[Samba] linux client DNS issues

Patrick Goetz pgoetz at math.utexas.edu
Mon Feb 7 23:10:03 UTC 2022 


On 2/7/22 16:29, Rowland Penny via samba wrote:
> On Mon, 2022-02-07 at 15:59 -0600, Patrick Goetz via samba wrote:
>>
>> On 2/7/22 15:04, Rowland Penny via samba wrote:
>>> On Mon, 2022-02-07 at 12:45 -0600, Patrick Goetz via samba wrote:
>>>> BTW, I can't find anything in the log files to help me with
>>>> debugging
>>>> this.  At what log level do DNS errors start showing up in the
>>>> log
>>>> files?
>>>
>>> OK, I have setup Arch in a VM and installed Samba and I got the
>>> same
>>> error, no DNS update.
>>>
>>> I checked /etc/hostname and it only has the short hostname in it, I
>>> then checked /etc/hosts and it had three lines:
>>>
>>> 127.0.0.1 localhost
>>> ::1 localhost
>>> 127.0.1.1 archmem.samdom.example.com archmem
>>>
>>> As a test I commented out the last line, left the domain and then
>>> rejoined the domain, this time it worked without the DNS error.
>>>
>>
>> Thanks for testing this.  But now it seems more obvious that there's
>> something about my setup which is triggering this behavior and I'm
>> dying
>> to know what it is.
>>
>> You installed exactly these additional packages for Samba?
>> # pacman -Syu samba smbclient krb5 pam-krb5 dnsutils
> 
> No, I just wanted to test the join and to be honest, this is the first
> time I have installed Samba on Arch (and probably the last).
> 
>>
>> (acl, attr, ldb, and cifs-utils are installed as dependencies)
>>
>>
>> Presumably using `net ads join`? Did you run a samba-tool dns query
>> to
>> make sure the Arch VM was actually in DNS?
> 
> No, I just checked in sam.ldb on a DC, and the dns record is there.


How does one look into sam.ldb?  Is there a list command for this I'm 
not aware of?


> 
>>
>> I've now tried every variation.  My original /etc/hosts file looked
>> like
>> this:
>>
>> ------------
>> # Static table lookup for hostnames.
>> # See hosts(5) for details.
>>
>> 192.168.1.84 erap-gnome.ea.linuxcs.com  erap-gnome
> 
> Are you using dhcp or is it a fixed IP ?
> I used dhcp.
> 


I'm using a fixed IP. I need this because people also ssh into this 
system from outside the AD network and there's a firewall which does 
port redirection based on a fixed IP.




>> ------------
>>
>> I tried adding the loopback interface:
>>
>> ------------
>> # Static table lookup for hostnames.
>> # See hosts(5) for details.
>>
>> 127.0.0.1 localhost
>> ::1 localhost
>>
>> 192.168.1.84 erap-gnome.ea.linuxcs.com  erap-gnome
>> ------------
>>
>> commenting out the host IP address, using a FQDN in /etc/hostname
>> and
>> all combinations of the above and I still get the DNS error every
>> time.
>>
>> Roland, from your description, how does `net ads join -U
>> administrator`
>> even know what domain you're trying to join?  Does it use the
>> /etc/krb5.conf file?  If so, why does the Samba Wiki sternly warn you
>> to
>> remove any 127.0.1.1 entry in /etc/hosts and add the system IP
>> address
>> as shown above instead?
> 
> The /etc/krb5.conf on my test machine (thinking about it, krb5 must
> have been installed, even though I didn't install it) just contained
> two lines
> 
> [libdefaults]
>      default_realm = SAMDOM.EXAMPLE.COM
> 
> The wiki may need updating, but the 127.0.1.1 shouldn't point to a DC's
> fqdn and short hostname, but then a DC should have a fixed IP. One of
> the problems is that different OS's require different DNS settings, as
> I said, red-hat OS's seem to require the fqdn in /etc/hostname


In my case the Samba internal DNS is running on Ubuntu 20.04, which is 
where all the action occurs?  Not sure why the client /etc/hostname 
configuration should matter here.

Regarding your /etc/krb5.conf file, I'm not sure where this came from. 
When I install the Arch krb5 package, the default /etc/krb5.conf file is 
some generic boilerplate referencing, e.g. athena.mit.edu


Also, you mention "127.0.1.1 shouldn't point to a DC's fqdn and short 
hostname" but I think you must mean the client, not the DC?

I don't have any mention of samba-dc in /etc/hosts -- samba-dc is the 
name server in /etc/resolv.conf, so this wouldn't be unnecessary.

So, it seems like it must be the case that when you run `net ads join` 
the net commmand peeks at either /etc/krb5.conf or /etc/samba/smb.conf 
to figure out what domain you're trying to connect to, as this 
information isn't included anywhere else AFAIK.


>>
>>
>>> I could get to like Arch, except for one thing, the install
>>> procedure
>>> is archaic (is that what 'arch' is short for ?), the last time I
>>> used
>>> such an install procedure was over 20 years ago :-D
>>>
>>
>> I'm guessing you used the installer included with the ISO only
>> recently
>> after much gnashing of teeth, hand wringing, and push back. Arch
>> doesn't
>> have a good installer (and didn't have one at all until recently) by
>> design; i.e. on purpose.  What you're supposed to do is go to
>> https://archlinux.org and use the Installation Guide referenced
>> under
>> Documentation in the right side panel and get your hands dirty
>> assembling the system from scratch.  Kind of like how I made my kid
>> help
>> me build his first computer from parts. This way you have hands on
>> knowledge of how your system is set up.
>>
>> There are some advantages to this.  Installing Arch on somewhat
>> non-standard hardware is so much easier than installing, say, Ubuntu
>> precisely because you're not locked into an installation regime and
>> can
>> twiddle with more knobs.  I've had to give up on installing Ubuntu
>> on
>> some systems after hours of frustration followed by a quick, easy,
>> and
>> deterministic 30 minute installation of Arch. Even the most recent
>> version of the Ubuntu installer (for example) won't let you
>> configure
>> the EFI partition as an md RAID1, which you kind of need if you're
>> going
>> to have truly redundant OS disks, which I do by default on nearly
>> every
>> machine these days, as SSDs are cheap and my labor expensive, not to
>> mention that users don't appreciate downtime as much as they should.
>>
>> For people who want an Arch system which can be installed by a
>> novice
>> with a slick and modern installer, take a look at EndeavorOS,
>> Manjaro,
>> or Garuda (among others).  Garuda linux is somewhat new, but they
>> shot
>> for the moon at all levels; i.e. not just eye candy, which I
>> studiously
>> avoid because I'd rather not waste CPU cycles on stuff like this
>> when
>> running multiple VMs all the time; this is some next level stuff:
>> https://www.youtube.com/watch?v=KK280Y0cNmQ
> 
> Yes, installing Arch may make it easier to set up on some systems, but
> for the majority of users, it is over the top. I think I will stick to
> Debian based distro's, though not Ubuntu, that distro seems to have
> lost its way.
> 
> Rowland
>   
> 
>

More information about the samba mailing list