Hey! How are you? I have two interfaces (192.168.78.20 / *2001:470:1f1b:5b3:21b:21ff:fea6:ce93* and 192.168.81.20 / *2001:470:1f1b:5b5:21b:21ff:fea6:ce92*) I have interfaces disabled i mean that i bind on everything on samba ac-dc... What here is what is weird, (via bind9 DLZ i am using it and is working), but on my clients i am getting some weird ipv6 addresses: patrikx3 at bitang:~$ ping p3x-dc.patrikx3.com PING p3x-dc.patrikx3.com(2001:470:1f1b:5b3:9ade:d0ff:fe04:23c3 (2001:470:1f1b:5b3:9ade:d0ff:fe04:23c3)) 56 data bytes>From 2001:470:1f1b:5b3::1 (2001:470:1f1b:5b3::1) icmp_seq=1 Destinationunreachable: Address unreachable>From 2001:470:1f1b:5b3::1 (2001:470:1f1b:5b3::1) icmp_seq=2 Destinationunreachable: Address unreachable>From 2001:470:1f1b:5b3::1 (2001:470:1f1b:5b3::1) icmp_seq=3 Destinationunreachable: Address unreachable>From 2001:470:1f1b:5b3::1 (2001:470:1f1b:5b3::1) icmp_seq=4 Destinationunreachable: Address unreachable ^C --- p3x-dc.patrikx3.com ping statistics --- 7 packets transmitted, 0 received, +4 errors, 100% packet loss, time 6110ms When i lookup: patrikx3 at bitang:~$ nslookup p3x-dc.patrikx3.com Server: 127.0.0.53 Address: 127.0.0.53#53 Non-authoritative answer: Name: p3x-dc.patrikx3.com Address: *192.168.81.120 - there is no client at this ip address* Name: p3x-dc.patrikx3.com Address: 192.168.78.20 Name: p3x-dc.patrikx3.com Address: 2001:470:1f1b:5b5:eeaa:a0ff:fe1b:4d84 Name: p3x-dc.patrikx3.com Address:* 2001:470:1f1b:5b3:9ade:d0ff:fe04:23c3** - there is no client at this ip address* As you can see, it should be in the nslookup (192.168.78.20 / *2001:470:1f1b:5b3:21b:21ff:fea6:ce93* and 192.168.81.20 / *2001:470:1f1b:5b5:21b:21ff:fea6:ce92*), but the 192.168.81.0/24 subnet is giving (there is no clients on this), but it gives these two that i have no idea where samba binds: *192.168.81.120 and **2001:470:1f1b:5b3:9ade:d0ff:fe04:23c3* Even when i set up on smb.conf to set only: bind interfaces only = Yes interfaces = lo 192.168.78.20 2001:470:1f1b:5b3:21b:21ff:fea6:ce93 192.168.81.20 2001:470:1f1b:5b5:21b:21ff:fea6:ce92 Even after this it generates this p3x-dc.patrikx3.com domain ip address to this unknown ip addresses (*192.168.81.120 and * *2001:470:1f1b:5b3:9ade:d0ff:fe04:23c3*) How come this is possible? Please help! Thank you so much! *Patrik* WWW <https://patrikx3.com> | GitHub <https://github.com/patrikx3/> | NPM <https://www.npmjs.com/~patrikx3> | Corifeus <https://corifeus.com> | +36 20 342 8046
My config is this:
# Global parameters
[global]
# bind interfaces only = Yes
# if this is turned on, always perfect
# interfaces = lo 192.168.78.20 2001:470:1f1b:5b3:21b:21ff:fea6:ce93
# interfaces = lo 192.168.78.20 2001:470:1f1b:5b3:21b:21ff:fea6:ce93
192.168.81.20 2001:470:1f1b:5b5:21b:21ff:fea6:ce92
# interfaces = lo 192.168.81.20 2001:470:1f1b:5b5:21b:21ff:fea6:ce92
# if all interfaces known, order is important, the last is the required
# interfaces = lo 192.168.78.20 192.168.81.20
# interfaces = lo enp1s0f3 enp1s0f2
netbios name = SERVER
realm = P3X-DC.PATRIKX3.COM
# server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc, drepl,
winbindd, ntp_signd, kcc, dnsupdate
server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc, drepl, winbindd,
ntp_signd, kcc
workgroup = P3X-DC
allow insecure wide links = Yes
# before was working
unix extensions = no
server role = active directory domain controller
idmap_ldb:use rfc2307 = yes
comment # log level = 3
template shell = /bin/bash
template homedir = /home/%U
[netlogon]
path = /var/lib/samba/sysvol/p3x-dc.patrikx3.com/scripts
read only = No
[sysvol]
path = /var/lib/samba/sysvol
read only = No
[media]
path = /media
read only = no
guest ok = no
force group = media
writable = yes
[mounts]
path = /mnt
read only = no
guest ok = no
force group = mount
writable = yes
[router-logs]
path = /var/log-router
read only = yes
guest ok = yes
writable = no
browseable = yes
# valid users = router
force user = root
follow symlinks = yes
wide links = yes
*Patrik*
WWW <https://patrikx3.com> | GitHub <https://github.com/patrikx3/> |
NPM
<https://www.npmjs.com/~patrikx3> | Corifeus <https://corifeus.com>
| +36
20 342 8046
On Sat, Aug 3, 2019 at 3:54 AM Patrik <alabard at gmail.com> wrote:
> Hey!
>
> How are you?
>
> I have two interfaces (192.168.78.20 /
> *2001:470:1f1b:5b3:21b:21ff:fea6:ce93* and 192.168.81.20 /
> *2001:470:1f1b:5b5:21b:21ff:fea6:ce92*)
> I have interfaces disabled i mean that i bind on everything on samba
> ac-dc...
> What here is what is weird, (via bind9 DLZ i am using it and is working),
> but on my clients i am getting some weird ipv6 addresses:
> patrikx3 at bitang:~$ ping p3x-dc.patrikx3.com
> PING p3x-dc.patrikx3.com(2001:470:1f1b:5b3:9ade:d0ff:fe04:23c3
> (2001:470:1f1b:5b3:9ade:d0ff:fe04:23c3)) 56 data bytes
> From 2001:470:1f1b:5b3::1 (2001:470:1f1b:5b3::1) icmp_seq=1 Destination
> unreachable: Address unreachable
> From 2001:470:1f1b:5b3::1 (2001:470:1f1b:5b3::1) icmp_seq=2 Destination
> unreachable: Address unreachable
> From 2001:470:1f1b:5b3::1 (2001:470:1f1b:5b3::1) icmp_seq=3 Destination
> unreachable: Address unreachable
> From 2001:470:1f1b:5b3::1 (2001:470:1f1b:5b3::1) icmp_seq=4 Destination
> unreachable: Address unreachable
> ^C
> --- p3x-dc.patrikx3.com ping statistics ---
> 7 packets transmitted, 0 received, +4 errors, 100% packet loss, time 6110ms
> When i lookup:
> patrikx3 at bitang:~$ nslookup p3x-dc.patrikx3.com
> Server: 127.0.0.53
> Address: 127.0.0.53#53
>
> Non-authoritative answer:
> Name: p3x-dc.patrikx3.com
> Address: *192.168.81.120 - there is no client at this ip address*
> Name: p3x-dc.patrikx3.com
> Address: 192.168.78.20
> Name: p3x-dc.patrikx3.com
> Address: 2001:470:1f1b:5b5:eeaa:a0ff:fe1b:4d84
> Name: p3x-dc.patrikx3.com
> Address:* 2001:470:1f1b:5b3:9ade:d0ff:fe04:23c3** - there is no client at
> this ip address*
> As you can see, it should be in the nslookup (192.168.78.20 /
> *2001:470:1f1b:5b3:21b:21ff:fea6:ce93* and 192.168.81.20 /
> *2001:470:1f1b:5b5:21b:21ff:fea6:ce92*),
> but the 192.168.81.0/24 subnet is giving (there is no clients on this),
> but it gives these two that i have no idea where samba binds:
> *192.168.81.120 and **2001:470:1f1b:5b3:9ade:d0ff:fe04:23c3*
> Even when i set up on smb.conf to set only:
> bind interfaces only = Yes
> interfaces = lo 192.168.78.20 2001:470:1f1b:5b3:21b:21ff:fea6:ce93
> 192.168.81.20 2001:470:1f1b:5b5:21b:21ff:fea6:ce92
>
> Even after this it generates this p3x-dc.patrikx3.com domain ip address
> to this unknown ip addresses (*192.168.81.120 and *
> *2001:470:1f1b:5b3:9ade:d0ff:fe04:23c3*)
>
> How come this is possible?
> Please help!
> Thank you so much!
>
>
>
> *Patrik*
> WWW <https://patrikx3.com> | GitHub
<https://github.com/patrikx3/> | NPM
> <https://www.npmjs.com/~patrikx3> | Corifeus
<https://corifeus.com> | +36
> 20 342 8046
>
>
>
On 03/08/2019 03:01, Patrik via samba wrote:> My config is this: > # Global parameters > [global] > # bind interfaces only = Yes > # if this is turned on, always perfect > # interfaces = lo 192.168.78.20 2001:470:1f1b:5b3:21b:21ff:fea6:ce93 > # interfaces = lo 192.168.78.20 2001:470:1f1b:5b3:21b:21ff:fea6:ce93 > 192.168.81.20 2001:470:1f1b:5b5:21b:21ff:fea6:ce92 > # interfaces = lo 192.168.81.20 2001:470:1f1b:5b5:21b:21ff:fea6:ce92 > # if all interfaces known, order is important, the last is the required > # interfaces = lo 192.168.78.20 192.168.81.20 > # interfaces = lo enp1s0f3 enp1s0f2 > netbios name = SERVER > realm = P3X-DC.PATRIKX3.COM > # server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc, drepl, > winbindd, ntp_signd, kcc, dnsupdate > server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc, drepl, winbindd, > ntp_signd, kcc >It looks to me that you already know the answer, even if you don't realise it ;-) You have turned off the culprit, 'dnsupdate', this uses a list 'dns_update_list' to add any missing dns entries. Amongst the records it checks for are: A ${HOSTNAME}?????????????????????????????????????????? $IP AAAA ${HOSTNAME}?????????????????????????????????????????? $IP ${IF_RWDC}A ${DNSDOMAIN}????????????????????????????????????????? $IP ${IF_RWDC}AAAA ${DNSDOMAIN}????????????????????????????????????????? $IP There are others. You need to decide which interface to use and set this in smb.conf, you will then need to delete the incorrect dns records from AD. Also, you are using the AD DC as a fileserver (not recommended), so can I suggest you change your smb.conf to this: [global] ??? netbios name = SERVER ??? realm = P3X-DC.PATRIKX3.COM ??? server role = active directory domain controller ??? server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc, drepl, winbindd, ntp_signd, kcc, dnsupdate ??? workgroup = P3X-DC ??? idmap_ldb:use rfc2307 = yes ??? bind interfaces only = Yes ??? interfaces = lo enp1s0f2 ??? # log level = 3 ??? template shell = /bin/bash ??? template homedir = /home/%U [netlogon] ??? path = /var/lib/samba/sysvol/p3x-dc.patrikx3.com/scripts ??? read only = No [sysvol] ??? path = /var/lib/samba/sysvol ??? read only = No [media] ??????? path = /media ??????? read only = no [mounts] ??????? path = /mnt ??????? read only = no [router-logs] ??????? path = /var/log-router ??????? read only = yes Then go and read this: https://wiki.samba.org/index.php/Setting_up_a_Share_Using_Windows_ACLs If you must use a DC as a fileserver, you cannot set the permissions as if it is a Unix domain member. Rowland