On 2/7/22 16:29, Rowland Penny via samba wrote:> On Mon, 2022-02-07 at 15:59 -0600, Patrick Goetz via samba wrote: >> >> On 2/7/22 15:04, Rowland Penny via samba wrote: >>> On Mon, 2022-02-07 at 12:45 -0600, Patrick Goetz via samba wrote: >>>> BTW, I can't find anything in the log files to help me with >>>> debugging >>>> this. At what log level do DNS errors start showing up in the >>>> log >>>> files? >>> >>> OK, I have setup Arch in a VM and installed Samba and I got the >>> same >>> error, no DNS update. >>> >>> I checked /etc/hostname and it only has the short hostname in it, I >>> then checked /etc/hosts and it had three lines: >>> >>> 127.0.0.1 localhost >>> ::1 localhost >>> 127.0.1.1 archmem.samdom.example.com archmem >>> >>> As a test I commented out the last line, left the domain and then >>> rejoined the domain, this time it worked without the DNS error. >>> >> >> Thanks for testing this. But now it seems more obvious that there's >> something about my setup which is triggering this behavior and I'm >> dying >> to know what it is. >> >> You installed exactly these additional packages for Samba? >> # pacman -Syu samba smbclient krb5 pam-krb5 dnsutils > > No, I just wanted to test the join and to be honest, this is the first > time I have installed Samba on Arch (and probably the last). > >> >> (acl, attr, ldb, and cifs-utils are installed as dependencies) >> >> >> Presumably using `net ads join`? Did you run a samba-tool dns query >> to >> make sure the Arch VM was actually in DNS? > > No, I just checked in sam.ldb on a DC, and the dns record is there.How does one look into sam.ldb? Is there a list command for this I'm not aware of?> >> >> I've now tried every variation. My original /etc/hosts file looked >> like >> this: >> >> ------------ >> # Static table lookup for hostnames. >> # See hosts(5) for details. >> >> 192.168.1.84 erap-gnome.ea.linuxcs.com erap-gnome > > Are you using dhcp or is it a fixed IP ? > I used dhcp. >I'm using a fixed IP. I need this because people also ssh into this system from outside the AD network and there's a firewall which does port redirection based on a fixed IP.>> ------------ >> >> I tried adding the loopback interface: >> >> ------------ >> # Static table lookup for hostnames. >> # See hosts(5) for details. >> >> 127.0.0.1 localhost >> ::1 localhost >> >> 192.168.1.84 erap-gnome.ea.linuxcs.com erap-gnome >> ------------ >> >> commenting out the host IP address, using a FQDN in /etc/hostname >> and >> all combinations of the above and I still get the DNS error every >> time. >> >> Roland, from your description, how does `net ads join -U >> administrator` >> even know what domain you're trying to join? Does it use the >> /etc/krb5.conf file? If so, why does the Samba Wiki sternly warn you >> to >> remove any 127.0.1.1 entry in /etc/hosts and add the system IP >> address >> as shown above instead? > > The /etc/krb5.conf on my test machine (thinking about it, krb5 must > have been installed, even though I didn't install it) just contained > two lines > > [libdefaults] > default_realm = SAMDOM.EXAMPLE.COM > > The wiki may need updating, but the 127.0.1.1 shouldn't point to a DC's > fqdn and short hostname, but then a DC should have a fixed IP. One of > the problems is that different OS's require different DNS settings, as > I said, red-hat OS's seem to require the fqdn in /etc/hostnameIn my case the Samba internal DNS is running on Ubuntu 20.04, which is where all the action occurs? Not sure why the client /etc/hostname configuration should matter here. Regarding your /etc/krb5.conf file, I'm not sure where this came from. When I install the Arch krb5 package, the default /etc/krb5.conf file is some generic boilerplate referencing, e.g. athena.mit.edu Also, you mention "127.0.1.1 shouldn't point to a DC's fqdn and short hostname" but I think you must mean the client, not the DC? I don't have any mention of samba-dc in /etc/hosts -- samba-dc is the name server in /etc/resolv.conf, so this wouldn't be unnecessary. So, it seems like it must be the case that when you run `net ads join` the net commmand peeks at either /etc/krb5.conf or /etc/samba/smb.conf to figure out what domain you're trying to connect to, as this information isn't included anywhere else AFAIK.>> >> >>> I could get to like Arch, except for one thing, the install >>> procedure >>> is archaic (is that what 'arch' is short for ?), the last time I >>> used >>> such an install procedure was over 20 years ago :-D >>> >> >> I'm guessing you used the installer included with the ISO only >> recently >> after much gnashing of teeth, hand wringing, and push back. Arch >> doesn't >> have a good installer (and didn't have one at all until recently) by >> design; i.e. on purpose. What you're supposed to do is go to >> https://archlinux.org and use the Installation Guide referenced >> under >> Documentation in the right side panel and get your hands dirty >> assembling the system from scratch. Kind of like how I made my kid >> help >> me build his first computer from parts. This way you have hands on >> knowledge of how your system is set up. >> >> There are some advantages to this. Installing Arch on somewhat >> non-standard hardware is so much easier than installing, say, Ubuntu >> precisely because you're not locked into an installation regime and >> can >> twiddle with more knobs. I've had to give up on installing Ubuntu >> on >> some systems after hours of frustration followed by a quick, easy, >> and >> deterministic 30 minute installation of Arch. Even the most recent >> version of the Ubuntu installer (for example) won't let you >> configure >> the EFI partition as an md RAID1, which you kind of need if you're >> going >> to have truly redundant OS disks, which I do by default on nearly >> every >> machine these days, as SSDs are cheap and my labor expensive, not to >> mention that users don't appreciate downtime as much as they should. >> >> For people who want an Arch system which can be installed by a >> novice >> with a slick and modern installer, take a look at EndeavorOS, >> Manjaro, >> or Garuda (among others). Garuda linux is somewhat new, but they >> shot >> for the moon at all levels; i.e. not just eye candy, which I >> studiously >> avoid because I'd rather not waste CPU cycles on stuff like this >> when >> running multiple VMs all the time; this is some next level stuff: >> https://www.youtube.com/watch?v=KK280Y0cNmQ > > Yes, installing Arch may make it easier to set up on some systems, but > for the majority of users, it is over the top. I think I will stick to > Debian based distro's, though not Ubuntu, that distro seems to have > lost its way. > > Rowland > > >
Dne 8.2.2022 v 0:10 Patrick Goetz via samba napsal(a):> > > On 2/7/22 16:29, Rowland Penny via samba wrote: >> On Mon, 2022-02-07 at 15:59 -0600, Patrick Goetz via samba wrote: >>> >>> On 2/7/22 15:04, Rowland Penny via samba wrote: >>>> On Mon, 2022-02-07 at 12:45 -0600, Patrick Goetz via samba wrote: >>>>> BTW, I can't find anything in the log files to help me with >>>>> debugging >>>>> this.? At what log level do DNS errors start showing up in the >>>>> log >>>>> files? >>>> >>>> OK, I have setup Arch in a VM and installed Samba and I got the >>>> same >>>> error, no DNS update. >>>> >>>> I checked /etc/hostname and it only has the short hostname in it, I >>>> then checked /etc/hosts and it had three lines: >>>> >>>> 127.0.0.1 localhost >>>> ::1 localhost >>>> 127.0.1.1 archmem.samdom.example.com archmem >>>> >>>> As a test I commented out the last line, left the domain and then >>>> rejoined the domain, this time it worked without the DNS error. >>>> >>> >>> Thanks for testing this.? But now it seems more obvious that there's >>> something about my setup which is triggering this behavior and I'm >>> dying >>> to know what it is. >>> >>> You installed exactly these additional packages for Samba? >>> # pacman -Syu samba smbclient krb5 pam-krb5 dnsutils >> >> No, I just wanted to test the join and to be honest, this is the first >> time I have installed Samba on Arch (and probably the last). >> >>> >>> (acl, attr, ldb, and cifs-utils are installed as dependencies) >>> >>> >>> Presumably using `net ads join`? Did you run a samba-tool dns query >>> to >>> make sure the Arch VM was actually in DNS? >> >> No, I just checked in sam.ldb on a DC, and the dns record is there. > > > How does one look into sam.ldb?? Is there a list command for this I'm > not aware of? > > >> >>> >>> I've now tried every variation.? My original /etc/hosts file looked >>> like >>> this: >>> >>> ------------ >>> # Static table lookup for hostnames. >>> # See hosts(5) for details. >>> >>> 192.168.1.84 erap-gnome.ea.linuxcs.com? erap-gnome >> >> Are you using dhcp or is it a fixed IP ? >> I used dhcp. >> > > > I'm using a fixed IP. I need this because people also ssh into this > system from outside the AD network and there's a firewall which does > port redirection based on a fixed IP. > > > > >>> ------------ >>> >>> I tried adding the loopback interface: >>> >>> ------------ >>> # Static table lookup for hostnames. >>> # See hosts(5) for details. >>> >>> 127.0.0.1 localhost >>> ::1 localhost >>> >>> 192.168.1.84 erap-gnome.ea.linuxcs.com? erap-gnome >>> ------------ >>> >>> commenting out the host IP address, using a FQDN in /etc/hostname >>> and >>> all combinations of the above and I still get the DNS error every >>> time. >>> >>> Roland, from your description, how does `net ads join -U >>> administrator` >>> even know what domain you're trying to join?? Does it use the >>> /etc/krb5.conf file?? If so, why does the Samba Wiki sternly warn you >>> to >>> remove any 127.0.1.1 entry in /etc/hosts and add the system IP >>> address >>> as shown above instead? >> >> The /etc/krb5.conf on my test machine (thinking about it, krb5 must >> have been installed, even though I didn't install it) just contained >> two lines >> >> [libdefaults] >> ???? default_realm = SAMDOM.EXAMPLE.COM >> >> The wiki may need updating, but the 127.0.1.1 shouldn't point to a DC's >> fqdn and short hostname, but then a DC should have a fixed IP. One of >> the problems is that different OS's require different DNS settings, as >> I said, red-hat OS's seem to require the fqdn in /etc/hostname > > > In my case the Samba internal DNS is running on Ubuntu 20.04, which is > where all the action occurs?? Not sure why the client /etc/hostname > configuration should matter here. > > Regarding your /etc/krb5.conf file, I'm not sure where this came from. > When I install the Arch krb5 package, the default /etc/krb5.conf file > is some generic boilerplate referencing, e.g. athena.mit.edu > > > Also, you mention "127.0.1.1 shouldn't point to a DC's fqdn and short > hostname" but I think you must mean the client, not the DC? > > I don't have any mention of samba-dc in /etc/hosts -- samba-dc is the > name server in /etc/resolv.conf, so this wouldn't be unnecessary. > > So, it seems like it must be the case that when you run `net ads join` > the net commmand peeks at either /etc/krb5.conf or /etc/samba/smb.conf > to figure out what domain you're trying to connect to, as this > information isn't included anywhere else AFAIK. > > >>> >>> >>>> I could get to like Arch, except for one thing, the install >>>> procedure >>>> is archaic (is that what 'arch' is short for ?), the last time I >>>> used >>>> such an install procedure was over 20 years ago :-D >>>> >>> >>> I'm guessing you used the installer included with the ISO only >>> recently >>> after much gnashing of teeth, hand wringing, and push back. Arch >>> doesn't >>> have a good installer (and didn't have one at all until recently) by >>> design; i.e. on purpose.? What you're supposed to do is go to >>> https://archlinux.org and use the Installation Guide referenced >>> under >>> Documentation in the right side panel and get your hands dirty >>> assembling the system from scratch.? Kind of like how I made my kid >>> help >>> me build his first computer from parts. This way you have hands on >>> knowledge of how your system is set up. >>> >>> There are some advantages to this.? Installing Arch on somewhat >>> non-standard hardware is so much easier than installing, say, Ubuntu >>> precisely because you're not locked into an installation regime and >>> can >>> twiddle with more knobs.? I've had to give up on installing Ubuntu >>> on >>> some systems after hours of frustration followed by a quick, easy, >>> and >>> deterministic 30 minute installation of Arch. Even the most recent >>> version of the Ubuntu installer (for example) won't let you >>> configure >>> the EFI partition as an md RAID1, which you kind of need if you're >>> going >>> to have truly redundant OS disks, which I do by default on nearly >>> every >>> machine these days, as SSDs are cheap and my labor expensive, not to >>> mention that users don't appreciate downtime as much as they should. >>> >>> For people who want an Arch system which can be installed by a >>> novice >>> with a slick and modern installer, take a look at EndeavorOS, >>> Manjaro, >>> or Garuda (among others).? Garuda linux is somewhat new, but they >>> shot >>> for the moon at all levels; i.e. not just eye candy, which I >>> studiously >>> avoid because I'd rather not waste CPU cycles on stuff like this >>> when >>> running multiple VMs all the time; this is some next level stuff: >>> https://www.youtube.com/watch?v=KK280Y0cNmQ >> >> Yes, installing Arch may make it easier to set up on some systems, but >> for the majority of users, it is over the top. I think I will stick to >> Debian based distro's, though not Ubuntu, that distro seems to have >> lost its way. >> >> Rowland >> >> >I had the same error "DNS update failed: NT_STATUS_INVALID_PARAMETER" and the reason was wrong netbios name in smb.conf. I had to change it and used $(hostname -s). Mirac
On Mon, 2022-02-07 at 17:10 -0600, Patrick Goetz via samba wrote:> > > > > > No, I just checked in sam.ldb on a DC, and the dns record is there. > > How does one look into sam.ldb? Is there a list command for this > I'm > not aware of?No, I used ldbedit and then searched for the computers short hostname. Rowland