samba - Dec 2018 - After upgrade to 4.9.4, internal DNS no longer working

On Sun, 23 Dec 2018 10:38:05 +0100
Viktor Trojanovic <viktor at troja.ch> wrote:
> I'm not aware of a new folder being created. I can confirm that
> /var/lib/samba/private/sam.ldb is the only file with that name on my
> system. How could I check if Samba indeed looks up this file and is
> not looking for it somewhere else?
> 
> Some additional information that might be relevant or not. I can run
> ldbsearch -H on sam.ldb without errors. I can even query specific
> information, such as '(objectclass=person)' and the result list
looks
> accurate. Doesn't this mean that my sam.ldb is actually in order and
> the error lies elsewhere?
> 
It sort of sounded like your latest Samba was using a different folder,
but it seems it isn't.

If everything in sam.ldb is readable, then it is probably okay, have
you tried running 'samba-tool dbcheck' on it ?

I wonder if your old Samba was <= 4.7.x. A new GUID index mode was
introduced at 4.8.0, but this should just slow things down at first
start up.

There was also a change of ports used at 4.7.0, so if there is a
firewall in use, this could be your problem, see here:

https://wiki.samba.org/index.php/Samba_AD_DC_Port_Usage

You also posted in your smb.conf:

realm = samdom.example.com

Yet, in your other posts, you have this:

DC=samdom,DC=example,DC=ch

Which would make your dns domain (and realm) 'samdom.example.ch', I
take it this is a typo.

Rowland

Yes, I tried running dbcheck (see first email), it showed 0 errors from the
start, I never had to fix anything. All checks on the flat files work fine,
SMB basic access works fine too, but as soon as I introduce authentication
or ldap or DNS, it fails.

ch/com, just a typo. No firewall set up on this server so that's not it
either.

Is there anything else we could try? Or do you think this warrants raising
a bug with the package maintainer at Arch?



On Sun, 23 Dec 2018 at 11:10, Rowland Penny via samba <samba at
lists.samba.org>
wrote:
> On Sun, 23 Dec 2018 10:38:05 +0100
> Viktor Trojanovic <viktor at troja.ch> wrote:
>
> > I'm not aware of a new folder being created. I can confirm that
> > /var/lib/samba/private/sam.ldb is the only file with that name on my
> > system. How could I check if Samba indeed looks up this file and is
> > not looking for it somewhere else?
> >
> > Some additional information that might be relevant or not. I can run
> > ldbsearch -H on sam.ldb without errors. I can even query specific
> > information, such as '(objectclass=person)' and the result
list looks
> > accurate. Doesn't this mean that my sam.ldb is actually in order
and
> > the error lies elsewhere?
> >
>
> It sort of sounded like your latest Samba was using a different folder,
> but it seems it isn't.
>
> If everything in sam.ldb is readable, then it is probably okay, have
> you tried running 'samba-tool dbcheck' on it ?
>
> I wonder if your old Samba was <= 4.7.x. A new GUID index mode was
> introduced at 4.8.0, but this should just slow things down at first
> start up.
>
> There was also a change of ports used at 4.7.0, so if there is a
> firewall in use, this could be your problem, see here:
>
> https://wiki.samba.org/index.php/Samba_AD_DC_Port_Usage
>
> You also posted in your smb.conf:
>
> realm = samdom.example.com
>
> Yet, in your other posts, you have this:
>
> DC=samdom,DC=example,DC=ch
>
> Which would make your dns domain (and realm) 'samdom.example.ch', I
> take it this is a typo.
>
> Rowland
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba

I was too quick to send my previous email. It can't really be a problem of
the package since I have, as mentioned, another system with the exact same
setup and the exact same package versions and it all works there...

On Sun, 23 Dec 2018 at 11:18, Viktor Trojanovic <viktor at troja.ch>
wrote:
> Yes, I tried running dbcheck (see first email), it showed 0 errors from
> the start, I never had to fix anything. All checks on the flat files work
> fine, SMB basic access works fine too, but as soon as I introduce
> authentication or ldap or DNS, it fails.
>
> ch/com, just a typo. No firewall set up on this server so that's not it
> either.
>
> Is there anything else we could try? Or do you think this warrants raising
> a bug with the package maintainer at Arch?
>
>
>
> On Sun, 23 Dec 2018 at 11:10, Rowland Penny via samba <
> samba at lists.samba.org> wrote:
>
>> On Sun, 23 Dec 2018 10:38:05 +0100
>> Viktor Trojanovic <viktor at troja.ch> wrote:
>>
>> > I'm not aware of a new folder being created. I can confirm
that
>> > /var/lib/samba/private/sam.ldb is the only file with that name on
my
>> > system. How could I check if Samba indeed looks up this file and
is
>> > not looking for it somewhere else?
>> >
>> > Some additional information that might be relevant or not. I can
run
>> > ldbsearch -H on sam.ldb without errors. I can even query specific
>> > information, such as '(objectclass=person)' and the result
list looks
>> > accurate. Doesn't this mean that my sam.ldb is actually in
order and
>> > the error lies elsewhere?
>> >
>>
>> It sort of sounded like your latest Samba was using a different folder,
>> but it seems it isn't.
>>
>> If everything in sam.ldb is readable, then it is probably okay, have
>> you tried running 'samba-tool dbcheck' on it ?
>>
>> I wonder if your old Samba was <= 4.7.x. A new GUID index mode was
>> introduced at 4.8.0, but this should just slow things down at first
>> start up.
>>
>> There was also a change of ports used at 4.7.0, so if there is a
>> firewall in use, this could be your problem, see here:
>>
>> https://wiki.samba.org/index.php/Samba_AD_DC_Port_Usage
>>
>> You also posted in your smb.conf:
>>
>> realm = samdom.example.com
>>
>> Yet, in your other posts, you have this:
>>
>> DC=samdom,DC=example,DC=ch
>>
>> Which would make your dns domain (and realm)
'samdom.example.ch', I
>> take it this is a typo.
>>
>> Rowland
>>
>> --
>> To unsubscribe from this list go to the following URL and read the
>> instructions:  https://lists.samba.org/mailman/options/samba
>
>