Web lists-archives.com

Re: [Samba] After upgrade to 4.9.4, internal DNS no longer working




On Wed, 26 Dec 2018 14:40:10 +0100
Viktor Trojanovic <viktor@xxxxxxxx> wrote:

> Hi Rowland,
> 
> Thanks for taking an interest.
> 
> On Wed, 26 Dec 2018 at 14:27, Rowland Penny via samba
> <samba@xxxxxxxxxxxxxxx> wrote:
> 
> > On Wed, 26 Dec 2018 11:43:37 +0100
> > Viktor Trojanovic <viktor@xxxxxxxx> wrote:
> >
> > > I could really use some support with this. I understand it's
> > > always possible to just restore from a backup but the more
> > > interesting question is if something can be done with the data at
> > > hand. Basically, I'm trying to understand how it's possible that
> > > a dbcheck shows no errors, an ldbsearch is successful, and yet
> > > it's not possible to start the AD properly. What else is there
> > > that could be corrupted, and is there a way to repair it?
> > >
> >
> > OK, I have been reviewing all the posts in this thread and I have a
> > few questions ;-)
> >
> > You posted that you are running the DC using the internal DNS
> > server, but you also posted this:
> >
> > All checks on the flat files work fine
> >
> > What 'flat files' ?
> > Are you referring to Bind9 flat files ?
> >
> >
> No. I meant the *.tdb and *.ldb files in the samba directory. I'm
> using the internal DNS server, I don't have Bind installed, never had.

Good, 'flat files' usually refers to the Bind9 zones conf files.
  
> 
> 
> > There is also this:
> >
> > kdc_task_init: Cannot determine if we are an RODC: operations error
> > at ../source4/dsdb/common/util.c:3534
> > task_server_terminate: task_server_terminate: [kdc:
> > krb5_init_context samdb RODC connect failed]
> >
> > Why is 'RODC' getting mentioned ?
> >
> >
> I don't even know what RODC is. :) This is a regular AD DC install as
> it is described on the Wiki, I didn't do anything exotic there.

A normal DC is an RWDC (Read Write Domain Controller), an RODC is a
'Read Only Domain Controller'

For some reason, Your Samba is getting confused

> 
> 
> > Can you post the contents of:
> >
> > /etc/hostname
> >
> 
> DC1
> 
> 
> > /etc/nsswitch.conf
> >
> >
> passwd: files winbind mymachines systemd
> group: files winbind mymachines systemd
> shadow: files
> 
> publickey: files
> 
> hosts: files mymachines myhostname resolve [!UNAVAIL=return] dns

Try the above line like this:

hosts: files dns

> networks: files
> 
> protocols: files
> services: files
> ethers: files
> rpc: files
> 
> netgroup: files
> 
> 
> Could the separate Samba daemons (smbd, nmbd, winbind) be being
> started
> > instead of/as well as the 'samba' daemon ?
> >
> >
> No, it's really just the "Samba AD Daemon" (samba.service). smbd
> (smb.service), nmbd (nmb.service), as well as winbindd
> (winbind.service) are not started. As you could see from the log, the
> binaries such as smbd and winbindd are indeed started but I guess
> that is done by Samba automatically?

Yes, the 'samba' daemon does start smbd & winbind, but it was just a
thought.

Check if systemd is starting any other dns server (resolved ?)

Rowland


-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba