Hi! Samba server set up for domain rufus.ada.de a proxy is reachable in proxy.ada.de. resolv.conf is configured to be: domain rufus.ada.de. search rufus.ada.de. miri.ada.de. ada.de. nameserver 127.0.0.1 Internal servers are handled (by an external DNS, our internal samba DNS forwards to): # host proxy.ada.de proxy.ada.de has address 10.169.16.3 For deb.debian.org: # host deb.debian.org deb.debian.org is an alias for static.debian.org. static.debian.org has address 130.89.148.77 static.debian.org has address 128.31.0.62 static.debian.org has address 149.20.4.15 static.debian.org has IPv6 address 2001:4f8:1:c::15 static.debian.org has IPv6 address 2603:400a:ffff:bb8::801f:3e static.debian.org has IPv6 address 2001:67c:2564:a119::77 static.debian.org mail is handled by 0 . But now: # LANG=C apt update Err:1 http://cdn-fastly.deb.debian.org/debian testing InRelease Could not connect to proxy.ada.de:8080 (10.169.16.3), connection timed out Err:2 http://cdn-fastly.deb.debian.org/debian testing-updates InRelease Unable to connect to proxy.ada.de:8080: Err:3 http://deb.debian.org/debian testing InRelease Could not connect to proxy.ada.de:8080 (10.169.16.3), connection timed out Err:4 http://deb.debian.org/debian testing-updates InRelease Unable to connect to proxy.ada.de:8080: Reading package lists... Done Building dependency tree Reading state information... Done All packages are up to date. W: Failed to fetch http://cdn-fastly.deb.debian.org/debian/dists/testing/InRelease Could not connect to proxy.ada.de:8080 (10.169.16.3), connection timed out W: Failed to fetch http://deb.debian.org/debian/dists/testing/InRelease Could not connect to proxy.ada.de:8080 (10.169.16.3), connection timed out W: Failed to fetch http://cdn-fastly.deb.debian.org/debian/dists/testing-updates/InRelease Unable to connect to proxy.ada.de:8080: W: Failed to fetch http://deb.debian.org/debian/dists/testing-updates/InRelease Unable to connect to proxy.ada.de:8080: W: Some index files failed to download. They have been ignored, or old ones used instead. If I replace /etc/resolv.conf nameserver line "nameserver 127.0.0.1" with "nameserver 172.18.8.1" and stop samba it works. Any idea what is going wrong here? Shouldn't the internal DNS just forward everything it does not know about to the upstream, resolving DNS? -- Thomas
apt update> Err:1 http://cdn-fastly.deb.debian.org/debian testing InRelease > Could not connect to proxy.ada.de:8080 (10.169.16.3),What is set in /etc/apt/apt.conf.d or better said, is proxy defined. If nothing is definded, try this : editor /etc/apt/apt.conf.d/proxy.conf Acquire { HTTP::proxy "http://10.169.16.3:8080"; HTTPS::proxy "http://10.169.16.3:8080"; } And which of these modes is you proxy running: NAT intercepted HTTP Socket NAT intercepted SSL bumped HTTPS Socket HTTP Socket SSL bumped HTTP Socket Im asumming, HTTP Socket, since thats the most used. No funny things in the proxy logs or Firewall rules? Greetz, Louis> -----Oorspronkelijk bericht----- > Van: samba [mailto:samba-bounces at lists.samba.org] Namens > Thomas Schweikle via samba > Verzonden: maandag 21 oktober 2019 16:47 > Aan: Samba > Onderwerp: [Samba] Problems with internal DNS > > Hi! > > Samba server set up for domain rufus.ada.de a proxy is reachable in > proxy.ada.de. > > resolv.conf is configured to be: > > domain rufus.ada.de. > search rufus.ada.de. miri.ada.de. ada.de. > nameserver 127.0.0.1 > > Internal servers are handled (by an external DNS, our > internal samba DNS > forwards to): > # host proxy.ada.de > proxy.ada.de has address 10.169.16.3 > > For deb.debian.org: > # host deb.debian.org > deb.debian.org is an alias for static.debian.org. > static.debian.org has address 130.89.148.77 > static.debian.org has address 128.31.0.62 > static.debian.org has address 149.20.4.15 > static.debian.org has IPv6 address 2001:4f8:1:c::15 > static.debian.org has IPv6 address 2603:400a:ffff:bb8::801f:3e > static.debian.org has IPv6 address 2001:67c:2564:a119::77 > static.debian.org mail is handled by 0 . > > But now: > # LANG=C apt update > Err:1 http://cdn-fastly.deb.debian.org/debian testing InRelease > Could not connect to proxy.ada.de:8080 (10.169.16.3), > connection timed out > Err:2 http://cdn-fastly.deb.debian.org/debian testing-updates > InRelease > Unable to connect to proxy.ada.de:8080: > Err:3 http://deb.debian.org/debian testing InRelease > Could not connect to proxy.ada.de:8080 (10.169.16.3), > connection timed out > Err:4 http://deb.debian.org/debian testing-updates InRelease > Unable to connect to proxy.ada.de:8080: > Reading package lists... Done > Building dependency tree > Reading state information... Done > All packages are up to date. > W: Failed to fetch > http://cdn-fastly.deb.debian.org/debian/dists/testing/InReleas > e Could not > connect to proxy.ada.de:8080 (10.169.16.3), connection timed out > W: Failed to fetch > http://deb.debian.org/debian/dists/testing/InRelease > Could not connect to proxy.ada.de:8080 (10.169.16.3), > connection timed out > W: Failed to fetch > http://cdn-fastly.deb.debian.org/debian/dists/testing-updates/ > InRelease > Unable to connect to proxy.ada.de:8080: > W: Failed to fetch > http://deb.debian.org/debian/dists/testing-updates/InRelease > Unable to > connect to proxy.ada.de:8080: > W: Some index files failed to download. They have been > ignored, or old ones > used instead. > > If I replace /etc/resolv.conf nameserver line > "nameserver 127.0.0.1" with "nameserver 172.18.8.1" and stop > samba it works. > > Any idea what is going wrong here? Shouldn't the internal DNS > just forward > everything it does not know about to the upstream, resolving DNS? > -- > Thomas > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba > >
On 21/10/2019 15:47, Thomas Schweikle via samba wrote:> Hi! > > Samba server set up for domain rufus.ada.de a proxy is reachable in > proxy.ada.de.How are you running Samba ? Please post your smb.conf. Rowland
On Mon, Oct 21, 2019 at 5:03 PM Rowland penny via samba < samba at lists.samba.org> wrote:> On 21/10/2019 15:47, Thomas Schweikle via samba wrote: > > Hi! > > > > Samba server set up for domain rufus.ada.de a proxy is reachable in > > proxy.ada.de. > > How are you running Samba ? >As ADDC. Please post your smb.conf.>OK. Here it is: [global] netbios name = AD01 realm = RUFUS.ADA.DE server role = active directory domain controller workgroup = RUFUS idmap_ldb:use rfc2307 = yes allow dns updates = secure only dns forwarder = 172.18.8.1 [sysvol] path = /var/lib/samba/sysvol read only = No [netlogon] path = /var/lib/samba/sysvol/rodos.bfs.de/scripts read only = No> Rowland >-- Thomas
On Mon, Oct 21, 2019 at 5:02 PM L.P.H. van Belle via samba < samba at lists.samba.org> wrote:> > apt update > > Err:1 http://cdn-fastly.deb.debian.org/debian testing InRelease > > Could not connect to proxy.ada.de:8080 (10.169.16.3), > What is set in /etc/apt/apt.conf.d or better said, is proxy defined. > > If nothing is definded, try this : > > editor /etc/apt/apt.conf.d/proxy.conf > Acquire { > HTTP::proxy "http://10.169.16.3:8080"; > HTTPS::proxy "http://10.169.16.3:8080"; > } > > And which of these modes is you proxy running: > NAT intercepted HTTP Socket > NAT intercepted SSL bumped HTTPS Socket > HTTP Socket > SSL bumped HTTP Socket > > Im asumming, HTTP Socket, since thats the most used. > No funny things in the proxy logs or Firewall rules? > > > Greetz, > > Louis > > > > -----Oorspronkelijk bericht----- > > Van: samba [mailto:samba-bounces at lists.samba.org] Namens > > Thomas Schweikle via samba > > Verzonden: maandag 21 oktober 2019 16:47 > > Aan: Samba > > Onderwerp: [Samba] Problems with internal DNS > > > > Hi! > > > > Samba server set up for domain rufus.ada.de a proxy is reachable in > > proxy.ada.de. > > > > resolv.conf is configured to be: > > > > domain rufus.ada.de. > > search rufus.ada.de. miri.ada.de. ada.de. > > nameserver 127.0.0.1 > > > > Internal servers are handled (by an external DNS, our > > internal samba DNS > > forwards to): > > # host proxy.ada.de > > proxy.ada.de has address 10.169.16.3 > > > > For deb.debian.org: > > # host deb.debian.org > > deb.debian.org is an alias for static.debian.org. > > static.debian.org has address 130.89.148.77 > > static.debian.org has address 128.31.0.62 > > static.debian.org has address 149.20.4.15 > > static.debian.org has IPv6 address 2001:4f8:1:c::15 > > static.debian.org has IPv6 address 2603:400a:ffff:bb8::801f:3e > > static.debian.org has IPv6 address 2001:67c:2564:a119::77 > > static.debian.org mail is handled by 0 . > > > > But now: > > # LANG=C apt update > > Err:1 http://cdn-fastly.deb.debian.org/debian testing InRelease > > Could not connect to proxy.ada.de:8080 (10.169.16.3), > > connection timed out > > Err:2 http://cdn-fastly.deb.debian.org/debian testing-updates > > InRelease > > Unable to connect to proxy.ada.de:8080: > > Err:3 http://deb.debian.org/debian testing InRelease > > Could not connect to proxy.ada.de:8080 (10.169.16.3), > > connection timed out > > Err:4 http://deb.debian.org/debian testing-updates InRelease > > Unable to connect to proxy.ada.de:8080: > > Reading package lists... Done > > Building dependency tree > > Reading state information... Done > > All packages are up to date. > > W: Failed to fetch > > http://cdn-fastly.deb.debian.org/debian/dists/testing/InReleas > > e Could not > > connect to proxy.ada.de:8080 (10.169.16.3), connection timed out > > W: Failed to fetch > > http://deb.debian.org/debian/dists/testing/InRelease > > Could not connect to proxy.ada.de:8080 (10.169.16.3), > > connection timed out > > W: Failed to fetch > > http://cdn-fastly.deb.debian.org/debian/dists/testing-updates/ > > InRelease > > Unable to connect to proxy.ada.de:8080: > > W: Failed to fetch > > http://deb.debian.org/debian/dists/testing-updates/InRelease > > Unable to > > connect to proxy.ada.de:8080: > > W: Some index files failed to download. They have been > > ignored, or old ones > > used instead. > > > > If I replace /etc/resolv.conf nameserver line > > "nameserver 127.0.0.1" with "nameserver 172.18.8.1" and stop > > samba it works. > > > > Any idea what is going wrong here? Shouldn't the internal DNS > > just forward > > everything it does not know about to the upstream, resolving DNS? > > -- > > Thomas > > -- > > To unsubscribe from this list go to the following URL and read the > > instructions: https://lists.samba.org/mailman/options/sambaA proxy is defined in /etc/environment (global to all): no_proxy="localhost,127.0.0.1,::1" ftp_proxy=http://proxy.ada.de:3128 http_proxy=http://proxy.ada.de:3128 https_proxy=http://proxy.ada.de:3128 gopher_proxy=http://proxy.ada.de:3128 rsync_proxy=http://proxy.ada.de:3128 RSYNC_PROXY=proxy.ada.de:3128 and in /etc/apt/apt.conf.d/90proxy: Acquire::http::Proxy "http://proxy.ada.de:3128/"; Acquire::ftp { Proxy "ftp://proxy.ada.de:3128/"; ProxyLogin { "USER $(SITE_USER)@$(SITE)"; "PASS $(SITE_PASS)"; } } The environment variables seemed not used by apt, apt-get. The defined proxy in /etc/apt/apt.conf.d/90proxy indeed was used, but did not work. Changing it to Acquire::http::Proxy "http://localhost:8081"; Acquire::ftp { Proxy "ftp://localhost:8081/"; ProxyLogin { "USER $(SITE_USER)@$(SITE)"; "PASS $(SITE_PASS)"; } } then logging in with "ssh -R 8081:proxy.ada.de:3128 -l root rufus.ada.de" made it work. Tus I guess it has something to do with names resolution. But: # host proxy.ada.de proxy.ada.de has address 10.169.16.3 is resolveable from rufus. As is: # host deb.debian.org deb.debian.org is an alias for static.debian.org. static.debian.org has address 128.31.0.62 static.debian.org has address 130.89.148.77 static.debian.org has address 149.20.4.15 static.debian.org mail is handled by 0 . -- Thomas