Thanks a lot for your help so far. The main reason I do not use vms is that the server is pretty limited in RAM so this would only be my last resort. To prevent confusion: srv.wie (192.168.1.50) is the same machine as smb.wie (192.168.1.55), I seperated them just now to debug the problem.> These look like they are being run on the DC, what about from the > windows clients ? >I did those via a linux client on the same network, here the results from windows (: C:\Users\kirchner.SMB>nslookup smb.wie Server: srv.wie Address: 192.168.1.50 Name: smb.wie Address: 192.168.1.55 C:\Users\kirchner.SMB>nslookup _ldap._tcp.smb.wie Server: srv.wie Address: 192.168.1.50 Name: _ldap._tcp.smb.wie C:\Users\kirchner.SMB>nslookup _kerberos._tcp.smb.wie Server: srv.wie Address: 192.168.1.50 Name: _kerberos._tcp.smb.wie Can you post your bind9 conf files, there may be something relevant> there. >named.conf: include "/etc/bind/named.conf.options"; include "/etc/bind/named.conf.local"; include "/etc/bind/named.conf.default-zones"; include "/usr/local/samba/private/named.conf"; named.conf.options: options { directory "/var/cache/bind"; forwarders { 8.8.8.8; 8.8.4.4; }; //======================================================================= // If BIND logs error messages about the root key being expired, // you will need to update your keys. See https://www.isc.org/bind-keys //======================================================================= dnssec-validation auto; auth-nxdomain no; # conform to RFC1035 listen-on-v6 { any; }; tkey-gssapi-keytab "/usr/local/samba/private/dns.keytab"; }; named.conf.local: zone "wie." { type master; file "/etc/bind/zones/db.wie"; }; zone "1.168.192.in-addr.arpa" { type master; file "/etc/bind/zones/db.1.168.192"; }; named.conf.default-zones: // prime the server with knowledge of the root servers zone "." { type hint; file "/etc/bind/db.root"; }; // be authoritative for the localhost forward and reverse zones, and for // broadcast zones as per RFC 1912 zone "localhost" { type master; file "/etc/bind/db.local"; }; zone "127.in-addr.arpa" { type master; file "/etc/bind/db.127"; }; zone "0.in-addr.arpa" { type master; file "/etc/bind/db.0"; }; zone "255.in-addr.arpa" { type master; file "/etc/bind/db.255"; }; zones/db.wie: $TTL 604800 @ IN SOA srv.wie. ns.wie. ( 3 ; Serial 8H ; Refresh 2H ; Retry 4W ; Expire 3H ) ; NX (TTL Negativ Cache) ; Nameservers IN NS srv.wie. ; name servers - A records srv.wie. IN A 192.168.1.50 ; Hostname records router.wie. IN A 192.168.1.1 drucker.wie. IN A 192.168.1.25 drucker2.wie. IN A 192.168.1.26 wiesrv.wie. IN A 192.168.1.51 smb.wie. IN A 192.168.1.55 zones/db.1.168.192: $TTL 2D @ IN SOA srv.wie. ns.wie. ( 3 ; Serial 8H ; Refresh 2H ; Retry 4W ; Expire 2D ) ; TTL Negative Cache ; name servers - NS records IN NS srv.wie. ; PTR Records 1 IN PTR router.wie. 25 IN PTR drucker.wie. 26 IN PTR drucker2.wie. 50 IN PTR srv.wie. 55 IN PTR smb.wie. 51 IN PTR wiesrv.wie.
On Sun, 6 Nov 2016 16:20:32 +0100 Maximilian Kirchner via samba <samba at lists.samba.org> wrote:> Thanks a lot for your help so far. The main reason I do not use vms > is that the server is pretty limited in RAM so this would only be my > last resort. To prevent confusion: srv.wie (192.168.1.50) is the same > machine as smb.wie (192.168.1.55), I seperated them just now to debug > the problem. > > > > These look like they are being run on the DC, what about from the > > windows clients ? > > > > I did those via a linux client on the same network, here the results > from windows (: > C:\Users\kirchner.SMB>nslookup smb.wie > Server: srv.wie > Address: 192.168.1.50 > Name: smb.wie > Address: 192.168.1.55 > C:\Users\kirchner.SMB>nslookup _ldap._tcp.smb.wie > Server: srv.wie > Address: 192.168.1.50 > Name: _ldap._tcp.smb.wie > C:\Users\kirchner.SMB>nslookup _kerberos._tcp.smb.wie > Server: srv.wie > Address: 192.168.1.50 > Name: _kerberos._tcp.smb.wie > > Can you post your bind9 conf files, there may be something relevant > > there. > > > > named.conf: > include "/etc/bind/named.conf.options"; > include "/etc/bind/named.conf.local"; > include "/etc/bind/named.conf.default-zones"; > include "/usr/local/samba/private/named.conf"; > > named.conf.options: > options { > directory "/var/cache/bind"; > forwarders { > 8.8.8.8; > 8.8.4.4; > }; > //=======================================================================> // If BIND logs error messages about the root key being > expired, // you will need to update your keys. See > https://www.isc.org/bind-keys > //=======================================================================> dnssec-validation auto; > auth-nxdomain no; # conform to RFC1035 > listen-on-v6 { any; }; > tkey-gssapi-keytab "/usr/local/samba/private/dns.keytab"; > }; > > named.conf.local: > zone "wie." { > type master; > file "/etc/bind/zones/db.wie"; > }; > zone "1.168.192.in-addr.arpa" { > type master; > file "/etc/bind/zones/db.1.168.192"; > }; > > named.conf.default-zones: > // prime the server with knowledge of the root servers > zone "." { > type hint; > file "/etc/bind/db.root"; > }; > // be authoritative for the localhost forward and reverse zones, and > for // broadcast zones as per RFC 1912 > zone "localhost" { > type master; > file "/etc/bind/db.local"; > }; > zone "127.in-addr.arpa" { > type master; > file "/etc/bind/db.127"; > }; > zone "0.in-addr.arpa" { > type master; > file "/etc/bind/db.0"; > }; > zone "255.in-addr.arpa" { > type master; > file "/etc/bind/db.255"; > }; > > zones/db.wie: > $TTL 604800 > @ IN SOA srv.wie. ns.wie. ( > 3 ; Serial > 8H ; Refresh > 2H ; Retry > 4W ; Expire > 3H ) ; NX (TTL Negativ Cache) > ; Nameservers > IN NS srv.wie. > ; name servers - A records > srv.wie. IN A 192.168.1.50 > ; Hostname records > router.wie. IN A 192.168.1.1 > drucker.wie. IN A 192.168.1.25 > drucker2.wie. IN A 192.168.1.26 > wiesrv.wie. IN A 192.168.1.51 > smb.wie. IN A 192.168.1.55 > > zones/db.1.168.192: > $TTL 2D > @ IN SOA srv.wie. ns.wie. ( > 3 ; Serial > 8H ; Refresh > 2H ; Retry > 4W ; Expire > 2D ) ; TTL Negative Cache > ; name servers - NS records > IN NS srv.wie. > ; PTR Records > 1 IN PTR router.wie. > 25 IN PTR drucker.wie. > 26 IN PTR drucker2.wie. > 50 IN PTR srv.wie. > 55 IN PTR smb.wie. > 51 IN PTR wiesrv.wie.You are using Bind9 with flatfiles, this is NOT recommended. If you are using the standard Ubuntu Bind9 package, you should be using BIND9_DLZ and this stores the dns info in AD. How did you provision the DC, was it with 'BIND9_FLATFILE' or 'BIND9_DLZ' ? If it was the later, just remove the 'wie' zone and its reverse zone from the bind conf file and restart bind9, if it was the former, you will need to run 'samba_upgradedns' and remove the zones from the conf file. Rowland
> > You are using Bind9 with flatfiles, this is NOT recommended. > If you are using the standard Ubuntu Bind9 package, you should be using > BIND9_DLZ and this stores the dns info in AD.> How did you provision the DC, was it with 'BIND9_FLATFILE' or > 'BIND9_DLZ' ? > If it was the later, just remove the 'wie' zone and its reverse zone > from the bind conf file and restart bind9, if it was the former, you > will need to run 'samba_upgradedns' and remove the zones from the conf > file. >So the BIND9_DLZ method only works if I am also using purely DLZ in bind9? I set up the server with samba-tool domain provision --realm=smb.wie --domain=SMB --adminpass=Passw0rd --use-rfc2307 --server-role=dc --dns-backend=BIND9_DLZ I did as you said, the situation did not change but for the fact, that my other dns entries are not working anymore (as I expected from removing the wie zone). What I did: - comment out include "/etc/bind/named.conf.local"; - service bind9 restart - samba_upgradedns --dns-backend=BIND9_DLZ (for good measure) - restart samba server The logs do not show any new errors