[Samba] New PTR records not visible

Christian Naumer cn at brain-biotech.de
Thu Feb 27 09:33:15 UTC 2020


Hello Lois,
thanks for looking into this. Have you looked at what the original
poster shared in the bug report?

https://bugzilla.samba.org/show_bug.cgi?id=14268

I don't have a big problem with this, just trying to help. Maybe the
original poster can say more with regards of the problem he has with this.


here are more of my details.

Regards


#####samba-debug-info.txt##############
Collected config  --- 2020-02-27-10:17 -----------

Hostname: dc1
DNS Domain: ad.domain.de
FQDN: DC1.ad.domain.de
ipaddress: 192.168.0.90

-----------

Kerberos SRV _kerberos._tcp.ad.domain.de record verified ok, sample output:
Server:		192.168.0.90
Address:	192.168.0.90#53

_kerberos._tcp.ad.domain.de	service = 0 100 88 dc1.ad.domain.de.
_kerberos._tcp.ad.domain.de	service = 0 100 88 dc3.ad.domain.de.
_kerberos._tcp.ad.domain.de	service = 0 100 88 dc2.ad.domain.de.
_kerberos._tcp.ad.domain.de	service = 0 100 88 dc4.ad.domain.de.
Samba is running as an AD DC

-----------
       Checking file: /etc/os-release

NAME="CentOS Linux"
VERSION="7 (Core)"
ID="centos"
ID_LIKE="rhel fedora"
VERSION_ID="7"
PRETTY_NAME="CentOS Linux 7 (Core)"
ANSI_COLOR="0;31"
CPE_NAME="cpe:/o:centos:centos:7"
HOME_URL="https://www.centos.org/"
BUG_REPORT_URL="https://bugs.centos.org/"

CENTOS_MANTISBT_PROJECT="CentOS-7"
CENTOS_MANTISBT_PROJECT_VERSION="7"
REDHAT_SUPPORT_PRODUCT="centos"
REDHAT_SUPPORT_PRODUCT_VERSION="7"

-----------


This computer is running an unknown distribution x86_64

-----------
running command : ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN
group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
    inet6 ::1/128 scope host
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP
group default qlen 1000
    link/ether 6e:48:a7:59:a3:e4 brd ff:ff:ff:ff:ff:ff
    inet 192.168.0.90/21 brd 192.168.7.255 scope global eth0
    inet6 fe80::6c48:a7ff:fe59:a3e4/64 scope link

-----------
       Checking file: /etc/hosts

127.0.0.1   localhost localhost.localdomain localhost4
localhost4.localdomain4
::1         localhost localhost.localdomain localhost6
localhost6.localdomain6
192.168.0.90 DC1.ad.domain.de DC1
192.168.0.91 DC2.ad.domain.de DC2
192.168.0.106 DC4.ad.domain.de DC4
192.168.0.190 DC3.ad.domain.de DC3

-----------

       Checking file: /etc/resolv.conf

# Generated by NetworkManager
search ad.domain.de domain.de domain.com domain.de. domain.com. domain.de
nameserver 192.168.0.90
nameserver 192.168.0.91
nameserver 192.168.0.106

-----------

       Checking file: /etc/krb5.conf

[logging]
default = FILE:/var/log/krb5libs.log
kdc = FILE:/var/log/krb5kdc.log
admin_server = FILE:/var/log/kadmind.log

[libdefaults]
default_realm = ad.domain.DE
dns_lookup_realm = true
dns_lookup_kdc = true
ticket_lifetime = 24h
renew_lifetime = 7d
forwardable = true

-----------

       Checking file: /etc/nsswitch.conf

#
# /etc/nsswitch.conf
#
# An example Name Service Switch config file. This file should be
# sorted with the most-used services at the beginning.
#
# The entry '[NOTFOUND=return]' means that the search for an
# entry should stop if the search in the previous entry turned
# up nothing. Note that if the search failed due to some other reason
# (like no NIS server responding) then the search continues with the
# next entry.
#
# Valid entries include:
#
#	nisplus			Use NIS+ (NIS version 3)
#	nis			Use NIS (NIS version 2), also called YP
#	dns			Use DNS (Domain Name Service)
#	files			Use the local files
#	db			Use the local database (.db) files
#	compat			Use NIS on compat mode
#	hesiod			Use Hesiod for user lookups
#	[NOTFOUND=return]	Stop searching if not found so far
#

# To use db, put the "db" in front of "files" for entries you want to be
# looked up first in the databases
#
# Example:
#passwd:    db files nisplus nis
#shadow:    db files nisplus nis
#group:     db files nisplus nis

passwd:     files winbind
shadow:     files winbind
group:      files winbind
#initgroups: files

#hosts:     db files nisplus nis dns
hosts:      files dns myhostname

# Example - obey only what nisplus tells us...
#services:   nisplus [NOTFOUND=return] files
#networks:   nisplus [NOTFOUND=return] files
#protocols:  nisplus [NOTFOUND=return] files
#rpc:        nisplus [NOTFOUND=return] files
#ethers:     nisplus [NOTFOUND=return] files
#netmasks:   nisplus [NOTFOUND=return] files

bootparams: nisplus [NOTFOUND=return] files

ethers:     files
netmasks:   files
networks:   files
protocols:  files
rpc:        files
services:   files sss

netgroup:   files sss

publickey:  nisplus

automount:  files sss
aliases:    files nisplus

-----------

       Checking file: /etc/samba/smb.conf

# Global parameters
[global]
	netbios name = DC1
	realm = ad.domain.DE
	server services = s3fs, rpc, wrepl, ldap, cldap, kdc, drepl, winbindd,
ntp_signd, kcc, dnsupdate
	workgroup = DOMAIN-02
	logging =syslog
	log level = 1 auth_audit:4 dsdb_password_audit:5
dsdb_transaction_audit:5 dsdb_group_audit:5
	#log level = 3 auth_audit:4
	server role = active directory domain controller
	idmap_ldb:use rfc2307 = yes
	template shell = /bin/bash
        template homedir = /home/%U
	#username map = /etc/samba/smbusers
	#ntlm auth = yes
	ntlm auth = mschapv2-and-ntlmv2-only
	#rpc server dynamic port range = 1024-1300
	disable netbios = yes
        smb ports = 445
	server min protocol = SMB2
        client min protocol = SMB2
	tls enabled  = yes
	tls keyfile  = tls/server_de.key
	tls certfile = tls/server.pem
	tls cafile   = tls/ca.pem

[netlogon]
	path = /var/lib/samba/sysvol/ad.domain.de/scripts
	read only = No

[sysvol]
	path = /var/lib/samba/sysvol
	read only = No

-----------

You have a user.map set in your smb.conf
This is not allowed because Samba is running as a DC

-----------
Detected bind DLZ enabled..

Warning, detected bind is enabled in smb.conf, but no /etc/bind
directory found

-----------

Installed packages:


-----------
##########named.conf###################

# /etc/named.conf
# Global BIND configuration options
include "/var/lib/samba/private/named.conf";
options {
    tkey-gssapi-keytab "/var/lib/samba/private/dns.keytab";
    auth-nxdomain yes;
    directory "/var/named";
    notify no;
    empty-zones-enable no;

    allow-query {
        127.0.0.1;
        192.168.0.0/16;
        # add other networks you want to allow to query your DNS
    };

    allow-recursion {
        192.168.0.0/16;
        # add other networks you want to allow to do recursive queries
    };

    forwarders {
        # Google public DNS server here - replace with your own if necessary
        8.8.8.8;
        8.8.4.4;
    };

    allow-transfer {
        # this config is for a single master DNS server
        none;
    };

};


# Root servers (required zone for recursive queries)
zone "." {
   type hint;
   file "named.root";
};

# Required localhost forward-/reverse zones
zone "localhost" {
    type master;
    file "master/localhost.zone";
};
zone "0.0.127.in-addr.arpa" {
    type master;
    file "master/0.0.127.zone";
};


Am 27.02.20 um 09:53 schrieb L.P.H. van Belle via samba:
> Ok, new test. 
> 
> Besides that i dont like the python errors shown, this still looks good. 
> So i dont know.. See below, i can not make it error. 
> 
> 
> for x in 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 ; do samba-tool dns add dc1.internal.dom.tld $x.249.10.in-addr.arpa 158 PTR host-test.extrazone.dom.tld ; done
> 
> Record added successfully
> Record added successfully
> Record added successfully
> Record added successfully
> Record added successfully
> ERROR: Zone does not exist; record coud not be added.
> ERROR: Zone does not exist; record could not be added.
> ERROR: Zone does not exist; record could not be added.
> ERROR: Zone does not exist; record could not be added.
> ERROR: Zone does not exist; record could not be added.
> ERROR: Zone does not exist; record could not be added.
> ERROR: Zone does not exist; record could not be added.
> ERROR: Zone does not exist; record could not be added.
> ERROR: Zone does not exist; record could not be added.
> ERROR: Zone does not exist; record could not be added.
> ERROR: Zone does not exist; record could not be added.
> 
> 
> 
> for x in 0 1 2 3 4 5 6 7 ; do samba-tool dns add dc1.internal.dom.tld $x.249.10.in-addr.arpa 158 PTR host-test.extrazone.dom.tld ; done
> ERROR(runtime): uncaught exception - (9711, 'WERR_DNS_ERROR_RECORD_ALREADY_EXISTS')
>   File "/usr/lib/python3/dist-packages/samba/netcmd/__init__.py", line 186, in _run
>     return self.run(*args, **kwargs)
>   File "/usr/lib/python3/dist-packages/samba/netcmd/dns.py", line 945, in run
>     raise e
>   File "/usr/lib/python3/dist-packages/samba/netcmd/dns.py", line 941, in run
>     0, server, zone, name, add_rec_buf, None)
> ERROR(runtime): uncaught exception - (9711, 'WERR_DNS_ERROR_RECORD_ALREADY_EXISTS')
>   File "/usr/lib/python3/dist-packages/samba/netcmd/__init__.py", line 186, in _run
>     return self.run(*args, **kwargs)
>   File "/usr/lib/python3/dist-packages/samba/netcmd/dns.py", line 945, in run
>     raise e
>   File "/usr/lib/python3/dist-packages/samba/netcmd/dns.py", line 941, in run
>     0, server, zone, name, add_rec_buf, None)
> ERROR(runtime): uncaught exception - (9711, 'WERR_DNS_ERROR_RECORD_ALREADY_EXISTS')
>   File "/usr/lib/python3/dist-packages/samba/netcmd/__init__.py", line 186, in _run
>     return self.run(*args, **kwargs)
>   File "/usr/lib/python3/dist-packages/samba/netcmd/dns.py", line 945, in run
>     raise e
>   File "/usr/lib/python3/dist-packages/samba/netcmd/dns.py", line 941, in run
>     0, server, zone, name, add_rec_buf, None)
> ERROR(runtime): uncaught exception - (9711, 'WERR_DNS_ERROR_RECORD_ALREADY_EXISTS')
>   File "/usr/lib/python3/dist-packages/samba/netcmd/__init__.py", line 186, in _run
>     return self.run(*args, **kwargs)
>   File "/usr/lib/python3/dist-packages/samba/netcmd/dns.py", line 945, in run
>     raise e
>   File "/usr/lib/python3/dist-packages/samba/netcmd/dns.py", line 941, in run
>     0, server, zone, name, add_rec_buf, None)
> ERROR(runtime): uncaught exception - (9711, 'WERR_DNS_ERROR_RECORD_ALREADY_EXISTS')
>   File "/usr/lib/python3/dist-packages/samba/netcmd/__init__.py", line 186, in _run
>     return self.run(*args, **kwargs)
>   File "/usr/lib/python3/dist-packages/samba/netcmd/dns.py", line 945, in run
>     raise e
>   File "/usr/lib/python3/dist-packages/samba/netcmd/dns.py", line 941, in run
>     0, server, zone, name, add_rec_buf, None)
> ERROR: Zone does not exist; record could not be added.
> ERROR: Zone does not exist; record could not be added.
> ERROR: Zone does not exist; record could not be added.
> 
> for x in 0 1 2 3 4 5 6 7 ; do nslookup 10.249.$x.158 ; done
> 158.0.249.10.in-addr.arpa       name = host-test.extrazone.dom.tld.
> 
> 158.1.249.10.in-addr.arpa       name = host-test.extrazone.dom.tld.
> 
> 158.2.249.10.in-addr.arpa       name = host-test.extrazone.dom.tld.
> 
> 158.3.249.10.in-addr.arpa       name = host-test.extrazone.dom.tld.
> 
> 158.4.249.10.in-addr.arpa       name = host-test.extrazone.dom.tld.
> 
> ** server can't find 158.5.249.10.in-addr.arpa: NXDOMAIN
> 
> ** server can't find 158.6.249.10.in-addr.arpa: NXDOMAIN
> 
> ** server can't find 158.7.249.10.in-addr.arpa: NXDOMAIN
> 
> 
> Other range since you mentioned, this was in 192.168.x zones. 
> So here you go.
> 
> for x in 0 1 2 3 4 5 6 ; do samba-tool dns zonecreate dc1.internal.dom.tld $x.168.192.in-addr.arpa ; done
> Zone 0.168.192.in-addr.arpa created successfully
> Zone 1.168.192.in-addr.arpa created successfully
> Zone 2.168.192.in-addr.arpa created successfully
> Zone 3.168.192.in-addr.arpa created successfully
> Zone 4.168.192.in-addr.arpa created successfully
> Zone 5.168.192.in-addr.arpa created successfully
> Zone 6.168.192.in-addr.arpa created successfully
> 
> for x in 0 1 2 3 4 5 6 ; do samba-tool dns add dc1.internal.dom.tld $x.168.192.in-addr.arpa 1 PTR host-test.extrazone.dom.tld ; done
> Record added successfully
> Record added successfully
> Record added successfully
> Record added successfully
> Record added successfully
> Record added successfully
> Record added successfully
> 
> for x in 0 1 2 3 4 5 6 ; do nslookup 192.168.$x.1 ; done
> 1.0.168.192.in-addr.arpa        name = host-test.extrazone.dom.tld.
> 
> 1.1.168.192.in-addr.arpa        name = host-test.extrazone.dom.tld.
> 
> 1.2.168.192.in-addr.arpa        name = host-test.extrazone.dom.tld.
> 
> 1.3.168.192.in-addr.arpa        name = host-test.extrazone.dom.tld.
> 
> 1.4.168.192.in-addr.arpa        name = host-test.extrazone.dom.tld.
> 
> 1.5.168.192.in-addr.arpa        name = host-test.extrazone.dom.tld.
> 
> 1.6.168.192.in-addr.arpa        name = host-test.extrazone.dom.tld.
> 
> 
> 
> Did you run my debugscript already, can you post it
> https://github.com/thctlo/samba4/raw/master/samba-collect-debug-info.sh 
> 
> 
> Greetz, 
> 
> Louis
> 
> 
> 
> 
> 
> 
>  
> 
>> -----Oorspronkelijk bericht-----
>> Van: samba [mailto:samba-bounces at lists.samba.org] Namens 
>> Christian Naumer via samba
>> Verzonden: donderdag 27 februari 2020 9:24
>> Aan: samba at lists.samba.org
>> Onderwerp: Re: [Samba] New PTR records not visible
>>
>> Hi,
>> have you tried adding an entry to another host on 157? For me it only
>> produces the error with 0.168.192.in-addr.arpa and
>> 2.168.192.in-addr.arpa. Not with 1 or 3.
>>
>> Regards
>>
>> Christian
>>
>>
>> Am 27.02.20 um 08:42 schrieb L.P.H. van Belle via samba:
>>> Hai, 
>>>
>>> Today i thought lets re-test this again. 
>>> So this was done yesterday, 
>>>
>>> samba-tool dns add dc1.internal.dom.tld 
>> 2.249.10.in-addr.arpa 157 PTR host.extrazone.dom.tld
>>> samba-tool dns add dc1.internal.dom.tld 
>> 0.249.10.in-addr.arpa 157 PTR host.extrazone.dom.tld
>>> samba-tool dns add dc1.internal.dom.tld 
>> 1.249.10.in-addr.arpa 157 PTR host.extrazone.dom.tld
>>>
>>> I did keep the entries in the dns yesterday. 
>>>
>>> Today : 
>>>
>>> samba-tool dns add dc1.internal.dom.tld 
>> 2.249.10.in-addr.arpa 157 PTR host.extrazone.dom.tld
>>> Password for [Administrator at REALM]:
>>> ERROR(runtime): uncaught exception - (9711, 
>> 'WERR_DNS_ERROR_RECORD_ALREADY_EXISTS')
>>>   File 
>> "/usr/lib/python3/dist-packages/samba/netcmd/__init__.py", 
>> line 186, in _run
>>>     return self.run(*args, **kwargs)
>>>   File 
>> "/usr/lib/python3/dist-packages/samba/netcmd/dns.py", line 945, in run
>>>     raise e
>>>   File 
>> "/usr/lib/python3/dist-packages/samba/netcmd/dns.py", line 941, in run
>>>     0, server, zone, name, add_rec_buf, None)
>>> # adding an extra on in "3"
>>> samba-tool dns add  dc1.internal.dom.tld 
>> 3.249.10.in-addr.arpa 157 PTR host.extrazone.dom.tld
>>> Password for [Administrator at REALM]:
>>> Record added successfully
>>>
>>> And i check all the reverse zones there dns records.
>>> All checked out ok.
>>>
>>> Sorry i can not make if fail here. 
>>>
>>>
>>> Greetz, 
>>>
>>> Louis 
>>>
>>>
>>>> -----Oorspronkelijk bericht-----
>>>> Van: samba [mailto:samba-bounces at lists.samba.org] Namens 
>>>> Christian Naumer via samba
>>>> Verzonden: woensdag 26 februari 2020 15:54
>>>> Aan: samba at lists.samba.org
>>>> Onderwerp: Re: [Samba] New PTR records not visible
>>>>
>>>> Am 26.02.20 um 15:40 schrieb L.P.H. van Belle via samba:
>>>>> So strange.. 
>>>>>
>>>>> I copied your commando's only change the arpa and 
>>>> servername / domainnames 
>>>>> All worked. 
>>>>
>>>> Have you checked that you have this situation?
>>>>
>>>> If this entry "192.168.2.157" exists and if you try to add
>>>> "192.168.0.157" another entry to point to "192.168.2.157" is added.
>>>>
>>>>
>>>>>
>>>>> So far nobody told how there ad-dc and DNS is setup.. 
>>>>> Which i why i added :  
>>>>>>> Debian 10, my own packages.
>>>>>>> Samba 4.11.6 + BIND9_DLZ is used .  
>>>>>
>>>>> Now are you using samba DNS or BIND_DLZ dns ? 
>>>>
>>>> I am using BIND_DLZ. On Centos 7 with the Sernet Packages.
>>>>
>>>> Regards
>>>>
>>>> Christian
>>>>
>>>> -- 
>>>> Dr. Christian Naumer
>>>> Unit Head Bioprocess Development
>>>> B.R.A.I.N Aktiengesellschaft
>>>> Darmstaedter Str. 34-36, D-64673 Zwingenberg
>>>> e-mail cn at brain-biotech.com, homepage www.brain-biotech.com
>>>> fon +49-6251-9331-30  /   fax +49-6251-9331-11
>>>>
>>>> Sitz der Gesellschaft: Zwingenberg/Bergstrasse
>>>> Registergericht AG Darmstadt, HRB 24758
>>>> Vorstand: Adriaan Moelker (Vorstandsvorsitzender), 
>>>> Manfred Bender, Ludger Roedder
>>>> Aufsichtsratsvorsitzender: Dr. Georg Kellinghusen
>>>>
>>>> -- 
>>>> To unsubscribe from this list go to the following URL and read the
>>>> instructions:  https://lists.samba.org/mailman/options/samba
>>>>
>>>>
>>>
>>>
>>
>> -- 
>> Dr. Christian Naumer
>> Unit Head Bioprocess Development
>> B.R.A.I.N Aktiengesellschaft
>> Darmstaedter Str. 34-36, D-64673 Zwingenberg
>> e-mail cn at brain-biotech.com, homepage www.brain-biotech.com
>> fon +49-6251-9331-30  /   fax +49-6251-9331-11
>>
>> Sitz der Gesellschaft: Zwingenberg/Bergstrasse
>> Registergericht AG Darmstadt, HRB 24758
>> Vorstand: Adriaan Moelker (Vorstandsvorsitzender), 
>> Manfred Bender, Ludger Roedder
>> Aufsichtsratsvorsitzender: Dr. Georg Kellinghusen
>>
>> -- 
>> To unsubscribe from this list go to the following URL and read the
>> instructions:  https://lists.samba.org/mailman/options/samba
>>
>>
> 
> 

-- 
Dr. Christian Naumer
Unit Head Bioprocess Development
B.R.A.I.N Aktiengesellschaft
Darmstaedter Str. 34-36, D-64673 Zwingenberg
e-mail cn at brain-biotech.com, homepage www.brain-biotech.com
fon +49-6251-9331-30  /   fax +49-6251-9331-11

Sitz der Gesellschaft: Zwingenberg/Bergstrasse
Registergericht AG Darmstadt, HRB 24758
Vorstand: Adriaan Moelker (Vorstandsvorsitzender), 
Manfred Bender, Ludger Roedder
Aufsichtsratsvorsitzender: Dr. Georg Kellinghusen



More information about the samba mailing list