samba-users May 2010 archive
Main Archive Page > Month Archives  > samba-users archives
samba-users: Re: [Samba] samba and bind9 problem

Re: [Samba] samba and bind9 problem

From: Michael Wood <esiotrot_at_nospam>
Date: Sat May 22 2010 - 21:55:20 GMT
To: Aleksandar Nasuovski <aleksandarn@sbb.rs>

On 22 May 2010 17:37, Aleksandar Nasuovski <aleksandarn@sbb.rs> wrote:
> I'know that, maybe the problem is ALPHA version of samba4 and lack of
> documentation.

Well, of course it is alpha and the documentation is a bit rough, but
I think it works pretty well anyway :) And to be fair, the DNS
updates have more to do with bind9 than Samba. I got it to work by
reading bind9 docs and using strace and reading logs.

Unfortunately it seems it is more difficult to get write access to the
wiki than it is to get Samba4 working ;) otherwise I might make some
small improvements to the HOWTO.

> If i test the nslookup with pc witch is not domain memeber resolving work
> wery well. :D

Your nslookup tests should work from all hosts, whether or not they
are joined to the domain. This is just DNS and has nothing really to
do with Samba.

I have now managed to get dynamic DNS updates working. Putting the
environment variables into /etc/default/bind9 had no effect
whatsoever. This is what I did instead:

Made sure I had the 'include
"/usr/local/samba/private/named.conf.update";' statement in the zone.

Added the following to the "options" section (in Ubuntu this is in
/etc/bind/named.conf.options.)

        tkey-gssapi-credential "DNS/my.domain";
        tkey-domain "my.domain";

Convinced named to use /usr/local/samba/private/dns.keytab. (I did
not find another way to convince named to use it):

$ sudo ln -s /usr/local/samba/private/dns.keytab /etc/krb5.keytab

Made some changes to appease apparmor. (This may or may not be
necessary on your machine. You might have to do something similar for
SELinux if you use that):

/etc/apparmor.d/usr.sbin.named:

  /usr/local/samba/private/named.conf.update r,
  /usr/local/samba/private/dns.keytab kr,
  /var/tmp/DNS_102 rw,

I'm not sure if the DNS_102 one will be correct in general, but that's
what my instance of bind9 wanted to use. If it doesn't work for you,
try running named through strace or increasing the debug level of
named using the -d option.

I think that was all. Unfortunately I didn't have /etc on the VM
under revision control from the beginning.

Now my samba_dnsupdate works, but it's very slow to actually do
anything, because one of the things it does first is read from
/dev/random. I'm running it on a virtual machine with not much
entropy, so it has to wait for quite a while before it gets enough
from /dev/random. After that it does the update.

> On Sat, May 22, 2010 at 3:23 PM, Michael Wood <esiotrot@gmail.com> wrote:
>>
>> On 22 May 2010 03:38, Aleksandar Nasuovski <aleksandarn@sbb.rs> wrote:
>> >
>> > Here is output when i start the samba4 :
>> > ../dsdb/dns/dns_update.c:249: Failed DNS update - NT_STATUS_IO_TIMEOUT
>> > ../dsdb/dns/dns_update.c:278: Failed SPN update - NT_STATUS_IO_TIMEOUT
>>
>> Do you get any more useful information if you start Samba with higher
>> debugging level (e.g. -d4)?
>>
>> Does bind9 log anything about it? e.g. in /var/log/daemon.log or
>> /var/log/messages?
>>
>> > Here is output of command on the client :
>> > What in the first lookup tell me Server UnKnown?
>>
>> That's because the reverse DNS is not configured. nslookup tries to
>> resolve the IP address of the name server to a name.
>>
>> I set up the reverse DNS to avoid this sort of thing, although it's
>> not strictly necessary for Samba to work.
>>
>> I am also having trouble getting the dynamic DNS updates to work. The
>> HOWTO seems to lack something in that section, but Samba still works
>> fine and I can join a Windows machine to the domain etc.
>>
>> >> set type=srv
>> >> _ldap._tcp.test.com
>> > Server: UnKnown
>> > Address: 192.168.100.1
>> > _ldap._tcp.test.com SRV service location:
>> > priority = 0
>> > weight = 100
>> > port = 389
>> > svr hostname = dc.test.com
>> > test.com nameserver = dc.test.com
>> > dc.test.com internet address = 192.168.100.1
>> >> _ldap._udp.test.com
>> > Server: UnKnown
>> > Address: 192.168.100.1
>> > etc...
>> > C:\Documents and Settings\Administrator>nslookup dc.test.com
>> > *** Can't find server name for address 192.168.100.1: Non-existent
>> > domain
>> > *** Default servers are not available
>> > Server: UnKnown
>> > Address: 192.168.100.1
>> > Name: dc.test.com
>> > Address: 192.168.100.1
>> >
>> > C:\Documents and Settings\Administrator>
>> >
>> > On Fri, May 21, 2010 at 5:12 PM, Michael Wood <esiotrot@gmail.com>
>> > wrote:
>> >>
>> >> On 21 May 2010 12:12, Aleksandar Nasuovski <aleksandarn@sbb.rs> wrote:
>> >> > It's samba4 12 last test release.
>> >> > It's Ubuntu server last release.
>> >> > There is no firewall on the Ubuntu.
>> >> > I seen that when i try to do nslookup from the joined pc, there is no
>> >> > replay.
>> >>
>> >> So, do the tests in step 8 of the Samba4 HOWTO all pass?
>> >>
>> >> http://wiki.samba.org/index.php/Samba4/HOWTO#Step_8_Configure_DNS
>> >>
>> >> They should also work from the Windows PC (but you will have to use
>> >> nslookup instead.)
>> >>
>> >> Something like:
>> >>
>> >> C:\> nslookup
>> >> set type=srv
>> >> _ldap._tcp.your.domain
>> >>
>> >> etc.
>> >>
>> >> If the DNS tests do not work, check that you have bind9 correctly
>> >> configured and running.
>> >>
>> >> > On Fri, May 21, 2010 at 11:58 AM, Michael Wood <mwood@bluebird.co.za>
>> >> > wrote:
>> >> >>
>> >> >> On 21 May 2010 00:16, Aleksandar Nasuovski <aleksandarn@sbb.rs>
>> >> >> wrote:
>> >> >> > I followed the manual and got 3 problems
>> >> >>
>> >> >> Is this with Samba4?
>> >> >>
>> >> >> > 1. When i start samba i got error:
>> >> >> >
>> >> >> > ../dsdb/dns/dns_update.c:249: Failed DNS update -
>> >> >> > NT_STATUS_IO_TIMEOUT
>> >> >>
>> >> >> Maybe you have firewall issues?
>> >> >>
>> >> >> > 2. When i join some computer bind9 doesent update the host in DNS.
>> >> >> >
>> >> >> > 3. When i start command /usr/local/samba/sbin/samba_dnsupdate
>> >> >> > --verbose
>> >> >> > shell sometimes back result sometimes not.''
>> >> >>
>> >> >> Do you get any useful error messages when running that?

-- Michael Wood <esiotrot@gmail.com> -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba