Hai, Ok, below looks ok, as Rowland also said. But i have one more thing.> > ?????? Checking file: /etc/krb5.conf > > > > [libdefaults] > > ??? dns_lookup_realm = false > > ??? dns_lookup_kdc = true > > ??? default_realm = EDM-INC.COM > > ??? default_tgs_enctypes = arcfour-hmac-md5 des-cbc-crc des-cbc-md5 > > ??? default_tkt_enctypes = arcfour-hmac-md5 des-cbc-crc des-cbc-md5Remove the 2 default_*_enctypes lines. Or set: default_tgs_enctypes = aes128-cts-hmac-sha1-96 aes256-cts-hmac-sha1-96 rc4-hmac des-cbc-crc des-cbc-md5 default_tkt_enctypes = aes128-cts-hmac-sha1-96 aes256-cts-hmac-sha1-96 rc4-hmac des-cbc-crc des-cbc-md5 permitted_enctypes = aes128-cts-hmac-sha1-96 aes256-cts-hmac-sha1-96 rc4-hmac des-cbc-crc des-cbc-md5 And does it work if you run it like this : samba-tool dns serverinfo athena -Uadministrator And test the following. hostname -s hostname -d nslookup $(hostname -f) dig A $(hostname -f) dig -x $(hostname -i) And can you show the output of : egrep -ri "samba|winbind" /etc/apparmor.d/* And maybe its an option to try the 4.10.6 package i supply. Debian buster packages are updated within 1-2 hours. Greetz, Louis> -----Oorspronkelijk bericht----- > Van: samba [mailto:samba-bounces at lists.samba.org] Namens > Robert A Wooldridge via samba > Verzonden: donderdag 25 juli 2019 18:31 > Aan: samba at lists.samba.org > Onderwerp: Re: [Samba] Serverinfo Error > > Here's the output: > > > Collected config? --- 2019-07-25-11:25 ----------- > > > > Hostname: athena > > DNS Domain: edm-inc.com > > FQDN: athena.edm-inc.com > > ipaddress: 10.10.1.10 > > > > ----------- > > > > Samba is running as an AD DC > > > > ----------- > > ?????? Checking file: /etc/os-release > > > > PRETTY_NAME="Debian GNU/Linux 10 (buster)" > > NAME="Debian GNU/Linux" > > VERSION_ID="10" > > VERSION="10 (buster)" > > VERSION_CODENAME=buster > > ID=debian > > HOME_URL="https://www.debian.org/" > > SUPPORT_URL="https://www.debian.org/support" > > BUG_REPORT_URL="https://bugs.debian.org/" > > > > ----------- > > > > > > This computer is running Debian 10.0 x86_64 > > > > ----------- > > running command : ip a > > 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN > > group default qlen 1000 > > ??? link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 > > ??? inet 127.0.0.1/8 scope host lo > > ??? inet6 ::1/128 scope host > > 2: enp0s25: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc > > pfifo_fast state UP group default qlen 1000 > > ??? link/ether 00:1c:c0:ec:25:25 brd ff:ff:ff:ff:ff:ff > > ??? inet 10.10.1.10/16 brd 10.10.255.255 scope global enp0s25 > > ??? inet6 fe80::21c:c0ff:feec:2525/64 scope link > > > > ----------- > > ?????? Checking file: /etc/hosts > > > > 127.0.0.1?? ?localhost?? ?localhost.localdomain > > 10.10.1.10?? ?athena.edm-inc.com?? ?athena > > > > # The following lines are desirable for IPv6 capable hosts > > ::1???? localhost ip6-localhost ip6-loopback > > ff02::1 ip6-allnodes > > ff02::2 ip6-allrouters > > > > ----------- > > > > ?????? Checking file: /etc/resolv.conf > > > > nameserver 10.10.1.10 > > search edm-inc.com > > > > ----------- > > > > ?????? Checking file: /etc/krb5.conf > > > > [libdefaults] > > ??? dns_lookup_realm = false > > ??? dns_lookup_kdc = true > > ??? default_realm = EDM-INC.COM > > ??? default_tgs_enctypes = arcfour-hmac-md5 des-cbc-crc des-cbc-md5 > > ??? default_tkt_enctypes = arcfour-hmac-md5 des-cbc-crc des-cbc-md5 > > > > #[realms] > > #?? EDM-INC.COM = { > > #?? kdc = ADS1.EDM-INC.COM > > #?? default_domain = EDM-INC.COM > > #?? } > > > > #[domain_realm] > > #?? .edm-inc.com = EDM-INC.COM > > #?? edm-inc.com = EDM-INC.COM > > > > ----------- > > > > ?????? Checking file: /etc/nsswitch.conf > > > > # /etc/nsswitch.conf > > # > > # Example configuration of GNU Name Service Switch functionality. > > # If you have the `glibc-doc-reference' and `info' packages > installed, > > try: > > # `info libc "Name Service Switch"' for information about this file. > > > > passwd:???????? files systemd > > group:????????? files systemd > > shadow:???????? files > > gshadow:??????? files > > > > hosts:????????? files mdns4_minimal [NOTFOUND=return] dns > > networks:?????? files > > > > protocols:????? db files > > services:?????? db files > > ethers:???????? db files > > rpc:??????????? db files > > > > netgroup:?????? nis > > > > ----------- > > > > ?????? Checking file: /etc/samba/smb.conf > > > > # Global parameters > > [global] > > ?? ?log level = 1 > > ?? ?netbios name = ATHENA > > ?? ?realm = EDM-INC.COM > > ?? ?server role = active directory domain controller > > ?? ?workgroup = EDM > > ??????? dns forwarder = 10.10.1.1 > > > > [netlogon] > > ?? ?path = /var/lib/samba/sysvol/edm-inc.com/scripts > > ?? ?read only = No > > > > [sysvol] > > ?? ?path = /var/lib/samba/sysvol > > ?? ?read only = No > > > > ----------- > > > > BIND_DLZ not detected in smb.conf > > > > ----------- > > > > Installed packages: > > ii? acl 2.2.53-4??????????????????????? amd64??????? access control > > list - utilities > > ii? attr 1:2.4.48-4????????????????????? amd64??????? utilities for > > manipulating filesystem extended attributes > > ii? fonts-quicksand 0.2016-2??????????????????????? all????????? > > sans-serif font with round attributes > > ii? krb5-config 2.6???????????????????????????? all????????? > > Configuration files for Kerberos Version 5 > > ii? krb5-locales 1.17-3????????????????????????? all????????? > > internationalization support for MIT Kerberos > > ii? krb5-user 1.17-3????????????????????????? amd64??????? basic > > programs to authenticate using MIT Kerberos > > ii? libacl1:amd64 2.2.53-4??????????????????????? amd64????? > ?? access > > control list - shared library > > ii? libacl1-dev:amd64 2.2.53-4??????????????????????? amd64??????? > > access control list - static libraries and headers > > ii? libattr1:amd64 1:2.4.48-4????????????????????? amd64??????? > > extended attribute handling - shared library > > ii? libattr1-dev:amd64 1:2.4.48-4????????????????????? amd64??????? > > extended attributes handling - static libraries and headers > > ii? libcrypt-smbhash-perl 0.12-4????????????????????????? > all????????? > > generate LM/NT hash of a password for samba > > ii? libgssapi-krb5-2:amd64 1.17-3????????????????????????? > > amd64??????? MIT Kerberos runtime libraries - krb5 GSS-API Mechanism > > ii? libkrb5-3:amd64 1.17-3????????????????????????? amd64??? > ???? MIT > > Kerberos runtime libraries > > ii? libkrb5support0:amd64 1.17-3????????????????????????? > amd64??????? > > MIT Kerberos runtime libraries - Support library > > ii? libnss-winbind:amd64 2:4.9.5+dfsg-5????????????????? > amd64??????? > > Samba nameservice integration plugins > > ii? libpam-krb5:amd64 4.8-2?????????????????????????? amd64? > ?????? PAM > > module for MIT Kerberos > > ii? libpam-winbind:amd64 2:4.9.5+dfsg-5????????????????? > amd64??????? > > Windows domain authentication integration plugin > > ii? libsmbclient:amd64 2:4.9.5+dfsg-5????????????????? amd64??????? > > shared library for communication with SMB/CIFS servers > > ii? libwbclient0:amd64 2:4.9.5+dfsg-5????????????????? amd64??????? > > Samba winbind client library > > ii? python-samba 2:4.9.5+dfsg-5????????????????? amd64?????? > ? Python > > bindings for Samba > > ii? samba 2:4.9.5+dfsg-5????????????????? amd64??????? > SMB/CIFS file, > > print, and login server for Unix > > ii? samba-common 2:4.9.5+dfsg-5????????????????? all???????? > ? common > > files used by both the Samba server and client > > ii? samba-common-bin 2:4.9.5+dfsg-5????????????????? amd64??????? > > Samba common files used by both the server and the client > > ii? samba-dsdb-modules:amd64 2:4.9.5+dfsg-5????????????????? > > amd64??????? Samba Directory Services Database > > ii? samba-libs:amd64 2:4.9.5+dfsg-5????????????????? amd64??????? > > Samba core libraries > > ii? samba-vfs-modules:amd64 2:4.9.5+dfsg-5????????????????? > > amd64??????? Samba Virtual FileSystem plugins > > ii? winbind 2:4.9.5+dfsg-5????????????????? amd64??????? service to > > resolve user and group information from Windows NT servers > > > > ----------- > > > > -- > > Bob Wooldridge > > IT Director > > > EDM Incorporated 220 Mansion House Center Suite 300 ? St. > Louis, MO 63102 > > Office 314.231.5485 ? ? ? Direct: 314.335.6911 ? ? rw at edm-inc.com > > Link to my Calendar > <https://groupware.edm-inc.com/SOGo/dav/public/bob.wooldridge@ > edm-inc.com/Calendar/personal.ics> > > > ENGINEERING DESIGN SOLUTIONS SINCE 1973 > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba > >
On 07/26/2019 01:19 AM, L.P.H. van Belle via samba wrote:> Hai, > > Ok, below looks ok, as Rowland also said. > > But i have one more thing. > >>> ?????? Checking file: /etc/krb5.conf >>> >>> [libdefaults] >>> ??? dns_lookup_realm = false >>> ??? dns_lookup_kdc = true >>> ??? default_realm = EDM-INC.COM >>> ??? default_tgs_enctypes = arcfour-hmac-md5 des-cbc-crc des-cbc-md5 >>> ??? default_tkt_enctypes = arcfour-hmac-md5 des-cbc-crc des-cbc-md5 > Remove the 2 default_*_enctypes lines. > > Or set: > default_tgs_enctypes = aes128-cts-hmac-sha1-96 aes256-cts-hmac-sha1-96 rc4-hmac des-cbc-crc des-cbc-md5 > default_tkt_enctypes = aes128-cts-hmac-sha1-96 aes256-cts-hmac-sha1-96 rc4-hmac des-cbc-crc des-cbc-md5 > permitted_enctypes = aes128-cts-hmac-sha1-96 aes256-cts-hmac-sha1-96 rc4-hmac des-cbc-crc des-cbc-md5Using this, I needed to put those two lines in because I couldn't join the domain without them> > And does it work if you run it like this : > samba-tool dns serverinfo athena -UadministratorNo: athena:~# samba-tool dns serverinfo athena -Uadministrator Password for [EDM\administrator]: ERROR(runtime): uncaught exception - (9717, 'WERR_DNS_ERROR_DS_UNAVAILABLE') ? File "/usr/lib/python2.7/dist-packages/samba/netcmd/__init__.py", line 177, in _run ??? return self.run(*args, **kwargs) ? File "/usr/lib/python2.7/dist-packages/samba/netcmd/dns.py", line 564, in run ??? None, 'ServerInfo')> > And test the following. > > hostname -sathena:~# hostname -s athena> hostname -dathena:~# hostname -d edm-inc.com> > nslookup $(hostname -f)athena:~# nslookup $(hostname -f) Server:???????? 10.10.1.10 Address:??????? 10.10.1.10#53 Name:?? athena.edm-inc.com Address: 10.10.1.10> dig A $(hostname -f)athena:~# dig A $(hostname -f) ; <<>> DiG 9.11.5-P4-5.1-Debian <<>> A athena.edm-inc.com ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 54135 ;; flags: qr aa rd ra ad; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 0 ;; QUESTION SECTION: ;athena.edm-inc.com.??????????? IN????? A ;; ANSWER SECTION: athena.edm-inc.com.???? 900???? IN????? A?????? 10.10.1.10 ;; AUTHORITY SECTION: edm-inc.com.??????????? 3600??? IN????? SOA???? athena.edm-inc.com. hostmaster.edm-inc.com. 148 900 600 86400 3600 ;; Query time: 0 msec ;; SERVER: 10.10.1.10#53(10.10.1.10) ;; WHEN: Fri Jul 26 11:06:31 CDT 2019 ;; MSG SIZE? rcvd: 99> dig -x $(hostname -i)athena:~# dig -x $(hostname -i) ; <<>> DiG 9.11.5-P4-5.1-Debian <<>> -x 10.10.1.10 ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 59884 ;; flags: qr aa rd ra ad; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 0 ;; QUESTION SECTION: ;10.1.10.10.in-addr.arpa.?????? IN????? PTR ;; ANSWER SECTION: 10.1.10.10.in-addr.arpa. 3600?? IN????? PTR???? athena. ;; AUTHORITY SECTION: 10.10.in-addr.arpa.???? 3600??? IN????? SOA???? athena.edm-inc.com. hostmaster.edm-inc.com. 1 900 600 86400 3600 ;; Query time: 0 msec ;; SERVER: 10.10.1.10#53(10.10.1.10) ;; WHEN: Fri Jul 26 11:06:51 CDT 2019 ;; MSG SIZE? rcvd: 126> > And can you show the output of : > egrep -ri "samba|winbind" /etc/apparmor.d/*athena:~# egrep -ri "samba|winbind" /etc/apparmor.d/* /etc/apparmor.d/abstractions/authentication:? # winbind /etc/apparmor.d/abstractions/authentication:? #include <abstractions/winbind> /etc/apparmor.d/abstractions/smbpass:? /var/lib/samba/*.[lt]db rwk, /etc/apparmor.d/abstractions/samba:? /etc/samba/* r, /etc/apparmor.d/abstractions/samba:? /usr/lib*/samba/ldb/*.so mr, /etc/apparmor.d/abstractions/samba:? /usr/share/samba/*.dat r, /etc/apparmor.d/abstractions/samba: /usr/share/samba/codepages/{lowcase,upcase,valid}.dat r, /etc/apparmor.d/abstractions/samba:? /var/cache/samba/ w, /etc/apparmor.d/abstractions/samba:? /var/cache/samba/lck/* rwk, /etc/apparmor.d/abstractions/samba:? /var/lib/samba/** rwk, /etc/apparmor.d/abstractions/samba:? /var/log/samba/cores/ rw, /etc/apparmor.d/abstractions/samba:? /var/log/samba/cores/** rw, /etc/apparmor.d/abstractions/samba:? /var/log/samba/* w, /etc/apparmor.d/abstractions/samba:? /{,var/}run/samba/ w, /etc/apparmor.d/abstractions/samba:? /{,var/}run/samba/*.tdb rw, /etc/apparmor.d/abstractions/nameservice:? /etc/samba/lmhosts r, /etc/apparmor.d/abstractions/nameservice:? # winbind /etc/apparmor.d/abstractions/nameservice:? #include <abstractions/winbind> /etc/apparmor.d/abstractions/winbind:? # pam_winbindd /etc/apparmor.d/abstractions/winbind:? /tmp/.winbindd/pipe? rw, /etc/apparmor.d/abstractions/winbind: /var/{lib,run}/samba/winbindd_privileged/pipe rw, /etc/apparmor.d/abstractions/winbind:? /etc/samba/smb.conf r, /etc/apparmor.d/abstractions/winbind:? /etc/samba/dhcp.conf r, /etc/apparmor.d/abstractions/winbind:? /usr/lib*/samba/valid.dat r, /etc/apparmor.d/abstractions/winbind:? /usr/lib*/samba/upcase.dat r, /etc/apparmor.d/abstractions/winbind:? /usr/lib*/samba/lowcase.dat r, /etc/apparmor.d/abstractions/winbind: /usr/share/samba/codepages/{lowcase,upcase,valid}.dat r, /etc/apparmor.d/samba/smbd-shares:# autogenerated by update-apparmor-samba-profile 1.2+deb at samba start - do not edit! /etc/apparmor.d/samba/smbd-shares:"/var/lib/samba/sysvol/edm-inc.com/scripts/" rk, /etc/apparmor.d/samba/smbd-shares:"/var/lib/samba/sysvol/edm-inc.com/scripts/**" rwkl, /etc/apparmor.d/samba/smbd-shares:"/var/lib/samba/sysvol/"?? rk, /etc/apparmor.d/samba/smbd-shares:"/var/lib/samba/sysvol/**" rwkl, /etc/apparmor.d/usr.sbin.ntpd:? # samba4 ntp signing socket /etc/apparmor.d/usr.sbin.ntpd:? /{,var/}run/samba/ntp_signd/socket rw, /etc/apparmor.d/usr.sbin.ntpd:? # samba4 winbindd pipe /etc/apparmor.d/usr.sbin.ntpd:? /run/samba/winbindd/pipe rw,> > And maybe its an option to try the 4.10.6 package i supply. > Debian buster packages are updated within 1-2 hours.I had to comment out some lines of python to get this far.? Should those files be replaced? -- Bob Wooldridge EDM Incorporated
Hai, There is something going on in your resolving, that im sure. I dont know where you missing a setting or did a wrong setting, but this should all work out of the box. The PTR lookup responce with ip of the DC, should be hostname.fqdn. and not hostname. I've also had a good look at the debug script output again. That all looks ok to me so i'm wondering, if apparmor is in play here or systemd things. Im missing rules in apparmor, as shown below. You are using internal DNS and not Bind9_DLZ. ( base on smb.conf outputs ) so .. Can you run : cat /var/log/syslog | grep 'DENIED' And cat /var/log/auditd/auditd.log | grep 'DENIED' ( if auditd is installed ) Can you also show me : ps faux |egrep "samba|winbind" And netstat -tan|egrep "LISTEN" | grep "53" And check some things within systemd. Show me also : networkctl status networkctl status $(ip a|grep "state UP"| cut -d: -f2) timedatectl resolvectl status> > And maybe its an option to try the 4.10.6 package i supply. > > Debian buster packages are updated within 1-2 hours. > I had to comment out some lines of python to get this far.? > Should those files be replaced?Which files? And which lines exactly? Greetz, Louis> -----Oorspronkelijk bericht----- > Van: samba [mailto:samba-bounces at lists.samba.org] Namens > Robert A Wooldridge via samba > Verzonden: vrijdag 26 juli 2019 18:21 > Aan: samba at lists.samba.org > Onderwerp: Re: [Samba] Serverinfo Error > > On 07/26/2019 01:19 AM, L.P.H. van Belle via samba wrote: > > Hai, > > > > Ok, below looks ok, as Rowland also said. > > > > But i have one more thing. > > > >>> ?????? Checking file: /etc/krb5.conf > >>> > >>> [libdefaults] > >>> ??? dns_lookup_realm = false > >>> ??? dns_lookup_kdc = true > >>> ??? default_realm = EDM-INC.COM > >>> ??? default_tgs_enctypes = arcfour-hmac-md5 des-cbc-crc > des-cbc-md5 > >>> ??? default_tkt_enctypes = arcfour-hmac-md5 des-cbc-crc > des-cbc-md5 > > Remove the 2 default_*_enctypes lines. > > > > Or set: > > default_tgs_enctypes = aes128-cts-hmac-sha1-96 > aes256-cts-hmac-sha1-96 rc4-hmac des-cbc-crc des-cbc-md5 > > default_tkt_enctypes = aes128-cts-hmac-sha1-96 > aes256-cts-hmac-sha1-96 rc4-hmac des-cbc-crc des-cbc-md5 > > permitted_enctypes = aes128-cts-hmac-sha1-96 > aes256-cts-hmac-sha1-96 rc4-hmac des-cbc-crc des-cbc-md5 > Using this, I needed to put those two lines in because I > couldn't join the domain without them> > > > > And does it work if you run it like this : > > samba-tool dns serverinfo athena -Uadministrator > No: > athena:~# samba-tool dns serverinfo athena -Uadministrator > Password for [EDM\administrator]: > ERROR(runtime): uncaught exception - (9717, > 'WERR_DNS_ERROR_DS_UNAVAILABLE') > ? File "/usr/lib/python2.7/dist-packages/samba/netcmd/__init__.py", > line 177, in _run > ??? return self.run(*args, **kwargs) > ? File "/usr/lib/python2.7/dist-packages/samba/netcmd/dns.py", line > 564, in run > ??? None, 'ServerInfo') > > > > > And test the following.....> ; <<>> DiG 9.11.5-P4-5.1-Debian <<>> -x 10.10.1.10 > ;; global options: +cmd > ;; Got answer: > ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 59884 > ;; flags: qr aa rd ra ad; QUERY: 1, ANSWER: 1, AUTHORITY: 1, > ADDITIONAL: 0 > > ;; QUESTION SECTION: > ;10.1.10.10.in-addr.arpa.?????? IN????? PTR > > ;; ANSWER SECTION: > 10.1.10.10.in-addr.arpa. 3600?? IN????? PTR???? athena.This should show FQDN in the result.> > ;; AUTHORITY SECTION: > 10.10.in-addr.arpa.???? 3600??? IN????? SOA???? athena.edm-inc.com. > hostmaster.edm-inc.com. 1 900 600 86400 3600 > > ;; Query time: 0 msec > ;; SERVER: 10.10.1.10#53(10.10.1.10) > ;; WHEN: Fri Jul 26 11:06:51 CDT 2019 > ;; MSG SIZE? rcvd: 126 > > > > > And can you show the output of : > > egrep -ri "samba|winbind" /etc/apparmor.d/* > athena:~# egrep -ri "samba|winbind" /etc/apparmor.d/* > /etc/apparmor.d/abstractions/authentication:? # winbind > /etc/apparmor.d/abstractions/authentication:? #include > <abstractions/winbind> > /etc/apparmor.d/abstractions/smbpass:? /var/lib/samba/*.[lt]db rwk, > /etc/apparmor.d/abstractions/samba:? /etc/samba/* r, > /etc/apparmor.d/abstractions/samba:? /usr/lib*/samba/ldb/*.so mr, > /etc/apparmor.d/abstractions/samba:? /usr/share/samba/*.dat r, > /etc/apparmor.d/abstractions/samba: > /usr/share/samba/codepages/{lowcase,upcase,valid}.dat r, > /etc/apparmor.d/abstractions/samba:? /var/cache/samba/ w, > /etc/apparmor.d/abstractions/samba:? /var/cache/samba/lck/* rwk, > /etc/apparmor.d/abstractions/samba:? /var/lib/samba/** rwk, > /etc/apparmor.d/abstractions/samba:? /var/log/samba/cores/ rw, > /etc/apparmor.d/abstractions/samba:? /var/log/samba/cores/** rw, > /etc/apparmor.d/abstractions/samba:? /var/log/samba/* w, > /etc/apparmor.d/abstractions/samba:? /{,var/}run/samba/ w, > /etc/apparmor.d/abstractions/samba:? /{,var/}run/samba/*.tdb rw, > /etc/apparmor.d/abstractions/nameservice:? /etc/samba/lmhosts r, > /etc/apparmor.d/abstractions/nameservice:? # winbind > /etc/apparmor.d/abstractions/nameservice:? #include > <abstractions/winbind> > /etc/apparmor.d/abstractions/winbind:? # pam_winbindd > /etc/apparmor.d/abstractions/winbind:? /tmp/.winbindd/pipe? rw, > /etc/apparmor.d/abstractions/winbind: > /var/{lib,run}/samba/winbindd_privileged/pipe rw, > /etc/apparmor.d/abstractions/winbind:? /etc/samba/smb.conf r, > /etc/apparmor.d/abstractions/winbind:? /etc/samba/dhcp.conf r, > /etc/apparmor.d/abstractions/winbind:? /usr/lib*/samba/valid.dat r, > /etc/apparmor.d/abstractions/winbind:? /usr/lib*/samba/upcase.dat r, > /etc/apparmor.d/abstractions/winbind:? /usr/lib*/samba/lowcase.dat r, > /etc/apparmor.d/abstractions/winbind: > /usr/share/samba/codepages/{lowcase,upcase,valid}.dat r, > /etc/apparmor.d/samba/smbd-shares:# autogenerated by > update-apparmor-samba-profile 1.2+deb at samba start - do not edit! > /etc/apparmor.d/samba/smbd-shares:"/var/lib/samba/sysvol/edm-i > nc.com/scripts/" > rk, > /etc/apparmor.d/samba/smbd-shares:"/var/lib/samba/sysvol/edm-i > nc.com/scripts/**" > rwkl, > /etc/apparmor.d/samba/smbd-shares:"/var/lib/samba/sysvol/"?? rk, > /etc/apparmor.d/samba/smbd-shares:"/var/lib/samba/sysvol/**" rwkl, > /etc/apparmor.d/usr.sbin.ntpd:? # samba4 ntp signing socket > /etc/apparmor.d/usr.sbin.ntpd:? /{,var/}run/samba/ntp_signd/socket rw, > /etc/apparmor.d/usr.sbin.ntpd:? # samba4 winbindd pipe > /etc/apparmor.d/usr.sbin.ntpd:? /run/samba/winbindd/pipe rw, > > > > And maybe its an option to try the 4.10.6 package i supply. > > Debian buster packages are updated within 1-2 hours. > I had to comment out some lines of python to get this far.? > Should those files be replaced?Which files? And which lines exactly?
On 29/07/2019 08:11, L.P.H. van Belle via samba wrote:> Hai, > > There is something going on in your resolving, that im sure. > > I dont know where you missing a setting or did a wrong setting, > but this should all work out of the box. > > The PTR lookup responce with ip of the DC, should be hostname.fqdn. and not hostname. > > I've also had a good look at the debug script output again. > That all looks ok to me so i'm wondering, if apparmor is in play here or systemd things. > > Im missing rules in apparmor, as shown below. > You are using internal DNS and not Bind9_DLZ. ( base on smb.conf outputs ) so .. > > Can you run : > cat /var/log/syslog | grep 'DENIED' > And > cat /var/log/auditd/auditd.log | grep 'DENIED' > ( if auditd is installed ) > > Can you also show me : > ps faux |egrep "samba|winbind" > And > netstat -tan|egrep "LISTEN" | grep "53" > > And check some things within systemd. > Show me also : > > networkctl status > networkctl status $(ip a|grep "state UP"| cut -d: -f2) > timedatectl > resolvectl status > >>> And maybe its an option to try the 4.10.6 package i supply. >>> Debian buster packages are updated within 1-2 hours. >> I had to comment out some lines of python to get this far. >> Should those files be replaced? > Which files? And which lines exactly? > > Greetz, > > Louis > > > >> -----Oorspronkelijk bericht----- >> Van: samba [mailto:samba-bounces at lists.samba.org] Namens >> Robert A Wooldridge via samba >> Verzonden: vrijdag 26 juli 2019 18:21 >> Aan: samba at lists.samba.org >> Onderwerp: Re: [Samba] Serverinfo Error >> >> On 07/26/2019 01:19 AM, L.P.H. van Belle via samba wrote: >>> Hai, >>> >>> Ok, below looks ok, as Rowland also said. >>> >>> But i have one more thing. >>> >>>>> ?????? Checking file: /etc/krb5.conf >>>>> >>>>> [libdefaults] >>>>> ??? dns_lookup_realm = false >>>>> ??? dns_lookup_kdc = true >>>>> ??? default_realm = EDM-INC.COM >>>>> ??? default_tgs_enctypes = arcfour-hmac-md5 des-cbc-crc >> des-cbc-md5 >>>>> ??? default_tkt_enctypes = arcfour-hmac-md5 des-cbc-crc >> des-cbc-md5 >>> Remove the 2 default_*_enctypes lines. >>> >>> Or set: >>> default_tgs_enctypes = aes128-cts-hmac-sha1-96 >> aes256-cts-hmac-sha1-96 rc4-hmac des-cbc-crc des-cbc-md5 >>> default_tkt_enctypes = aes128-cts-hmac-sha1-96 >> aes256-cts-hmac-sha1-96 rc4-hmac des-cbc-crc des-cbc-md5 >>> permitted_enctypes = aes128-cts-hmac-sha1-96 >> aes256-cts-hmac-sha1-96 rc4-hmac des-cbc-crc des-cbc-md5 >> Using this, I needed to put those two lines in because I >> couldn't join the domain without them >>> And does it work if you run it like this : >>> samba-tool dns serverinfo athena -Uadministrator >> No: >> athena:~# samba-tool dns serverinfo athena -Uadministrator >> Password for [EDM\administrator]: >> ERROR(runtime): uncaught exception - (9717, >> 'WERR_DNS_ERROR_DS_UNAVAILABLE') >> ? File "/usr/lib/python2.7/dist-packages/samba/netcmd/__init__.py", >> line 177, in _run >> ??? return self.run(*args, **kwargs) >> ? File "/usr/lib/python2.7/dist-packages/samba/netcmd/dns.py", line >> 564, in run >> ??? None, 'ServerInfo') >> >>> And test the following. > .... > >> ; <<>> DiG 9.11.5-P4-5.1-Debian <<>> -x 10.10.1.10 >> ;; global options: +cmd >> ;; Got answer: >> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 59884 >> ;; flags: qr aa rd ra ad; QUERY: 1, ANSWER: 1, AUTHORITY: 1, >> ADDITIONAL: 0 >> >> ;; QUESTION SECTION: >> ;10.1.10.10.in-addr.arpa.?????? IN????? PTR >> >> ;; ANSWER SECTION: >> 10.1.10.10.in-addr.arpa. 3600?? IN????? PTR???? athena. > This should show FQDN in the result. > >> ;; AUTHORITY SECTION: >> 10.10.in-addr.arpa.???? 3600??? IN????? SOA???? athena.edm-inc.com. >> hostmaster.edm-inc.com. 1 900 600 86400 3600 >> >> ;; Query time: 0 msec >> ;; SERVER: 10.10.1.10#53(10.10.1.10) >> ;; WHEN: Fri Jul 26 11:06:51 CDT 2019 >> ;; MSG SIZE? rcvd: 126 >> >>> And can you show the output of : >>> egrep -ri "samba|winbind" /etc/apparmor.d/* >> athena:~# egrep -ri "samba|winbind" /etc/apparmor.d/* >> /etc/apparmor.d/abstractions/authentication:? # winbind >> /etc/apparmor.d/abstractions/authentication:? #include >> <abstractions/winbind> >> /etc/apparmor.d/abstractions/smbpass:? /var/lib/samba/*.[lt]db rwk, >> /etc/apparmor.d/abstractions/samba:? /etc/samba/* r, >> /etc/apparmor.d/abstractions/samba:? /usr/lib*/samba/ldb/*.so mr, >> /etc/apparmor.d/abstractions/samba:? /usr/share/samba/*.dat r, >> /etc/apparmor.d/abstractions/samba: >> /usr/share/samba/codepages/{lowcase,upcase,valid}.dat r, >> /etc/apparmor.d/abstractions/samba:? /var/cache/samba/ w, >> /etc/apparmor.d/abstractions/samba:? /var/cache/samba/lck/* rwk, >> /etc/apparmor.d/abstractions/samba:? /var/lib/samba/** rwk, >> /etc/apparmor.d/abstractions/samba:? /var/log/samba/cores/ rw, >> /etc/apparmor.d/abstractions/samba:? /var/log/samba/cores/** rw, >> /etc/apparmor.d/abstractions/samba:? /var/log/samba/* w, >> /etc/apparmor.d/abstractions/samba:? /{,var/}run/samba/ w, >> /etc/apparmor.d/abstractions/samba:? /{,var/}run/samba/*.tdb rw, >> /etc/apparmor.d/abstractions/nameservice:? /etc/samba/lmhosts r, >> /etc/apparmor.d/abstractions/nameservice:? # winbind >> /etc/apparmor.d/abstractions/nameservice:? #include >> <abstractions/winbind> >> /etc/apparmor.d/abstractions/winbind:? # pam_winbindd >> /etc/apparmor.d/abstractions/winbind:? /tmp/.winbindd/pipe? rw, >> /etc/apparmor.d/abstractions/winbind: >> /var/{lib,run}/samba/winbindd_privileged/pipe rw, >> /etc/apparmor.d/abstractions/winbind:? /etc/samba/smb.conf r, >> /etc/apparmor.d/abstractions/winbind:? /etc/samba/dhcp.conf r, >> /etc/apparmor.d/abstractions/winbind:? /usr/lib*/samba/valid.dat r, >> /etc/apparmor.d/abstractions/winbind:? /usr/lib*/samba/upcase.dat r, >> /etc/apparmor.d/abstractions/winbind:? /usr/lib*/samba/lowcase.dat r, >> /etc/apparmor.d/abstractions/winbind: >> /usr/share/samba/codepages/{lowcase,upcase,valid}.dat r, >> /etc/apparmor.d/samba/smbd-shares:# autogenerated by >> update-apparmor-samba-profile 1.2+deb at samba start - do not edit! >> /etc/apparmor.d/samba/smbd-shares:"/var/lib/samba/sysvol/edm-i >> nc.com/scripts/" >> rk, >> /etc/apparmor.d/samba/smbd-shares:"/var/lib/samba/sysvol/edm-i >> nc.com/scripts/**" >> rwkl, >> /etc/apparmor.d/samba/smbd-shares:"/var/lib/samba/sysvol/"?? rk, >> /etc/apparmor.d/samba/smbd-shares:"/var/lib/samba/sysvol/**" rwkl, >> /etc/apparmor.d/usr.sbin.ntpd:? # samba4 ntp signing socket >> /etc/apparmor.d/usr.sbin.ntpd:? /{,var/}run/samba/ntp_signd/socket rw, >> /etc/apparmor.d/usr.sbin.ntpd:? # samba4 winbindd pipe >> /etc/apparmor.d/usr.sbin.ntpd:? /run/samba/winbindd/pipe rw, >>> And maybe its an option to try the 4.10.6 package i supply. >>> Debian buster packages are updated within 1-2 hours. >> I had to comment out some lines of python to get this far. >> Should those files be replaced? > Which files? And which lines exactly? > > > >He had to comment out the lines that created the computers dns records, so I now think he needs to run 'samba_upgradedns --verbose' Rowland
On 07/29/2019 02:11 AM, L.P.H. van Belle via samba wrote:> Hai, > > There is something going on in your resolving, that im sure. > > I dont know where you missing a setting or did a wrong setting, > but this should all work out of the box. > > The PTR lookup responce with ip of the DC, should be hostname.fqdn. and not hostname. > > I've also had a good look at the debug script output again. > That all looks ok to me so i'm wondering, if apparmor is in play here or systemd things. > > Im missing rules in apparmor, as shown below. > You are using internal DNS and not Bind9_DLZ. ( base on smb.conf outputs ) so .. > > Can you run : > cat /var/log/syslog | grep 'DENIED'No output> And > cat /var/log/auditd/auditd.log | grep 'DENIED'Auditd not installed.> ( if auditd is installed ) > > Can you also show me : > ps faux |egrep "samba|winbind"athena:~# ps faux |egrep "samba|winbind" root???? 11734? 0.0? 0.0?? 6076?? 832 pts/0??? S+?? 10:30 0:00????????????????????? \_ grep -E samba|winbind root???? 26888? 0.0? 0.4? 95604 34800 ???????? Ss?? Jul26?? 0:00 samba: root process root???? 26889? 0.0? 0.2? 95604 22060 ???????? S??? Jul26?? 0:00? \_ samba: task[s3fs_parent] root???? 26891? 0.0? 0.2? 95608 20924 ???????? S??? Jul26?? 0:00 |?? \_ samba: tfork waiter process root???? 26890? 0.0? 0.6? 96236 50588 ???????? S??? Jul26?? 1:14? \_ samba: task[dcesrv] root???? 26892? 0.0? 0.4? 95676 34320 ???????? S??? Jul26?? 0:01? \_ samba: task[nbtd] root???? 26894? 0.0? 0.2? 95604 21684 ???????? S??? Jul26?? 0:00? \_ samba: task[wrepl] root???? 26895? 0.0? 0.3? 95604 29380 ???????? S??? Jul26?? 0:06? \_ samba: task[ldapsrv] root???? 26896? 0.0? 0.3? 95604 31112 ???????? S??? Jul26?? 3:01? \_ samba: task[cldapd] root???? 26897? 0.0? 0.4? 95792 32868 ???????? S??? Jul26?? 0:41? \_ samba: conn[kdc_tcp] c[ipv4:10.10.10.235:50790] s[ipv4:10.10.1.10:88] server_id[26897.40] root???? 26898? 0.0? 0.4? 96244 35024 ???????? S??? Jul26?? 3:34? \_ samba: task[dreplsrv] root???? 26899? 0.0? 0.2? 95604 22060 ???????? S??? Jul26?? 0:00? \_ samba: task[winbindd_parent] root???? 26903? 0.0? 0.2? 95608 20924 ???????? S??? Jul26?? 0:00 |?? \_ samba: tfork waiter process root???? 26905? 0.0? 0.5? 96104 43872 ???????? Ss?? Jul26?? 0:03 |?????? \_ /usr/sbin/winbindd -D --option=server role check:inhibit=yes --foreground root???? 26925? 0.0? 0.4? 96336 34096 ???????? S??? Jul26?? 0:00 |?????????? \_ winbindd: domain child [EDM] root???? 27112? 0.0? 0.3? 96132 29184 ???????? S??? Jul26?? 0:00 |?????????? \_ winbindd: idmap child root???? 26900? 0.0? 0.3? 95604 25504 ???????? S??? Jul26?? 0:00? \_ samba: task[ntp_signd] root???? 26901? 0.0? 0.4? 95604 36224 ???????? S??? Jul26?? 0:02? \_ samba: task[kccsrv] root???? 26902? 0.0? 0.3? 95604 30428 ???????? S??? Jul26?? 0:58? \_ samba: task[dnsupdate] root???? 26904? 0.1? 0.3? 96108 31872 ???????? S??? Jul26?? 4:36? \_ samba: conn[dns_tcp] c[ipv4:10.10.10.232:60715] s[ipv4:10.10.1.10:53] server_id[26904.3]> And > netstat -tan|egrep "LISTEN" | grep "53"athena:~# netstat -tan|egrep "LISTEN" | grep "53" tcp??????? 0????? 0 0.0.0.0:49153?????????? 0.0.0.0:* LISTEN tcp??????? 0????? 0 0.0.0.0:53????????????? 0.0.0.0:* LISTEN tcp6?????? 0????? 0 :::49153??????????????? :::* LISTEN tcp6?????? 0????? 0 :::53?????????????????? :::* LISTEN> > And check some things within systemd. > Show me also : > > networkctl statusathena:~# networkctl status WARNING: systemd-networkd is not running, output will be incomplete. ???????? State: n/a ?????? Address: 10.10.1.10 on enp0s25 ??????????????? fe80::21c:c0ff:feec:2525 on enp0s25 ?????? Gateway: 10.10.1.1 (Intel Corporate) on enp0s25> networkctl status $(ip a|grep "state UP"| cut -d: -f2)athena:~# networkctl status $(ip a|grep "state UP"| cut -d: -f2) WARNING: systemd-networkd is not running, output will be incomplete. ? 2: enp0s25 ?????? Link File: /usr/lib/systemd/network/99-default.link ??? Network File: n/a ??????????? Type: ether ?????????? State: n/a (unmanaged) ??????????? Path: pci-0000:00:19.0 ????????? Driver: e1000e ????????? Vendor: Intel Corporation ?????????? Model: 82567LM-3 Gigabit Network Connection ????? HW Address: 00:1c:c0:ec:25:25 (Intel Corporate) ???????? Address: 10.10.1.10 ????????????????? fe80::21c:c0ff:feec:2525 ???????? Gateway: 10.10.1.1 (Intel Corporate)> timedatectlathena:~# timedatectl ?????????????? Local time: Mon 2019-07-29 10:33:09 CDT ?????????? Universal time: Mon 2019-07-29 15:33:09 UTC ???????????????? RTC time: Mon 2019-07-29 15:33:08 ??????????????? Time zone: US/Central (CDT, -0500) System clock synchronized: yes ????????????? NTP service: inactive ????????? RTC in local TZ: no> resolvectl statusathena:~# resolvectl status Failed to get global data: Unit dbus-org.freedesktop.resolve1.service not found.> >>> And maybe its an option to try the 4.10.6 package i supply. >>> Debian buster packages are updated within 1-2 hours. >> I had to comment out some lines of python to get this far. >> Should those files be replaced? > Which files? And which lines exactly?join.py (/usr/lib/python2.7/dist-packages/samba/join.py on my DC), find these lines: ??????????? if ctx.dns_backend != "NONE": ??????????????? ctx.join_add_dns_records() ??????????????? ctx.join_replicate_new_dns_records() -- Bob Wooldridge EDM Incorporated
Hai, Ok, below looks ok, except in dont see the search domain in the networkctl output. Which is possible, if you configured your interfaces through /etc/network/interfaces Im still amazed its not working.. Everything looks good. We are missing a bit info why/how/what/where. Short resume. Your on debian Buster official samba correct? ( samba 4.9.5 ) and your using internal DNS. Configs looks ok in the debug output. No app armor Denied messages. Dns is running and basilcy your resolving looks ok. And while im looking at this. You joined this server to a windows AD-Domain and siezed fsmo roles, correct? Can you try this, if this helps, in then end you can switch the 2 dns servers ip's. Change you /etc/resolv.conf to # First a windows AD-DC DNS. nameserver 10.10.1.XXXS # Second This server IP. nameserver 10.10.1.10 search edm-inc.com Your krb5.conf, i suggest you change it to this. I left the other options i use in, might be handy. You need the part. Enctypes part for win 2008. [libdefaults] default_realm = EDM-INC.COM dns_lookup_kdc = true dns_lookup_realm = false ; for Windows 2008 with AES ( win 2003 compliant ) default_tgs_enctypes = aes256-cts-hmac-sha1-96 aes128-cts-hmac-sha1-96 rc4-hmac des-cbc-crc des-cbc-md5 default_tkt_enctypes = aes256-cts-hmac-sha1-96 aes128-cts-hmac-sha1-96 rc4-hmac des-cbc-crc des-cbc-md5 permitted_enctypes = aes256-cts-hmac-sha1-96 aes128-cts-hmac-sha1-96 rc4-hmac des-cbc-crc des-cbc-md5 Reboot After the reboot, wait 5 min, this depends a bit on the size of you AD. Now run again: samba-tool drs showrepl Any errors? No errors, great. Check again if you getting you server info works. If you get errors, then, yes, you can upgrade you packages with mine even if you modifies that python file. P.s. if you see things you and you dont know, first post things again. Before you move to 4.10.6, i suggest try 4.9.11 first. Because i still not sure if it's samba what is the problem if this. And you can always upgrade to 4.10.6 later on, i want to know if 4.9.11 helps/fixed this. That is because, I think this is a python2/3 problem or this patch in debian official is a problem : - CVE-2019-12435 zone operations can crash rpc server And broke the join in samba. I just dont know which it is, but i do know multle python things are fixed in later version. If you preffer 4.9.11 from official debian. You need to backport it yourself. Or use samba from debian testing/sid which is 4.9.11 For my repo use these steps. 1) Choose http or https for you apt, both work, for https you need to : apt-get install apt-transport-https 2) Import my public key wget -O - http://apt.van-belle.nl/louis-van-belle.gpg-key.asc | apt-key add - 3) (optional) setup a header line for the repo file. echo "# AptVanBelle repo for samba." | sudo tee /etc/apt/sources.list.d/van-belle.list 4) In the line below, change the OS and/or samba version to what you want. Shown is debian stretch with samba 4.9. echo "deb http://apt.van-belle.nl/debian buster-samba49 main contrib non-free" | sudo tee -a /etc/apt/sources.list.d/van-belle.list This gives you 4.9.11, almost the same with debian official, i only added/enabled spotlight support. Try this first im suggesting then when it all looks good, then you can easy upgrade to 4.10.6 Then in above repo line just change samba49 to samba410 and run apt update && apt dist-upgrade Greetz, Louis> -----Oorspronkelijk bericht----- > Van: samba [mailto:samba-bounces at lists.samba.org] Namens > Robert A Wooldridge via samba > Verzonden: maandag 29 juli 2019 17:38 > Aan: samba at lists.samba.org > Onderwerp: Re: [Samba] Serverinfo Error > > On 07/29/2019 02:11 AM, L.P.H. van Belle via samba wrote: > > Hai, > > > > There is something going on in your resolving, that im sure. > > > > I dont know where you missing a setting or did a wrong setting, > > but this should all work out of the box. > > > > The PTR lookup responce with ip of the DC, should be > hostname.fqdn. and not hostname. > > > > I've also had a good look at the debug script output again. > > That all looks ok to me so i'm wondering, if apparmor is in > play here or systemd things. > > > > Im missing rules in apparmor, as shown below. > > You are using internal DNS and not Bind9_DLZ. ( base on > smb.conf outputs ) so .. > > > > Can you run : > > cat /var/log/syslog | grep 'DENIED' > No output > > And > > cat /var/log/auditd/auditd.log | grep 'DENIED' > Auditd not installed. > > ( if auditd is installed ) > > > > Can you also show me : > > ps faux |egrep "samba|winbind" > athena:~# ps faux |egrep "samba|winbind" > root???? 11734? 0.0? 0.0?? 6076?? 832 pts/0??? S+?? 10:30 > 0:00????????????????????? \_ grep -E samba|winbind > root???? 26888? 0.0? 0.4? 95604 34800 ???????? Ss?? Jul26?? > 0:00 samba: > root process > root???? 26889? 0.0? 0.2? 95604 22060 ???????? S??? Jul26?? 0:00? \_ > samba: task[s3fs_parent] > root???? 26891? 0.0? 0.2? 95608 20924 ???????? S??? Jul26?? > 0:00 |?? \_ > samba: tfork waiter process > root???? 26890? 0.0? 0.6? 96236 50588 ???????? S??? Jul26?? 1:14? \_ > samba: task[dcesrv] > root???? 26892? 0.0? 0.4? 95676 34320 ???????? S??? Jul26?? 0:01? \_ > samba: task[nbtd] > root???? 26894? 0.0? 0.2? 95604 21684 ???????? S??? Jul26?? 0:00? \_ > samba: task[wrepl] > root???? 26895? 0.0? 0.3? 95604 29380 ???????? S??? Jul26?? 0:06? \_ > samba: task[ldapsrv] > root???? 26896? 0.0? 0.3? 95604 31112 ???????? S??? Jul26?? 3:01? \_ > samba: task[cldapd] > root???? 26897? 0.0? 0.4? 95792 32868 ???????? S??? Jul26?? 0:41? \_ > samba: conn[kdc_tcp] c[ipv4:10.10.10.235:50790] s[ipv4:10.10.1.10:88] > server_id[26897.40] > root???? 26898? 0.0? 0.4? 96244 35024 ???????? S??? Jul26?? 3:34? \_ > samba: task[dreplsrv] > root???? 26899? 0.0? 0.2? 95604 22060 ???????? S??? Jul26?? 0:00? \_ > samba: task[winbindd_parent] > root???? 26903? 0.0? 0.2? 95608 20924 ???????? S??? Jul26?? > 0:00 |?? \_ > samba: tfork waiter process > root???? 26905? 0.0? 0.5? 96104 43872 ???????? Ss?? Jul26?? > 0:03 |?????? > \_ /usr/sbin/winbindd -D --option=server role > check:inhibit=yes --foreground > root???? 26925? 0.0? 0.4? 96336 34096 ???????? S??? Jul26?? 0:00 > |?????????? \_ winbindd: domain child [EDM] > root???? 27112? 0.0? 0.3? 96132 29184 ???????? S??? Jul26?? 0:00 > |?????????? \_ winbindd: idmap child > root???? 26900? 0.0? 0.3? 95604 25504 ???????? S??? Jul26?? 0:00? \_ > samba: task[ntp_signd] > root???? 26901? 0.0? 0.4? 95604 36224 ???????? S??? Jul26?? 0:02? \_ > samba: task[kccsrv] > root???? 26902? 0.0? 0.3? 95604 30428 ???????? S??? Jul26?? 0:58? \_ > samba: task[dnsupdate] > root???? 26904? 0.1? 0.3? 96108 31872 ???????? S??? Jul26?? 4:36? \_ > samba: conn[dns_tcp] c[ipv4:10.10.10.232:60715] s[ipv4:10.10.1.10:53] > server_id[26904.3] > > > > And > > netstat -tan|egrep "LISTEN" | grep "53" > athena:~# netstat -tan|egrep "LISTEN" | grep "53" > tcp??????? 0????? 0 0.0.0.0:49153?????????? 0.0.0.0:* LISTEN > tcp??????? 0????? 0 0.0.0.0:53????????????? 0.0.0.0:* LISTEN > tcp6?????? 0????? 0 :::49153??????????????? :::* LISTEN > tcp6?????? 0????? 0 :::53?????????????????? :::* LISTEN > > > > > And check some things within systemd. > > Show me also : > > > > networkctl status > athena:~# networkctl status > WARNING: systemd-networkd is not running, output will be incomplete. > > ?????????? State: n/a > ?????? Address: 10.10.1.10 on enp0s25 > ??????????????? fe80::21c:c0ff:feec:2525 on enp0s25 > ?????? Gateway: 10.10.1.1 (Intel Corporate) on enp0s25 > > networkctl status $(ip a|grep "state UP"| cut -d: -f2) > athena:~# networkctl status $(ip a|grep "state UP"| cut -d: -f2) > WARNING: systemd-networkd is not running, output will be incomplete. > > ??? 2: enp0s25 > ?????? Link File: /usr/lib/systemd/network/99-default.link > ??? Network File: n/a > ??????????? Type: ether > ?????????? State: n/a (unmanaged) > ??????????? Path: pci-0000:00:19.0 > ????????? Driver: e1000e > ????????? Vendor: Intel Corporation > ?????????? Model: 82567LM-3 Gigabit Network Connection > ????? HW Address: 00:1c:c0:ec:25:25 (Intel Corporate) > ???????? Address: 10.10.1.10 > ????????????????? fe80::21c:c0ff:feec:2525 > ???????? Gateway: 10.10.1.1 (Intel Corporate) > > > timedatectl > athena:~# timedatectl > ?????????????? Local time: Mon 2019-07-29 10:33:09 CDT > ?????????? Universal time: Mon 2019-07-29 15:33:09 UTC > ???????????????? RTC time: Mon 2019-07-29 15:33:08 > ??????????????? Time zone: US/Central (CDT, -0500) > System clock synchronized: yes > ????????????? NTP service: inactive > ????????? RTC in local TZ: no > > resolvectl status > athena:~# resolvectl status > Failed to get global data: Unit dbus-org.freedesktop.resolve1.service > not found. > > > >>> And maybe its an option to try the 4.10.6 package i supply. > >>> Debian buster packages are updated within 1-2 hours. > >> I had to comment out some lines of python to get this far. > >> Should those files be replaced? > > Which files? And which lines exactly? > join.py (/usr/lib/python2.7/dist-packages/samba/join.py on my > DC), find > these lines: > > ??????????? if ctx.dns_backend != "NONE": > ??????????????? ctx.join_add_dns_records() > ??????????????? ctx.join_replicate_new_dns_records() > > -- > Bob Wooldridge > EDM Incorporated > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba > >