samba - Feb 2022 - linux client DNS issues

On 2/7/22 15:04, Rowland Penny via samba wrote:
> On Mon, 2022-02-07 at 12:45 -0600, Patrick Goetz via samba wrote:
>> BTW, I can't find anything in the log files to help me with
>> debugging
>> this.  At what log level do DNS errors start showing up in the log
>> files?
> 
> OK, I have setup Arch in a VM and installed Samba and I got the same
> error, no DNS update.
> 
> I checked /etc/hostname and it only has the short hostname in it, I
> then checked /etc/hosts and it had three lines:
> 
> 127.0.0.1 localhost
> ::1 localhost
> 127.0.1.1 archmem.samdom.example.com archmem
> 
> As a test I commented out the last line, left the domain and then
> rejoined the domain, this time it worked without the DNS error.
> 
Thanks for testing this.  But now it seems more obvious that there's 
something about my setup which is triggering this behavior and I'm dying 
to know what it is.

You installed exactly these additional packages for Samba?
# pacman -Syu samba smbclient krb5 pam-krb5 dnsutils

(acl, attr, ldb, and cifs-utils are installed as dependencies)


Presumably using `net ads join`? Did you run a samba-tool dns query to 
make sure the Arch VM was actually in DNS?

I've now tried every variation.  My original /etc/hosts file looked like 
this:

------------
# Static table lookup for hostnames.
# See hosts(5) for details.

192.168.1.84 erap-gnome.ea.linuxcs.com  erap-gnome
------------

I tried adding the loopback interface:

------------
# Static table lookup for hostnames.
# See hosts(5) for details.

127.0.0.1 localhost
::1 localhost

192.168.1.84 erap-gnome.ea.linuxcs.com  erap-gnome
------------

commenting out the host IP address, using a FQDN in /etc/hostname and 
all combinations of the above and I still get the DNS error every time.

Roland, from your description, how does `net ads join -U administrator` 
even know what domain you're trying to join?  Does it use the 
/etc/krb5.conf file?  If so, why does the Samba Wiki sternly warn you to 
remove any 127.0.1.1 entry in /etc/hosts and add the system IP address 
as shown above instead?

> I could get to like Arch, except for one thing, the install procedure
> is archaic (is that what 'arch' is short for ?), the last time I
used
> such an install procedure was over 20 years ago :-D
> 
I'm guessing you used the installer included with the ISO only recently 
after much gnashing of teeth, hand wringing, and push back. Arch doesn't 
have a good installer (and didn't have one at all until recently) by 
design; i.e. on purpose.  What you're supposed to do is go to 
https://archlinux.org and use the Installation Guide referenced under 
Documentation in the right side panel and get your hands dirty 
assembling the system from scratch.  Kind of like how I made my kid help 
me build his first computer from parts. This way you have hands on 
knowledge of how your system is set up.

There are some advantages to this.  Installing Arch on somewhat 
non-standard hardware is so much easier than installing, say, Ubuntu 
precisely because you're not locked into an installation regime and can 
twiddle with more knobs.  I've had to give up on installing Ubuntu on 
some systems after hours of frustration followed by a quick, easy, and 
deterministic 30 minute installation of Arch. Even the most recent 
version of the Ubuntu installer (for example) won't let you configure 
the EFI partition as an md RAID1, which you kind of need if you're going 
to have truly redundant OS disks, which I do by default on nearly every 
machine these days, as SSDs are cheap and my labor expensive, not to 
mention that users don't appreciate downtime as much as they should.

For people who want an Arch system which can be installed by a novice 
with a slick and modern installer, take a look at EndeavorOS, Manjaro, 
or Garuda (among others).  Garuda linux is somewhat new, but they shot 
for the moon at all levels; i.e. not just eye candy, which I studiously 
avoid because I'd rather not waste CPU cycles on stuff like this when 
running multiple VMs all the time; this is some next level stuff:
https://www.youtube.com/watch?v=KK280Y0cNmQ

> Rowland
>   
> 
>

On Mon, 2022-02-07 at 15:59 -0600, Patrick Goetz via samba
wrote:
> 
> On 2/7/22 15:04, Rowland Penny via samba wrote:
> > On Mon, 2022-02-07 at 12:45 -0600, Patrick Goetz via samba wrote:
> > > BTW, I can't find anything in the log files to help me with
> > > debugging
> > > this.  At what log level do DNS errors start showing up in the
> > > log
> > > files?
> > 
> > OK, I have setup Arch in a VM and installed Samba and I got the
> > same
> > error, no DNS update.
> > 
> > I checked /etc/hostname and it only has the short hostname in it, I
> > then checked /etc/hosts and it had three lines:
> > 
> > 127.0.0.1 localhost
> > ::1 localhost
> > 127.0.1.1 archmem.samdom.example.com archmem
> > 
> > As a test I commented out the last line, left the domain and then
> > rejoined the domain, this time it worked without the DNS error.
> > 
> 
> Thanks for testing this.  But now it seems more obvious that there's 
> something about my setup which is triggering this behavior and I'm
> dying 
> to know what it is.
> 
> You installed exactly these additional packages for Samba?
> # pacman -Syu samba smbclient krb5 pam-krb5 dnsutils
No, I just wanted to test the join and to be honest, this is the first
time I have installed Samba on Arch (and probably the last).
> 
> (acl, attr, ldb, and cifs-utils are installed as dependencies)
> 
> 
> Presumably using `net ads join`? Did you run a samba-tool dns query
> to 
> make sure the Arch VM was actually in DNS?
No, I just checked in sam.ldb on a DC, and the dns record is there.
> 
> I've now tried every variation.  My original /etc/hosts file looked
> like 
> this:
> 
> ------------
> # Static table lookup for hostnames.
> # See hosts(5) for details.
> 
> 192.168.1.84 erap-gnome.ea.linuxcs.com  erap-gnome
Are you using dhcp or is it a fixed IP ?
I used dhcp.
> ------------
> 
> I tried adding the loopback interface:
> 
> ------------
> # Static table lookup for hostnames.
> # See hosts(5) for details.
> 
> 127.0.0.1 localhost
> ::1 localhost
> 
> 192.168.1.84 erap-gnome.ea.linuxcs.com  erap-gnome
> ------------
> 
> commenting out the host IP address, using a FQDN in /etc/hostname
> and 
> all combinations of the above and I still get the DNS error every
> time.
> 
> Roland, from your description, how does `net ads join -U
> administrator` 
> even know what domain you're trying to join?  Does it use the 
> /etc/krb5.conf file?  If so, why does the Samba Wiki sternly warn you
> to 
> remove any 127.0.1.1 entry in /etc/hosts and add the system IP
> address 
> as shown above instead?
The /etc/krb5.conf on my test machine (thinking about it, krb5 must
have been installed, even though I didn't install it) just contained
two lines

[libdefaults]
    default_realm = SAMDOM.EXAMPLE.COM

The wiki may need updating, but the 127.0.1.1 shouldn't point to a DC's
fqdn and short hostname, but then a DC should have a fixed IP. One of
the problems is that different OS's require different DNS settings, as
I said, red-hat OS's seem to require the fqdn in
/etc/hostname
> 
> 
> > I could get to like Arch, except for one thing, the install
> > procedure
> > is archaic (is that what 'arch' is short for ?), the last time
I
> > used
> > such an install procedure was over 20 years ago :-D
> > 
> 
> I'm guessing you used the installer included with the ISO only
> recently 
> after much gnashing of teeth, hand wringing, and push back. Arch
> doesn't 
> have a good installer (and didn't have one at all until recently) by 
> design; i.e. on purpose.  What you're supposed to do is go to 
> https://archlinux.org and use the Installation Guide referenced
> under 
> Documentation in the right side panel and get your hands dirty 
> assembling the system from scratch.  Kind of like how I made my kid
> help 
> me build his first computer from parts. This way you have hands on 
> knowledge of how your system is set up.
> 
> There are some advantages to this.  Installing Arch on somewhat 
> non-standard hardware is so much easier than installing, say, Ubuntu 
> precisely because you're not locked into an installation regime and
> can 
> twiddle with more knobs.  I've had to give up on installing Ubuntu
> on 
> some systems after hours of frustration followed by a quick, easy,
> and 
> deterministic 30 minute installation of Arch. Even the most recent 
> version of the Ubuntu installer (for example) won't let you
> configure 
> the EFI partition as an md RAID1, which you kind of need if you're
> going 
> to have truly redundant OS disks, which I do by default on nearly
> every 
> machine these days, as SSDs are cheap and my labor expensive, not to 
> mention that users don't appreciate downtime as much as they should.
> 
> For people who want an Arch system which can be installed by a
> novice 
> with a slick and modern installer, take a look at EndeavorOS,
> Manjaro, 
> or Garuda (among others).  Garuda linux is somewhat new, but they
> shot 
> for the moon at all levels; i.e. not just eye candy, which I
> studiously 
> avoid because I'd rather not waste CPU cycles on stuff like this
> when 
> running multiple VMs all the time; this is some next level stuff:
> https://www.youtube.com/watch?v=KK280Y0cNmQ
Yes, installing Arch may make it easier to set up on some systems, but
for the majority of users, it is over the top. I think I will stick to
Debian based distro's, though not Ubuntu, that distro seems to have
lost its way.

Rowland