[Samba] DNS problems when adding samba DC to win2008R2
Carlos Jesus
camjesus2 at gmail.com
Mon Sep 14 17:44:42 UTC 2020
Some developments.
libwbclient0:amd64 2:4.9.5+dfsg-5+deb10u1 is present on
a freshly installed debian buster.
Actually,
dpkg -l|grep -i samba gives
ii libwbclient0:amd64 2:4.9.5+dfsg-5+deb10u1
amd64 Samba winbind client library
ii python3-smbc 1.0.15.6-1+b2
amd64 Python 3 bindings for the Samba client library
ii samba-libs:amd64 2:4.9.5+dfsg-5+deb10u1
amd64 Samba core libraries
Again, this is a freshly installed debian buster installed from
https://cdimage.debian.org/debian-cd/current/amd64/iso-cd/debian-10.5.0-amd64-netinst.iso
with only LXDE, SSH and standard utilities.
I'll remove this packages (let's see how that goes), and try Louis repo (a
first for me).
Tomorrow I'll report back.
Carlos Jesus <camjesus2 at gmail.com> escreveu no dia segunda, 14/09/2020 à(s)
12:19:
> Hi Louis thanks for the help,
>
>> > Kerberos SRV _kerberos._tcp.MyDomain.lx.pt <http://tcp.mydomain.lx.pt/> record
>> verified ok, sample
>> > output:
>> > Server: 192.168.59.112
>> > Address: 192.168.59.112#53
>> >
>> > _kerberos._tcp.MyDomain.lx.pt <http://tcp.mydomain.lx.pt/> service
>> = 0 100 88
>> > dc2.MyDomain.lx.pt <http://dc2.mydomain.lx.pt/>.
>>
>> Here, if you have 2 DC's you should also see the 2 DC's.
>> So where is DC1 ?
>>
> That must have been my fault. While sanitizing I must have deleted that
> line. The correct piece is:
> ______________________________________________________________
> Kerberos SRV _kerberos._tcp.MyDomain.lx.pt record verified ok, sample
> output:
> Server: 192.168.59.112
> Address: 192.168.59.112#53
>
> _kerberos._tcp. MyDomain .lx.pt service = 0 100 88 server.
> MyDomain.lx.pt.
> _kerberos._tcp. MyDomain .lx.pt service = 0 100 88 dc2. MyDomain.lx.pt
> .
> Samba is running as an AD DC
> _______________________________________________________________
> There is a "server" and a "DC2". Poor naming choices I guess.
>
>> > nameserver 192.168.59.112
>> # AFter a join and a reboot, you can enable the DC1 Nameserver but add it
>> below this server
>> > nameserver 192.168.59.111
>>
>>
>> > -----------
>> > Checking file: /etc/krb5.conf
>> > [libdefaults]
>> > default_realm = MyDomain.LX.PT <http://mydomain.lx.pt/>
>> > dns_lookup_realm = false
>> > dns_lookup_kdc = true
>> > -----------
>> > Checking file: /etc/nsswitch.conf
>> >
>> > passwd: files systemd winbind
>> > group: files systemd winbind
>> > shadow: files
>> > gshadow: files
>> >
>> > hosts: files mdns4_minimal [NOTFOUND=return] dns
>>
>> hosts: files dns mdns4_minimal [NOTFOUND=return]
>> Moved dns before mDNS (avahi-daemon)
>>
> Will do. Avahi is disabled/masked anyway. Hate the thing.
>
>> So, you have a self compiled samba, you did install or, did not remove
>> some older parts.
>> Like : libwbclient0:amd64 2:4.9.5+dfsg-5+deb10u1
>>
>> There you got me. I dont really know where this comes from. This is a
> freshly installed VM/Debian/samba 4.12 running on Hyper-V over iSCSI. A few
> extra packages (htop, iftop, iperf...) but nothing fancy. I never had a
> previous version of samba installed (or anything else).
>
>>
>> So a choice to make,
>> - Remove good and only use selfcompiled samba.
>> Or
>> - Install debian's Samba 4.9.5
>> - Or instal samba from my repo then install 4.12.6
>>
>> Yeap. That was basically my last choice. Remove DC2, remove VM and start
> over.
>
>> Greetz,
>>
>> Louis
>>
> Best regards
>
> L.P.H. van Belle via samba <samba at lists.samba.org> escreveu no dia
> segunda, 14/09/2020 à(s) 11:31:
>
>> Hai,
>>
>> See below.
>>
>> > -----Oorspronkelijk bericht-----
>> > Van: samba [mailto:samba-bounces at lists.samba.org] Namens
>> > Carlos Jesus via samba
>> > Verzonden: maandag 14 september 2020 11:40
>> > Aan: Rowland penny
>> > CC: sambalist
>> > Onderwerp: Re: [Samba] DNS problems when adding samba DC to win2008R2
>> >
>> ....
>> > >
>> > >
>> > grep: /etc/samba/smb.conf: No such file or directory
>> > ./samba.sh: line 328: [: : integer expression expected
>>
>> Hmm, it does not find smb.conf ?
>> Thats strange or was this a typo on your side?
>> ( Ah, after some scrolling, its a self compiled samba ) ;-)
>>
>>
>> > DC2:/home/carlos# more /tmp/samba-debug-info.txt
>> > Collected config --- 2020-09-14-10:27 -----------
>> >
>> > Hostname: DC2
>> > DNS Domain: MyDomain.lx.pt
>> > FQDN: DC2.MyDomain.lx.pt
>> > ipaddress: 192.168.59.112
>> > -----------
>> > Kerberos SRV _kerberos._tcp.MyDomain.lx.pt record verified ok, sample
>> > output:
>> > Server: 192.168.59.112
>> > Address: 192.168.59.112#53
>> >
>> > _kerberos._tcp.MyDomain.lx.pt service = 0 100 88
>> > dc2.MyDomain.lx.pt.
>>
>> Here, if you have 2 DC's you should also see the 2 DC's.
>> So where is DC1 ?
>>
>>
>>
>> > Samba is running as an AD DC
>> > -----------
>> > Checking file: /etc/os-release
>> > PRETTY_NAME="Debian GNU/Linux 10 (buster)"
>> > NAME="Debian GNU/Linux"
>> > VERSION_ID="10"
>> > VERSION="10 (buster)"
>> > VERSION_CODENAME=buster
>> > ID=debian
>> > HOME_URL="https://www.debian.org/"
>> > SUPPORT_URL="https://www.debian.org/support"
>> > BUG_REPORT_URL="https://bugs.debian.org/"
>> > -----------
>> >
>> > This computer is running Debian 10.5 x86_64
>> > -----------
>> > running command : ip a
>> > 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state
>> > UNKNOWN group
>> > default qlen 1000
>> > link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
>> > inet 127.0.0.1/8 scope host lo
>> > 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq
>> > state UP group
>> > default qlen 1000
>> > link/ether 00:15:5d:3b:6f:09 brd ff:ff:ff:ff:ff:ff
>> > inet 192.168.59.112/24 brd 192.168.59.255 scope global eth0
>> > -----------
>> > Checking file: /etc/hosts
>> > 127.0.0.1 localhost
>> > 192.168.59.112 DC2.MyDomain.lx.pt DC2
>> > -----------
>> > Checking file: /etc/resolv.conf
>> > domain MyDomain.lx.pt
>> > search MyDomain.lx.pt
>> > nameserver 192.168.59.112
>> # AFter a join and a reboot, you can enable the DC1 Nameserver but add it
>> below this server
>> > nameserver 192.168.59.111
>>
>>
>> > -----------
>> > Checking file: /etc/krb5.conf
>> > [libdefaults]
>> > default_realm = MyDomain.LX.PT
>> > dns_lookup_realm = false
>> > dns_lookup_kdc = true
>> > -----------
>> > Checking file: /etc/nsswitch.conf
>> >
>> > passwd: files systemd winbind
>> > group: files systemd winbind
>> > shadow: files
>> > gshadow: files
>> >
>> > hosts: files mdns4_minimal [NOTFOUND=return] dns
>>
>> hosts: files dns mdns4_minimal [NOTFOUND=return]
>> Moved dns before mDNS (avahi-daemon)
>>
>> > networks: files
>> >
>> > protocols: db files
>> > services: db files
>> > ethers: db files
>> > rpc: db files
>> >
>> > netgroup: nis
>> > -----------
>> > Checking file: /usr/local/samba/etc/smb.conf
>> > [global]
>> > netbios name = DC2
>> > realm = MyDomain.LX.PT
>> > server role = active directory domain controller
>> > workgroup = MyDomain
>> > idmap_ldb:use rfc2307 = yes
>> > log level = 1 auth_json_audit:2@/var/log/samba/auth.log sam:2@
>> > /var/log/samba/sam.log
>> > log file = /var/log/samba/samba.log
>> > server services = -dns
>> >
>> > winbind nss info = template
>> > template shell = /bin/bash
>> > template homedir = /home/%U
>> > server min protocol = SMB2
>> >
>> > [sysvol]
>> > path = /usr/local/samba/var/locks/sysvol
>> > read only = No
>> >
>> > [netlogon]
>> > path =
>> > /usr/local/samba/var/locks/sysvol/MyDomain.lx.pt/scripts
>> > read only = No
>> > -----------
>> > Detected bind DLZ enabled..
>> > Checking file: /etc/bind/named.conf
>> >
>> > include "/etc/bind/named.conf.options";
>> > include "/etc/bind/named.conf.local";
>> > include "/etc/bind/named.conf.default-zones";
>> > include "/usr/local/samba/bind-dns/named.conf";
>> > -----------
>> > Checking file: /etc/bind/named.conf.options
>> > acl internals { 127.0.0.0/8; 192.168.59.0/24; };
>> >
>> > options {
>> > directory "/var/cache/bind";
>> > version "Go Away 0.0.7";
>> > notify no;
>> > empty-zones-enable no;
>> > auth-nxdomain yes;
>> > forwarders { 8.8.8.8; 8.8.4.4; };
>> > allow-transfer { none; };
>> >
>> > dnssec-validation no;
>> > dnssec-enable no;
>> > dnssec-lookaside no;
>> > listen-on-v6 { none; };
>> > listen-on port 53 { 192.168.59.112; 127.0.0.1; ::1; };
>> >
>> > minimal-responses yes;
>> >
>> > allow-query { "internals"; };
>> > allow-query-cache { "internals"; };
>> >
>> > recursion yes;
>> > allow-recursion { "internals"; };
>> >
>> > tkey-gssapi-keytab "/usr/local/samba/bind-dns/dns.keytab";
>> > };
>> > -----------
>> > Checking file: /etc/bind/named.conf.local
>> > -----------
>> > Checking file: /etc/bind/named.conf.default-zones
>> > zone "." {
>> > type hint;
>> > file "/usr/share/dns/root.hints";
>> > };
>> >
>> > zone "localhost" {
>> > type master;
>> > file "/etc/bind/db.local";
>> > };
>> >
>> > zone "127.in-addr.arpa" {
>> > type master;
>> > file "/etc/bind/db.127";
>> > };
>> >
>> > zone "0.in-addr.arpa" {
>> > type master;
>> > file "/etc/bind/db.0";
>> > };
>> >
>> > zone "255.in-addr.arpa" {
>> > type master;
>> > file "/etc/bind/db.255";
>> > };
>> > -----------
>> > Samba DNS zone list: 3 zone(s) found
>> >
>> > pszZoneName : 59.168.192.in-addr.arpa
>> > Flags : DNS_RPC_ZONE_DSINTEGRATED
>> > DNS_RPC_ZONE_UPDATE_SECURE
>> > ZoneType : DNS_ZONE_TYPE_PRIMARY
>> > Version : 50
>> > dwDpFlags : DNS_DP_AUTOCREATED
>> > DNS_DP_DOMAIN_DEFAULT
>> > DNS_DP_ENLISTED
>> > pszDpFqdn : DomainDnsZones.MyDomain.lx.pt
>> >
>> > pszZoneName : MyDomain.lx.pt
>> > Flags : DNS_RPC_ZONE_DSINTEGRATED
>> > DNS_RPC_ZONE_UPDATE_SECURE
>> > ZoneType : DNS_ZONE_TYPE_PRIMARY
>> > Version : 50
>> > dwDpFlags : DNS_DP_AUTOCREATED
>> > DNS_DP_DOMAIN_DEFAULT
>> > DNS_DP_ENLISTED
>> > pszDpFqdn : DomainDnsZones.MyDomain.lx.pt
>> >
>> > pszZoneName : _msdcs.MyDomain.lx.pt
>> > Flags : DNS_RPC_ZONE_DSINTEGRATED
>> > DNS_RPC_ZONE_UPDATE_SECURE
>> > ZoneType : DNS_ZONE_TYPE_PRIMARY
>> > Version : 50
>> > dwDpFlags : DNS_DP_AUTOCREATED
>> > DNS_DP_FOREST_DEFAULT
>> > DNS_DP_ENLISTED
>> > pszDpFqdn : ForestDnsZones.MyDomain.lx.pt
>> >
>> > Samba DNS zone list Automated check :
>> > zone : 59.168.192.in-addr.arpa ok, no Bind flat-files found
>> > -----------
>> > zone : MyDomain.lx.pt ok, no Bind flat-files found
>> > -----------
>> > zone : _msdcs.MyDomain.lx.pt ok, no Bind flat-files found
>> > -----------
>> > Installed packages:
>> > ii acl 2.2.53-4
>> > amd64 access control list - utilities
>> > ii attr 1:2.4.48-4
>> > amd64 utilities for manipulating filesystem
>> > extended attributes
>> > ii bind9 1:9.11.5.P4+dfsg-5.1+deb10u2
>> > amd64 Internet Domain Name Server
>> > ii bind9-host 1:9.11.5.P4+dfsg-5.1+deb10u2
>> > amd64 DNS lookup utility (deprecated)
>> > ii bind9utils 1:9.11.5.P4+dfsg-5.1+deb10u2
>> > amd64 Utilities for BIND
>> > ii fonts-quicksand 0.2016-2
>> > all sans-serif font with round attributes
>> > ii krb5-config 2.6
>> > all Configuration files for Kerberos Version 5
>> > ii krb5-kdc 1.17-3
>> > amd64 MIT Kerberos key server (KDC)
>> > ii krb5-locales 1.17-3
>> > all internationalization support for MIT Kerberos
>> > ii krb5-multidev:amd64 1.17-3
>> > amd64 development files for MIT Kerberos without
>> > Heimdal conflict
>> > ii krb5-user 1.17-3
>> > amd64 basic programs to authenticate using MIT Kerberos
>> > ii libacl1:amd64 2.2.53-4
>> > amd64 access control list - shared library
>> > ii libacl1-dev:amd64 2.2.53-4
>> > amd64 access control list - static libraries and headers
>> > ii libattr1:amd64 1:2.4.48-4
>> > amd64 extended attribute handling - shared library
>> > ii libattr1-dev:amd64 1:2.4.48-4
>> > amd64 extended attributes handling - static
>> > libraries and headers
>> > ii libbind9-161:amd64 1:9.11.5.P4+dfsg-5.1+deb10u2
>> > amd64 BIND9 Shared Library used by BIND
>> > ii libgssapi-krb5-2:amd64 1.17-3
>> > amd64 MIT Kerberos runtime libraries - krb5 GSS-API
>> > Mechanism
>> > ii libkrb5-26-heimdal:amd64 7.5.0+dfsg-3
>> > amd64 Heimdal Kerberos - libraries
>> > ii libkrb5-3:amd64 1.17-3
>> > amd64 MIT Kerberos runtime libraries
>> > ii libkrb5-dev:amd64 1.17-3
>> > amd64 headers and development libraries for MIT Kerberos
>> > ii libkrb5support0:amd64 1.17-3
>> > amd64 MIT Kerberos runtime libraries - Support library
>> > ii libsmbclient:amd64 2:4.9.5+dfsg-5+deb10u1
>> > amd64 shared library for communication with SMB/CIFS servers
>> > ii libwbclient0:amd64 2:4.9.5+dfsg-5+deb10u1
>> > amd64 Samba winbind client library
>> > ii python-attr 18.2.0-1
>> > all Attributes without boilerplate (Python 2)
>> > ii python3-pyxattr 0.6.1-1
>> > amd64 module for manipulating filesystem extended attributes
>> > (Python3)
>> > ii samba-libs:amd64 2:4.9.5+dfsg-5+deb10u1
>> > amd64 Samba core libraries
>> > -----------
>>
>>
>> So, you have a self compiled samba, you did install or, did not remove
>> some older parts.
>> Like : libwbclient0:amd64 2:4.9.5+dfsg-5+deb10u1
>>
>>
>> So a choice to make,
>> - Remove good and only use selfcompiled samba.
>> Or
>> - Install debian's Samba 4.9.5
>> - Or instal samba from my repo then install 4.12.6
>>
>> Greetz,
>>
>> Louis
>>
>>
>>
>>
>>
>> --
>> To unsubscribe from this list go to the following URL and read the
>> instructions: https://lists.samba.org/mailman/options/samba
>>
>
More information about the samba
mailing list