[Samba] Problems with sysrepl
L.P.H. van Belle
belle at bazuin.nl
Fri Sep 11 11:14:37 UTC 2020
See below, i added comments.
Few things are bit off.
Make the changes first on DC2. reboot after.
! With DC1 as first nameserver in resolv.conf
After reboot.
Check with/read : https://wiki.samba.org/index.php/BIND9_DLZ_DNS_Back_End
But go throught comments below first.
> -----Oorspronkelijk bericht-----
> Van: samba [mailto:samba-bounces at lists.samba.org] Namens
> basti via samba
> Verzonden: vrijdag 11 september 2020 12:52
> Aan: samba at lists.samba.org
> Onderwerp: Re: [Samba] Problems with sysrepl
>
> root at dc1:~# cat /tmp/samba-debug-info.txt
> Collected config --- 2020-09-11-12:35 -----------
>
> Hostname: dc1
> DNS Domain: samdom.example.com
> FQDN: dc1.samdom.example.com
> ipaddress: 193.137.1.133
>
> -----------
>
> Kerberos SRV _kerberos._tcp.samdom.example.com record verified ok,
> sample output:
> Server: 193.137.1.133
> Address: 193.137.1.133#53
>
> _kerberos._tcp.samdom.example.com service = 0 100 88
> dc1.samdom.example.com.
> Samba is running as an AD DC
>
> -----------
> Checking file: /etc/os-release
>
> PRETTY_NAME="Debian GNU/Linux 10 (buster)"
> NAME="Debian GNU/Linux"
> VERSION_ID="10"
> VERSION="10 (buster)"
> VERSION_CODENAME=buster
> ID=debian
> HOME_URL="https://www.debian.org/"
> SUPPORT_URL="https://www.debian.org/support"
> BUG_REPORT_URL="https://bugs.debian.org/"
>
> -----------
>
>
> This computer is running Debian 10.2 x86_64
>
> -----------
> running command : ip a
> 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN
> group default qlen 1000
> link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
> inet 127.0.0.1/8 scope host lo
> inet6 ::1/128 scope host
> 2: ens3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast
> state UP group default qlen 1000
> link/ether 52:54:00:43:08:92 brd ff:ff:ff:ff:ff:ff
> inet 193.137.1.133/24 brd 193.137.1.255 scope global ens3
> inet6 fe80::5054:ff:fe43:892/64 scope link
>
> -----------
> Checking file: /etc/hosts
>
> 127.0.0.1 localhost
> 193.137.1.133 dc1.samdom.example.com dc1
> 193.137.1.135 dc2.samdom.example.com dc2
>
> # The following lines are desirable for IPv6 capable hosts
> ::1 localhost ip6-localhost ip6-loopback
> ff02::1 ip6-allnodes
> ff02::2 ip6-allrouters
>
> -----------
>
> Checking file: /etc/resolv.conf
>
> nameserver 193.137.1.133
> search samdom.example.com
> search net
>
Change search to :
search samdom.example.com
# primary dnsdomain always first.
# net (as seen in smb.conf, not needed, remove it. )
> -----------
>
> Checking file: /etc/krb5.conf
>
> [libdefaults]
> default_realm = SAMDOM.EXAMPLE.COM
> dns_lookup_realm = false
> dns_lookup_kdc = true
>
> [realms]
> SAMDOM.EXAMPLE.COM = {
> kdc = DC1.SAMDOM.EXAMPLE:COM
> admin_server = DC1.SAMDOM.EXAMPLE.COM
> }
Remove the "realms" part.
No needed.
>
> -----------
>
> Checking file: /etc/nsswitch.conf
>
> # /etc/nsswitch.conf
> #
> # Example configuration of GNU Name Service Switch functionality.
> # If you have the `glibc-doc-reference' and `info' packages
> installed, try:
> # `info libc "Name Service Switch"' for information about this file.
>
> passwd: files systemd
> group: files systemd
If you need (ssh) login on the AD-DC you might want to change that to.
passwd: files winbind systemd
group: files winbind systemd
> shadow: files
> gshadow: files
>
> hosts: files dns
> networks: files
>
> protocols: db files
> services: db files
> ethers: db files
> rpc: db files
>
> netgroup: nis
>
> -----------
>
> Checking file: /etc/samba/smb.conf
>
> # Global parameters
> [global]
> netbios name = DC1
> realm = SAMDOM.EXAMPLE.COM
> server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc,
> drepl, winbindd, ntp_signd, kcc, dnsupdate
> workgroup = NET
> server role = active directory domain controller
> idmap_ldb:use rfc2307 = yes
>
> # Debug logging information
> log level = 1
> log file = /var/log/samba/log.M%
> max log size = 50
> debug timestamp = yes
>
> # to connect via ldapvi
> ldap server require strong auth = no
> [netlogon]
> path = /var/lib/samba/sysvol/samdom.example.com/scripts
> read only = Yes
> write list = root,Administrator, at Domain Admins
Remove : write list = root,Administrator, at Domain Admins
See: https://wiki.samba.org/index.php/Setting_up_a_Share_Using_Windows_ACLs
>
> [sysvol]
> path = /var/lib/samba/sysvol
> read only = Yes
> write list = root,Administrator, at Domain Admins
# same as above.
Best is not to mix POSIX and windows ACLs.
>
> -----------
>
> Detected bind DLZ enabled..
> Checking file: /etc/bind/named.conf
>
> // This is the primary configuration file for the BIND DNS
> server named.
> //
> // Please read /usr/share/doc/bind9/README.Debian.gz for
> information on the
> // structure of BIND configuration files in Debian, *BEFORE*
> you customize
> // this configuration file.
> //
> // If you are just adding zones, please do that in
> /etc/bind/named.conf.local
>
> include "/etc/bind/named.conf.options";
> include "/etc/bind/named.conf.local";
> include "/etc/bind/named.conf.default-zones";
> # samba bind_dlz
> include "/var/lib/samba/bind-dns/named.conf";
>
> -----------
#the link to read: https://wiki.samba.org/index.php/BIND9_DLZ_DNS_Back_End
>
> Checking file: /etc/bind/named.conf.options
>
> options {
> directory "/var/cache/bind";
>
> // If there is a firewall between you and nameservers you want
> // to talk to, you may need to fix the firewall to
> allow multiple
> // ports to talk. See http://www.kb.cert.org/vuls/id/800113
>
> // If your ISP provided one or more IP addresses for stable
> // nameservers, you probably want to use them as forwarders.
> // Uncomment the following block, and insert the
> addresses replacing
> // the all-0's placeholder.
>
> // forwarders {
> // 0.0.0.0;
> // };
#Add to both name.conf.options in options.
auth-nxdomain yes;
// Added Per Debian buster.
// due to : resolver: info: resolver priming query complete
// https://gitlab.isc.org/isc-projects/bind9/commit/4a827494618e776a78b413d863bc23badd14ea42
minimal-responses yes;
// security: warning: client 127.0.0.1#47583: RFC 1918 response from Internet for xx.xx.xx.xx.in-addr.arpa
empty-zones-enable no;
>
>
> //============================================================
> ============
> // If BIND logs error messages about the root key being expired,
> // you will need to update your keys. See
> https://www.isc.org/bind-keys
>
> //============================================================
> ============
> dnssec-validation auto;
>
> listen-on-v6 { any; };
>
> // samba
> // see /var/lib/samba/bind-dns/named.txt
> tkey-gssapi-keytab "/var/lib/samba/bind-dns/dns.keytab";
> };
>
> -----------
>
> Checking file: /etc/bind/named.conf.local
>
> //
> // Do any local configuration here
> //
>
> // Consider adding the 1918 zones here, if they are not used in your
> // organization
> //include "/etc/bind/zones.rfc1918";
>
> // reduce log verbosity on issues outside our control
> logging {
> category lame-servers { null; };
> // category cname { null; };
> };
>
> zone "fsoc.de" {
> type forward;
> forwarders { 192.28.103.20; 62.156.190.20; };
> forward only;
> };
>
> zone "fhd-mobil.de" {
> type forward;
> forwarders { 192.28.103.20; 62.156.190.20; };
> forward only;
> };
>
> # abcpartner hat probleme mit dnssec //sf 2019-06-26
> zone "abcpartner.de" {
> type forward;
> forwarders { 192.28.103.20; 62.156.190.20; };
> forward only;
> };
>
> -----------
>
> Checking file: /etc/bind/named.conf.default-zones
>
> // prime the server with knowledge of the root servers
> zone "." {
> type hint;
> file "/usr/share/dns/root.hints";
> };
>
> // be authoritative for the localhost forward and reverse
> zones, and for
> // broadcast zones as per RFC 1912
>
> zone "localhost" {
> type master;
> file "/etc/bind/db.local";
> };
>
> zone "127.in-addr.arpa" {
> type master;
> file "/etc/bind/db.127";
> };
>
> zone "0.in-addr.arpa" {
> type master;
> file "/etc/bind/db.0";
> };
>
> zone "255.in-addr.arpa" {
> type master;
> file "/etc/bind/db.255";
> };
>
> -----------
>
> Samba DNS zone list: 3 zone(s) found
>
> pszZoneName : samdom.example.com
> Flags : DNS_RPC_ZONE_DSINTEGRATED
> DNS_RPC_ZONE_UPDATE_SECURE
> ZoneType : DNS_ZONE_TYPE_PRIMARY
> Version : 50
> dwDpFlags : DNS_DP_AUTOCREATED
> DNS_DP_DOMAIN_DEFAULT
> DNS_DP_ENLISTED
> pszDpFqdn : DomainDnsZones.samdom.example.com
>
> pszZoneName : 1.137.193.in-addr.arpa
> Flags : DNS_RPC_ZONE_DSINTEGRATED
> DNS_RPC_ZONE_UPDATE_SECURE
> ZoneType : DNS_ZONE_TYPE_PRIMARY
> Version : 50
> dwDpFlags : DNS_DP_AUTOCREATED
> DNS_DP_DOMAIN_DEFAULT
> DNS_DP_ENLISTED
> pszDpFqdn : DomainDnsZones.samdom.example.com
>
> pszZoneName : _msdcs.samdom.example.com
> Flags : DNS_RPC_ZONE_DSINTEGRATED
> DNS_RPC_ZONE_UPDATE_SECURE
> ZoneType : DNS_ZONE_TYPE_PRIMARY
> Version : 50
> dwDpFlags : DNS_DP_AUTOCREATED
> DNS_DP_FOREST_DEFAULT
> DNS_DP_ENLISTED
> pszDpFqdn : ForestDnsZones.samdom.example.com
>
> Samba DNS zone list Automated check :
> zone : samdom.example.com ok, no Bind flat-files found
> -----------
> zone : 1.137.193.in-addr.arpa ok, no Bind flat-files found
> -----------
> zone : _msdcs.samdom.example.com ok, no Bind flat-files found
> -----------
>
> Installed packages:
> ii acl 2.2.53-4 amd64
> access control list - utilities
Missing attr package.
> ii bind9 1:9.11.5.P4+dfsg-5.1 amd64
> Internet Domain Name Server
> ii bind9-host 1:9.11.5.P4+dfsg-5.1 amd64
> DNS lookup utility (deprecated)
> ii bind9utils 1:9.11.5.P4+dfsg-5.1 amd64
> Utilities for BIND
> ii krb5-config 2.6 all
> Configuration files for Kerberos Version 5
> ii krb5-locales 1.17-3 all
> internationalization support for MIT Kerberos
> ii krb5-user 1.17-3 amd64
> basic programs to authenticate using MIT Kerberos
> ii libacl1:amd64 2.2.53-4 amd64
> access control list - shared library
> ii libattr1:amd64 1:2.4.48-4 amd64
> extended attribute handling - shared library
> ii libbind9-161:amd64 1:9.11.5.P4+dfsg-5.1 amd64
> BIND9 Shared Library used by BIND
> ii libgssapi-krb5-2:amd64 1.17-3 amd64
> MIT Kerberos runtime libraries - krb5 GSS-API Mechanism
> ii libkrb5-3:amd64 1.17-3 amd64
> MIT Kerberos runtime libraries
> ii libkrb5support0:amd64 1.17-3 amd64
> MIT Kerberos runtime libraries - Support library
> ii libsmbclient:amd64 2:4.9.5+dfsg-5+deb10u1 amd64
> shared library for communication with SMB/CIFS servers
> ii libwbclient0:amd64 2:4.9.5+dfsg-5+deb10u1 amd64
> Samba winbind client library
> ii python-samba 2:4.9.5+dfsg-5+deb10u1 amd64
> Python bindings for Samba
> ii samba 2:4.9.5+dfsg-5+deb10u1 amd64
> SMB/CIFS file, print, and login server for Unix
> ii samba-common 2:4.9.5+dfsg-5+deb10u1 all
> common files used by both the Samba server and client
> ii samba-common-bin 2:4.9.5+dfsg-5+deb10u1 amd64
> Samba common files used by both the server and the client
> ii samba-dsdb-modules:amd64 2:4.9.5+dfsg-5+deb10u1 amd64
> Samba Directory Services Database
> ii samba-libs:amd64 2:4.9.5+dfsg-5+deb10u1 amd64
> Samba core libraries
> ii samba-vfs-modules:amd64 2:4.9.5+dfsg-5+deb10u1 amd64
> Samba Virtual FileSystem plugins
> ii smbclient 2:4.9.5+dfsg-5+deb10u1 amd64
> command-line SMB/CIFS clients for Unix
> ii winbind 2:4.9.5+dfsg-5+deb10u1 amd64
> service to resolve user and group information from
> Windows NT servers
>
> -----------
> root at dc1:~#
>
>
> root at dc2:~# cat /tmp/samba-debug-info.txt
> Collected config --- 2020-09-11-12:45 -----------
>
> Hostname: dc2
> DNS Domain: samdom.example.com
> FQDN: dc2.samdom.example.com
> ipaddress: 193.137.1.135
>
> -----------
>
> Kerberos SRV _kerberos._tcp.samdom.example.com record verified ok,
> sample output:
> Server: 193.137.1.133
> Address: 193.137.1.133#53
>
> _kerberos._tcp.samdom.example.com service = 0 100 88
> dc1.samdom.example.com.
> Samba is running as an AD DC
>
> -----------
> Checking file: /etc/os-release
>
> PRETTY_NAME="Debian GNU/Linux 10 (buster)"
> NAME="Debian GNU/Linux"
> VERSION_ID="10"
> VERSION="10 (buster)"
> VERSION_CODENAME=buster
> ID=debian
> HOME_URL="https://www.debian.org/"
> SUPPORT_URL="https://www.debian.org/support"
> BUG_REPORT_URL="https://bugs.debian.org/"
>
> -----------
>
>
> This computer is running Debian 10.5 x86_64
>
> -----------
> running command : ip a
> 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN
> group default qlen 1000
> link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
> inet 127.0.0.1/8 scope host lo
> inet6 ::1/128 scope host
> 2: enp1s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast
> state UP group default qlen 1000
> link/ether 52:54:00:ad:91:42 brd ff:ff:ff:ff:ff:ff
> inet 193.137.1.135/24 brd 193.137.1.255 scope global enp1s0
> inet6 fe80::5054:ff:fead:9142/64 scope link
>
> -----------
> Checking file: /etc/hosts
>
> 127.0.0.1 localhost
> 193.137.1.133 dc1.samdom.example.com dc1
> 193.137.1.135 dc2.samdom.example.com dc2
>
> # The following lines are desirable for IPv6 capable hosts
> ::1 localhost ip6-localhost ip6-loopback
> ff02::1 ip6-allnodes
> ff02::2 ip6-allrouters
>
> -----------
>
> Checking file: /etc/resolv.conf
>
> nameserver 193.137.1.133
> search samdom.example.com
>
> -----------
>
> Checking file: /etc/krb5.conf
>
> [libdefaults]
> default_realm = SAMDOM.EXAMPLE.COM
> dns_lookup_realm = false
> dns_lookup_kdc = true
>
> [realms]
> SAMDOM.EXAMPLE.COM = {
> kdc = dc1.samdom.example.com
> admin_server = dc1.samdom.example.com
> }
Same here, remove the realms part.
>
> -----------
>
> Checking file: /etc/nsswitch.conf
>
> # /etc/nsswitch.conf
> #
> # Example configuration of GNU Name Service Switch functionality.
> # If you have the `glibc-doc-reference' and `info' packages
> installed, try:
> # `info libc "Name Service Switch"' for information about this file.
>
> passwd: files systemd
> group: files systemd
#same, see above
> shadow: files
> gshadow: files
>
> hosts: files dns
> networks: files
>
> protocols: db files
> services: db files
> ethers: db files
> rpc: db files
>
> netgroup: nis
>
> -----------
>
> Checking file: /etc/samba/smb.conf
>
> # Global parameters
> [global]
> netbios name = DC2
> realm = SAMDOM.EXAMPLE.COM
> server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc,
> drepl, winbindd, ntp_signd, kcc, dnsupdate
> workgroup = NET
> server role = active directory domain controller
> idmap_ldb:use rfc2307 = yes
>
> # Debug logging information
> log level = 1
> log file = /var/log/samba/log.M%
> max log size = 50
> debug timestamp = yes
>
> # to connect via ldapvi
> ldap server require strong auth = no
> [netlogon]
> path = /var/lib/samba/sysvol/samdom.example.com/scripts
> read only = Yes
> write list = root,Administrator, at Domain Admins
>
> [sysvol]
> path = /var/lib/samba/sysvol
> read only = Yes
> write list = root,Administrator, at Domain Admins
>
> -----------
>
> Detected bind DLZ enabled..
> Checking file: /etc/bind/named.conf
>
> // This is the primary configuration file for the BIND DNS
> server named.
> //
> // Please read /usr/share/doc/bind9/README.Debian.gz for
> information on the
> // structure of BIND configuration files in Debian, *BEFORE*
> you customize
> // this configuration file.
> //
> // If you are just adding zones, please do that in
> /etc/bind/named.conf.local
>
> include "/etc/bind/named.conf.options";
> include "/etc/bind/named.conf.local";
> include "/etc/bind/named.conf.default-zones";
> include "/var/lib/samba/bind-dns/named.conf";
>
> -----------
>
> Checking file: /etc/bind/named.conf.options
>
> options {
> directory "/var/cache/bind";
>
> // If there is a firewall between you and nameservers you want
> // to talk to, you may need to fix the firewall to
> allow multiple
> // ports to talk. See http://www.kb.cert.org/vuls/id/800113
>
> // If your ISP provided one or more IP addresses for stable
> // nameservers, you probably want to use them as forwarders.
> // Uncomment the following block, and insert the
> addresses replacing
> // the all-0's placeholder.
>
> // forwarders {
> // 0.0.0.0;
> // };
>
>
> //============================================================
> ============
> // If BIND logs error messages about the root key being expired,
> // you will need to update your keys. See
> https://www.isc.org/bind-keys
>
> //============================================================
> ============
> dnssec-validation auto;
> tkey-gssapi-keytab "/var/lib/samba/bind-dns/dns.keytab";
>
> listen-on-v6 { any; };
> };
>
> -----------
>
> Checking file: /etc/bind/named.conf.local
>
> //
> // Do any local configuration here
> //
>
> // Consider adding the 1918 zones here, if they are not used in your
> // organization
> //include "/etc/bind/zones.rfc1918";
>
> -----------
>
> Checking file: /etc/bind/named.conf.default-zones
>
> // prime the server with knowledge of the root servers
> zone "." {
> type hint;
> file "/usr/share/dns/root.hints";
> };
>
> // be authoritative for the localhost forward and reverse
> zones, and for
> // broadcast zones as per RFC 1912
>
> zone "localhost" {
> type master;
> file "/etc/bind/db.local";
> };
>
> zone "127.in-addr.arpa" {
> type master;
> file "/etc/bind/db.127";
> };
>
> zone "0.in-addr.arpa" {
> type master;
> file "/etc/bind/db.0";
> };
>
> zone "255.in-addr.arpa" {
> type master;
> file "/etc/bind/db.255";
> };
>
> -----------
>
> Samba DNS zone list: 3 zone(s) found
>
> pszZoneName : samdom.example.com
> Flags : DNS_RPC_ZONE_DSINTEGRATED
> DNS_RPC_ZONE_UPDATE_SECURE
> ZoneType : DNS_ZONE_TYPE_PRIMARY
> Version : 50
> dwDpFlags : DNS_DP_AUTOCREATED
> DNS_DP_DOMAIN_DEFAULT
> DNS_DP_ENLISTED
> pszDpFqdn : DomainDnsZones.samdom.example.com
>
> pszZoneName : 1.137.193.in-addr.arpa
> Flags : DNS_RPC_ZONE_DSINTEGRATED
> DNS_RPC_ZONE_UPDATE_SECURE
> ZoneType : DNS_ZONE_TYPE_PRIMARY
> Version : 50
> dwDpFlags : DNS_DP_AUTOCREATED
> DNS_DP_DOMAIN_DEFAULT
> DNS_DP_ENLISTED
> pszDpFqdn : DomainDnsZones.samdom.example.com
>
> pszZoneName : _msdcs.samdom.example.com
> Flags : DNS_RPC_ZONE_DSINTEGRATED
> DNS_RPC_ZONE_UPDATE_SECURE
> ZoneType : DNS_ZONE_TYPE_PRIMARY
> Version : 50
> dwDpFlags : DNS_DP_AUTOCREATED
> DNS_DP_FOREST_DEFAULT
> DNS_DP_ENLISTED
> pszDpFqdn : ForestDnsZones.samdom.example.com
>
> Samba DNS zone list Automated check :
> zone : samdom.example.com ok, no Bind flat-files found
> -----------
> zone : 1.137.193.in-addr.arpa ok, no Bind flat-files found
> -----------
> zone : _msdcs.samdom.example.com ok, no Bind flat-files found
> -----------
>
> Installed packages:
> ii attr 1:2.4.48-4 amd64
> utilities for manipulating filesystem extended attributes
> ii bind9 1:9.11.5.P4+dfsg-5.1+deb10u2 amd64
> Internet Domain Name Server
> ii bind9-host 1:9.11.5.P4+dfsg-5.1+deb10u2 amd64
> DNS lookup utility (deprecated)
> ii bind9utils 1:9.11.5.P4+dfsg-5.1+deb10u2 amd64
> Utilities for BIND
> ii krb5-config 2.6 all
> Configuration files for Kerberos Version 5
> ii krb5-locales 1.17-3 all
> internationalization support for MIT Kerberos
> ii krb5-user 1.17-3 amd64
> basic programs to authenticate using MIT Kerberos
> ii libacl1:amd64 2.2.53-4 amd64
> access control list - shared library
> ii libattr1:amd64 1:2.4.48-4 amd64
> extended attribute handling - shared library
> ii libbind9-161:amd64 1:9.11.5.P4+dfsg-5.1+deb10u2 amd64
> BIND9 Shared Library used by BIND
> ii libgssapi-krb5-2:amd64 1.17-3 amd64
> MIT Kerberos runtime libraries - krb5 GSS-API Mechanism
> ii libkrb5-3:amd64 1.17-3 amd64
> MIT Kerberos runtime libraries
> ii libkrb5support0:amd64 1.17-3 amd64
> MIT Kerberos runtime libraries - Support library
> ii libwbclient0:amd64 2:4.9.5+dfsg-5+deb10u1 amd64
> Samba winbind client library
> ii python-samba 2:4.9.5+dfsg-5+deb10u1 amd64
> Python bindings for Samba
> ii samba 2:4.9.5+dfsg-5+deb10u1 amd64
> SMB/CIFS file, print, and login server for Unix
> ii samba-common 2:4.9.5+dfsg-5+deb10u1 all
> common files used by both the Samba server and client
> ii samba-common-bin 2:4.9.5+dfsg-5+deb10u1 amd64
> Samba common files used by both the server and the client
> ii samba-dsdb-modules:amd64 2:4.9.5+dfsg-5+deb10u1 amd64
> Samba Directory Services Database
> ii samba-libs:amd64 2:4.9.5+dfsg-5+deb10u1 amd64
> Samba core libraries
> ii samba-vfs-modules:amd64 2:4.9.5+dfsg-5+deb10u1 amd64
> Samba Virtual FileSystem plugins
> ii winbind 2:4.9.5+dfsg-5+deb10u1 amd64
> service to resolve user and group information from
> Windows NT servers
>
> -----------
> root at dc2:~#
>
>
> dc2 cant resolve _kerberos._tcp when use local dns on dc2.
> i have fully reinstall debian on dc2. but error still esists.
>
> any join with
>
> samba-tool domain join samdom.example.com DC -U"NET\administrator"
> --dns-backend=BIND9_DLZ --option='idmap_ldb:use rfc2307 = yes'
> --server=dc1.samdom.example.com
>
> i have no idea whats wrong here
>
> On 11.09.20 11:55, L.P.H. van Belle via samba wrote:
> > Get this,
> >
> >
> https://raw.githubusercontent.com/thctlo/samba4/master/samba-c
> ollect-debug-info.sh
> > Run it, anonymize it and post it.
> > For both AD-DC's.
> >
> > I want to see a full check on the base setup of the server.
> > If you dont mind ;-)
> >
> > Greetz,
> >
> > Louis
> >
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
>
>
More information about the samba
mailing list