Hai,
Ok, below looks ok, as Rowland also said.
But i have one more thing.
> > ?????? Checking file: /etc/krb5.conf
> >
> > [libdefaults]
> > ??? dns_lookup_realm = false
> > ??? dns_lookup_kdc = true
> > ??? default_realm = EDM-INC.COM
> > ??? default_tgs_enctypes = arcfour-hmac-md5 des-cbc-crc des-cbc-md5
> > ??? default_tkt_enctypes = arcfour-hmac-md5 des-cbc-crc des-cbc-md5
Remove the 2 default_*_enctypes lines.
Or set:
default_tgs_enctypes = aes128-cts-hmac-sha1-96 aes256-cts-hmac-sha1-96
rc4-hmac des-cbc-crc des-cbc-md5
default_tkt_enctypes = aes128-cts-hmac-sha1-96 aes256-cts-hmac-sha1-96
rc4-hmac des-cbc-crc des-cbc-md5
permitted_enctypes = aes128-cts-hmac-sha1-96 aes256-cts-hmac-sha1-96
rc4-hmac des-cbc-crc des-cbc-md5
And does it work if you run it like this :
samba-tool dns serverinfo athena -Uadministrator
And test the following.
hostname -s
hostname -d
nslookup $(hostname -f)
dig A $(hostname -f)
dig -x $(hostname -i)
And can you show the output of :
egrep -ri "samba|winbind" /etc/apparmor.d/*
And maybe its an option to try the 4.10.6 package i supply.
Debian buster packages are updated within 1-2 hours.
Greetz,
Louis
> -----Oorspronkelijk bericht-----
> Van: samba [mailto:samba-bounces at lists.samba.org] Namens
> Robert A Wooldridge via samba
> Verzonden: donderdag 25 juli 2019 18:31
> Aan: samba at lists.samba.org
> Onderwerp: Re: [Samba] Serverinfo Error
>
> Here's the output:
>
> > Collected config? --- 2019-07-25-11:25 -----------
> >
> > Hostname: athena
> > DNS Domain: edm-inc.com
> > FQDN: athena.edm-inc.com
> > ipaddress: 10.10.1.10
> >
> > -----------
> >
> > Samba is running as an AD DC
> >
> > -----------
> > ?????? Checking file: /etc/os-release
> >
> > PRETTY_NAME="Debian GNU/Linux 10 (buster)"
> > NAME="Debian GNU/Linux"
> > VERSION_ID="10"
> > VERSION="10 (buster)"
> > VERSION_CODENAME=buster
> > ID=debian
> > HOME_URL="https://www.debian.org/"
> > SUPPORT_URL="https://www.debian.org/support"
> > BUG_REPORT_URL="https://bugs.debian.org/"
> >
> > -----------
> >
> >
> > This computer is running Debian 10.0 x86_64
> >
> > -----------
> > running command : ip a
> > 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state
UNKNOWN
> > group default qlen 1000
> > ??? link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
> > ??? inet 127.0.0.1/8 scope host lo
> > ??? inet6 ::1/128 scope host
> > 2: enp0s25: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc
> > pfifo_fast state UP group default qlen 1000
> > ??? link/ether 00:1c:c0:ec:25:25 brd ff:ff:ff:ff:ff:ff
> > ??? inet 10.10.1.10/16 brd 10.10.255.255 scope global enp0s25
> > ??? inet6 fe80::21c:c0ff:feec:2525/64 scope link
> >
> > -----------
> > ?????? Checking file: /etc/hosts
> >
> > 127.0.0.1?? ?localhost?? ?localhost.localdomain
> > 10.10.1.10?? ?athena.edm-inc.com?? ?athena
> >
> > # The following lines are desirable for IPv6 capable hosts
> > ::1???? localhost ip6-localhost ip6-loopback
> > ff02::1 ip6-allnodes
> > ff02::2 ip6-allrouters
> >
> > -----------
> >
> > ?????? Checking file: /etc/resolv.conf
> >
> > nameserver 10.10.1.10
> > search edm-inc.com
> >
> > -----------
> >
> > ?????? Checking file: /etc/krb5.conf
> >
> > [libdefaults]
> > ??? dns_lookup_realm = false
> > ??? dns_lookup_kdc = true
> > ??? default_realm = EDM-INC.COM
> > ??? default_tgs_enctypes = arcfour-hmac-md5 des-cbc-crc des-cbc-md5
> > ??? default_tkt_enctypes = arcfour-hmac-md5 des-cbc-crc des-cbc-md5
> >
> > #[realms]
> > #?? EDM-INC.COM = {
> > #?? kdc = ADS1.EDM-INC.COM
> > #?? default_domain = EDM-INC.COM
> > #?? }
> >
> > #[domain_realm]
> > #?? .edm-inc.com = EDM-INC.COM
> > #?? edm-inc.com = EDM-INC.COM
> >
> > -----------
> >
> > ?????? Checking file: /etc/nsswitch.conf
> >
> > # /etc/nsswitch.conf
> > #
> > # Example configuration of GNU Name Service Switch functionality.
> > # If you have the `glibc-doc-reference' and `info' packages
> installed,
> > try:
> > # `info libc "Name Service Switch"' for information
about this file.
> >
> > passwd:???????? files systemd
> > group:????????? files systemd
> > shadow:???????? files
> > gshadow:??????? files
> >
> > hosts:????????? files mdns4_minimal [NOTFOUND=return] dns
> > networks:?????? files
> >
> > protocols:????? db files
> > services:?????? db files
> > ethers:???????? db files
> > rpc:??????????? db files
> >
> > netgroup:?????? nis
> >
> > -----------
> >
> > ?????? Checking file: /etc/samba/smb.conf
> >
> > # Global parameters
> > [global]
> > ?? ?log level = 1
> > ?? ?netbios name = ATHENA
> > ?? ?realm = EDM-INC.COM
> > ?? ?server role = active directory domain controller
> > ?? ?workgroup = EDM
> > ??????? dns forwarder = 10.10.1.1
> >
> > [netlogon]
> > ?? ?path = /var/lib/samba/sysvol/edm-inc.com/scripts
> > ?? ?read only = No
> >
> > [sysvol]
> > ?? ?path = /var/lib/samba/sysvol
> > ?? ?read only = No
> >
> > -----------
> >
> > BIND_DLZ not detected in smb.conf
> >
> > -----------
> >
> > Installed packages:
> > ii? acl 2.2.53-4??????????????????????? amd64??????? access control
> > list - utilities
> > ii? attr 1:2.4.48-4????????????????????? amd64??????? utilities for
> > manipulating filesystem extended attributes
> > ii? fonts-quicksand 0.2016-2??????????????????????? all?????????
> > sans-serif font with round attributes
> > ii? krb5-config 2.6???????????????????????????? all?????????
> > Configuration files for Kerberos Version 5
> > ii? krb5-locales 1.17-3????????????????????????? all?????????
> > internationalization support for MIT Kerberos
> > ii? krb5-user 1.17-3????????????????????????? amd64??????? basic
> > programs to authenticate using MIT Kerberos
> > ii? libacl1:amd64 2.2.53-4??????????????????????? amd64?????
> ?? access
> > control list - shared library
> > ii? libacl1-dev:amd64 2.2.53-4??????????????????????? amd64???????
> > access control list - static libraries and headers
> > ii? libattr1:amd64 1:2.4.48-4????????????????????? amd64???????
> > extended attribute handling - shared library
> > ii? libattr1-dev:amd64 1:2.4.48-4????????????????????? amd64???????
> > extended attributes handling - static libraries and headers
> > ii? libcrypt-smbhash-perl 0.12-4?????????????????????????
> all?????????
> > generate LM/NT hash of a password for samba
> > ii? libgssapi-krb5-2:amd64 1.17-3?????????????????????????
> > amd64??????? MIT Kerberos runtime libraries - krb5 GSS-API Mechanism
> > ii? libkrb5-3:amd64 1.17-3????????????????????????? amd64???
> ???? MIT
> > Kerberos runtime libraries
> > ii? libkrb5support0:amd64 1.17-3?????????????????????????
> amd64???????
> > MIT Kerberos runtime libraries - Support library
> > ii? libnss-winbind:amd64 2:4.9.5+dfsg-5?????????????????
> amd64???????
> > Samba nameservice integration plugins
> > ii? libpam-krb5:amd64 4.8-2?????????????????????????? amd64?
> ?????? PAM
> > module for MIT Kerberos
> > ii? libpam-winbind:amd64 2:4.9.5+dfsg-5?????????????????
> amd64???????
> > Windows domain authentication integration plugin
> > ii? libsmbclient:amd64 2:4.9.5+dfsg-5????????????????? amd64???????
> > shared library for communication with SMB/CIFS servers
> > ii? libwbclient0:amd64 2:4.9.5+dfsg-5????????????????? amd64???????
> > Samba winbind client library
> > ii? python-samba 2:4.9.5+dfsg-5????????????????? amd64??????
> ? Python
> > bindings for Samba
> > ii? samba 2:4.9.5+dfsg-5????????????????? amd64???????
> SMB/CIFS file,
> > print, and login server for Unix
> > ii? samba-common 2:4.9.5+dfsg-5????????????????? all????????
> ? common
> > files used by both the Samba server and client
> > ii? samba-common-bin 2:4.9.5+dfsg-5????????????????? amd64???????
> > Samba common files used by both the server and the client
> > ii? samba-dsdb-modules:amd64 2:4.9.5+dfsg-5?????????????????
> > amd64??????? Samba Directory Services Database
> > ii? samba-libs:amd64 2:4.9.5+dfsg-5????????????????? amd64???????
> > Samba core libraries
> > ii? samba-vfs-modules:amd64 2:4.9.5+dfsg-5?????????????????
> > amd64??????? Samba Virtual FileSystem plugins
> > ii? winbind 2:4.9.5+dfsg-5????????????????? amd64??????? service to
> > resolve user and group information from Windows NT servers
> >
> > -----------
>
>
>
> --
>
> Bob Wooldridge
>
> IT Director
>
>
> EDM Incorporated 220 Mansion House Center Suite 300 ? St.
> Louis, MO 63102
>
> Office 314.231.5485 ? ? ? Direct: 314.335.6911 ? ? rw at edm-inc.com
>
> Link to my Calendar
> <https://groupware.edm-inc.com/SOGo/dav/public/bob.wooldridge@
> edm-inc.com/Calendar/personal.ics>
>
>
> ENGINEERING DESIGN SOLUTIONS SINCE 1973
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
>
>