samba - Jun 2022 - Replication is broken due to Bind DNS resolution

On Tue, Jun 7, 2022 at 10:21 AM Philippe LeCavalier <support at
plecavalier.com>
wrote:
> Hi,
> Does anyone have experience with having a password expiration (say 60
> days) and manually adjusting a user's expiration date?
>
> I've got several domains all of which have a 90 day expiration in
ad-dc.
> Frequently, users forget to change it and get locked out. I find that when
> I postpone the expiration by adjusting the date (either in RSAT or CLI -
> whichever is most handy at the time) when the user changes the password the
> expiration doesn't change from the one I set. So if I give the user 3
days
> to change it and they change it the next day, the user still gets locked
> out on the third day yet I would expect it to not expire until the 90th day
> from the day it was changed.
>
> Is this normal behaviour and if it is, what is the expected method for
> dealing with a user with an expired account? If it isn't, what do I
need to
> look at to rectify this?
> Thanks, Phil
>
Anyone experienced this?

_msdcs.pukey. ????????????????????????????????900 IN NS 
 ????????kefka.pukey.
602bdd9f-a9a0-411d-9f1b-04a63ea93653._msdcs.pukey. 900 IN CNAME 
serenity.pukey.
c0ad4d18-ce25-4198-8e21-694c0727fecf._msdcs.pukey. 900 IN CNAME 
kefka.pukey.
d02fb6d3-feec-46ec-bcb1-dad7bdd64e27._msdcs.pukey. 900 IN CNAME 
olympia.pukey.

dig CNAME c0ad4d18-ce25-4198-8e21-694c0727fecf._msdcs.pukey.

; <<>> DiG 9.16.6 <<>> CNAME 
c0ad4d18-ce25-4198-8e21-694c0727fecf._msdcs.pukey.
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 22640
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
; COOKIE: 95959d4651f663c701000000629ffbe2c34562879fb6e153 (good)
;; QUESTION SECTION:
;c0ad4d18-ce25-4198-8e21-694c0727fecf._msdcs.pukey. IN CNAME

;; Query time: 31 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Tue Jun 07 21:31:14 EDT 2022
;; MSG SIZE ?rcvd: 106

 ?This problem recently showed up.


DC=pukey
 ???????Default-First-Site-Name\KEFKA via RPC
 ???????????????DSA object GUID: c0ad4d18-ce25-4198-8e21-694c0727fecf
 ???????????????Last attempt @ Tue Jun ?7 21:30:34 2022 EDT failed, 
result 2 (WERR_FILE_NOT_FOUND)
 ???????????????173 consecutive failure(s).
 ???????????????Last success @ Tue Jun ?7 07:08:36 2022 EDT

I suggest, increase the debug level, see that happening when users change a
password. 
And tell us which samba version and OS your using, add the content of
smb.conf 

That's pretty important. 

This one might help out. 
sudo samba-tool domain passwordsettings

Greetz, 

Louis

> -----Oorspronkelijk bericht-----
> Van: samba <samba-bounces at lists.samba.org> Namens Philippe
LeCavalier
> via samba
> Verzonden: woensdag 8 juni 2022 03:05
> Aan: samba <samba at lists.samba.org>
> Onderwerp: Re: [Samba] Password Expiration setting and manually adjusting
> the date
> 
> On Tue, Jun 7, 2022 at 10:21 AM Philippe LeCavalier
> <support at plecavalier.com>
> wrote:
> 
> > Hi,
> > Does anyone have experience with having a password expiration (say 60
> > days) and manually adjusting a user's expiration date?
> >
> > I've got several domains all of which have a 90 day expiration in
ad-dc.
> > Frequently, users forget to change it and get locked out. I find that
> > when I postpone the expiration by adjusting the date (either in RSAT
> > or CLI - whichever is most handy at the time) when the user changes
> > the password the expiration doesn't change from the one I set. So
if I
> > give the user 3 days to change it and they change it the next day, the
> > user still gets locked out on the third day yet I would expect it to
> > not expire until the 90th day from the day it was changed.
> >
> > Is this normal behaviour and if it is, what is the expected method for
> > dealing with a user with an expired account? If it isn't, what do
I
> > need to look at to rectify this?
> > Thanks, Phil
> >
> Anyone experienced this?
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba