[Samba] Joining a new Samba AD DC

Mark Foley mfoley at novatec-inc.com
Mon Jul 31 15:17:08 UTC 2023

On Jul 31 03:00:37 2023 Rowland Penny via samba <samba at lists.samba.org> wrote:

> On 30/07/2023 22:24, Mark Foley via samba wrote:
> > That gave me:
> > 
> > # host -t A 0d2a3ba9-4ade-45de-85c7-321ba69caee0._msdcs.hprs.local
> > host: idnkit idn_encodename to idn failed: prohibited character found
> > 
> That is strange, if I obtain the GUID's on my DCs and run a similar 
> command, I get this:
> adminuser at rpidc1:~ $ host -t A 
> fb453823-737c-4a8b-93e1-dc197e236d50._msdcs.samdom.example.com
> fb453823-737c-4a8b-93e1-dc197e236d50._msdcs.samdom.example.com is an 
> alias for rpidc1.samdom.example.com.
> rpidc1.samdom.example.com has address
> Rowland

It could be a difference in host command versions (I have version 9.11.37), as
well as my version of Samba on the current DC is very old (4.8.2).  It seems to
me to get your results the host command has to be aware of the Samba DC config.
The host version on my "new" DC is 9.16.42.

My results when running 'host -t A':

# host -t A 
Usage: host [-aCdilrTvVw] [-c class] [-N ndots] [-t type] [-W time]
            [-R number] [-m flag] hostname [server]
       -a is equivalent to -v -t ANY
       -c specifies query class for non-IN data
       -C compares SOA records on authoritative nameservers
       -d is equivalent to -v
       -i IP6.INT reverse lookups
       -l lists all hosts in a domain, using AXFR
       -m set memory debugging flag (trace|record|usage)
       -N changes the number of dots allowed before root lookup is done
       -p specifies the port on the server to query
       -r disables recursive processing
       -R specifies number of retries for UDP packets
       -s a SERVFAIL response should stop query
       -t specifies the query type
       -T enables TCP/IP mode
       -U enables UDP mode
       -v enables verbose output
       -V print version number and exit
       -w specifies to wait forever for a reply
       -W specifies how long to wait for a reply
       -4 use IPv4 query transport only
       -6 use IPv6 query transport only

It looks like a hostname is required.

The "prohibited character" error seems really odd. I found this: 
https://bind-users.isc.narkive.com/9nA0Aqea/idn-dig-and-underscore which is a
very similar problem related to the underscore. However, unlike the author 'dig'
works for me, albeit it does give a warning about the .local. Perhaps this is
part of the problem?

# dig 0d2a3ba9-4ade-45de-85c7-321ba69caee0._msdcs.hprs.local 

; <<>> DiG 9.11.37 <<>> 0d2a3ba9-4ade-45de-85c7-321ba69caee0._msdcs.hprs.local
;; global options: +cmd
;; Got answer:
;; WARNING: .local is reserved for Multicast DNS
;; You are currently testing what happens when an mDNS query is leaked to DNS
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 34161
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

; EDNS: version: 0, flags:; udp: 1232
; COOKIE: d5d048ee14fed75757f3619b64c7cad7587b47cc169284b0 (good)
;0d2a3ba9-4ade-45de-85c7-321ba69caee0._msdcs.hprs.local.        IN A

hprs.local.             3600    IN      SOA     mail.hprs.local. hostmaster.hprs.local. 2014159838 10800 3600 28800 3600

If I remove the underscore from the 0d2a3ba9-4ade-45de-85c7-321ba69caee0._msdcs.hprs.local'
the 'host -t A 0d2...' command does not give the "prohibited character found"
error, but of course doesn't find the host.

> Of the top of my head, is the locale set up correctly ?

My local is en_US.UTF-8 and TZ is EDT -0400.

# locale

More information about the samba mailing list