[Samba] BIND9 DLZ DNS Back End Timeout on Boot

L. van Belle belle at samba.org
Fri Jun 24 15:01:44 UTC 2022 

Its a hard one, I don’t see directly whats going on here but I did notice a few things. 


> Can't open PID file /usr/local/samba/var/run/samba.pid (yet?) after start:
No such file or directory 

You can set in the systemd service file : 
[Service]
RuntimeDirectory= /usr/local/samba/var/run/

As test you can remove the STUB part and point to the DNS server directly. 
> dns_lookup_send_next: Sending DNS request #0 to 127.0.0.53  

> ldap server require strong auth = Yes 
you can remove that one. Only works with backend ldap. *( as far I know).

> gpo_parse_gplink: link: LDAP://CN={72498053-0691-419F-B60A-BD15DCE34E45},CN=Policies,CN=System,DC=ad2,DC=DOMAIN,DC=eu
> gpo_parse_gplink: opt: 0
> skipping nonenforced GPO link because GPOPTIONS_BLOCK_INHERITANCE has been set
> ads_get_gpo_list: query SITE: [CN=TRISTSNP,CN=Sites,CN=Configuration,DC=ad2,DC=DOMAIN,DC=eu] for GPOs
> ads_get_gpo_link: no 'gPLink' attribute found

I don’t know but, looks like there the AD-DC is, has a GPO deny set. 

Last I see : 
> parse_gpt_ini: no name in /var/cache/samba/gpo_cache/AD2.DOMAIN.EU/POLICIES/{1445968E-23F9-4D5B-8B7C-4D42B68D26BC}/GPT.INI 
parse_gpt_ini: no name, same here I don’t know if its good or wrong. 

> /usr/sbin/samba-gpupdate: Search for (objectclass=*) in <CN=TRISTSNPA43,OU=Linux,OU=AOA,OU=Domain Controllers,DC=ad2,DC=DOMAIN,DC=eu> gave 1 replies
>   /usr/sbin/samba-gpupdate: add_local_groups: SID S-1-5-21-4081981426-3436066561-3860847288-1000 -> getpwuid(3000016) failed, is nsswitch configured? 
/usr/sbin/samba-gpupdate: RuntimeError: Failed to get machine token for 'TRISTSNPA43$'(CN=TRISTSNPA43,OU=Linux,OU=AOA,OU=Domain Controllers,DC=ad2,DC=DOMAIN,DC=eu): The specified account does not exist.

So its found but not found. 

did you remove and rejoin it? And if you removed it, did you make sure you remove all parts, like AD and DNS records? 

Maybe Rowland can see more here. 

but don’t see it, at least, besides above I don’t see strange things. 

☹ 

Louis






> -----Oorspronkelijk bericht-----
> Van: samba <samba-bounces at lists.samba.org> Namens Dale Renton via
> samba
> Verzonden: vrijdag 24 juni 2022 16:06
> Aan: samba at lists.samba.org
> Onderwerp: Re: [Samba] BIND9 DLZ DNS Back End Timeout on Boot
> 
> > How did you provision Samba ?
> 
> I joined this to an already existing 4.13 domain.
> 
> samba-tool domain join ad.example.com DC -U"AD\administrator"
> --dns-backend=BIND9_DLZ --site=SampleSite --option='idmap_ldb:use
> rfc2307 = yes'
> 
> If I run "samba_dnsupdate --verbose" (after systemctl restart named) it tells
> me "No DNS updates needed".
> 
> Thanks
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba

More information about the samba mailing list