[Samba] samba AD-DC with bind9, dyn-dns complains that "No AD dhcp user exists"

Carlos Jesus camjesus2 at gmail.com
Wed Sep 8 14:22:38 UTC 2021 

Hello again Rowland,
unfortunately, the problem seems to have escalated and it seems my DNS
zones are missing or corrupt. When I try
samba-tool dns zonelist ehsecondary
I get
ERROR(runtime): uncaught exception - (9717, 'WERR_DNS_ERROR_DS_UNAVAILABLE')
  File
"/usr/local/samba/lib/python3.7/site-packages/samba/netcmd/__init__.py",
line 186, in _run return self.run(*args, **kwargs)
  File "/usr/local/samba/lib/python3.7/site-packages/samba/netcmd/dns.py",
line 670, in run request_filter)

Os this particular server bind9 is running:
systemctl status bind9
● bind9.service - BIND Domain Name Server
   Loaded: loaded (/lib/systemd/system/bind9.service; enabled; vendor
preset: enabled)
   Active: active (running) since Wed 2021-09-08 14:04:21 WEST; 59min ago
     Docs: man:named(8)
  Process: 3298 ExecStart=/usr/sbin/named $OPTIONS (code=exited,
status=0/SUCCESS)
 Main PID: 3299 (named)
    Tasks: 7 (limit: 2326)
   Memory: 48.5M
   CGroup: /system.slice/bind9.service
           └─3299 /usr/sbin/named -u bind

Sep 08 14:04:21 EhSecondary named[3299]: samba_dlz: started for DN
DC=SAMDOM,DC=local
Sep 08 14:04:21 EhSecondary named[3299]: samba_dlz: starting configure
Sep 08 14:04:21 EhSecondary named[3299]: samba_dlz: configured writeable
zone 'SAMDOM.local'
Sep 08 14:04:21 EhSecondary named[3299]: samba_dlz: configured writeable
zone '1.168.192.in-addr.arpa'
Sep 08 14:04:21 EhSecondary named[3299]: none:106: 'max-cache-size 90%' -
setting to 1795MB (out of 1994MB)
Sep 08 14:04:21 EhSecondary named[3299]: obtaining root key for view
_default from '/etc/bind/bind.keys'
Sep 08 14:04:21 EhSecondary named[3299]: set up managed keys zone for view
_default, file 'managed-keys.bind'
Sep 08 14:04:21 EhSecondary named[3299]: none:106: 'max-cache-size 90%' -
setting to 1795MB (out of 1994MB)
Sep 08 14:04:21 EhSecondary named[3299]: command channel listening on
127.0.0.1#953
Sep 08 14:04:21 EhSecondary systemd[1]: Started BIND Domain Name Server.

I tried recreating the zones, but I get the same error as before. Samba is
running for now.
I have disabled dhcp failover and even the dyndns script.

Help?

Best regards,
Carlos Jesus


Carlos Jesus <camjesus2 at gmail.com> escreveu no dia terça, 7/09/2021 à(s)
22:03:

> Ah.... crap....
> well thanks for the tip. I'll look it up on that google thingy...
>
> Carlos
>
> Rowland Penny via samba <samba at lists.samba.org> escreveu no dia terça,
> 7/09/2021 à(s) 20:43:
>
>> On Tue, 2021-09-07 at 20:25 +0100, Carlos Jesus via samba wrote:
>> > Hi all, once again I ask for your help since I'm out of ideas. First
>> > my
>> > setup.
>> > Two DC's running Debian buster and samba 4.12.11 with bind9, and
>> > dynamic
>> > dns through dhcp (in failover mode) using the wiki script. One of the
>> > DC's
>> > is physical, the other is virtual (Proxmox).
>> > Both DC's have very similar configurations (but we all have heard
>> > this a
>> > thousand times...) and on the physical DC all is well, let's forget
>> > about
>> > it.
>> > On the virtual DC, I get the error "No AD dhcp user exists"
>> > blablabla. If I
>> > run the suggested commands (kinit Administrator at SAMDOM.EXAMPLE etc),
>> > it
>> > complains that the user already exists which can be confirmed by
>> > wbinfo
>> > -u|grep dhcpduser.
>> > The dhcp server is working since I get things like
>> > DHCPINFORM from 192.168.1.147 via br0
>> > DHCPACK to 192.168.1.147 (00:13:72:40:50:6a) via br0
>> > execute: /usr/local/bin/dhcp-dyndns.sh exit status 256
>> > Unfortunatly I don't know what "exit status 256" is
>> > Now:
>> > 1) /etc/dhcpd.keytab exists and with right permissions (root:root
>> > r--------)
>> > 2)bind9 is up and running
>> > 3) /etc/resolv.conf
>> > options rotate timeout:5
>> > search SAMDOM.EXAMPLE
>> > nameserver 192.168.1.150
>> > nameserver 192.168.1.149
>> > 4) Running TESTUSER="$(wbinfo -u | grep 'dhcpduser')" returns
>> > SAMDOM/dhcpduser (as expected, so why does the script thinks TESTUSER
>> > is
>> > empty?)
>> > I can provide dhcpd.conf, named.conf and smb.conf however, they are
>> > very
>> > simillar on both DC's.
>> >
>> > Any ideas?
>> > Best regards
>> >
>> > Carlos
>>
>> I have read somewhere that failover is broken in isc-dhcp-server on
>> buster, you need to compile it yourself. I am sorry, but I cannot
>> remember where I read this and it is late here, if you cannot find it,
>> I will try and find it myself tomorrow.
>>
>> Rowland
>>
>>
>>
>> --
>> To unsubscribe from this list go to the following URL and read the
>> instructions:  https://lists.samba.org/mailman/options/samba
>>
>

More information about the samba mailing list