[Samba] DNS problems when adding samba DC to win2008R2
Carlos Jesus
camjesus2 at gmail.com
Mon Sep 14 11:19:15 UTC 2020
Hi Louis thanks for the help,
> > Kerberos SRV _kerberos._tcp.MyDomain.lx.pt <http://tcp.mydomain.lx.pt/> record
> verified ok, sample
> > output:
> > Server: 192.168.59.112
> > Address: 192.168.59.112#53
> >
> > _kerberos._tcp.MyDomain.lx.pt <http://tcp.mydomain.lx.pt/> service
> = 0 100 88
> > dc2.MyDomain.lx.pt <http://dc2.mydomain.lx.pt/>.
>
> Here, if you have 2 DC's you should also see the 2 DC's.
> So where is DC1 ?
>
That must have been my fault. While sanitizing I must have deleted that
line. The correct piece is:
______________________________________________________________
Kerberos SRV _kerberos._tcp.MyDomain.lx.pt record verified ok, sample
output:
Server: 192.168.59.112
Address: 192.168.59.112#53
_kerberos._tcp. MyDomain .lx.pt service = 0 100 88 server.
MyDomain.lx.pt.
_kerberos._tcp. MyDomain .lx.pt service = 0 100 88 dc2. MyDomain.lx.pt.
Samba is running as an AD DC
_______________________________________________________________
There is a "server" and a "DC2". Poor naming choices I guess.
> > nameserver 192.168.59.112
> # AFter a join and a reboot, you can enable the DC1 Nameserver but add it
> below this server
> > nameserver 192.168.59.111
>
>
> > -----------
> > Checking file: /etc/krb5.conf
> > [libdefaults]
> > default_realm = MyDomain.LX.PT <http://mydomain.lx.pt/>
> > dns_lookup_realm = false
> > dns_lookup_kdc = true
> > -----------
> > Checking file: /etc/nsswitch.conf
> >
> > passwd: files systemd winbind
> > group: files systemd winbind
> > shadow: files
> > gshadow: files
> >
> > hosts: files mdns4_minimal [NOTFOUND=return] dns
>
> hosts: files dns mdns4_minimal [NOTFOUND=return]
> Moved dns before mDNS (avahi-daemon)
>
Will do. Avahi is disabled/masked anyway. Hate the thing.
> So, you have a self compiled samba, you did install or, did not remove
> some older parts.
> Like : libwbclient0:amd64 2:4.9.5+dfsg-5+deb10u1
>
> There you got me. I dont really know where this comes from. This is a
freshly installed VM/Debian/samba 4.12 running on Hyper-V over iSCSI. A few
extra packages (htop, iftop, iperf...) but nothing fancy. I never had a
previous version of samba installed (or anything else).
>
> So a choice to make,
> - Remove good and only use selfcompiled samba.
> Or
> - Install debian's Samba 4.9.5
> - Or instal samba from my repo then install 4.12.6
>
> Yeap. That was basically my last choice. Remove DC2, remove VM and start
over.
> Greetz,
>
> Louis
>
Best regards
L.P.H. van Belle via samba <samba at lists.samba.org> escreveu no dia segunda,
14/09/2020 à(s) 11:31:
> Hai,
>
> See below.
>
> > -----Oorspronkelijk bericht-----
> > Van: samba [mailto:samba-bounces at lists.samba.org] Namens
> > Carlos Jesus via samba
> > Verzonden: maandag 14 september 2020 11:40
> > Aan: Rowland penny
> > CC: sambalist
> > Onderwerp: Re: [Samba] DNS problems when adding samba DC to win2008R2
> >
> ....
> > >
> > >
> > grep: /etc/samba/smb.conf: No such file or directory
> > ./samba.sh: line 328: [: : integer expression expected
>
> Hmm, it does not find smb.conf ?
> Thats strange or was this a typo on your side?
> ( Ah, after some scrolling, its a self compiled samba ) ;-)
>
>
> > DC2:/home/carlos# more /tmp/samba-debug-info.txt
> > Collected config --- 2020-09-14-10:27 -----------
> >
> > Hostname: DC2
> > DNS Domain: MyDomain.lx.pt
> > FQDN: DC2.MyDomain.lx.pt
> > ipaddress: 192.168.59.112
> > -----------
> > Kerberos SRV _kerberos._tcp.MyDomain.lx.pt record verified ok, sample
> > output:
> > Server: 192.168.59.112
> > Address: 192.168.59.112#53
> >
> > _kerberos._tcp.MyDomain.lx.pt service = 0 100 88
> > dc2.MyDomain.lx.pt.
>
> Here, if you have 2 DC's you should also see the 2 DC's.
> So where is DC1 ?
>
>
>
> > Samba is running as an AD DC
> > -----------
> > Checking file: /etc/os-release
> > PRETTY_NAME="Debian GNU/Linux 10 (buster)"
> > NAME="Debian GNU/Linux"
> > VERSION_ID="10"
> > VERSION="10 (buster)"
> > VERSION_CODENAME=buster
> > ID=debian
> > HOME_URL="https://www.debian.org/"
> > SUPPORT_URL="https://www.debian.org/support"
> > BUG_REPORT_URL="https://bugs.debian.org/"
> > -----------
> >
> > This computer is running Debian 10.5 x86_64
> > -----------
> > running command : ip a
> > 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state
> > UNKNOWN group
> > default qlen 1000
> > link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
> > inet 127.0.0.1/8 scope host lo
> > 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq
> > state UP group
> > default qlen 1000
> > link/ether 00:15:5d:3b:6f:09 brd ff:ff:ff:ff:ff:ff
> > inet 192.168.59.112/24 brd 192.168.59.255 scope global eth0
> > -----------
> > Checking file: /etc/hosts
> > 127.0.0.1 localhost
> > 192.168.59.112 DC2.MyDomain.lx.pt DC2
> > -----------
> > Checking file: /etc/resolv.conf
> > domain MyDomain.lx.pt
> > search MyDomain.lx.pt
> > nameserver 192.168.59.112
> # AFter a join and a reboot, you can enable the DC1 Nameserver but add it
> below this server
> > nameserver 192.168.59.111
>
>
> > -----------
> > Checking file: /etc/krb5.conf
> > [libdefaults]
> > default_realm = MyDomain.LX.PT
> > dns_lookup_realm = false
> > dns_lookup_kdc = true
> > -----------
> > Checking file: /etc/nsswitch.conf
> >
> > passwd: files systemd winbind
> > group: files systemd winbind
> > shadow: files
> > gshadow: files
> >
> > hosts: files mdns4_minimal [NOTFOUND=return] dns
>
> hosts: files dns mdns4_minimal [NOTFOUND=return]
> Moved dns before mDNS (avahi-daemon)
>
> > networks: files
> >
> > protocols: db files
> > services: db files
> > ethers: db files
> > rpc: db files
> >
> > netgroup: nis
> > -----------
> > Checking file: /usr/local/samba/etc/smb.conf
> > [global]
> > netbios name = DC2
> > realm = MyDomain.LX.PT
> > server role = active directory domain controller
> > workgroup = MyDomain
> > idmap_ldb:use rfc2307 = yes
> > log level = 1 auth_json_audit:2@/var/log/samba/auth.log sam:2@
> > /var/log/samba/sam.log
> > log file = /var/log/samba/samba.log
> > server services = -dns
> >
> > winbind nss info = template
> > template shell = /bin/bash
> > template homedir = /home/%U
> > server min protocol = SMB2
> >
> > [sysvol]
> > path = /usr/local/samba/var/locks/sysvol
> > read only = No
> >
> > [netlogon]
> > path =
> > /usr/local/samba/var/locks/sysvol/MyDomain.lx.pt/scripts
> > read only = No
> > -----------
> > Detected bind DLZ enabled..
> > Checking file: /etc/bind/named.conf
> >
> > include "/etc/bind/named.conf.options";
> > include "/etc/bind/named.conf.local";
> > include "/etc/bind/named.conf.default-zones";
> > include "/usr/local/samba/bind-dns/named.conf";
> > -----------
> > Checking file: /etc/bind/named.conf.options
> > acl internals { 127.0.0.0/8; 192.168.59.0/24; };
> >
> > options {
> > directory "/var/cache/bind";
> > version "Go Away 0.0.7";
> > notify no;
> > empty-zones-enable no;
> > auth-nxdomain yes;
> > forwarders { 8.8.8.8; 8.8.4.4; };
> > allow-transfer { none; };
> >
> > dnssec-validation no;
> > dnssec-enable no;
> > dnssec-lookaside no;
> > listen-on-v6 { none; };
> > listen-on port 53 { 192.168.59.112; 127.0.0.1; ::1; };
> >
> > minimal-responses yes;
> >
> > allow-query { "internals"; };
> > allow-query-cache { "internals"; };
> >
> > recursion yes;
> > allow-recursion { "internals"; };
> >
> > tkey-gssapi-keytab "/usr/local/samba/bind-dns/dns.keytab";
> > };
> > -----------
> > Checking file: /etc/bind/named.conf.local
> > -----------
> > Checking file: /etc/bind/named.conf.default-zones
> > zone "." {
> > type hint;
> > file "/usr/share/dns/root.hints";
> > };
> >
> > zone "localhost" {
> > type master;
> > file "/etc/bind/db.local";
> > };
> >
> > zone "127.in-addr.arpa" {
> > type master;
> > file "/etc/bind/db.127";
> > };
> >
> > zone "0.in-addr.arpa" {
> > type master;
> > file "/etc/bind/db.0";
> > };
> >
> > zone "255.in-addr.arpa" {
> > type master;
> > file "/etc/bind/db.255";
> > };
> > -----------
> > Samba DNS zone list: 3 zone(s) found
> >
> > pszZoneName : 59.168.192.in-addr.arpa
> > Flags : DNS_RPC_ZONE_DSINTEGRATED
> > DNS_RPC_ZONE_UPDATE_SECURE
> > ZoneType : DNS_ZONE_TYPE_PRIMARY
> > Version : 50
> > dwDpFlags : DNS_DP_AUTOCREATED
> > DNS_DP_DOMAIN_DEFAULT
> > DNS_DP_ENLISTED
> > pszDpFqdn : DomainDnsZones.MyDomain.lx.pt
> >
> > pszZoneName : MyDomain.lx.pt
> > Flags : DNS_RPC_ZONE_DSINTEGRATED
> > DNS_RPC_ZONE_UPDATE_SECURE
> > ZoneType : DNS_ZONE_TYPE_PRIMARY
> > Version : 50
> > dwDpFlags : DNS_DP_AUTOCREATED
> > DNS_DP_DOMAIN_DEFAULT
> > DNS_DP_ENLISTED
> > pszDpFqdn : DomainDnsZones.MyDomain.lx.pt
> >
> > pszZoneName : _msdcs.MyDomain.lx.pt
> > Flags : DNS_RPC_ZONE_DSINTEGRATED
> > DNS_RPC_ZONE_UPDATE_SECURE
> > ZoneType : DNS_ZONE_TYPE_PRIMARY
> > Version : 50
> > dwDpFlags : DNS_DP_AUTOCREATED
> > DNS_DP_FOREST_DEFAULT
> > DNS_DP_ENLISTED
> > pszDpFqdn : ForestDnsZones.MyDomain.lx.pt
> >
> > Samba DNS zone list Automated check :
> > zone : 59.168.192.in-addr.arpa ok, no Bind flat-files found
> > -----------
> > zone : MyDomain.lx.pt ok, no Bind flat-files found
> > -----------
> > zone : _msdcs.MyDomain.lx.pt ok, no Bind flat-files found
> > -----------
> > Installed packages:
> > ii acl 2.2.53-4
> > amd64 access control list - utilities
> > ii attr 1:2.4.48-4
> > amd64 utilities for manipulating filesystem
> > extended attributes
> > ii bind9 1:9.11.5.P4+dfsg-5.1+deb10u2
> > amd64 Internet Domain Name Server
> > ii bind9-host 1:9.11.5.P4+dfsg-5.1+deb10u2
> > amd64 DNS lookup utility (deprecated)
> > ii bind9utils 1:9.11.5.P4+dfsg-5.1+deb10u2
> > amd64 Utilities for BIND
> > ii fonts-quicksand 0.2016-2
> > all sans-serif font with round attributes
> > ii krb5-config 2.6
> > all Configuration files for Kerberos Version 5
> > ii krb5-kdc 1.17-3
> > amd64 MIT Kerberos key server (KDC)
> > ii krb5-locales 1.17-3
> > all internationalization support for MIT Kerberos
> > ii krb5-multidev:amd64 1.17-3
> > amd64 development files for MIT Kerberos without
> > Heimdal conflict
> > ii krb5-user 1.17-3
> > amd64 basic programs to authenticate using MIT Kerberos
> > ii libacl1:amd64 2.2.53-4
> > amd64 access control list - shared library
> > ii libacl1-dev:amd64 2.2.53-4
> > amd64 access control list - static libraries and headers
> > ii libattr1:amd64 1:2.4.48-4
> > amd64 extended attribute handling - shared library
> > ii libattr1-dev:amd64 1:2.4.48-4
> > amd64 extended attributes handling - static
> > libraries and headers
> > ii libbind9-161:amd64 1:9.11.5.P4+dfsg-5.1+deb10u2
> > amd64 BIND9 Shared Library used by BIND
> > ii libgssapi-krb5-2:amd64 1.17-3
> > amd64 MIT Kerberos runtime libraries - krb5 GSS-API
> > Mechanism
> > ii libkrb5-26-heimdal:amd64 7.5.0+dfsg-3
> > amd64 Heimdal Kerberos - libraries
> > ii libkrb5-3:amd64 1.17-3
> > amd64 MIT Kerberos runtime libraries
> > ii libkrb5-dev:amd64 1.17-3
> > amd64 headers and development libraries for MIT Kerberos
> > ii libkrb5support0:amd64 1.17-3
> > amd64 MIT Kerberos runtime libraries - Support library
> > ii libsmbclient:amd64 2:4.9.5+dfsg-5+deb10u1
> > amd64 shared library for communication with SMB/CIFS servers
> > ii libwbclient0:amd64 2:4.9.5+dfsg-5+deb10u1
> > amd64 Samba winbind client library
> > ii python-attr 18.2.0-1
> > all Attributes without boilerplate (Python 2)
> > ii python3-pyxattr 0.6.1-1
> > amd64 module for manipulating filesystem extended attributes
> > (Python3)
> > ii samba-libs:amd64 2:4.9.5+dfsg-5+deb10u1
> > amd64 Samba core libraries
> > -----------
>
>
> So, you have a self compiled samba, you did install or, did not remove
> some older parts.
> Like : libwbclient0:amd64 2:4.9.5+dfsg-5+deb10u1
>
>
> So a choice to make,
> - Remove good and only use selfcompiled samba.
> Or
> - Install debian's Samba 4.9.5
> - Or instal samba from my repo then install 4.12.6
>
> Greetz,
>
> Louis
>
>
>
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
>
More information about the samba
mailing list