[Samba] Domain member?
Rowland Penny
rpenny at samba.org
Tue Oct 26 10:21:11 UTC 2021
On Tue, 2021-10-26 at 11:59 +0200, Joachim Lindenberg via samba wrote:
> Hello Louis,
> sure. I know I configured /etc/resolv.conf during join, pointing to a
> DC manually. Is the local resolver the culprit?
> Thanks,
> Joachim
>
> root at le:/tmp# cat samba-debug-info.txt
> Collected config --- 2021-10-26-09:12 -----------
>
> Hostname: le
> DNS Domain: samba.lindenberg.one
> FQDN: le.samba.lindenberg.one
> ipaddress: 192.168.176.9
>
> -----------
>
> Kerberos SRV _kerberos._tcp.samba.lindenberg.one record verified ok,
> sample output:
> Server: 127.0.0.53
> Address: 127.0.0.53#53
>
> Non-authoritative answer:
> _kerberos._tcp.samba.lindenberg.one service = 0 100 88
> boa.samba.lindenberg.one.
> _kerberos._tcp.samba.lindenberg.one service = 0 100 88
> mamba.samba.lindenberg.one.
> _kerberos._tcp.samba.lindenberg.one service = 0 100 88
> cobra.samba.lindenberg.one.
>
> Authoritative answers can be found from:
> Samba is running as a Unix domain member
> Checking file: /etc/os-release
>
> NAME="Ubuntu"
> VERSION="20.04.3 LTS (Focal Fossa)"
> ID=ubuntu
> ID_LIKE=debian
> PRETTY_NAME="Ubuntu 20.04.3 LTS"
> VERSION_ID="20.04"
> HOME_URL="https://www.ubuntu.com/"
> SUPPORT_URL="https://help.ubuntu.com/"
> BUG_REPORT_URL="https://bugs.launchpad.net/ubuntu/"
> PRIVACY_POLICY_URL="
> https://www.ubuntu.com/legal/terms-and-policies/privacy-policy"
> VERSION_CODENAME=focal
> UBUNTU_CODENAME=focal
>
> -----------
>
>
> This computer is running Ubuntu 20.04.3 LTS x86_64
>
> -----------
> running command : ip a
> 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN
> group default qlen 1000
> link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
> inet 127.0.0.1/8 scope host lo
> inet6 ::1/128 scope host
> 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1420 qdisc mq state UP
> group default qlen 1000
> link/ether 00:15:5d:b1:0c:70 brd ff:ff:ff:ff:ff:ff
> inet 192.168.176.9/24 brd 192.168.176.255 scope global eth0
> inet6 fe80::215:5dff:feb1:c70/64 scope link
>
> -----------
> Checking file: /etc/hosts
>
> 127.0.0.1 localhost
>
> # The following lines are desirable for IPv6 capable hosts
> 192.168.176.9 le.samba.lindenberg.one le
> ::1 ip6-localhost ip6-loopback
> fe00::0 ip6-localnet
> ff00::0 ip6-mcastprefix
> ff02::1 ip6-allnodes
> ff02::2 ip6-allrouters
>
> -----------
>
> Checking file: /etc/resolv.conf
>
> # This file is managed by man:systemd-resolved(8). Do not edit.
> #
> # This is a dynamic resolv.conf file for connecting local clients to
> the
> # internal DNS stub resolver of systemd-resolved. This file lists all
> # configured search domains.
> #
> # Run "resolvectl status" to see details about the uplink DNS servers
> # currently in use.
> #
> # Third party programs must not access this file directly, but only
> through the
> # symlink at /etc/resolv.conf. To manage man:resolv.conf(5) in a
> different way,
> # replace this symlink by a static file or a different symlink.
> #
> # See man:systemd-resolved.service(8) for details about the supported
> modes of
> # operation for /etc/resolv.conf.
>
> nameserver 127.0.0.53
> options edns0 trust-ad
> search samba.lindenberg.one
>
> -----------
>
> systemd stub resolver detected, running command : systemd-resolve --
> status
> -----------
> Global
> LLMNR setting: no
> MulticastDNS setting: no
> DNSOverTLS setting: no
> DNSSEC setting: no
> DNSSEC supported: no
> DNSSEC NTA: 10.in-addr.arpa
> 16.172.in-addr.arpa
> 168.192.in-addr.arpa
> 17.172.in-addr.arpa
> 18.172.in-addr.arpa
> 19.172.in-addr.arpa
> 20.172.in-addr.arpa
> 21.172.in-addr.arpa
> 22.172.in-addr.arpa
> 23.172.in-addr.arpa
> 24.172.in-addr.arpa
> 25.172.in-addr.arpa
> 26.172.in-addr.arpa
> 27.172.in-addr.arpa
> 28.172.in-addr.arpa
> 29.172.in-addr.arpa
> 30.172.in-addr.arpa
> 31.172.in-addr.arpa
> corp
> d.f.ip6.arpa
> home
> internal
> intranet
> lan
> local
> private
> test
>
> Link 2 (eth0)
> Current Scopes: DNS
> DefaultRoute setting: yes
> LLMNR setting: yes
> MulticastDNS setting: no
> DNSOverTLS setting: no
> DNSSEC setting: no
> DNSSEC supported: no
> Current DNS Server: 192.168.177.19
> DNS Servers: 192.168.177.18
> 192.168.177.19
> DNS Domain: samba.lindenberg.one
>
> -------resolv.conf end----
>
> Checking file: /etc/krb5.conf
>
> [libdefaults]
> default_realm = SAMBA.LINDENBERG.ONE
> dns_lookup_realm = false
> dns_lookup_kdc = true
>
> -----------
>
> Checking file: /etc/nsswitch.conf
>
> # /etc/nsswitch.conf
> #
> # Example configuration of GNU Name Service Switch functionality.
> # If you have the `glibc-doc-reference' and `info' packages
> installed, try:
> # `info libc "Name Service Switch"' for information about this file.
>
> passwd: files systemd winbind
> group: files systemd winbind
> shadow: files
> gshadow: files
>
> hosts: files dns
> networks: files
>
> protocols: db files
> services: db files
> ethers: db files
> rpc: db files
>
> netgroup: nis
>
> -----------
>
> Checking file: /etc/samba/smb.conf
>
> # Global parameters
> [global]
> netbios name = LE
> realm = SAMBA.LINDENBERG.ONE
> workgroup = SAMBA
> security = ADS
> # dns update command = /usr/sbin/samba_dnsupdate --use-samba-
> tool
> # idmap_ldb:use rfc2307 = yes
> disable netbios = yes
> smb encrypt = mandatory
> kerberos method = secrets and keytab
> # winbind refresh tickets = yes
> template shell = /bin/bash
> template homedir = /home/%U
> winbind use default domain = yes
>
You do not have any 'idmap config' lines (I think I mentioned this
already)
As a minimum I would expect something like this:
idmap config *:backend = tdb
idmap config *:range = 3000-9999
idmap config SAMBA : backend = rid
idmap config SAMBA : range = 10000-999999
Rowland
More information about the samba
mailing list