[Samba] GPO on a DC

samba-ml-en samba-ml-en at protonmail.com
Fri Jun 24 11:01:56 UTC 2022 

Hello Louis,

$host tristsnpa43.ad2.domain.eu
tristsnpa43.ad2.domain.eu has address 10.10.20.43
$dig tristsnpa43.ad2.domain.eu +short
10.10.20.43

$host 10.10.20.43
43.20.10.10.in-addr.arpa domain name pointer tristsnpa43.ad2.domain.eu.
$dig -x 10.10.20.43 +short
tristsnpa43.ad2.domain.eu.

$resolvectl
Global
       Protocols: -LLMNR -mDNS -DNSOverTLS DNSSEC=no/unsupported
resolv.conf mode: stub

Link 2 (vlan10)
    Current Scopes: DNS
         Protocols: -DefaultRoute -LLMNR -mDNS -DNSOverTLS DNSSEC=yes/supported
Current DNS Server: 10.10.10.9
       DNS Servers: 10.10.10.9
        DNS Domain: ~inf.domain.eu

Link 3 (vlan20)
    Current Scopes: DNS
         Protocols: +DefaultRoute -LLMNR -mDNS -DNSOverTLS DNSSEC=yes/supported
Current DNS Server: 127.0.0.1
       DNS Servers: 127.0.0.1
        DNS Domain: ad2.domain.eu ~.


For named, I have
systemctl edit named.service<<EOF
[Service]
ExecReload=
ExecReload=/usr/bin/systemctl restart named.service
ExecStartPost=/bin/sleep 10
[Unit]
After=
After=network.target network-online.target
EOF
}

For samba-ad-dc, I have
systemctl edit samba-ad-dc.service<<EOF
[Unit]
After=
After=network.target network-online.target named.service
EOF
}

Also as I previously mentioned:

Problem appears
1) on first start after boot
2) if systemctl restart samba-ad-dc (which rules out a problem with named since it is not restarted)
3) after the refresh period of 90mn +-30mn

Problem is NOT exhibited when
ssh to dc as root, run samba-gpupdate --force, -X, --rsop

I can sent a d10 log of working and not working examples, however, I could not find a way to get similar looking logs
samba-gpupdate --force -d10
cat /var/log/samba/log.winbindd will give a very detailed log.

I tried to add in smb.conf gpo update command=/usr/sbin/samba-gpupdate -d10 but the log does not look the same.

Anyway, here are the logs attached.

Have a great day,

Eric



------- Original Message -------
On Friday, June 24th, 2022 at 10:29 AM, L. van Belle via samba <samba at lists.samba.org> wrote:


> Just wondering here.
>
> Dit you check you A/PTR records of that new joined server.
> and, did you configure the start order of the services, especially if you
> use bind_DLZ
>
>
> In that case.
> systemctl edit bind9
> add:
>
> [Service]
> # Disable reloading completely.
> ExecReload=
> # Or set it to restart, above line is needed also,
> # so if needed only enable one below here.
> #ExecReload=/usr/sbin/rndc restart
>
>
> systemctl edit samba-ad-dc
>
> add :
> [Unit]
> After=network.target network-online.target bind9.service named.service
>
> # These below might not be needed anymore.
> [Service]
> NotifyAccess=all
>
>
> systemctl daemon-reload
> systemctl stop samba-ad-dc bind9
> systemctl start samba-ad-dc bind9
>
> check logs, reboot, let us know the result.
>
> Greetz,
>
> Louis
>
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: working.txt
URL: <http://lists.samba.org/pipermail/samba/attachments/20220624/078b2f0f/working.txt>

More information about the samba mailing list