[Samba] Strange problem with samba-tool dns query ...
pavel.lisy at gmail.com
pavel.lisy at gmail.com
Fri Apr 5 15:18:12 UTC 2024
On Fri, 2024-04-05 at 15:00 +0100, Rowland Penny via samba wrote:
> On Fri, 05 Apr 2024 15:38:23 +0200
> pavel.lisy at gmail.com wrote:
>
> > On Fri, 2024-04-05 at 08:04 +0100, Rowland Penny via samba wrote:
> > > On Fri, 05 Apr 2024 08:06:10 +0200
> > > PaLi via samba <samba at lists.samba.org> wrote:
> > >
> > > > Hello
> > > >
> > > > I have a strange problem on a brand new installation of samba
> > > > AD
> > > > (samba-4.19.5 on Fedora 39).
> > > >
> > > > Domain controller is dc01.some.domain.org
> > > > Secondary (replicated) controller is dc02.some.domain.org
> > > >
> > > > After clean installation all basic tests seams to be ok.
> > > >
> > > > All these command return correct responses:
> > > >
> > > > smbclient -L localhost -N
> > > > smbclient //localhost/netlogon -U Administrator -c 'ls'
> > > >
> > > > host -t SRV _ldap._tcp.${HOSTNAME#*.}.
> > > > host -t SRV _kerberos._udp.${HOSTNAME#*.}.
> > > > host -t A ${HOSTNAME}.
> > > >
> > > > kinit Administrator
> > > > klist
> > > >
> > > > sudo samba-tool drs showrepl
> > > >
> > > > sudo samba-tool user list --full-dn
> > > > sudo samba-tool group list --full-dn
> > > > sudo samba-tool computer list --full-dn
> > > >
> > > >
> > > > Problem is on dc01.some.domain.org
> > > > this command (and all other variants of "samba-tool dns"):
> > > >
> > > > sudo samba-tool dns zonelist $(hostname) -U Administrator
> > > >
> > > > gets stuck and returns nothing when parameter <server> is
> > > > $(hostname)or$(hostname --short)
> > > >
> > > > when I change $(hostname) to localhost or ip address command is
> > > > responding correctly.
> > > >
> > > >
> > > > This problem is only on primary controller dc01.
> > >
> > > What primary controller ?
> > > All DCs are equal, it is just some may have FSMO roles, this does
> > > not make any a 'primary' . A 'Primary Domain Controller' is
> > > something else
> > > entirely.
> > I mean DC installed first (dc01) by
> > samba-tool domain provision ...
> >
> > other was joined only (dc02) by
> > samba-tool domain join some.domain.org DC ...
>
> That just makes it the first DC and nothing special.
>
> >
> > >
> > > >
> > > > The same commands works on dc02.some.domain.org without
> > > > problems.
>
> They also work for myself on all three of my DCs.
>
> > > >
> > > >
> > > > Even when I run samba-tool dns on dc02.some.domain.org with
> > > > <server>
> > > > dc01
> > > > sudo samba-tool dns zonelist dc01 -U Administrator
> > > >
> > > > it returns correct results.
> > > >
> > > > How can I make samba-tool dns on dco1 work?
> > > > What this behavior could be?
> > > >
> > >
> > > It sounds like DNS.
> > > Can you post the contents of:
> > > /etc/resolv.conf
> > nameserver 192.168.90.21
> > nameserver 192.168.90.3
> > nameserver 192.168.90.1
> > search some.domain.org
>
> Nothing really wrong there, but you really only need to set the DCs
> ipaddress as a nameserver, the others are not required.
>
> >
> > > /etc/hosts
> > 127.0.0.1 localhost localhost.localdomain localhost4
> > localhost4.localdomain4
> > ::1 localhost localhost.localdomain localhost6
> > localhost6.localdomain6
> > 192.168.90.21 dc01.some.domain.org dc01
>
> Again nothing wrong.
>
> >
> >
> > dns resolving works without problems:
> > [admin at dc01 ~]$ nslookup dc01
> > Server: 192.168.90.21
> > Address: 192.168.90.21#53
> >
> > Name:dc01.some.domain.org
> > Address: 192.168.90.21
> >
> >
> > on dc02 is all set similar way and it works
> >
> >
> > On dc01 I've tried add line to /etc/hosts
> > 192.168.90.21 dc05.some.domain.org dc05
> >
> > and then this command works
> > sudo samba-tool dns zonelist dc05 -U Administrator
>
> This rather points to dns, but what ?
> >
> > everything except names with dc01 works correctly.
> >
> > And I don't understand why.
>
> Neither do I.
>
> What dns server are you using ?
> Bind9 or the builtin Samba internal one ?
Samba internal one placed in:
/var/lib/samba/bind-dns/
Now I've found some differences in /etc/krb5.conf
and it seams to be possible root cause.
I will write summary after further testing.
Pavel
More information about the samba
mailing list