[Samba] linux client DNS issues

Miroslav Geisselreiter mg at intar.cz
Tue Feb 8 07:20:11 UTC 2022 


Dne 8.2.2022 v 0:10 Patrick Goetz via samba napsal(a):
>
>
> On 2/7/22 16:29, Rowland Penny via samba wrote:
>> On Mon, 2022-02-07 at 15:59 -0600, Patrick Goetz via samba wrote:
>>>
>>> On 2/7/22 15:04, Rowland Penny via samba wrote:
>>>> On Mon, 2022-02-07 at 12:45 -0600, Patrick Goetz via samba wrote:
>>>>> BTW, I can't find anything in the log files to help me with
>>>>> debugging
>>>>> this.  At what log level do DNS errors start showing up in the
>>>>> log
>>>>> files?
>>>>
>>>> OK, I have setup Arch in a VM and installed Samba and I got the
>>>> same
>>>> error, no DNS update.
>>>>
>>>> I checked /etc/hostname and it only has the short hostname in it, I
>>>> then checked /etc/hosts and it had three lines:
>>>>
>>>> 127.0.0.1 localhost
>>>> ::1 localhost
>>>> 127.0.1.1 archmem.samdom.example.com archmem
>>>>
>>>> As a test I commented out the last line, left the domain and then
>>>> rejoined the domain, this time it worked without the DNS error.
>>>>
>>>
>>> Thanks for testing this.  But now it seems more obvious that there's
>>> something about my setup which is triggering this behavior and I'm
>>> dying
>>> to know what it is.
>>>
>>> You installed exactly these additional packages for Samba?
>>> # pacman -Syu samba smbclient krb5 pam-krb5 dnsutils
>>
>> No, I just wanted to test the join and to be honest, this is the first
>> time I have installed Samba on Arch (and probably the last).
>>
>>>
>>> (acl, attr, ldb, and cifs-utils are installed as dependencies)
>>>
>>>
>>> Presumably using `net ads join`? Did you run a samba-tool dns query
>>> to
>>> make sure the Arch VM was actually in DNS?
>>
>> No, I just checked in sam.ldb on a DC, and the dns record is there.
>
>
> How does one look into sam.ldb?  Is there a list command for this I'm 
> not aware of?
>
>
>>
>>>
>>> I've now tried every variation.  My original /etc/hosts file looked
>>> like
>>> this:
>>>
>>> ------------
>>> # Static table lookup for hostnames.
>>> # See hosts(5) for details.
>>>
>>> 192.168.1.84 erap-gnome.ea.linuxcs.com  erap-gnome
>>
>> Are you using dhcp or is it a fixed IP ?
>> I used dhcp.
>>
>
>
> I'm using a fixed IP. I need this because people also ssh into this 
> system from outside the AD network and there's a firewall which does 
> port redirection based on a fixed IP.
>
>
>
>
>>> ------------
>>>
>>> I tried adding the loopback interface:
>>>
>>> ------------
>>> # Static table lookup for hostnames.
>>> # See hosts(5) for details.
>>>
>>> 127.0.0.1 localhost
>>> ::1 localhost
>>>
>>> 192.168.1.84 erap-gnome.ea.linuxcs.com  erap-gnome
>>> ------------
>>>
>>> commenting out the host IP address, using a FQDN in /etc/hostname
>>> and
>>> all combinations of the above and I still get the DNS error every
>>> time.
>>>
>>> Roland, from your description, how does `net ads join -U
>>> administrator`
>>> even know what domain you're trying to join?  Does it use the
>>> /etc/krb5.conf file?  If so, why does the Samba Wiki sternly warn you
>>> to
>>> remove any 127.0.1.1 entry in /etc/hosts and add the system IP
>>> address
>>> as shown above instead?
>>
>> The /etc/krb5.conf on my test machine (thinking about it, krb5 must
>> have been installed, even though I didn't install it) just contained
>> two lines
>>
>> [libdefaults]
>>      default_realm = SAMDOM.EXAMPLE.COM
>>
>> The wiki may need updating, but the 127.0.1.1 shouldn't point to a DC's
>> fqdn and short hostname, but then a DC should have a fixed IP. One of
>> the problems is that different OS's require different DNS settings, as
>> I said, red-hat OS's seem to require the fqdn in /etc/hostname
>
>
> In my case the Samba internal DNS is running on Ubuntu 20.04, which is 
> where all the action occurs?  Not sure why the client /etc/hostname 
> configuration should matter here.
>
> Regarding your /etc/krb5.conf file, I'm not sure where this came from. 
> When I install the Arch krb5 package, the default /etc/krb5.conf file 
> is some generic boilerplate referencing, e.g. athena.mit.edu
>
>
> Also, you mention "127.0.1.1 shouldn't point to a DC's fqdn and short 
> hostname" but I think you must mean the client, not the DC?
>
> I don't have any mention of samba-dc in /etc/hosts -- samba-dc is the 
> name server in /etc/resolv.conf, so this wouldn't be unnecessary.
>
> So, it seems like it must be the case that when you run `net ads join` 
> the net commmand peeks at either /etc/krb5.conf or /etc/samba/smb.conf 
> to figure out what domain you're trying to connect to, as this 
> information isn't included anywhere else AFAIK.
>
>
>>>
>>>
>>>> I could get to like Arch, except for one thing, the install
>>>> procedure
>>>> is archaic (is that what 'arch' is short for ?), the last time I
>>>> used
>>>> such an install procedure was over 20 years ago :-D
>>>>
>>>
>>> I'm guessing you used the installer included with the ISO only
>>> recently
>>> after much gnashing of teeth, hand wringing, and push back. Arch
>>> doesn't
>>> have a good installer (and didn't have one at all until recently) by
>>> design; i.e. on purpose.  What you're supposed to do is go to
>>> https://archlinux.org and use the Installation Guide referenced
>>> under
>>> Documentation in the right side panel and get your hands dirty
>>> assembling the system from scratch.  Kind of like how I made my kid
>>> help
>>> me build his first computer from parts. This way you have hands on
>>> knowledge of how your system is set up.
>>>
>>> There are some advantages to this.  Installing Arch on somewhat
>>> non-standard hardware is so much easier than installing, say, Ubuntu
>>> precisely because you're not locked into an installation regime and
>>> can
>>> twiddle with more knobs.  I've had to give up on installing Ubuntu
>>> on
>>> some systems after hours of frustration followed by a quick, easy,
>>> and
>>> deterministic 30 minute installation of Arch. Even the most recent
>>> version of the Ubuntu installer (for example) won't let you
>>> configure
>>> the EFI partition as an md RAID1, which you kind of need if you're
>>> going
>>> to have truly redundant OS disks, which I do by default on nearly
>>> every
>>> machine these days, as SSDs are cheap and my labor expensive, not to
>>> mention that users don't appreciate downtime as much as they should.
>>>
>>> For people who want an Arch system which can be installed by a
>>> novice
>>> with a slick and modern installer, take a look at EndeavorOS,
>>> Manjaro,
>>> or Garuda (among others).  Garuda linux is somewhat new, but they
>>> shot
>>> for the moon at all levels; i.e. not just eye candy, which I
>>> studiously
>>> avoid because I'd rather not waste CPU cycles on stuff like this
>>> when
>>> running multiple VMs all the time; this is some next level stuff:
>>> https://www.youtube.com/watch?v=KK280Y0cNmQ
>>
>> Yes, installing Arch may make it easier to set up on some systems, but
>> for the majority of users, it is over the top. I think I will stick to
>> Debian based distro's, though not Ubuntu, that distro seems to have
>> lost its way.
>>
>> Rowland
>>
>>
>
I had the same error "DNS update failed: NT_STATUS_INVALID_PARAMETER" 
and the reason was wrong netbios name in smb.conf. I had to change it 
and used $(hostname -s).

Mirac

More information about the samba mailing list