Web lists-archives.com

Re: [Samba] After upgrade to 4.9.4, internal DNS no longer working




Hai, 


> I didn’t touch the base system which was upgraded  
Ah.., so you OS was upgraded, as i suspected. 

Then i really suggest, goto my points and make sure your resolving is 100% correct. 
You probely missed a (few) thing(s) after your OS upgrade.... 
As i missed these when i upgrade my Jessie to Stretch.. 

I can check it for you, then can post the output/content of these. 

/etc/hostname
/etc/hosts
/etc/resolv.conf
/etc/nsswitch 

hostnamectl --static
hostnamectl --transient
resolvectl status


And :  sudo samba-tool ntacl sysvolcheck
For now you can still ignore it safely. 


Greetz, 

Louis




> -----Oorspronkelijk bericht-----
> Van: samba [mailto:samba-bounces@xxxxxxxxxxxxxxx] Namens 
> Viktor Trojanovic via samba
> Verzonden: donderdag 27 december 2018 11:58
> Aan: Rowland Penny; samba@xxxxxxxxxxxxxxx
> Onderwerp: Re: [Samba] After upgrade to 4.9.4, internal DNS 
> no longer working
> 
> Hi Louis and Rowland, 
> 
> Thanks for all your input. In answer to your questions, yes, 
> all packages were upgraded to 4.9.4 so that was not the issue 
> – the error messages you’ve seen in this regard are from 
> during the upgrade. I can only guess that something was 
> removed too early. Also both hostname and resolv.conf were 
> set up correctly.  But these points seem moot now as I was 
> able to solve the issue. 
> 
> I didn’t touch the base system which was upgraded but I did 
> downgrade Samba and dependencies (samba, smbclient, 
> libwbclient) back to v4.7.4, I then just overwrote the Samba 
> folder (/var/lib/samba) which contains private and sysvol 
> with a recent backup – and everything works again. Users can 
> log in, GPOs are being distributed. I have not yet tried to 
> upgrade again, I’ll leave this for some other day. 
> 
> samba-tool dbcheck isn’t showing any errors. samba-tool ntacl 
> sysvolcheck does complain about an incorrect db acl on a gpo 
> directory so I ran sysvolreset. The error remains but doesn’t 
> seem to bother the AD otherwise. Still, to be safe, here is 
> the error: 
> 
> $ sudo samba-tool ntacl sysvolcheck
> ERROR(<class 'samba.provision.ProvisioningError'>): uncaught 
> exception - ProvisioningError: DB ACL on GPO directory 
> /var/lib/samba/sysvol/samdom.example.com/Policies/{31B2F340-01
> 6D-11D2-945F-00C04FB984F9} 
> O:LAG:DAD:P(A;OICI;0x001f01ff;;;DA)(A;OICI;0x001f01ff;;;EA)(A;
> OICIIO;0x001f01ff;;;CO)(A;OICI;0x001f01ff;;;DA)(A;OICI;0x001f0
> 1ff;;;SY)(A;OICI;0x001200a9;;;AU)(A;OICI;0x001200a9;;;ED) 
> does not match expected value 
> O:DAG:DAD:P(A;OICI;0x001f01ff;;;DA)(A;OICI;0x001f01ff;;;EA)(A;
> OICIIO;0x001f01ff;;;CO)(A;OICI;0x001f01ff;;;DA)(A;OICI;0x001f0
> 1ff;;;SY)(A;OICI;0x001200a9;;;AU)(A;OICI;0x001200a9;;;ED) 
> from GPO object
>   File 
> "/usr/lib/python2.7/site-packages/samba/netcmd/__init__.py", 
> line 176, in _run
>     return self.run(*args, **kwargs)
>   File 
> "/usr/lib/python2.7/site-packages/samba/netcmd/ntacl.py", 
> line 270, in run
>     lp)
>   File 
> "/usr/lib/python2.7/site-packages/samba/provision/__init__.py"
> , line 1723, in checksysvolacl
>     direct_db_access)
>   File 
> "/usr/lib/python2.7/site-packages/samba/provision/__init__.py"
> , line 1674, in check_gpos_acl
>     domainsid, direct_db_access)
>   File 
> "/usr/lib/python2.7/site-packages/samba/provision/__init__.py"
> , line 1621, in check_dir_acl
>     raise ProvisioningError('%s ACL on GPO directory %s %s 
> does not match expected value %s from GPO object' % 
> (acl_type(direct_db_access), path, fsacl_sddl, acl))
> 
> Any advice on how to take care of this error, or can this be 
> safely ignored? 
> 
> Thanks, 
> Viktor
> 
> 
> From: Rowland Penny via samba
> Sent: Donnerstag, 27. Dezember 2018 11:29
> To: samba@xxxxxxxxxxxxxxx
> Subject: Re: [Samba] After upgrade to 4.9.4, internal DNS no 
> longer working
> 
> On Thu, 27 Dec 2018 11:07:08 +0100
> "L.P.H. van Belle via samba" <samba@xxxxxxxxxxxxxxx> wrote:
> 
> > Gooood morning Rowland, :-) 
> > 
> > Your late ;-).. 
> > What i also did see, so its more clear for others also. 
> > 
> > > Dez 22 21:08:31 dc1 systemd[1]: Starting Samba AD Daemon...
> > > Dez 22 21:08:31 dc1 kernel: audit: type=1131
> > > audit(1545509311.984:52): pid=1 uid=0 auid=4294967295
> > > ses=4294967295 msg='unit=samba comm="systemd"
> > > exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=?
> > > res=failed' Dez 22 21:08:32 dc1 samba[733]: root process[733]:
> > > [2018/12/22
> > 
> > This line:  exe="/usr/lib/systemd/systemd" hostname=? addr=?
> > terminal=? res=failed' 
> > 
> > So incorrect hostname/resolving resulting in this problem. 
> 
> I actually think it could be a symptom and not the root cause. It
> could be that two main things happened, systemd was upgraded and with
> it 'resolved' was installed and smbclient wasn't upgraded.
> 
> I think that if 'resolved' is removed and ALL Samba packages are
> upgraded, he might get it to work again.
> 
> Rowland
> 
> -- 
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
> 
> -- 
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
> 


-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba