addr.arpa. Not with 1 or 3.
>>
>> Regards
>>
>> Christian
>>
>>
>> Am 27.02.20 um 08:42 schrieb L.P.H. van Belle via samba:
>>> Hai,
>>>
>>> Today i thought lets re-test this again.
>>> So this was done yesterday,
>>>
>>> samba-tool dns add dc1.internal.dom.tld
>> 2.249.10.in-addr.arpa 157 PTR host.extrazone.dom.tld
>>> samba-tool dns add dc1.internal.dom.tld
>> 0.249.10.in-addr.arpa 157 PTR host.extrazone.dom.tld
>>> samba-tool dns add dc1.internal.dom.tld
>> 1.249.10.in-addr.arpa 157 PTR host.extrazone.dom.tld
>>>
>>> I did keep the entries in the dns yesterday.
>>>
>>> Today :
>>>
>>> samba-tool dns add dc1.internal.dom.tld
>> 2.249.10.in-addr.arpa 157 PTR host.extrazone.dom.tld
>>> Password for [Administrator at REALM]:
>>> ERROR(runtime): uncaught exception - (9711,
>> 'WERR_DNS_ERROR_RECORD_ALREADY_EXISTS')
>>> File
>> "/usr/lib/python3/dist-packages/samba/netcmd/__init__.py",
>> line 186, in _run
>>> return self.run(*args, **kwargs)
>>> File
>> "/usr/lib/python3/dist-packages/samba/netcmd/dns.py", line 945, in run
>>> raise e
>>> File
>> "/usr/lib/python3/dist-packages/samba/netcmd/dns.py", line 941, in run
>>> 0, server, zone, name, add_rec_buf, None)
>>> # adding an extra on in "3"
>>> samba-tool dns add dc1.internal.dom.tld
>> 3.249.10.in-addr.arpa 157 PTR host.extrazone.dom.tld
>>> Password for [Administrator at REALM]:
>>> Record added successfully
>>>
>>> And i check all the reverse zones there dns records.
>>> All checked out ok.
>>>
>>> Sorry i can not make if fail here.
>>>
>>>
>>> Greetz,
>>>
>>> Louis
>>>
>>>
>>>> -----Oorspronkelijk bericht-----
>>>> Van: samba [mailto:samba-bounces at lists.samba.org] Namens
>>>> Christian Naumer via samba
>>>> Verzonden: woensdag 26 februari 2020 15:54
>>>> Aan: samba at lists.samba.org
>>>> Onderwerp: Re: [Samba] New PTR records not visible
>>>>
>>>> Am 26.02.20 um 15:40 schrieb L.P.H. van Belle via samba:
>>>>> So strange..
>>>>>
>>>>> I copied your commando's only change the arpa and
>>>> servername / domainnames
>>>>> All worked.
>>>>
>>>> Have you checked that you have this situation?
>>>>
>>>> If this entry "192.168.2.157" exists and if you try to add
>>>> "192.168.0.157" another entry to point to "192.168.2.157" is added.
>>>>
>>>>
>>>>>
>>>>> So far nobody told how there ad-dc and DNS is setup..
>>>>> Which i why i added :
>>>>>>> Debian 10, my own packages.
>>>>>>> Samba 4.11.6 + BIND9_DLZ is used .
>>>>>
>>>>> Now are you using samba DNS or BIND_DLZ dns ?
>>>>
>>>> I am using BIND_DLZ. On Centos 7 with the Sernet Packages.
>>>>
>>>> Regards
>>>>
>>>> Christian
>>>>
>>>> --
>>>> Dr. Christian Naumer
>>>> Unit Head Bioprocess Development
>>>> B.R.A.I.N Aktiengesellschaft
>>>> Darmstaedter Str. 34-36, D-64673 Zwingenberg
>>>> e-mail cn at brain-biotech.com, homepage www.brain-biotech.com
>>>> fon +49-6251-9331-30 / fax +49-6251-9331-11
>>>>
>>>> Sitz der Gesellschaft: Zwingenberg/Bergstrasse
>>>> Registergericht AG Darmstadt, HRB 24758
>>>> Vorstand: Adriaan Moelker (Vorstandsvorsitzender),
>>>> Manfred Bender, Ludger Roedder
>>>> Aufsichtsratsvorsitzender: Dr. Georg Kellinghusen
>>>>
>>>> --
>>>> To unsubscribe from this list go to the following URL and read the
>>>> instructions: https://lists.samba.org/mailman/options/samba
>>>>
>>>>
>>>
>>>
>>
>> --
>> Dr. Christian Naumer
>> Unit Head Bioprocess Development
>> B.R.A.I.N Aktiengesellschaft
>> Darmstaedter Str. 34-36, D-64673 Zwingenberg
>> e-mail cn at brain-biotech.com, homepage www.brain-biotech.com
>> fon +49-6251-9331-30 / fax +49-6251-9331-11
>>
>> Sitz der Gesellschaft: Zwingenberg/Bergstrasse
>> Registergericht AG Darmstadt, HRB 24758
>> Vorstand: Adriaan Moelker (Vorstandsvorsitzender),
>> Manfred Bender, Ludger Roedder
>> Aufsichtsratsvorsitzender: Dr. Georg Kellinghusen
>>
>> --
>> To unsubscribe from this list go to the following URL and read the
>> instructions: https://lists.samba.org/mailman/options/samba
>>
>>
>
>
--
Dr. Christian Naumer
Unit Head Bioprocess Development
B.R.A.I.N Aktiengesellschaft
Darmstaedter Str. 34-36, D-64673 Zwingenberg
e-mail cn at brain-biotech.com, homepage www.brain-biotech.com
fon +49-6251-9331-30 / fax +49-6251-9331-11
Sitz der Gesellschaft: Zwingenberg/Bergstrasse
Registergericht AG Darmstadt, HRB 24758
Vorstand: Adriaan Moelker (Vorstandsvorsitzender),
Manfred Bender, Ludger Roedder
Aufsichtsratsvorsitzender: Dr. Georg Kellinghusen
More information about the samba
mailing list