Hi I'm trying to get an Ubuntu 14.04 client to update its rr to a working bind dns DC with Samba 4.1.7. The setup is the same as with our openSUSE clients with sssd 1.11.15 sssd.conf id_provider = ad auth_provider = ad access_provider = ad ldap_id_mapping = False /etc/hosts 127.0.0.1 lubuntu-laptop.hh3.site lubuntu-laptop 127.0.1.1 localhost But it is sending a request for the wrong zone: Kerberos: ENC-TS Pre-authentication succeeded -- LUBUNTU-LAPTOP$@HH3.SITE using arcfour-hmac-md5 Kerberos: AS-REQ authtime: 2014-05-20T14:01:35 starttime: unset endtime: 2014-05-21T00:01:35 renew till: 2014-05-21T14:01:35 Kerberos: Client supported enctypes: aes256-cts-hmac-sha1-96, aes128-cts-hmac-sha1-96, arcfour-hmac-md5, des3-cbc-sha1, 25, 26, using arcfour-hmac-md5/arcfour-hmac-md5 Kerberos: Requested flags: renewable-ok Kerberos: TGS-REQ LUBUNTU-LAPTOP$@HH3.SITE from ipv4:192.168.1.22:40240 for ldap/hh16.hh3.site at HH3.SITE [canonicalize, renewable] Kerberos: TGS-REQ authtime: 2014-05-20T14:01:35 starttime: 2014-05-20T14:01:35 endtime: 2014-05-21T00:01:35 renew till: 2014-05-21T14:01:35 Terminating connection - 'kdc_tcp_call_loop: tstream_read_pdu_blob_recv() - NT_STATUS_CONNECTION_DISCONNECTED' single_terminate: reason[kdc_tcp_call_loop: tstream_read_pdu_blob_recv() - NT_STATUS_CONNECTION_DISCONNECTED] Kerberos: TGS-REQ LUBUNTU-LAPTOP$@HH3.SITE from ipv4:192.168.1.22:40241 for DNS/a.root-servers.net at HH3.SITE [canonicalize, renewable] Kerberos: Searching referral for a.root-servers.net Kerberos: Returning a referral to realm ROOT-SERVERS.NET for server DNS/a.root-servers.net at HH3.SITE that was not found Failed find a single entry for (&(objectClass=trustedDomain)(|(flatname=ROOT-SERVERS.NET)(trustPartner=ROOT-SERVERS.NET))): got 0 Kerberos: samba_kdc_fetch: could not find principal in DB Kerberos: Server not found in database: krbtgt/ROOT-SERVERS.NET at HH3.SITE: no such entry found in hdb Kerberos: Failed building TGS-REP to ipv4:192.168.1.22:40241 Terminating connection - 'kdc_tcp_call_loop: tstream_read_pdu_blob_recv() - NT_STATUS_CONNECTION_DISCONNECTED' single_terminate: reason[kdc_tcp_call_loop: tstream_read_pdu_blob_recv() - NT_STATUS_CONNECTION_DISCONNECTED] Kerberos: TGS-REQ LUBUNTU-LAPTOP$@HH3.SITE from ipv4:192.168.1.22:40242 for DNS/a.root-servers.net at HH3.SITE [renewable] Kerberos: Server not found in database: DNS/a.root-servers.net at HH3.SITE: no such entry found in hdb Kerberos: Failed building TGS-REP to ipv4:192.168.1.22:40242 Terminating connection - 'kdc_tcp_call_loop: tstream_read_pdu_blob_recv() - NT_STATUS_CONNECTION_DISCONNECTED' single_terminate: reason[kdc_tcp_call_loop: tstream_read_pdu_blob_recv() - NT_STATUS_CONNECTION_DISCONNECTED] Kerberos: TGS-REQ LUBUNTU-LAPTOP$@HH3.SITE from ipv4:192.168.1.22:40243 for DNS/a.root-servers.net at HH3.SITE [canonicalize, renewable] Kerberos: Searching referral for a.root-servers.net Kerberos: Returning a referral to realm ROOT-SERVERS.NET for server DNS/a.root-servers.net at HH3.SITE that was not found Failed find a single entry for (&(objectClass=trustedDomain)(|(flatname=ROOT-SERVERS.NET)(trustPartner=ROOT-SERVERS.NET))): got 0 Kerberos: samba_kdc_fetch: could not find principal in DB Kerberos: Server not found in database: krbtgt/ROOT-SERVERS.NET at HH3.SITE: no such entry found in hdb Kerberos: Failed building TGS-REP to ipv4:192.168.1.22:40243 Terminating connection - 'kdc_tcp_call_loop: tstream_read_pdu_blob_recv() - NT_STATUS_CONNECTION_DISCONNECTED' single_terminate: reason[kdc_tcp_call_loop: tstream_read_pdu_blob_recv() - NT_STATUS_CONNECTION_DISCONNECTED] Kerberos: TGS-REQ LUBUNTU-LAPTOP$@HH3.SITE from ipv4:192.168.1.22:40244 for DNS/a.root-servers.net at HH3.SITE [renewable] Kerberos: Server not found in database: DNS/a.root-servers.net at HH3.SITE: no such entry found in hdb Kerberos: Failed building TGS-REP to ipv4:192.168.1.22:40244 The worrying thing is that we can still get tickets even though it has the wrong A record in DNS. What is this, 'a.root-servers.net' business? Why not our domain? What have we overlooked? Thanks, Steve
On 20/05/14 14:12, steve wrote:> Hi > I'm trying to get an Ubuntu 14.04 client to update its rr to a working > bind dns DC with Samba 4.1.7. The setup is the same as with our > openSUSE clients with sssd 1.11.15 > sssd.conf > id_provider = ad > auth_provider = ad > access_provider = ad > ldap_id_mapping = False > > /etc/hosts > 127.0.0.1 lubuntu-laptop.hh3.site lubuntu-laptop > 127.0.1.1 localhost >Don't know if this is your problem, but you have got /etc/hosts wrong, shouldn't it be: 127.0.0.1 localhost 127.0.1.1 lubuntu-laptop.hh3.site lubuntu-laptop Rowland> But it is sending a request for the wrong zone: > > Kerberos: ENC-TS Pre-authentication succeeded -- > LUBUNTU-LAPTOP$@HH3.SITE using arcfour-hmac-md5 > Kerberos: AS-REQ authtime: 2014-05-20T14:01:35 starttime: unset > endtime: 2014-05-21T00:01:35 renew till: 2014-05-21T14:01:35 > Kerberos: Client supported enctypes: aes256-cts-hmac-sha1-96, > aes128-cts-hmac-sha1-96, arcfour-hmac-md5, des3-cbc-sha1, 25, 26, > using arcfour-hmac-md5/arcfour-hmac-md5 > Kerberos: Requested flags: renewable-ok > Kerberos: TGS-REQ LUBUNTU-LAPTOP$@HH3.SITE from > ipv4:192.168.1.22:40240 for ldap/hh16.hh3.site at HH3.SITE [canonicalize, > renewable] > Kerberos: TGS-REQ authtime: 2014-05-20T14:01:35 starttime: > 2014-05-20T14:01:35 endtime: 2014-05-21T00:01:35 renew till: > 2014-05-21T14:01:35 > Terminating connection - 'kdc_tcp_call_loop: > tstream_read_pdu_blob_recv() - NT_STATUS_CONNECTION_DISCONNECTED' > single_terminate: reason[kdc_tcp_call_loop: > tstream_read_pdu_blob_recv() - NT_STATUS_CONNECTION_DISCONNECTED] > Kerberos: TGS-REQ LUBUNTU-LAPTOP$@HH3.SITE from > ipv4:192.168.1.22:40241 for DNS/a.root-servers.net at HH3.SITE > [canonicalize, renewable] > Kerberos: Searching referral for a.root-servers.net > Kerberos: Returning a referral to realm ROOT-SERVERS.NET for server > DNS/a.root-servers.net at HH3.SITE that was not found > Failed find a single entry for > (&(objectClass=trustedDomain)(|(flatname=ROOT-SERVERS.NET)(trustPartner=ROOT-SERVERS.NET))): > got 0 > Kerberos: samba_kdc_fetch: could not find principal in DB > Kerberos: Server not found in database: > krbtgt/ROOT-SERVERS.NET at HH3.SITE: no such entry found in hdb > Kerberos: Failed building TGS-REP to ipv4:192.168.1.22:40241 > Terminating connection - 'kdc_tcp_call_loop: > tstream_read_pdu_blob_recv() - NT_STATUS_CONNECTION_DISCONNECTED' > single_terminate: reason[kdc_tcp_call_loop: > tstream_read_pdu_blob_recv() - NT_STATUS_CONNECTION_DISCONNECTED] > Kerberos: TGS-REQ LUBUNTU-LAPTOP$@HH3.SITE from > ipv4:192.168.1.22:40242 for DNS/a.root-servers.net at HH3.SITE [renewable] > Kerberos: Server not found in database: > DNS/a.root-servers.net at HH3.SITE: no such entry found in hdb > Kerberos: Failed building TGS-REP to ipv4:192.168.1.22:40242 > Terminating connection - 'kdc_tcp_call_loop: > tstream_read_pdu_blob_recv() - NT_STATUS_CONNECTION_DISCONNECTED' > single_terminate: reason[kdc_tcp_call_loop: > tstream_read_pdu_blob_recv() - NT_STATUS_CONNECTION_DISCONNECTED] > Kerberos: TGS-REQ LUBUNTU-LAPTOP$@HH3.SITE from > ipv4:192.168.1.22:40243 for DNS/a.root-servers.net at HH3.SITE > [canonicalize, renewable] > Kerberos: Searching referral for a.root-servers.net > Kerberos: Returning a referral to realm ROOT-SERVERS.NET for server > DNS/a.root-servers.net at HH3.SITE that was not found > Failed find a single entry for > (&(objectClass=trustedDomain)(|(flatname=ROOT-SERVERS.NET)(trustPartner=ROOT-SERVERS.NET))): > got 0 > Kerberos: samba_kdc_fetch: could not find principal in DB > Kerberos: Server not found in database: > krbtgt/ROOT-SERVERS.NET at HH3.SITE: no such entry found in hdb > Kerberos: Failed building TGS-REP to ipv4:192.168.1.22:40243 > Terminating connection - 'kdc_tcp_call_loop: > tstream_read_pdu_blob_recv() - NT_STATUS_CONNECTION_DISCONNECTED' > single_terminate: reason[kdc_tcp_call_loop: > tstream_read_pdu_blob_recv() - NT_STATUS_CONNECTION_DISCONNECTED] > Kerberos: TGS-REQ LUBUNTU-LAPTOP$@HH3.SITE from > ipv4:192.168.1.22:40244 for DNS/a.root-servers.net at HH3.SITE [renewable] > Kerberos: Server not found in database: > DNS/a.root-servers.net at HH3.SITE: no such entry found in hdb > Kerberos: Failed building TGS-REP to ipv4:192.168.1.22:40244 > > The worrying thing is that we can still get tickets even though it has > the wrong A record in DNS. > What is this, 'a.root-servers.net' business? Why not our domain? > What have we overlooked? > Thanks, > Steve >
not like this.>127.0.0.1 localhost >127.0.1.1 lubuntu-laptop.hh3.site lubuntu-laptopThis is simply wrong, and cause by dhcp client at install. better... 127.0.0.1 localhost 192.168.1.22 lubuntu-laptop.hh3.site lubuntu-laptop for dedicated IP. Do you use resolvconf ( the packages, default is its used ) if so configure it. or configure /etc/network/interfaces and add the dns-nameserver dns-search dns-domain. when dns- is used resolvconf adds the info in /etc/resolv.conf Louis>-----Oorspronkelijk bericht----- >Van: rowlandpenny at googlemail.com >[mailto:samba-bounces at lists.samba.org] Namens Rowland Penny >Verzonden: dinsdag 20 mei 2014 15:36 >Aan: samba at lists.samba.org >Onderwerp: Re: [Samba] Ubuntu client ddns failure > >On 20/05/14 14:12, steve wrote: >> Hi >> I'm trying to get an Ubuntu 14.04 client to update its rr to >a working >> bind dns DC with Samba 4.1.7. The setup is the same as with our >> openSUSE clients with sssd 1.11.15 >> sssd.conf >> id_provider = ad >> auth_provider = ad >> access_provider = ad >> ldap_id_mapping = False >> >> /etc/hosts >> 127.0.0.1 lubuntu-laptop.hh3.site lubuntu-laptop >> 127.0.1.1 localhost >> >Don't know if this is your problem, but you have got /etc/hosts wrong, >shouldn't it be: > >127.0.0.1 localhost >127.0.1.1 lubuntu-laptop.hh3.site lubuntu-laptop > >Rowland > >> But it is sending a request for the wrong zone: >> >> Kerberos: ENC-TS Pre-authentication succeeded -- >> LUBUNTU-LAPTOP$@HH3.SITE using arcfour-hmac-md5 >> Kerberos: AS-REQ authtime: 2014-05-20T14:01:35 starttime: unset >> endtime: 2014-05-21T00:01:35 renew till: 2014-05-21T14:01:35 >> Kerberos: Client supported enctypes: aes256-cts-hmac-sha1-96, >> aes128-cts-hmac-sha1-96, arcfour-hmac-md5, des3-cbc-sha1, 25, 26, >> using arcfour-hmac-md5/arcfour-hmac-md5 >> Kerberos: Requested flags: renewable-ok >> Kerberos: TGS-REQ LUBUNTU-LAPTOP$@HH3.SITE from >> ipv4:192.168.1.22:40240 for ldap/hh16.hh3.site at HH3.SITE >[canonicalize, >> renewable] >> Kerberos: TGS-REQ authtime: 2014-05-20T14:01:35 starttime: >> 2014-05-20T14:01:35 endtime: 2014-05-21T00:01:35 renew till: >> 2014-05-21T14:01:35 >> Terminating connection - 'kdc_tcp_call_loop: >> tstream_read_pdu_blob_recv() - NT_STATUS_CONNECTION_DISCONNECTED' >> single_terminate: reason[kdc_tcp_call_loop: >> tstream_read_pdu_blob_recv() - NT_STATUS_CONNECTION_DISCONNECTED] >> Kerberos: TGS-REQ LUBUNTU-LAPTOP$@HH3.SITE from >> ipv4:192.168.1.22:40241 for DNS/a.root-servers.net at HH3.SITE >> [canonicalize, renewable] >> Kerberos: Searching referral for a.root-servers.net >> Kerberos: Returning a referral to realm ROOT-SERVERS.NET for server >> DNS/a.root-servers.net at HH3.SITE that was not found >> Failed find a single entry for >> >(&(objectClass=trustedDomain)(|(flatname=ROOT-SERVERS.NET)(trus >tPartner=ROOT-SERVERS.NET))): >> got 0 >> Kerberos: samba_kdc_fetch: could not find principal in DB >> Kerberos: Server not found in database: >> krbtgt/ROOT-SERVERS.NET at HH3.SITE: no such entry found in hdb >> Kerberos: Failed building TGS-REP to ipv4:192.168.1.22:40241 >> Terminating connection - 'kdc_tcp_call_loop: >> tstream_read_pdu_blob_recv() - NT_STATUS_CONNECTION_DISCONNECTED' >> single_terminate: reason[kdc_tcp_call_loop: >> tstream_read_pdu_blob_recv() - NT_STATUS_CONNECTION_DISCONNECTED] >> Kerberos: TGS-REQ LUBUNTU-LAPTOP$@HH3.SITE from >> ipv4:192.168.1.22:40242 for DNS/a.root-servers.net at HH3.SITE >[renewable] >> Kerberos: Server not found in database: >> DNS/a.root-servers.net at HH3.SITE: no such entry found in hdb >> Kerberos: Failed building TGS-REP to ipv4:192.168.1.22:40242 >> Terminating connection - 'kdc_tcp_call_loop: >> tstream_read_pdu_blob_recv() - NT_STATUS_CONNECTION_DISCONNECTED' >> single_terminate: reason[kdc_tcp_call_loop: >> tstream_read_pdu_blob_recv() - NT_STATUS_CONNECTION_DISCONNECTED] >> Kerberos: TGS-REQ LUBUNTU-LAPTOP$@HH3.SITE from >> ipv4:192.168.1.22:40243 for DNS/a.root-servers.net at HH3.SITE >> [canonicalize, renewable] >> Kerberos: Searching referral for a.root-servers.net >> Kerberos: Returning a referral to realm ROOT-SERVERS.NET for server >> DNS/a.root-servers.net at HH3.SITE that was not found >> Failed find a single entry for >> >(&(objectClass=trustedDomain)(|(flatname=ROOT-SERVERS.NET)(trus >tPartner=ROOT-SERVERS.NET))): >> got 0 >> Kerberos: samba_kdc_fetch: could not find principal in DB >> Kerberos: Server not found in database: >> krbtgt/ROOT-SERVERS.NET at HH3.SITE: no such entry found in hdb >> Kerberos: Failed building TGS-REP to ipv4:192.168.1.22:40243 >> Terminating connection - 'kdc_tcp_call_loop: >> tstream_read_pdu_blob_recv() - NT_STATUS_CONNECTION_DISCONNECTED' >> single_terminate: reason[kdc_tcp_call_loop: >> tstream_read_pdu_blob_recv() - NT_STATUS_CONNECTION_DISCONNECTED] >> Kerberos: TGS-REQ LUBUNTU-LAPTOP$@HH3.SITE from >> ipv4:192.168.1.22:40244 for DNS/a.root-servers.net at HH3.SITE >[renewable] >> Kerberos: Server not found in database: >> DNS/a.root-servers.net at HH3.SITE: no such entry found in hdb >> Kerberos: Failed building TGS-REP to ipv4:192.168.1.22:40244 >> >> The worrying thing is that we can still get tickets even >though it has >> the wrong A record in DNS. >> What is this, 'a.root-servers.net' business? Why not our domain? >> What have we overlooked? >> Thanks, >> Steve >> > >-- >To unsubscribe from this list go to the following URL and read the >instructions: https://lists.samba.org/mailman/options/samba > >