[Samba] Problems with sysrepl

Rowland penny rpenny at samba.org
Fri Sep 11 11:10:52 UTC 2020


On 11/09/2020 11:52, basti via samba wrote:
> root at dc1:~# cat /tmp/samba-debug-info.txt
> Collected config  --- 2020-09-11-12:35 -----------
>
> Hostname: dc1
> DNS Domain: samdom.example.com
> FQDN: dc1.samdom.example.com
> ipaddress: 193.137.1.133
>
> -----------
>
> Kerberos SRV _kerberos._tcp.samdom.example.com record verified ok,
> sample output:
> Server:		193.137.1.133
> Address:	193.137.1.133#53
>
> _kerberos._tcp.samdom.example.com	service = 0 100 88 dc1.samdom.example.com.
> Samba is running as an AD DC
>
> -----------
>         Checking file: /etc/os-release
>
> PRETTY_NAME="Debian GNU/Linux 10 (buster)"
> NAME="Debian GNU/Linux"
> VERSION_ID="10"
> VERSION="10 (buster)"
> VERSION_CODENAME=buster
> ID=debian
> HOME_URL="https://www.debian.org/"
> SUPPORT_URL="https://www.debian.org/support"
> BUG_REPORT_URL="https://bugs.debian.org/"
>
> -----------
>
>
> This computer is running Debian 10.2 x86_64
>
> -----------
> running command : ip a
> 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN
> group default qlen 1000
>      link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
>      inet 127.0.0.1/8 scope host lo
>      inet6 ::1/128 scope host
> 2: ens3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast
> state UP group default qlen 1000
>      link/ether 52:54:00:43:08:92 brd ff:ff:ff:ff:ff:ff
>      inet 193.137.1.133/24 brd 193.137.1.255 scope global ens3
>      inet6 fe80::5054:ff:fe43:892/64 scope link
>
> -----------
>         Checking file: /etc/hosts
>
> 127.0.0.1	localhost
> 193.137.1.133	dc1.samdom.example.com	dc1
> 193.137.1.135	dc2.samdom.example.com	dc2
>
> # The following lines are desirable for IPv6 capable hosts
> ::1     localhost ip6-localhost ip6-loopback
> ff02::1 ip6-allnodes
> ff02::2 ip6-allrouters
>
> -----------
>
>         Checking file: /etc/resolv.conf
>
> nameserver 193.137.1.133
> search samdom.example.com
> search net
>
> -----------
>
>         Checking file: /etc/krb5.conf
>
> [libdefaults]
> 	default_realm = SAMDOM.EXAMPLE.COM
> 	dns_lookup_realm = false
> 	dns_lookup_kdc = true
>
> [realms]
> 	SAMDOM.EXAMPLE.COM = {
> 		kdc = DC1.SAMDOM.EXAMPLE:COM
> 		admin_server = DC1.SAMDOM.EXAMPLE.COM
> 	}
>
> -----------
>
>         Checking file: /etc/nsswitch.conf
>
> # /etc/nsswitch.conf
> #
> # Example configuration of GNU Name Service Switch functionality.
> # If you have the `glibc-doc-reference' and `info' packages installed, try:
> # `info libc "Name Service Switch"' for information about this file.
>
> passwd:         files systemd
> group:          files systemd
> shadow:         files
> gshadow:        files
>
> hosts:          files dns
> networks:       files
>
> protocols:      db files
> services:       db files
> ethers:         db files
> rpc:            db files
>
> netgroup:       nis
>
> -----------
>
>         Checking file: /etc/samba/smb.conf
>
> # Global parameters
> [global]
>          netbios name = DC1
>          realm = SAMDOM.EXAMPLE.COM
>          server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc,
> drepl, winbindd, ntp_signd, kcc, dnsupdate
>          workgroup = NET
>          server role = active directory domain controller
>          idmap_ldb:use rfc2307 = yes
>
>          # Debug logging information
>          log level = 1
>          log file = /var/log/samba/log.M%
>          max log size = 50
>          debug timestamp = yes
>
> 	# to connect via ldapvi
> 	ldap server require strong auth = no
> [netlogon]
>          path = /var/lib/samba/sysvol/samdom.example.com/scripts
>          read only = Yes
> 	write list = root,Administrator, at Domain Admins
>
> [sysvol]
>          path = /var/lib/samba/sysvol
>          read only = Yes
> 	write list = root,Administrator, at Domain Admins
>
> -----------
>
> Detected bind DLZ enabled..
>         Checking file: /etc/bind/named.conf
>
> // This is the primary configuration file for the BIND DNS server named.
> //
> // Please read /usr/share/doc/bind9/README.Debian.gz for information on the
> // structure of BIND configuration files in Debian, *BEFORE* you customize
> // this configuration file.
> //
> // If you are just adding zones, please do that in
> /etc/bind/named.conf.local
>
> include "/etc/bind/named.conf.options";
> include "/etc/bind/named.conf.local";
> include "/etc/bind/named.conf.default-zones";
> # samba bind_dlz
> include "/var/lib/samba/bind-dns/named.conf";
>
> -----------
>
>         Checking file: /etc/bind/named.conf.options
>
> options {
> 	directory "/var/cache/bind";
>
> 	// If there is a firewall between you and nameservers you want
> 	// to talk to, you may need to fix the firewall to allow multiple
> 	// ports to talk.  See http://www.kb.cert.org/vuls/id/800113
>
> 	// If your ISP provided one or more IP addresses for stable
> 	// nameservers, you probably want to use them as forwarders.
> 	// Uncomment the following block, and insert the addresses replacing
> 	// the all-0's placeholder.
>
> 	// forwarders {
> 	// 	0.0.0.0;
> 	// };
>
> 	//========================================================================
> 	// If BIND logs error messages about the root key being expired,
> 	// you will need to update your keys.  See https://www.isc.org/bind-keys
> 	//========================================================================
> 	dnssec-validation auto;
>
> 	listen-on-v6 { any; };
>
> 	// samba
> 	// see /var/lib/samba/bind-dns/named.txt
> 	tkey-gssapi-keytab "/var/lib/samba/bind-dns/dns.keytab";	
> };
>
> -----------
>
>         Checking file: /etc/bind/named.conf.local
>
> //
> // Do any local configuration here
> //
>
> // Consider adding the 1918 zones here, if they are not used in your
> // organization
> //include "/etc/bind/zones.rfc1918";
>
> // reduce log verbosity on issues outside our control
> logging {
>          category lame-servers { null; };
>          // category cname { null; };
> };
>
> zone "fsoc.de" {
>          type forward;
>          forwarders { 192.28.103.20; 62.156.190.20; };
>          forward only;
> };
>
> zone "fhd-mobil.de" {
>          type forward;
>          forwarders { 192.28.103.20; 62.156.190.20; };
>          forward only;
> };
>
> # abcpartner hat probleme mit dnssec //sf 2019-06-26
> zone "abcpartner.de" {
>          type forward;
>          forwarders { 192.28.103.20; 62.156.190.20; };
>          forward only;
> };
>
> -----------
>
>         Checking file: /etc/bind/named.conf.default-zones
>
> // prime the server with knowledge of the root servers
> zone "." {
> 	type hint;
> 	file "/usr/share/dns/root.hints";
> };
>
> // be authoritative for the localhost forward and reverse zones, and for
> // broadcast zones as per RFC 1912
>
> zone "localhost" {
> 	type master;
> 	file "/etc/bind/db.local";
> };
>
> zone "127.in-addr.arpa" {
> 	type master;
> 	file "/etc/bind/db.127";
> };
>
> zone "0.in-addr.arpa" {
> 	type master;
> 	file "/etc/bind/db.0";
> };
>
> zone "255.in-addr.arpa" {
> 	type master;
> 	file "/etc/bind/db.255";
> };
>
> -----------
>
> Samba DNS zone list:   3 zone(s) found
>
>    pszZoneName                 : samdom.example.com
>    Flags                       : DNS_RPC_ZONE_DSINTEGRATED
> DNS_RPC_ZONE_UPDATE_SECURE
>    ZoneType                    : DNS_ZONE_TYPE_PRIMARY
>    Version                     : 50
>    dwDpFlags                   : DNS_DP_AUTOCREATED DNS_DP_DOMAIN_DEFAULT
> DNS_DP_ENLISTED
>    pszDpFqdn                   : DomainDnsZones.samdom.example.com
>
>    pszZoneName                 : 1.137.193.in-addr.arpa
>    Flags                       : DNS_RPC_ZONE_DSINTEGRATED
> DNS_RPC_ZONE_UPDATE_SECURE
>    ZoneType                    : DNS_ZONE_TYPE_PRIMARY
>    Version                     : 50
>    dwDpFlags                   : DNS_DP_AUTOCREATED DNS_DP_DOMAIN_DEFAULT
> DNS_DP_ENLISTED
>    pszDpFqdn                   : DomainDnsZones.samdom.example.com
>
>    pszZoneName                 : _msdcs.samdom.example.com
>    Flags                       : DNS_RPC_ZONE_DSINTEGRATED
> DNS_RPC_ZONE_UPDATE_SECURE
>    ZoneType                    : DNS_ZONE_TYPE_PRIMARY
>    Version                     : 50
>    dwDpFlags                   : DNS_DP_AUTOCREATED DNS_DP_FOREST_DEFAULT
> DNS_DP_ENLISTED
>    pszDpFqdn                   : ForestDnsZones.samdom.example.com
>
> Samba DNS zone list Automated check :
> zone : samdom.example.com ok, no Bind flat-files found
> -----------
> zone : 1.137.193.in-addr.arpa ok, no Bind flat-files found
> -----------
> zone : _msdcs.samdom.example.com ok, no Bind flat-files found
> -----------
>
> Installed packages:
> ii  acl                            2.2.53-4                    amd64
>      access control list - utilities
> ii  bind9                          1:9.11.5.P4+dfsg-5.1        amd64
>      Internet Domain Name Server
> ii  bind9-host                     1:9.11.5.P4+dfsg-5.1        amd64
>      DNS lookup utility (deprecated)
> ii  bind9utils                     1:9.11.5.P4+dfsg-5.1        amd64
>      Utilities for BIND
> ii  krb5-config                    2.6                         all
>      Configuration files for Kerberos Version 5
> ii  krb5-locales                   1.17-3                      all
>      internationalization support for MIT Kerberos
> ii  krb5-user                      1.17-3                      amd64
>      basic programs to authenticate using MIT Kerberos
> ii  libacl1:amd64                  2.2.53-4                    amd64
>      access control list - shared library
> ii  libattr1:amd64                 1:2.4.48-4                  amd64
>      extended attribute handling - shared library
> ii  libbind9-161:amd64             1:9.11.5.P4+dfsg-5.1        amd64
>      BIND9 Shared Library used by BIND
> ii  libgssapi-krb5-2:amd64         1.17-3                      amd64
>      MIT Kerberos runtime libraries - krb5 GSS-API Mechanism
> ii  libkrb5-3:amd64                1.17-3                      amd64
>      MIT Kerberos runtime libraries
> ii  libkrb5support0:amd64          1.17-3                      amd64
>      MIT Kerberos runtime libraries - Support library
> ii  libsmbclient:amd64             2:4.9.5+dfsg-5+deb10u1      amd64
>      shared library for communication with SMB/CIFS servers
> ii  libwbclient0:amd64             2:4.9.5+dfsg-5+deb10u1      amd64
>      Samba winbind client library
> ii  python-samba                   2:4.9.5+dfsg-5+deb10u1      amd64
>      Python bindings for Samba
> ii  samba                          2:4.9.5+dfsg-5+deb10u1      amd64
>      SMB/CIFS file, print, and login server for Unix
> ii  samba-common                   2:4.9.5+dfsg-5+deb10u1      all
>      common files used by both the Samba server and client
> ii  samba-common-bin               2:4.9.5+dfsg-5+deb10u1      amd64
>      Samba common files used by both the server and the client
> ii  samba-dsdb-modules:amd64       2:4.9.5+dfsg-5+deb10u1      amd64
>      Samba Directory Services Database
> ii  samba-libs:amd64               2:4.9.5+dfsg-5+deb10u1      amd64
>      Samba core libraries
> ii  samba-vfs-modules:amd64        2:4.9.5+dfsg-5+deb10u1      amd64
>      Samba Virtual FileSystem plugins
> ii  smbclient                      2:4.9.5+dfsg-5+deb10u1      amd64
>      command-line SMB/CIFS clients for Unix
> ii  winbind                        2:4.9.5+dfsg-5+deb10u1      amd64
>      service to resolve user and group information from Windows NT servers
>
> -----------
> root at dc1:~#
>
>
> root at dc2:~# cat /tmp/samba-debug-info.txt
> Collected config  --- 2020-09-11-12:45 -----------
>
> Hostname: dc2
> DNS Domain: samdom.example.com
> FQDN: dc2.samdom.example.com
> ipaddress: 193.137.1.135
>
> -----------
>
> Kerberos SRV _kerberos._tcp.samdom.example.com record verified ok,
> sample output:
> Server:		193.137.1.133
> Address:	193.137.1.133#53
>
> _kerberos._tcp.samdom.example.com	service = 0 100 88 dc1.samdom.example.com.
> Samba is running as an AD DC
>
> -----------
>         Checking file: /etc/os-release
>
> PRETTY_NAME="Debian GNU/Linux 10 (buster)"
> NAME="Debian GNU/Linux"
> VERSION_ID="10"
> VERSION="10 (buster)"
> VERSION_CODENAME=buster
> ID=debian
> HOME_URL="https://www.debian.org/"
> SUPPORT_URL="https://www.debian.org/support"
> BUG_REPORT_URL="https://bugs.debian.org/"
>
> -----------
>
>
> This computer is running Debian 10.5 x86_64
>
> -----------
> running command : ip a
> 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN
> group default qlen 1000
>      link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
>      inet 127.0.0.1/8 scope host lo
>      inet6 ::1/128 scope host
> 2: enp1s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast
> state UP group default qlen 1000
>      link/ether 52:54:00:ad:91:42 brd ff:ff:ff:ff:ff:ff
>      inet 193.137.1.135/24 brd 193.137.1.255 scope global enp1s0
>      inet6 fe80::5054:ff:fead:9142/64 scope link
>
> -----------
>         Checking file: /etc/hosts
>
> 127.0.0.1	localhost
> 193.137.1.133	dc1.samdom.example.com	dc1
> 193.137.1.135	dc2.samdom.example.com	dc2
>
> # The following lines are desirable for IPv6 capable hosts
> ::1     localhost ip6-localhost ip6-loopback
> ff02::1 ip6-allnodes
> ff02::2 ip6-allrouters
>
> -----------
>
>         Checking file: /etc/resolv.conf
>
> nameserver 193.137.1.133
> search samdom.example.com
>
> -----------
>
>         Checking file: /etc/krb5.conf
>
> [libdefaults]
> 	default_realm = SAMDOM.EXAMPLE.COM
> 	dns_lookup_realm = false
> 	dns_lookup_kdc = true
>
> [realms]
> 	SAMDOM.EXAMPLE.COM = {
> 		kdc = dc1.samdom.example.com
> 		admin_server = dc1.samdom.example.com
> 	}
>
> -----------
>
>         Checking file: /etc/nsswitch.conf
>
> # /etc/nsswitch.conf
> #
> # Example configuration of GNU Name Service Switch functionality.
> # If you have the `glibc-doc-reference' and `info' packages installed, try:
> # `info libc "Name Service Switch"' for information about this file.
>
> passwd:         files systemd
> group:          files systemd
> shadow:         files
> gshadow:        files
>
> hosts:          files dns
> networks:       files
>
> protocols:      db files
> services:       db files
> ethers:         db files
> rpc:            db files
>
> netgroup:       nis
>
> -----------
>
>         Checking file: /etc/samba/smb.conf
>
> # Global parameters
> [global]
>          netbios name = DC2
>          realm = SAMDOM.EXAMPLE.COM
>          server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc,
> drepl, winbindd, ntp_signd, kcc, dnsupdate
>          workgroup = NET
>          server role = active directory domain controller
>          idmap_ldb:use rfc2307 = yes
>
>          # Debug logging information
>          log level = 1
>          log file = /var/log/samba/log.M%
>          max log size = 50
>          debug timestamp = yes
>
> 	# to connect via ldapvi
> 	ldap server require strong auth = no
> [netlogon]
>          path = /var/lib/samba/sysvol/samdom.example.com/scripts
>          read only = Yes
> 	write list = root,Administrator, at Domain Admins
>
> [sysvol]
>          path = /var/lib/samba/sysvol
>          read only = Yes
> 	write list = root,Administrator, at Domain Admins
>
> -----------
>
> Detected bind DLZ enabled..
>         Checking file: /etc/bind/named.conf
>
> // This is the primary configuration file for the BIND DNS server named.
> //
> // Please read /usr/share/doc/bind9/README.Debian.gz for information on the
> // structure of BIND configuration files in Debian, *BEFORE* you customize
> // this configuration file.
> //
> // If you are just adding zones, please do that in
> /etc/bind/named.conf.local
>
> include "/etc/bind/named.conf.options";
> include "/etc/bind/named.conf.local";
> include "/etc/bind/named.conf.default-zones";
> include "/var/lib/samba/bind-dns/named.conf";
>
> -----------
>
>         Checking file: /etc/bind/named.conf.options
>
> options {
> 	directory "/var/cache/bind";
>
> 	// If there is a firewall between you and nameservers you want
> 	// to talk to, you may need to fix the firewall to allow multiple
> 	// ports to talk.  See http://www.kb.cert.org/vuls/id/800113
>
> 	// If your ISP provided one or more IP addresses for stable
> 	// nameservers, you probably want to use them as forwarders.
> 	// Uncomment the following block, and insert the addresses replacing
> 	// the all-0's placeholder.
>
> 	// forwarders {
> 	// 	0.0.0.0;
> 	// };
>
> 	//========================================================================
> 	// If BIND logs error messages about the root key being expired,
> 	// you will need to update your keys.  See https://www.isc.org/bind-keys
> 	//========================================================================
> 	dnssec-validation auto;
> 	tkey-gssapi-keytab "/var/lib/samba/bind-dns/dns.keytab";
>
> 	listen-on-v6 { any; };
> };
>
> -----------
>
>         Checking file: /etc/bind/named.conf.local
>
> //
> // Do any local configuration here
> //
>
> // Consider adding the 1918 zones here, if they are not used in your
> // organization
> //include "/etc/bind/zones.rfc1918";
>
> -----------
>
>         Checking file: /etc/bind/named.conf.default-zones
>
> // prime the server with knowledge of the root servers
> zone "." {
> 	type hint;
> 	file "/usr/share/dns/root.hints";
> };
>
> // be authoritative for the localhost forward and reverse zones, and for
> // broadcast zones as per RFC 1912
>
> zone "localhost" {
> 	type master;
> 	file "/etc/bind/db.local";
> };
>
> zone "127.in-addr.arpa" {
> 	type master;
> 	file "/etc/bind/db.127";
> };
>
> zone "0.in-addr.arpa" {
> 	type master;
> 	file "/etc/bind/db.0";
> };
>
> zone "255.in-addr.arpa" {
> 	type master;
> 	file "/etc/bind/db.255";
> };
>
> -----------
>
> Samba DNS zone list:   3 zone(s) found
>
>    pszZoneName                 : samdom.example.com
>    Flags                       : DNS_RPC_ZONE_DSINTEGRATED
> DNS_RPC_ZONE_UPDATE_SECURE
>    ZoneType                    : DNS_ZONE_TYPE_PRIMARY
>    Version                     : 50
>    dwDpFlags                   : DNS_DP_AUTOCREATED DNS_DP_DOMAIN_DEFAULT
> DNS_DP_ENLISTED
>    pszDpFqdn                   : DomainDnsZones.samdom.example.com
>
>    pszZoneName                 : 1.137.193.in-addr.arpa
>    Flags                       : DNS_RPC_ZONE_DSINTEGRATED
> DNS_RPC_ZONE_UPDATE_SECURE
>    ZoneType                    : DNS_ZONE_TYPE_PRIMARY
>    Version                     : 50
>    dwDpFlags                   : DNS_DP_AUTOCREATED DNS_DP_DOMAIN_DEFAULT
> DNS_DP_ENLISTED
>    pszDpFqdn                   : DomainDnsZones.samdom.example.com
>
>    pszZoneName                 : _msdcs.samdom.example.com
>    Flags                       : DNS_RPC_ZONE_DSINTEGRATED
> DNS_RPC_ZONE_UPDATE_SECURE
>    ZoneType                    : DNS_ZONE_TYPE_PRIMARY
>    Version                     : 50
>    dwDpFlags                   : DNS_DP_AUTOCREATED DNS_DP_FOREST_DEFAULT
> DNS_DP_ENLISTED
>    pszDpFqdn                   : ForestDnsZones.samdom.example.com
>
> Samba DNS zone list Automated check :
> zone : samdom.example.com ok, no Bind flat-files found
> -----------
> zone : 1.137.193.in-addr.arpa ok, no Bind flat-files found
> -----------
> zone : _msdcs.samdom.example.com ok, no Bind flat-files found
> -----------
>
> Installed packages:
> ii  attr                           1:2.4.48-4                   amd64
>       utilities for manipulating filesystem extended attributes
> ii  bind9                          1:9.11.5.P4+dfsg-5.1+deb10u2 amd64
>       Internet Domain Name Server
> ii  bind9-host                     1:9.11.5.P4+dfsg-5.1+deb10u2 amd64
>       DNS lookup utility (deprecated)
> ii  bind9utils                     1:9.11.5.P4+dfsg-5.1+deb10u2 amd64
>       Utilities for BIND
> ii  krb5-config                    2.6                          all
>       Configuration files for Kerberos Version 5
> ii  krb5-locales                   1.17-3                       all
>       internationalization support for MIT Kerberos
> ii  krb5-user                      1.17-3                       amd64
>       basic programs to authenticate using MIT Kerberos
> ii  libacl1:amd64                  2.2.53-4                     amd64
>       access control list - shared library
> ii  libattr1:amd64                 1:2.4.48-4                   amd64
>       extended attribute handling - shared library
> ii  libbind9-161:amd64             1:9.11.5.P4+dfsg-5.1+deb10u2 amd64
>       BIND9 Shared Library used by BIND
> ii  libgssapi-krb5-2:amd64         1.17-3                       amd64
>       MIT Kerberos runtime libraries - krb5 GSS-API Mechanism
> ii  libkrb5-3:amd64                1.17-3                       amd64
>       MIT Kerberos runtime libraries
> ii  libkrb5support0:amd64          1.17-3                       amd64
>       MIT Kerberos runtime libraries - Support library
> ii  libwbclient0:amd64             2:4.9.5+dfsg-5+deb10u1       amd64
>       Samba winbind client library
> ii  python-samba                   2:4.9.5+dfsg-5+deb10u1       amd64
>       Python bindings for Samba
> ii  samba                          2:4.9.5+dfsg-5+deb10u1       amd64
>       SMB/CIFS file, print, and login server for Unix
> ii  samba-common                   2:4.9.5+dfsg-5+deb10u1       all
>       common files used by both the Samba server and client
> ii  samba-common-bin               2:4.9.5+dfsg-5+deb10u1       amd64
>       Samba common files used by both the server and the client
> ii  samba-dsdb-modules:amd64       2:4.9.5+dfsg-5+deb10u1       amd64
>       Samba Directory Services Database
> ii  samba-libs:amd64               2:4.9.5+dfsg-5+deb10u1       amd64
>       Samba core libraries
> ii  samba-vfs-modules:amd64        2:4.9.5+dfsg-5+deb10u1       amd64
>       Samba Virtual FileSystem plugins
> ii  winbind                        2:4.9.5+dfsg-5+deb10u1       amd64
>       service to resolve user and group information from Windows NT servers
>
> -----------
> root at dc2:~#
>
>
> dc2 cant resolve _kerberos._tcp when use local dns on dc2.
> i have fully reinstall debian on dc2. but error still esists.
>
> any join with
>
> samba-tool domain join samdom.example.com DC -U"NET\administrator"
> --dns-backend=BIND9_DLZ --option='idmap_ldb:use rfc2307 = yes'
> --server=dc1.samdom.example.com
>
> i have no idea whats wrong here
>
> On 11.09.20 11:55, L.P.H. van Belle via samba wrote:
>> Get this,
>>
>> https://raw.githubusercontent.com/thctlo/samba4/master/samba-collect-debug-info.sh
>> Run it, anonymize it and post it.
>> For both AD-DC's.
>>
>> I want to see a full check on the base setup of the server.
>> If you dont mind ;-)
>>
>> Greetz,
>>
>> Louis
>>
What did I tell you ?

Set the nameserver in /etc/resolv.conf on DC2 to the ipaddress and 
reboot, Did you ? NO YOU DIDN'T

You also need to fix your bind9 conf files, there are numerous problems, 
the main one being that you haven't set forwarders on either DC.

Rowland





More information about the samba mailing list