thr3ads.net - samba - [Samba] New PTR records not visible [Feb 2020]

If this information is useful, please help other people find it:
Share via:

L.P.H. van Belle

2020-Feb-27 10:31 UTC

[Samba] New PTR records not visible

Ok, we might have found something here. 

I created a small script, see below, easy to adapt. 

So, after running this i see the same problem as in : 
https://bugzilla.samba.org/show_bug.cgi?id=14268 

If i do it manualy everything works fine. 
But if i "past the commands or run the script" 
Then i see this problem.. 
So im thinking here, the speed of adding is creating somekind or problem. 
@Rowland, you any ideas? 

And if others can test this and post there samba version and os, that would be
nice.
Tested as shown in bugzilla: 

Debian 10 , with samba 4.11.6 + bind_DLZ. My packages. 
Centos 7 , with samba 4.11.6 + bind_DLZ.  Sernet packages. 
We need few 4.10.x tests also

Run this 2 times or three.. Change the ipnumbers and zone names your creating.
I also tested below with between every line a : sleep 0.1
Same results, wrong results. 

#!bin/bash
# Run this script 2 times!! 

DC_FQDN="$(hostname -f)"
DC_NAME="$(hostname -s)"

# After the first run change the "test1/test2 to test01/test02" 
# and run it again. 
ZONE_TEST1="test1.domain.tld"
ZONE_TEST2="test2.domain.tld"

ZONE_ARPA="0.168.192"
ZONE_IP="192.168.0"

#kinit Administrator !! AUTH before you run this script. 

# Create zone
# test with FQDN
samba-tool dns zonecreate $DC_FQDN $ZONE_TEST1
# test with NAME
samba-tool dns zonecreate $DC_NAME $ZONE_TEST2

# Create reverse zone
samba-tool dns zonecreate $DC_FQDN $ZONE_ARPA.in-addr.arpa

# Create A record
samba-tool dns add $DC_FQDN $ZONE_TEST1 testa1 A ZONE_IP.1
samba-tool dns add $DC_FQDN $ZONE_TEST1 testc1 CNAME testa1.$ZONE_TEST1
samba-tool dns add $DC_FQDN $ZONE_TEST1 testa2 A ZONE_IP.2
samba-tool dns add $DC_FQDN $ZONE_TEST1 testc2 CNAME testa2.$ZONE_TEST1
samba-tool dns add $DC_FQDN $ZONE_TEST1 testa3 A ZONE_IP.3
samba-tool dns add $DC_FQDN $ZONE_TEST1 testc3 CNAME testa3.$ZONE_TEST1
samba-tool dns add $DC_FQDN $ZONE_TEST1 testa4 A ZONE_IP.4
samba-tool dns add $DC_FQDN $ZONE_TEST1 testc4 CNAME testa4.$ZONE_TEST1
samba-tool dns add $DC_FQDN $ZONE_TEST1 testa5 A ZONE_IP.5
samba-tool dns add $DC_FQDN $ZONE_TEST1 testc5 CNAME testa5.$ZONE_TEST1
samba-tool dns add $DC_FQDN $ZONE_TEST1 testa6 A ZONE_IP.6
samba-tool dns add $DC_FQDN $ZONE_TEST1 testc6 CNAME testa6.$ZONE_TEST1
samba-tool dns add $DC_FQDN $ZONE_TEST1 testa7 A ZONE_IP.7
samba-tool dns add $DC_FQDN $ZONE_TEST1 testc7 CNAME testa7.$ZONE_TEST1
samba-tool dns add $DC_FQDN $ZONE_TEST1 testa8 A ZONE_IP.8
samba-tool dns add $DC_FQDN $ZONE_TEST1 testc8 CNAME testa8.$ZONE_TEST1
samba-tool dns add $DC_FQDN $ZONE_TEST1 testa9 A ZONE_IP.9
samba-tool dns add $DC_FQDN $ZONE_TEST1 testc9 CNAME testa9.$ZONE_TEST1
samba-tool dns add $DC_FQDN $ZONE_TEST1 testa10 A ZONE_IP.10
samba-tool dns add $DC_FQDN $ZONE_TEST1 testc10 CNAME testa10.$ZONE_TEST1

samba-tool dns add $DC_NAME $ZONE_TEST2 testa1 A ZONE_IP.1
samba-tool dns add $DC_NAME $ZONE_TEST2 testc1 CNAME testa1.$ZONE_TEST2
samba-tool dns add $DC_NAME $ZONE_TEST2 testa2 A ZONE_IP.2
samba-tool dns add $DC_NAME $ZONE_TEST2 testc2 CNAME testa2.$ZONE_TEST2
samba-tool dns add $DC_NAME $ZONE_TEST2 testa3 A ZONE_IP.3
samba-tool dns add $DC_NAME $ZONE_TEST2 testc3 CNAME testa3.$ZONE_TEST2
samba-tool dns add $DC_NAME $ZONE_TEST2 testa4 A ZONE_IP.4
samba-tool dns add $DC_NAME $ZONE_TEST2 testc4 CNAME testa4.$ZONE_TEST2
samba-tool dns add $DC_NAME $ZONE_TEST2 testa5 A ZONE_IP.5
samba-tool dns add $DC_NAME $ZONE_TEST2 testc5 CNAME testa5.$ZONE_TEST2
samba-tool dns add $DC_NAME $ZONE_TEST2 testa6 A ZONE_IP.6
samba-tool dns add $DC_NAME $ZONE_TEST2 testc6 CNAME testa6.$ZONE_TEST2
samba-tool dns add $DC_NAME $ZONE_TEST2 testa7 A ZONE_IP.7
samba-tool dns add $DC_NAME $ZONE_TEST2 testc7 CNAME testa7.$ZONE_TEST2
samba-tool dns add $DC_NAME $ZONE_TEST2 testa8 A ZONE_IP.8
samba-tool dns add $DC_NAME $ZONE_TEST2 testc8 CNAME testa8.$ZONE_TEST2
samba-tool dns add $DC_NAME $ZONE_TEST2 testa9 A ZONE_IP.9
samba-tool dns add $DC_NAME $ZONE_TEST2 testc9 CNAME testa9.$ZONE_TEST2
samba-tool dns add $DC_NAME $ZONE_TEST2 testa10 A ZONE_IP.10
samba-tool dns add $DC_NAME $ZONE_TEST2 testc10 CNAME testa10.$ZONE_TEST2

# Query
samba-tool dns query $DC_FQDN $ZONE_TEST1  $ZONE_TEST1 all
samba-tool dns query $DC_NAME $ZONE_TEST2  $ZONE_TEST2 all


## My results 
Zone test1 : shows 10 A records and 25 CNAMES
Zone test2 : shows 5 A records and 5 CNAMES
Zone test01 : shows 5 A records and 5 CNAMES
Zone test02 : shows 5 A records and 5 CNAMES
 
So yes, there is something going wrong here. 

I'll update the bug report. 


Greetz,

Louis


> -----Oorspronkelijk bericht-----
> Van: samba [mailto:samba-bounces at lists.samba.org] Namens 
> L.P.H. van Belle via samba
> Verzonden: donderdag 27 februari 2020 10:48
> Aan: samba at lists.samba.org
> Onderwerp: Re: [Samba] New PTR records not visible
> 
>  
> 
> > -----Oorspronkelijk bericht-----
> > Van: samba [mailto:samba-bounces at lists.samba.org] Namens 
> > Christian Naumer via samba
> > Verzonden: donderdag 27 februari 2020 10:33
> > Aan: samba at lists.samba.org
> > Onderwerp: Re: [Samba] New PTR records not visible
> > 
> > Hello Louis,
> > thanks for looking into this. Have you looked at what the original
> > poster shared in the bug report?
> > 
> > https://bugzilla.samba.org/show_bug.cgi?id=14268
> 
> Yes, im also looking again at that one.
> 
> > 
> > I don't have a big problem with this, just trying to help. 
> Which we very apriciate :-) 
> 
> > Maybe the original poster can say more with regards of the 
> problem he 
> > has with this.
> > 
> > 
> > here are more of my details.
> Thanks, now beside the few script errors due to your using 
> centos, i'll ignore that.
> But you setup is "tumbs up" good, based on what i see i would 
> not change much.
> 
> But do verify this : >     tkey-gssapi-keytab 
> "/var/lib/samba/private/dns.keytab"; 
> Later samba version use :  tkey-gssapi-keytab 
> "/var/lib/samba/bind-dns/dns.keytab"; 
> as of samba 4.9+ 
> 
> So this keeps strange. 
> Anyone else suggestion on debugging this, or to some 
> verifications with Centos. 
> 
> 
> So far, 
> 
> Greetz,
> 
> Louis
> 
> 
> 
> > 
> > Regards
> > 
> > 
> > #####samba-debug-info.txt##############
> > Collected config  --- 2020-02-27-10:17 -----------
> > 
> > Hostname: dc1
> > DNS Domain: ad.domain.de
> > FQDN: DC1.ad.domain.de
> > ipaddress: 192.168.0.90
> > 
> > -----------
> > 
> > Kerberos SRV _kerberos._tcp.ad.domain.de record verified ok, 
> > sample output:
> > Server:		192.168.0.90
> > Address:	192.168.0.90#53
> > 
> > _kerberos._tcp.ad.domain.de	service = 0 100 88 dc1.ad.domain.de.
> > _kerberos._tcp.ad.domain.de	service = 0 100 88 dc3.ad.domain.de.
> > _kerberos._tcp.ad.domain.de	service = 0 100 88 dc2.ad.domain.de.
> > _kerberos._tcp.ad.domain.de	service = 0 100 88 dc4.ad.domain.de.
> > Samba is running as an AD DC
> > 
> > -----------
> >        Checking file: /etc/os-release
> > 
> > NAME="CentOS Linux"
> > VERSION="7 (Core)"
> > ID="centos"
> > ID_LIKE="rhel fedora"
> > VERSION_ID="7"
> > PRETTY_NAME="CentOS Linux 7 (Core)"
> > ANSI_COLOR="0;31"
> > CPE_NAME="cpe:/o:centos:centos:7"
> > HOME_URL="https://www.centos.org/"
> > BUG_REPORT_URL="https://bugs.centos.org/"
> > 
> > CENTOS_MANTISBT_PROJECT="CentOS-7"
> > CENTOS_MANTISBT_PROJECT_VERSION="7"
> > REDHAT_SUPPORT_PRODUCT="centos"
> > REDHAT_SUPPORT_PRODUCT_VERSION="7"
> > 
> > -----------
> > 
> > 
> > This computer is running an unknown distribution x86_64
> > 
> > -----------
> > running command : ip a
> > 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state
UNKNOWN
> > group default qlen 1000
> >     link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
> >     inet 127.0.0.1/8 scope host lo
> >     inet6 ::1/128 scope host
> > 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc 
> mq state UP
> > group default qlen 1000
> >     link/ether 6e:48:a7:59:a3:e4 brd ff:ff:ff:ff:ff:ff
> >     inet 192.168.0.90/21 brd 192.168.7.255 scope global eth0
> >     inet6 fe80::6c48:a7ff:fe59:a3e4/64 scope link
> > 
> > -----------
> >        Checking file: /etc/hosts
> > 
> > 127.0.0.1   localhost localhost.localdomain localhost4
> > localhost4.localdomain4
> > ::1         localhost localhost.localdomain localhost6
> > localhost6.localdomain6
> > 192.168.0.90 DC1.ad.domain.de DC1
> > 192.168.0.91 DC2.ad.domain.de DC2
> > 192.168.0.106 DC4.ad.domain.de DC4
> > 192.168.0.190 DC3.ad.domain.de DC3
> > 
> > -----------
> > 
> >        Checking file: /etc/resolv.conf
> > 
> > # Generated by NetworkManager
> > search ad.domain.de domain.de domain.com domain.de. 
> > domain.com. domain.de
> > nameserver 192.168.0.90
> > nameserver 192.168.0.91
> > nameserver 192.168.0.106
> > 
> > -----------
> > 
> >        Checking file: /etc/krb5.conf
> > 
> > [logging]
> > default = FILE:/var/log/krb5libs.log
> > kdc = FILE:/var/log/krb5kdc.log
> > admin_server = FILE:/var/log/kadmind.log
> > 
> > [libdefaults]
> > default_realm = ad.domain.DE
> > dns_lookup_realm = true
> > dns_lookup_kdc = true
> > ticket_lifetime = 24h
> > renew_lifetime = 7d
> > forwardable = true
> > 
> > -----------
> > 
> >        Checking file: /etc/nsswitch.conf
> > 
> > #
> > # /etc/nsswitch.conf
> > #
> > # An example Name Service Switch config file. This file should be
> > # sorted with the most-used services at the beginning.
> > #
> > # The entry '[NOTFOUND=return]' means that the search for an
> > # entry should stop if the search in the previous entry turned
> > # up nothing. Note that if the search failed due to some 
> other reason
> > # (like no NIS server responding) then the search continues with the
> > # next entry.
> > #
> > # Valid entries include:
> > #
> > #	nisplus			Use NIS+ (NIS version 3)
> > #	nis			Use NIS (NIS version 2), also called YP
> > #	dns			Use DNS (Domain Name Service)
> > #	files			Use the local files
> > #	db			Use the local database (.db) files
> > #	compat			Use NIS on compat mode
> > #	hesiod			Use Hesiod for user lookups
> > #	[NOTFOUND=return]	Stop searching if not found so far
> > #
> > 
> > # To use db, put the "db" in front of "files" for
entries you
> > want to be
> > # looked up first in the databases
> > #
> > # Example:
> > #passwd:    db files nisplus nis
> > #shadow:    db files nisplus nis
> > #group:     db files nisplus nis
> > 
> > passwd:     files winbind
> > shadow:     files winbind
> > group:      files winbind
> > #initgroups: files
> > 
> > #hosts:     db files nisplus nis dns
> > hosts:      files dns myhostname
> > 
> > # Example - obey only what nisplus tells us...
> > #services:   nisplus [NOTFOUND=return] files
> > #networks:   nisplus [NOTFOUND=return] files
> > #protocols:  nisplus [NOTFOUND=return] files
> > #rpc:        nisplus [NOTFOUND=return] files
> > #ethers:     nisplus [NOTFOUND=return] files
> > #netmasks:   nisplus [NOTFOUND=return] files
> > 
> > bootparams: nisplus [NOTFOUND=return] files
> > 
> > ethers:     files
> > netmasks:   files
> > networks:   files
> > protocols:  files
> > rpc:        files
> > services:   files sss
> > 
> > netgroup:   files sss
> > 
> > publickey:  nisplus
> > 
> > automount:  files sss
> > aliases:    files nisplus
> > 
> > -----------
> > 
> >        Checking file: /etc/samba/smb.conf
> > 
> > # Global parameters
> > [global]
> > 	netbios name = DC1
> > 	realm = ad.domain.DE
> > 	server services = s3fs, rpc, wrepl, ldap, cldap, kdc, 
> > drepl, winbindd,
> > ntp_signd, kcc, dnsupdate
> > 	workgroup = DOMAIN-02
> > 	logging =syslog
> > 	log level = 1 auth_audit:4 dsdb_password_audit:5
> > dsdb_transaction_audit:5 dsdb_group_audit:5
> > 	#log level = 3 auth_audit:4
> > 	server role = active directory domain controller
> > 	idmap_ldb:use rfc2307 = yes
> > 	template shell = /bin/bash
> >         template homedir = /home/%U
> > 	#username map = /etc/samba/smbusers
> > 	#ntlm auth = yes
> > 	ntlm auth = mschapv2-and-ntlmv2-only
> > 	#rpc server dynamic port range = 1024-1300
> > 	disable netbios = yes
> >         smb ports = 445
> > 	server min protocol = SMB2
> >         client min protocol = SMB2
> > 	tls enabled  = yes
> > 	tls keyfile  = tls/server_de.key
> > 	tls certfile = tls/server.pem
> > 	tls cafile   = tls/ca.pem
> > 
> > [netlogon]
> > 	path = /var/lib/samba/sysvol/ad.domain.de/scripts
> > 	read only = No
> > 
> > [sysvol]
> > 	path = /var/lib/samba/sysvol
> > 	read only = No
> > 
> > -----------
> > 
> > You have a user.map set in your smb.conf
> > This is not allowed because Samba is running as a DC
> > 
> > -----------
> > Detected bind DLZ enabled..
> > 
> > Warning, detected bind is enabled in smb.conf, but no /etc/bind
> > directory found
> > 
> > -----------
> > 
> > Installed packages:
> > 
> > 
> > -----------
> > ##########named.conf###################
> > 
> > # /etc/named.conf
> > # Global BIND configuration options
> > include "/var/lib/samba/private/named.conf";
> > options {
> >     tkey-gssapi-keytab "/var/lib/samba/private/dns.keytab";
> >     auth-nxdomain yes;
> >     directory "/var/named";
> >     notify no;
> >     empty-zones-enable no;
> > 
> >     allow-query {
> >         127.0.0.1;
> >         192.168.0.0/16;
> >         # add other networks you want to allow to query your DNS
> >     };
> > 
> >     allow-recursion {
> >         192.168.0.0/16;
> >         # add other networks you want to allow to do 
> recursive queries
> >     };
> > 
> >     forwarders {
> >         # Google public DNS server here - replace with your 
> > own if necessary
> >         8.8.8.8;
> >         8.8.4.4;
> >     };
> > 
> >     allow-transfer {
> >         # this config is for a single master DNS server
> >         none;
> >     };
> > 
> > };
> > 
> > 
> > # Root servers (required zone for recursive queries)
> > zone "." {
> >    type hint;
> >    file "named.root";
> > };
> > 
> > # Required localhost forward-/reverse zones
> > zone "localhost" {
> >     type master;
> >     file "master/localhost.zone";
> > };
> > zone "0.0.127.in-addr.arpa" {
> >     type master;
> >     file "master/0.0.127.zone";
> > };
> > 
> > 
> > Am 27.02.20 um 09:53 schrieb L.P.H. van Belle via samba:
> > > Ok, new test. 
> > > 
> > > Besides that i dont like the python errors shown, this 
> > still looks good. 
> > > So i dont know.. See below, i can not make it error. 
> > > 
> > > 
> > > for x in 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 ; do 
> > samba-tool dns add dc1.internal.dom.tld 
> > $x.249.10.in-addr.arpa 158 PTR host-test.extrazone.dom.tld ; done
> > > 
> > > Record added successfully
> > > Record added successfully
> > > Record added successfully
> > > Record added successfully
> > > Record added successfully
> > > ERROR: Zone does not exist; record coud not be added.
> > > ERROR: Zone does not exist; record could not be added.
> > > ERROR: Zone does not exist; record could not be added.
> > > ERROR: Zone does not exist; record could not be added.
> > > ERROR: Zone does not exist; record could not be added.
> > > ERROR: Zone does not exist; record could not be added.
> > > ERROR: Zone does not exist; record could not be added.
> > > ERROR: Zone does not exist; record could not be added.
> > > ERROR: Zone does not exist; record could not be added.
> > > ERROR: Zone does not exist; record could not be added.
> > > ERROR: Zone does not exist; record could not be added.
> > > 
> > > 
> > > 
> > > for x in 0 1 2 3 4 5 6 7 ; do samba-tool dns add 
> > dc1.internal.dom.tld $x.249.10.in-addr.arpa 158 PTR 
> > host-test.extrazone.dom.tld ; done
> > > ERROR(runtime): uncaught exception - (9711, 
> > 'WERR_DNS_ERROR_RECORD_ALREADY_EXISTS')
> > >   File 
> > "/usr/lib/python3/dist-packages/samba/netcmd/__init__.py", 
> > line 186, in _run
> > >     return self.run(*args, **kwargs)
> > >   File 
> > "/usr/lib/python3/dist-packages/samba/netcmd/dns.py", line 
> 945, in run
> > >     raise e
> > >   File 
> > "/usr/lib/python3/dist-packages/samba/netcmd/dns.py", line 
> 941, in run
> > >     0, server, zone, name, add_rec_buf, None)
> > > ERROR(runtime): uncaught exception - (9711, 
> > 'WERR_DNS_ERROR_RECORD_ALREADY_EXISTS')
> > >   File 
> > "/usr/lib/python3/dist-packages/samba/netcmd/__init__.py", 
> > line 186, in _run
> > >     return self.run(*args, **kwargs)
> > >   File 
> > "/usr/lib/python3/dist-packages/samba/netcmd/dns.py", line 
> 945, in run
> > >     raise e
> > >   File 
> > "/usr/lib/python3/dist-packages/samba/netcmd/dns.py", line 
> 941, in run
> > >     0, server, zone, name, add_rec_buf, None)
> > > ERROR(runtime): uncaught exception - (9711, 
> > 'WERR_DNS_ERROR_RECORD_ALREADY_EXISTS')
> > >   File 
> > "/usr/lib/python3/dist-packages/samba/netcmd/__init__.py", 
> > line 186, in _run
> > >     return self.run(*args, **kwargs)
> > >   File 
> > "/usr/lib/python3/dist-packages/samba/netcmd/dns.py", line 
> 945, in run
> > >     raise e
> > >   File 
> > "/usr/lib/python3/dist-packages/samba/netcmd/dns.py", line 
> 941, in run
> > >     0, server, zone, name, add_rec_buf, None)
> > > ERROR(runtime): uncaught exception - (9711, 
> > 'WERR_DNS_ERROR_RECORD_ALREADY_EXISTS')
> > >   File 
> > "/usr/lib/python3/dist-packages/samba/netcmd/__init__.py", 
> > line 186, in _run
> > >     return self.run(*args, **kwargs)
> > >   File 
> > "/usr/lib/python3/dist-packages/samba/netcmd/dns.py", line 
> 945, in run
> > >     raise e
> > >   File 
> > "/usr/lib/python3/dist-packages/samba/netcmd/dns.py", line 
> 941, in run
> > >     0, server, zone, name, add_rec_buf, None)
> > > ERROR(runtime): uncaught exception - (9711, 
> > 'WERR_DNS_ERROR_RECORD_ALREADY_EXISTS')
> > >   File 
> > "/usr/lib/python3/dist-packages/samba/netcmd/__init__.py", 
> > line 186, in _run
> > >     return self.run(*args, **kwargs)
> > >   File 
> > "/usr/lib/python3/dist-packages/samba/netcmd/dns.py", line 
> 945, in run
> > >     raise e
> > >   File 
> > "/usr/lib/python3/dist-packages/samba/netcmd/dns.py", line 
> 941, in run
> > >     0, server, zone, name, add_rec_buf, None)
> > > ERROR: Zone does not exist; record could not be added.
> > > ERROR: Zone does not exist; record could not be added.
> > > ERROR: Zone does not exist; record could not be added.
> > > 
> > > for x in 0 1 2 3 4 5 6 7 ; do nslookup 10.249.$x.158 ; done
> > > 158.0.249.10.in-addr.arpa       name = 
> host-test.extrazone.dom.tld.
> > > 
> > > 158.1.249.10.in-addr.arpa       name = 
> host-test.extrazone.dom.tld.
> > > 
> > > 158.2.249.10.in-addr.arpa       name = 
> host-test.extrazone.dom.tld.
> > > 
> > > 158.3.249.10.in-addr.arpa       name = 
> host-test.extrazone.dom.tld.
> > > 
> > > 158.4.249.10.in-addr.arpa       name = 
> host-test.extrazone.dom.tld.
> > > 
> > > ** server can't find 158.5.249.10.in-addr.arpa: NXDOMAIN
> > > 
> > > ** server can't find 158.6.249.10.in-addr.arpa: NXDOMAIN
> > > 
> > > ** server can't find 158.7.249.10.in-addr.arpa: NXDOMAIN
> > > 
> > > 
> > > Other range since you mentioned, this was in 192.168.x zones. 
> > > So here you go.
> > > 
> > > for x in 0 1 2 3 4 5 6 ; do samba-tool dns zonecreate 
> > dc1.internal.dom.tld $x.168.192.in-addr.arpa ; done
> > > Zone 0.168.192.in-addr.arpa created successfully
> > > Zone 1.168.192.in-addr.arpa created successfully
> > > Zone 2.168.192.in-addr.arpa created successfully
> > > Zone 3.168.192.in-addr.arpa created successfully
> > > Zone 4.168.192.in-addr.arpa created successfully
> > > Zone 5.168.192.in-addr.arpa created successfully
> > > Zone 6.168.192.in-addr.arpa created successfully
> > > 
> > > for x in 0 1 2 3 4 5 6 ; do samba-tool dns add 
> > dc1.internal.dom.tld $x.168.192.in-addr.arpa 1 PTR 
> > host-test.extrazone.dom.tld ; done
> > > Record added successfully
> > > Record added successfully
> > > Record added successfully
> > > Record added successfully
> > > Record added successfully
> > > Record added successfully
> > > Record added successfully
> > > 
> > > for x in 0 1 2 3 4 5 6 ; do nslookup 192.168.$x.1 ; done
> > > 1.0.168.192.in-addr.arpa        name = 
> host-test.extrazone.dom.tld.
> > > 
> > > 1.1.168.192.in-addr.arpa        name = 
> host-test.extrazone.dom.tld.
> > > 
> > > 1.2.168.192.in-addr.arpa        name = 
> host-test.extrazone.dom.tld.
> > > 
> > > 1.3.168.192.in-addr.arpa        name = 
> host-test.extrazone.dom.tld.
> > > 
> > > 1.4.168.192.in-addr.arpa        name = 
> host-test.extrazone.dom.tld.
> > > 
> > > 1.5.168.192.in-addr.arpa        name = 
> host-test.extrazone.dom.tld.
> > > 
> > > 1.6.168.192.in-addr.arpa        name = 
> host-test.extrazone.dom.tld.
> > > 
> > > 
> > > 
> > > Did you run my debugscript already, can you post it
> > > 
> > https://github.com/thctlo/samba4/raw/master/samba-collect-debu
> > g-info.sh 
> > > 
> > > 
> > > Greetz, 
> > > 
> > > Louis
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > >  
> > > 
> > >> -----Oorspronkelijk bericht-----
> > >> Van: samba [mailto:samba-bounces at lists.samba.org] Namens 
> > >> Christian Naumer via samba
> > >> Verzonden: donderdag 27 februari 2020 9:24
> > >> Aan: samba at lists.samba.org
> > >> Onderwerp: Re: [Samba] New PTR records not visible
> > >>
> > >> Hi,
> > >> have you tried adding an entry to another host on 157? For 
> > me it only
> > >> produces the error with 0.168.192.in-addr.arpa and
> > >> 2.168.192.in-addr.arpa. Not with 1 or 3.
> > >>
> > >> Regards
> > >>
> > >> Christian
> > >>
> > >>
> > >> Am 27.02.20 um 08:42 schrieb L.P.H. van Belle via samba:
> > >>> Hai, 
> > >>>
> > >>> Today i thought lets re-test this again. 
> > >>> So this was done yesterday, 
> > >>>
> > >>> samba-tool dns add dc1.internal.dom.tld 
> > >> 2.249.10.in-addr.arpa 157 PTR host.extrazone.dom.tld
> > >>> samba-tool dns add dc1.internal.dom.tld 
> > >> 0.249.10.in-addr.arpa 157 PTR host.extrazone.dom.tld
> > >>> samba-tool dns add dc1.internal.dom.tld 
> > >> 1.249.10.in-addr.arpa 157 PTR host.extrazone.dom.tld
> > >>>
> > >>> I did keep the entries in the dns yesterday. 
> > >>>
> > >>> Today : 
> > >>>
> > >>> samba-tool dns add dc1.internal.dom.tld 
> > >> 2.249.10.in-addr.arpa 157 PTR host.extrazone.dom.tld
> > >>> Password for [Administrator at REALM]:
> > >>> ERROR(runtime): uncaught exception - (9711, 
> > >> 'WERR_DNS_ERROR_RECORD_ALREADY_EXISTS')
> > >>>   File 
> > >>
"/usr/lib/python3/dist-packages/samba/netcmd/__init__.py",
> > >> line 186, in _run
> > >>>     return self.run(*args, **kwargs)
> > >>>   File 
> > >>
"/usr/lib/python3/dist-packages/samba/netcmd/dns.py", line
> > 945, in run
> > >>>     raise e
> > >>>   File 
> > >>
"/usr/lib/python3/dist-packages/samba/netcmd/dns.py", line
> > 941, in run
> > >>>     0, server, zone, name, add_rec_buf, None)
> > >>> # adding an extra on in "3"
> > >>> samba-tool dns add  dc1.internal.dom.tld 
> > >> 3.249.10.in-addr.arpa 157 PTR host.extrazone.dom.tld
> > >>> Password for [Administrator at REALM]:
> > >>> Record added successfully
> > >>>
> > >>> And i check all the reverse zones there dns records.
> > >>> All checked out ok.
> > >>>
> > >>> Sorry i can not make if fail here. 
> > >>>
> > >>>
> > >>> Greetz, 
> > >>>
> > >>> Louis 
> > >>>
> > >>>
> > >>>> -----Oorspronkelijk bericht-----
> > >>>> Van: samba [mailto:samba-bounces at lists.samba.org]
Namens
> > >>>> Christian Naumer via samba
> > >>>> Verzonden: woensdag 26 februari 2020 15:54
> > >>>> Aan: samba at lists.samba.org
> > >>>> Onderwerp: Re: [Samba] New PTR records not visible
> > >>>>
> > >>>> Am 26.02.20 um 15:40 schrieb L.P.H. van Belle via
samba:
> > >>>>> So strange.. 
> > >>>>>
> > >>>>> I copied your commando's only change the arpa
and
> > >>>> servername / domainnames 
> > >>>>> All worked. 
> > >>>>
> > >>>> Have you checked that you have this situation?
> > >>>>
> > >>>> If this entry "192.168.2.157" exists and if
you try to add
> > >>>> "192.168.0.157" another entry to point to 
> > "192.168.2.157" is added.
> > >>>>
> > >>>>
> > >>>>>
> > >>>>> So far nobody told how there ad-dc and DNS is
setup..
> > >>>>> Which i why i added :  
> > >>>>>>> Debian 10, my own packages.
> > >>>>>>> Samba 4.11.6 + BIND9_DLZ is used .  
> > >>>>>
> > >>>>> Now are you using samba DNS or BIND_DLZ dns ? 
> > >>>>
> > >>>> I am using BIND_DLZ. On Centos 7 with the Sernet
Packages.
> > >>>>
> > >>>> Regards
> > >>>>
> > >>>> Christian
> > >>>>
> > >>>> -- 
> 
> 
> -- 
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
> 
>

Rowland penny

2020-Feb-27 10:37 UTC

head link

[Samba] New PTR records not visible

On 27/02/2020 10:31, L.P.H. van Belle via samba wrote:> Ok, we might have found something here.
>
> I created a small script, see below, easy to adapt.
>
> So, after running this i see the same problem as in :
> https://bugzilla.samba.org/show_bug.cgi?id=14268
>
> If i do it manualy everything works fine.
> But if i "past the commands or run the script"
> Then i see this problem..
> So im thinking here, the speed of adding is creating somekind or problem.
> @Rowland, you any ideas?
>Maybe, I am attempting to update my DHCP script to deal with the problem 
of /8, /16 and /24 networks, but it is proving a bit elusive at the 
moment ;-)

Rowland

L.P.H. van Belle

2020-Feb-27 10:52 UTC

head link

[Samba] New PTR records not visible

I might have some code for that subnet dectection.. 
I'll see if i can find it. 

Greetz, 

Louis

> -----Oorspronkelijk bericht-----
> Van: samba [mailto:samba-bounces at lists.samba.org] Namens 
> Rowland penny via samba
> Verzonden: donderdag 27 februari 2020 11:38
> Aan: samba at lists.samba.org
> Onderwerp: Re: [Samba] New PTR records not visible
> 
> On 27/02/2020 10:31, L.P.H. van Belle via samba wrote:
> > Ok, we might have found something here.
> >
> > I created a small script, see below, easy to adapt.
> >
> > So, after running this i see the same problem as in :
> > https://bugzilla.samba.org/show_bug.cgi?id=14268
> >
> > If i do it manualy everything works fine.
> > But if i "past the commands or run the script"
> > Then i see this problem..
> > So im thinking here, the speed of adding is creating 
> somekind or problem.
> > @Rowland, you any ideas?
> >
> Maybe, I am attempting to update my DHCP script to deal with 
> the problem 
> of /8, /16 and /24 networks, but it is proving a bit elusive at the 
> moment ;-)
> 
> Rowland
> 
> 
> 
> -- 
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
> 
>

Christian

2020-Feb-27 15:02 UTC

head link

[Samba] New PTR records not visible

Yet that still does not explain why the PTR record I create for that IP
does not become visible. I can create other PTR records in the same zone
and they do become visible to DNS lookups. I suspect it has something to
do with half-dead entries in the database that are blocking it...

Thanks for looking into this,

Christian
On 27/02/2020 11:31, L.P.H. van Belle via samba wrote:> Ok, we might have found something here. 
>
> I created a small script, see below, easy to adapt. 
>
> So, after running this i see the same problem as in : 
> https://bugzilla.samba.org/show_bug.cgi?id=14268 
>
> If i do it manualy everything works fine. 
> But if i "past the commands or run the script" 
> Then i see this problem.. 
> So im thinking here, the speed of adding is creating somekind or problem. 
> @Rowland, you any ideas? 
>
> And if others can test this and post there samba version and os, that would
be nice.
> Tested as shown in bugzilla: 
>
> Debian 10 , with samba 4.11.6 + bind_DLZ. My packages. 
> Centos 7 , with samba 4.11.6 + bind_DLZ.  Sernet packages. 
> We need few 4.10.x tests also
>
> Run this 2 times or three.. Change the ipnumbers and zone names your
creating.
> I also tested below with between every line a : sleep 0.1
> Same results, wrong results. 
>
> #!bin/bash
> # Run this script 2 times!! 
>
> DC_FQDN="$(hostname -f)"
> DC_NAME="$(hostname -s)"
>
> # After the first run change the "test1/test2 to test01/test02" 
> # and run it again. 
> ZONE_TEST1="test1.domain.tld"
> ZONE_TEST2="test2.domain.tld"
>
> ZONE_ARPA="0.168.192"
> ZONE_IP="192.168.0"
>
> #kinit Administrator !! AUTH before you run this script. 
>
> # Create zone
> # test with FQDN
> samba-tool dns zonecreate $DC_FQDN $ZONE_TEST1
> # test with NAME
> samba-tool dns zonecreate $DC_NAME $ZONE_TEST2
>
> # Create reverse zone
> samba-tool dns zonecreate $DC_FQDN $ZONE_ARPA.in-addr.arpa
>
> # Create A record
> samba-tool dns add $DC_FQDN $ZONE_TEST1 testa1 A ZONE_IP.1
> samba-tool dns add $DC_FQDN $ZONE_TEST1 testc1 CNAME testa1.$ZONE_TEST1
> samba-tool dns add $DC_FQDN $ZONE_TEST1 testa2 A ZONE_IP.2
> samba-tool dns add $DC_FQDN $ZONE_TEST1 testc2 CNAME testa2.$ZONE_TEST1
> samba-tool dns add $DC_FQDN $ZONE_TEST1 testa3 A ZONE_IP.3
> samba-tool dns add $DC_FQDN $ZONE_TEST1 testc3 CNAME testa3.$ZONE_TEST1
> samba-tool dns add $DC_FQDN $ZONE_TEST1 testa4 A ZONE_IP.4
> samba-tool dns add $DC_FQDN $ZONE_TEST1 testc4 CNAME testa4.$ZONE_TEST1
> samba-tool dns add $DC_FQDN $ZONE_TEST1 testa5 A ZONE_IP.5
> samba-tool dns add $DC_FQDN $ZONE_TEST1 testc5 CNAME testa5.$ZONE_TEST1
> samba-tool dns add $DC_FQDN $ZONE_TEST1 testa6 A ZONE_IP.6
> samba-tool dns add $DC_FQDN $ZONE_TEST1 testc6 CNAME testa6.$ZONE_TEST1
> samba-tool dns add $DC_FQDN $ZONE_TEST1 testa7 A ZONE_IP.7
> samba-tool dns add $DC_FQDN $ZONE_TEST1 testc7 CNAME testa7.$ZONE_TEST1
> samba-tool dns add $DC_FQDN $ZONE_TEST1 testa8 A ZONE_IP.8
> samba-tool dns add $DC_FQDN $ZONE_TEST1 testc8 CNAME testa8.$ZONE_TEST1
> samba-tool dns add $DC_FQDN $ZONE_TEST1 testa9 A ZONE_IP.9
> samba-tool dns add $DC_FQDN $ZONE_TEST1 testc9 CNAME testa9.$ZONE_TEST1
> samba-tool dns add $DC_FQDN $ZONE_TEST1 testa10 A ZONE_IP.10
> samba-tool dns add $DC_FQDN $ZONE_TEST1 testc10 CNAME testa10.$ZONE_TEST1
>
> samba-tool dns add $DC_NAME $ZONE_TEST2 testa1 A ZONE_IP.1
> samba-tool dns add $DC_NAME $ZONE_TEST2 testc1 CNAME testa1.$ZONE_TEST2
> samba-tool dns add $DC_NAME $ZONE_TEST2 testa2 A ZONE_IP.2
> samba-tool dns add $DC_NAME $ZONE_TEST2 testc2 CNAME testa2.$ZONE_TEST2
> samba-tool dns add $DC_NAME $ZONE_TEST2 testa3 A ZONE_IP.3
> samba-tool dns add $DC_NAME $ZONE_TEST2 testc3 CNAME testa3.$ZONE_TEST2
> samba-tool dns add $DC_NAME $ZONE_TEST2 testa4 A ZONE_IP.4
> samba-tool dns add $DC_NAME $ZONE_TEST2 testc4 CNAME testa4.$ZONE_TEST2
> samba-tool dns add $DC_NAME $ZONE_TEST2 testa5 A ZONE_IP.5
> samba-tool dns add $DC_NAME $ZONE_TEST2 testc5 CNAME testa5.$ZONE_TEST2
> samba-tool dns add $DC_NAME $ZONE_TEST2 testa6 A ZONE_IP.6
> samba-tool dns add $DC_NAME $ZONE_TEST2 testc6 CNAME testa6.$ZONE_TEST2
> samba-tool dns add $DC_NAME $ZONE_TEST2 testa7 A ZONE_IP.7
> samba-tool dns add $DC_NAME $ZONE_TEST2 testc7 CNAME testa7.$ZONE_TEST2
> samba-tool dns add $DC_NAME $ZONE_TEST2 testa8 A ZONE_IP.8
> samba-tool dns add $DC_NAME $ZONE_TEST2 testc8 CNAME testa8.$ZONE_TEST2
> samba-tool dns add $DC_NAME $ZONE_TEST2 testa9 A ZONE_IP.9
> samba-tool dns add $DC_NAME $ZONE_TEST2 testc9 CNAME testa9.$ZONE_TEST2
> samba-tool dns add $DC_NAME $ZONE_TEST2 testa10 A ZONE_IP.10
> samba-tool dns add $DC_NAME $ZONE_TEST2 testc10 CNAME testa10.$ZONE_TEST2
>
> # Query
> samba-tool dns query $DC_FQDN $ZONE_TEST1  $ZONE_TEST1 all
> samba-tool dns query $DC_NAME $ZONE_TEST2  $ZONE_TEST2 all
>
>
> ## My results 
> Zone test1 : shows 10 A records and 25 CNAMES
> Zone test2 : shows 5 A records and 5 CNAMES
> Zone test01 : shows 5 A records and 5 CNAMES
> Zone test02 : shows 5 A records and 5 CNAMES
>  
> So yes, there is something going wrong here. 
>
> I'll update the bug report. 
>
>
> Greetz,
>
> Louis
>
>
>
>> -----Oorspronkelijk bericht-----
>> Van: samba [mailto:samba-bounces at lists.samba.org] Namens 
>> L.P.H. van Belle via samba
>> Verzonden: donderdag 27 februari 2020 10:48
>> Aan: samba at lists.samba.org
>> Onderwerp: Re: [Samba] New PTR records not visible
>>
>>  
>>
>>> -----Oorspronkelijk bericht-----
>>> Van: samba [mailto:samba-bounces at lists.samba.org] Namens 
>>> Christian Naumer via samba
>>> Verzonden: donderdag 27 februari 2020 10:33
>>> Aan: samba at lists.samba.org
>>> Onderwerp: Re: [Samba] New PTR records not visible
>>>
>>> Hello Louis,
>>> thanks for looking into this. Have you looked at what the original
>>> poster shared in the bug report?
>>>
>>> https://bugzilla.samba.org/show_bug.cgi?id=14268
>> Yes, im also looking again at that one.
>>
>>> I don't have a big problem with this, just trying to help. 
>> Which we very apriciate :-) 
>>
>>> Maybe the original poster can say more with regards of the 
>> problem he 
>>> has with this.
>>>
>>>
>>> here are more of my details.
>> Thanks, now beside the few script errors due to your using 
>> centos, i'll ignore that.
>> But you setup is "tumbs up" good, based on what i see i would
>> not change much.
>>
>> But do verify this : >     tkey-gssapi-keytab 
>> "/var/lib/samba/private/dns.keytab"; 
>> Later samba version use :  tkey-gssapi-keytab 
>> "/var/lib/samba/bind-dns/dns.keytab"; 
>> as of samba 4.9+ 
>>
>> So this keeps strange. 
>> Anyone else suggestion on debugging this, or to some 
>> verifications with Centos. 
>>
>>
>> So far, 
>>
>> Greetz,
>>
>> Louis
>>
>>
>>
>>> Regards
>>>
>>>
>>> #####samba-debug-info.txt##############
>>> Collected config  --- 2020-02-27-10:17 -----------
>>>
>>> Hostname: dc1
>>> DNS Domain: ad.domain.de
>>> FQDN: DC1.ad.domain.de
>>> ipaddress: 192.168.0.90
>>>
>>> -----------
>>>
>>> Kerberos SRV _kerberos._tcp.ad.domain.de record verified ok, 
>>> sample output:
>>> Server:		192.168.0.90
>>> Address:	192.168.0.90#53
>>>
>>> _kerberos._tcp.ad.domain.de	service = 0 100 88 dc1.ad.domain.de.
>>> _kerberos._tcp.ad.domain.de	service = 0 100 88 dc3.ad.domain.de.
>>> _kerberos._tcp.ad.domain.de	service = 0 100 88 dc2.ad.domain.de.
>>> _kerberos._tcp.ad.domain.de	service = 0 100 88 dc4.ad.domain.de.
>>> Samba is running as an AD DC
>>>
>>> -----------
>>>        Checking file: /etc/os-release
>>>
>>> NAME="CentOS Linux"
>>> VERSION="7 (Core)"
>>> ID="centos"
>>> ID_LIKE="rhel fedora"
>>> VERSION_ID="7"
>>> PRETTY_NAME="CentOS Linux 7 (Core)"
>>> ANSI_COLOR="0;31"
>>> CPE_NAME="cpe:/o:centos:centos:7"
>>> HOME_URL="https://www.centos.org/"
>>> BUG_REPORT_URL="https://bugs.centos.org/"
>>>
>>> CENTOS_MANTISBT_PROJECT="CentOS-7"
>>> CENTOS_MANTISBT_PROJECT_VERSION="7"
>>> REDHAT_SUPPORT_PRODUCT="centos"
>>> REDHAT_SUPPORT_PRODUCT_VERSION="7"
>>>
>>> -----------
>>>
>>>
>>> This computer is running an unknown distribution x86_64
>>>
>>> -----------
>>> running command : ip a
>>> 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state
UNKNOWN
>>> group default qlen 1000
>>>     link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
>>>     inet 127.0.0.1/8 scope host lo
>>>     inet6 ::1/128 scope host
>>> 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc 
>> mq state UP
>>> group default qlen 1000
>>>     link/ether 6e:48:a7:59:a3:e4 brd ff:ff:ff:ff:ff:ff
>>>     inet 192.168.0.90/21 brd 192.168.7.255 scope global eth0
>>>     inet6 fe80::6c48:a7ff:fe59:a3e4/64 scope link
>>>
>>> -----------
>>>        Checking file: /etc/hosts
>>>
>>> 127.0.0.1   localhost localhost.localdomain localhost4
>>> localhost4.localdomain4
>>> ::1         localhost localhost.localdomain localhost6
>>> localhost6.localdomain6
>>> 192.168.0.90 DC1.ad.domain.de DC1
>>> 192.168.0.91 DC2.ad.domain.de DC2
>>> 192.168.0.106 DC4.ad.domain.de DC4
>>> 192.168.0.190 DC3.ad.domain.de DC3
>>>
>>> -----------
>>>
>>>        Checking file: /etc/resolv.conf
>>>
>>> # Generated by NetworkManager
>>> search ad.domain.de domain.de domain.com domain.de. 
>>> domain.com. domain.de
>>> nameserver 192.168.0.90
>>> nameserver 192.168.0.91
>>> nameserver 192.168.0.106
>>>
>>> -----------
>>>
>>>        Checking file: /etc/krb5.conf
>>>
>>> [logging]
>>> default = FILE:/var/log/krb5libs.log
>>> kdc = FILE:/var/log/krb5kdc.log
>>> admin_server = FILE:/var/log/kadmind.log
>>>
>>> [libdefaults]
>>> default_realm = ad.domain.DE
>>> dns_lookup_realm = true
>>> dns_lookup_kdc = true
>>> ticket_lifetime = 24h
>>> renew_lifetime = 7d
>>> forwardable = true
>>>
>>> -----------
>>>
>>>        Checking file: /etc/nsswitch.conf
>>>
>>> #
>>> # /etc/nsswitch.conf
>>> #
>>> # An example Name Service Switch config file. This file should be
>>> # sorted with the most-used services at the beginning.
>>> #
>>> # The entry '[NOTFOUND=return]' means that the search for
an
>>> # entry should stop if the search in the previous entry turned
>>> # up nothing. Note that if the search failed due to some 
>> other reason
>>> # (like no NIS server responding) then the search continues with
the
>>> # next entry.
>>> #
>>> # Valid entries include:
>>> #
>>> #	nisplus			Use NIS+ (NIS version 3)
>>> #	nis			Use NIS (NIS version 2), also called YP
>>> #	dns			Use DNS (Domain Name Service)
>>> #	files			Use the local files
>>> #	db			Use the local database (.db) files
>>> #	compat			Use NIS on compat mode
>>> #	hesiod			Use Hesiod for user lookups
>>> #	[NOTFOUND=return]	Stop searching if not found so far
>>> #
>>>
>>> # To use db, put the "db" in front of "files"
for entries you
>>> want to be
>>> # looked up first in the databases
>>> #
>>> # Example:
>>> #passwd:    db files nisplus nis
>>> #shadow:    db files nisplus nis
>>> #group:     db files nisplus nis
>>>
>>> passwd:     files winbind
>>> shadow:     files winbind
>>> group:      files winbind
>>> #initgroups: files
>>>
>>> #hosts:     db files nisplus nis dns
>>> hosts:      files dns myhostname
>>>
>>> # Example - obey only what nisplus tells us...
>>> #services:   nisplus [NOTFOUND=return] files
>>> #networks:   nisplus [NOTFOUND=return] files
>>> #protocols:  nisplus [NOTFOUND=return] files
>>> #rpc:        nisplus [NOTFOUND=return] files
>>> #ethers:     nisplus [NOTFOUND=return] files
>>> #netmasks:   nisplus [NOTFOUND=return] files
>>>
>>> bootparams: nisplus [NOTFOUND=return] files
>>>
>>> ethers:     files
>>> netmasks:   files
>>> networks:   files
>>> protocols:  files
>>> rpc:        files
>>> services:   files sss
>>>
>>> netgroup:   files sss
>>>
>>> publickey:  nisplus
>>>
>>> automount:  files sss
>>> aliases:    files nisplus
>>>
>>> -----------
>>>
>>>        Checking file: /etc/samba/smb.conf
>>>
>>> # Global parameters
>>> [global]
>>> 	netbios name = DC1
>>> 	realm = ad.domain.DE
>>> 	server services = s3fs, rpc, wrepl, ldap, cldap, kdc, 
>>> drepl, winbindd,
>>> ntp_signd, kcc, dnsupdate
>>> 	workgroup = DOMAIN-02
>>> 	logging =syslog
>>> 	log level = 1 auth_audit:4 dsdb_password_audit:5
>>> dsdb_transaction_audit:5 dsdb_group_audit:5
>>> 	#log level = 3 auth_audit:4
>>> 	server role = active directory domain controller
>>> 	idmap_ldb:use rfc2307 = yes
>>> 	template shell = /bin/bash
>>>         template homedir = /home/%U
>>> 	#username map = /etc/samba/smbusers
>>> 	#ntlm auth = yes
>>> 	ntlm auth = mschapv2-and-ntlmv2-only
>>> 	#rpc server dynamic port range = 1024-1300
>>> 	disable netbios = yes
>>>         smb ports = 445
>>> 	server min protocol = SMB2
>>>         client min protocol = SMB2
>>> 	tls enabled  = yes
>>> 	tls keyfile  = tls/server_de.key
>>> 	tls certfile = tls/server.pem
>>> 	tls cafile   = tls/ca.pem
>>>
>>> [netlogon]
>>> 	path = /var/lib/samba/sysvol/ad.domain.de/scripts
>>> 	read only = No
>>>
>>> [sysvol]
>>> 	path = /var/lib/samba/sysvol
>>> 	read only = No
>>>
>>> -----------
>>>
>>> You have a user.map set in your smb.conf
>>> This is not allowed because Samba is running as a DC
>>>
>>> -----------
>>> Detected bind DLZ enabled..
>>>
>>> Warning, detected bind is enabled in smb.conf, but no /etc/bind
>>> directory found
>>>
>>> -----------
>>>
>>> Installed packages:
>>>
>>>
>>> -----------
>>> ##########named.conf###################
>>>
>>> # /etc/named.conf
>>> # Global BIND configuration options
>>> include "/var/lib/samba/private/named.conf";
>>> options {
>>>     tkey-gssapi-keytab
"/var/lib/samba/private/dns.keytab";
>>>     auth-nxdomain yes;
>>>     directory "/var/named";
>>>     notify no;
>>>     empty-zones-enable no;
>>>
>>>     allow-query {
>>>         127.0.0.1;
>>>         192.168.0.0/16;
>>>         # add other networks you want to allow to query your DNS
>>>     };
>>>
>>>     allow-recursion {
>>>         192.168.0.0/16;
>>>         # add other networks you want to allow to do 
>> recursive queries
>>>     };
>>>
>>>     forwarders {
>>>         # Google public DNS server here - replace with your 
>>> own if necessary
>>>         8.8.8.8;
>>>         8.8.4.4;
>>>     };
>>>
>>>     allow-transfer {
>>>         # this config is for a single master DNS server
>>>         none;
>>>     };
>>>
>>> };
>>>
>>>
>>> # Root servers (required zone for recursive queries)
>>> zone "." {
>>>    type hint;
>>>    file "named.root";
>>> };
>>>
>>> # Required localhost forward-/reverse zones
>>> zone "localhost" {
>>>     type master;
>>>     file "master/localhost.zone";
>>> };
>>> zone "0.0.127.in-addr.arpa" {
>>>     type master;
>>>     file "master/0.0.127.zone";
>>> };
>>>
>>>
>>> Am 27.02.20 um 09:53 schrieb L.P.H. van Belle via samba:
>>>> Ok, new test. 
>>>>
>>>> Besides that i dont like the python errors shown, this 
>>> still looks good. 
>>>> So i dont know.. See below, i can not make it error. 
>>>>
>>>>
>>>> for x in 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 ; do 
>>> samba-tool dns add dc1.internal.dom.tld 
>>> $x.249.10.in-addr.arpa 158 PTR host-test.extrazone.dom.tld ; done
>>>> Record added successfully
>>>> Record added successfully
>>>> Record added successfully
>>>> Record added successfully
>>>> Record added successfully
>>>> ERROR: Zone does not exist; record coud not be added.
>>>> ERROR: Zone does not exist; record could not be added.
>>>> ERROR: Zone does not exist; record could not be added.
>>>> ERROR: Zone does not exist; record could not be added.
>>>> ERROR: Zone does not exist; record could not be added.
>>>> ERROR: Zone does not exist; record could not be added.
>>>> ERROR: Zone does not exist; record could not be added.
>>>> ERROR: Zone does not exist; record could not be added.
>>>> ERROR: Zone does not exist; record could not be added.
>>>> ERROR: Zone does not exist; record could not be added.
>>>> ERROR: Zone does not exist; record could not be added.
>>>>
>>>>
>>>>
>>>> for x in 0 1 2 3 4 5 6 7 ; do samba-tool dns add 
>>> dc1.internal.dom.tld $x.249.10.in-addr.arpa 158 PTR 
>>> host-test.extrazone.dom.tld ; done
>>>> ERROR(runtime): uncaught exception - (9711, 
>>> 'WERR_DNS_ERROR_RECORD_ALREADY_EXISTS')
>>>>   File 
>>>
"/usr/lib/python3/dist-packages/samba/netcmd/__init__.py",
>>> line 186, in _run
>>>>     return self.run(*args, **kwargs)
>>>>   File 
>>> "/usr/lib/python3/dist-packages/samba/netcmd/dns.py",
line
>> 945, in run
>>>>     raise e
>>>>   File 
>>> "/usr/lib/python3/dist-packages/samba/netcmd/dns.py",
line
>> 941, in run
>>>>     0, server, zone, name, add_rec_buf, None)
>>>> ERROR(runtime): uncaught exception - (9711, 
>>> 'WERR_DNS_ERROR_RECORD_ALREADY_EXISTS')
>>>>   File 
>>>
"/usr/lib/python3/dist-packages/samba/netcmd/__init__.py",
>>> line 186, in _run
>>>>     return self.run(*args, **kwargs)
>>>>   File 
>>> "/usr/lib/python3/dist-packages/samba/netcmd/dns.py",
line
>> 945, in run
>>>>     raise e
>>>>   File 
>>> "/usr/lib/python3/dist-packages/samba/netcmd/dns.py",
line
>> 941, in run
>>>>     0, server, zone, name, add_rec_buf, None)
>>>> ERROR(runtime): uncaught exception - (9711, 
>>> 'WERR_DNS_ERROR_RECORD_ALREADY_EXISTS')
>>>>   File 
>>>
"/usr/lib/python3/dist-packages/samba/netcmd/__init__.py",
>>> line 186, in _run
>>>>     return self.run(*args, **kwargs)
>>>>   File 
>>> "/usr/lib/python3/dist-packages/samba/netcmd/dns.py",
line
>> 945, in run
>>>>     raise e
>>>>   File 
>>> "/usr/lib/python3/dist-packages/samba/netcmd/dns.py",
line
>> 941, in run
>>>>     0, server, zone, name, add_rec_buf, None)
>>>> ERROR(runtime): uncaught exception - (9711, 
>>> 'WERR_DNS_ERROR_RECORD_ALREADY_EXISTS')
>>>>   File 
>>>
"/usr/lib/python3/dist-packages/samba/netcmd/__init__.py",
>>> line 186, in _run
>>>>     return self.run(*args, **kwargs)
>>>>   File 
>>> "/usr/lib/python3/dist-packages/samba/netcmd/dns.py",
line
>> 945, in run
>>>>     raise e
>>>>   File 
>>> "/usr/lib/python3/dist-packages/samba/netcmd/dns.py",
line
>> 941, in run
>>>>     0, server, zone, name, add_rec_buf, None)
>>>> ERROR(runtime): uncaught exception - (9711, 
>>> 'WERR_DNS_ERROR_RECORD_ALREADY_EXISTS')
>>>>   File 
>>>
"/usr/lib/python3/dist-packages/samba/netcmd/__init__.py",
>>> line 186, in _run
>>>>     return self.run(*args, **kwargs)
>>>>   File 
>>> "/usr/lib/python3/dist-packages/samba/netcmd/dns.py",
line
>> 945, in run
>>>>     raise e
>>>>   File 
>>> "/usr/lib/python3/dist-packages/samba/netcmd/dns.py",
line
>> 941, in run
>>>>     0, server, zone, name, add_rec_buf, None)
>>>> ERROR: Zone does not exist; record could not be added.
>>>> ERROR: Zone does not exist; record could not be added.
>>>> ERROR: Zone does not exist; record could not be added.
>>>>
>>>> for x in 0 1 2 3 4 5 6 7 ; do nslookup 10.249.$x.158 ; done
>>>> 158.0.249.10.in-addr.arpa       name = 
>> host-test.extrazone.dom.tld.
>>>> 158.1.249.10.in-addr.arpa       name = 
>> host-test.extrazone.dom.tld.
>>>> 158.2.249.10.in-addr.arpa       name = 
>> host-test.extrazone.dom.tld.
>>>> 158.3.249.10.in-addr.arpa       name = 
>> host-test.extrazone.dom.tld.
>>>> 158.4.249.10.in-addr.arpa       name = 
>> host-test.extrazone.dom.tld.
>>>> ** server can't find 158.5.249.10.in-addr.arpa: NXDOMAIN
>>>>
>>>> ** server can't find 158.6.249.10.in-addr.arpa: NXDOMAIN
>>>>
>>>> ** server can't find 158.7.249.10.in-addr.arpa: NXDOMAIN
>>>>
>>>>
>>>> Other range since you mentioned, this was in 192.168.x zones. 
>>>> So here you go.
>>>>
>>>> for x in 0 1 2 3 4 5 6 ; do samba-tool dns zonecreate 
>>> dc1.internal.dom.tld $x.168.192.in-addr.arpa ; done
>>>> Zone 0.168.192.in-addr.arpa created successfully
>>>> Zone 1.168.192.in-addr.arpa created successfully
>>>> Zone 2.168.192.in-addr.arpa created successfully
>>>> Zone 3.168.192.in-addr.arpa created successfully
>>>> Zone 4.168.192.in-addr.arpa created successfully
>>>> Zone 5.168.192.in-addr.arpa created successfully
>>>> Zone 6.168.192.in-addr.arpa created successfully
>>>>
>>>> for x in 0 1 2 3 4 5 6 ; do samba-tool dns add 
>>> dc1.internal.dom.tld $x.168.192.in-addr.arpa 1 PTR 
>>> host-test.extrazone.dom.tld ; done
>>>> Record added successfully
>>>> Record added successfully
>>>> Record added successfully
>>>> Record added successfully
>>>> Record added successfully
>>>> Record added successfully
>>>> Record added successfully
>>>>
>>>> for x in 0 1 2 3 4 5 6 ; do nslookup 192.168.$x.1 ; done
>>>> 1.0.168.192.in-addr.arpa        name = 
>> host-test.extrazone.dom.tld.
>>>> 1.1.168.192.in-addr.arpa        name = 
>> host-test.extrazone.dom.tld.
>>>> 1.2.168.192.in-addr.arpa        name = 
>> host-test.extrazone.dom.tld.
>>>> 1.3.168.192.in-addr.arpa        name = 
>> host-test.extrazone.dom.tld.
>>>> 1.4.168.192.in-addr.arpa        name = 
>> host-test.extrazone.dom.tld.
>>>> 1.5.168.192.in-addr.arpa        name = 
>> host-test.extrazone.dom.tld.
>>>> 1.6.168.192.in-addr.arpa        name = 
>> host-test.extrazone.dom.tld.
>>>>
>>>>
>>>> Did you run my debugscript already, can you post it
>>>>
>>> https://github.com/thctlo/samba4/raw/master/samba-collect-debu
>>> g-info.sh 
>>>>
>>>> Greetz, 
>>>>
>>>> Louis
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>  
>>>>
>>>>> -----Oorspronkelijk bericht-----
>>>>> Van: samba [mailto:samba-bounces at lists.samba.org] Namens
>>>>> Christian Naumer via samba
>>>>> Verzonden: donderdag 27 februari 2020 9:24
>>>>> Aan: samba at lists.samba.org
>>>>> Onderwerp: Re: [Samba] New PTR records not visible
>>>>>
>>>>> Hi,
>>>>> have you tried adding an entry to another host on 157? For 
>>> me it only
>>>>> produces the error with 0.168.192.in-addr.arpa and
>>>>> 2.168.192.in-addr.arpa. Not with 1 or 3.
>>>>>
>>>>> Regards
>>>>>
>>>>> Christian
>>>>>
>>>>>
>>>>> Am 27.02.20 um 08:42 schrieb L.P.H. van Belle via samba:
>>>>>> Hai, 
>>>>>>
>>>>>> Today i thought lets re-test this again. 
>>>>>> So this was done yesterday, 
>>>>>>
>>>>>> samba-tool dns add dc1.internal.dom.tld 
>>>>> 2.249.10.in-addr.arpa 157 PTR host.extrazone.dom.tld
>>>>>> samba-tool dns add dc1.internal.dom.tld 
>>>>> 0.249.10.in-addr.arpa 157 PTR host.extrazone.dom.tld
>>>>>> samba-tool dns add dc1.internal.dom.tld 
>>>>> 1.249.10.in-addr.arpa 157 PTR host.extrazone.dom.tld
>>>>>> I did keep the entries in the dns yesterday. 
>>>>>>
>>>>>> Today : 
>>>>>>
>>>>>> samba-tool dns add dc1.internal.dom.tld 
>>>>> 2.249.10.in-addr.arpa 157 PTR host.extrazone.dom.tld
>>>>>> Password for [Administrator at REALM]:
>>>>>> ERROR(runtime): uncaught exception - (9711, 
>>>>> 'WERR_DNS_ERROR_RECORD_ALREADY_EXISTS')
>>>>>>   File 
>>>>>
"/usr/lib/python3/dist-packages/samba/netcmd/__init__.py",
>>>>> line 186, in _run
>>>>>>     return self.run(*args, **kwargs)
>>>>>>   File 
>>>>>
"/usr/lib/python3/dist-packages/samba/netcmd/dns.py", line
>>> 945, in run
>>>>>>     raise e
>>>>>>   File 
>>>>>
"/usr/lib/python3/dist-packages/samba/netcmd/dns.py", line
>>> 941, in run
>>>>>>     0, server, zone, name, add_rec_buf, None)
>>>>>> # adding an extra on in "3"
>>>>>> samba-tool dns add  dc1.internal.dom.tld 
>>>>> 3.249.10.in-addr.arpa 157 PTR host.extrazone.dom.tld
>>>>>> Password for [Administrator at REALM]:
>>>>>> Record added successfully
>>>>>>
>>>>>> And i check all the reverse zones there dns records.
>>>>>> All checked out ok.
>>>>>>
>>>>>> Sorry i can not make if fail here. 
>>>>>>
>>>>>>
>>>>>> Greetz, 
>>>>>>
>>>>>> Louis 
>>>>>>
>>>>>>
>>>>>>> -----Oorspronkelijk bericht-----
>>>>>>> Van: samba [mailto:samba-bounces at
lists.samba.org] Namens
>>>>>>> Christian Naumer via samba
>>>>>>> Verzonden: woensdag 26 februari 2020 15:54
>>>>>>> Aan: samba at lists.samba.org
>>>>>>> Onderwerp: Re: [Samba] New PTR records not visible
>>>>>>>
>>>>>>> Am 26.02.20 um 15:40 schrieb L.P.H. van Belle via
samba:
>>>>>>>> So strange.. 
>>>>>>>>
>>>>>>>> I copied your commando's only change the
arpa and
>>>>>>> servername / domainnames 
>>>>>>>> All worked. 
>>>>>>> Have you checked that you have this situation?
>>>>>>>
>>>>>>> If this entry "192.168.2.157" exists and
if you try to add
>>>>>>> "192.168.0.157" another entry to point to
>>> "192.168.2.157" is added.
>>>>>>>
>>>>>>>> So far nobody told how there ad-dc and DNS is
setup..
>>>>>>>> Which i why i added :  
>>>>>>>>>> Debian 10, my own packages.
>>>>>>>>>> Samba 4.11.6 + BIND9_DLZ is used .  
>>>>>>>> Now are you using samba DNS or BIND_DLZ dns ? 
>>>>>>> I am using BIND_DLZ. On Centos 7 with the Sernet
Packages.
>>>>>>>
>>>>>>> Regards
>>>>>>>
>>>>>>> Christian
>>>>>>>
>>>>>>> -- 
>>
>> -- 
>> To unsubscribe from this list go to the following URL and read the
>> instructions:  https://lists.samba.org/mailman/options/samba
>>
>>
>

Paul R. Ganci

2020-Feb-27 17:21 UTC

head link

[Samba] New PTR records not visible

On February 28, 2020 4:02:10 AM GMT+13:00, Christian via samba <samba at
lists.samba.org> wrote:>Yet that still does not explain why the PTR record I create for that IP
>does not become visible. I can create other PTR records in the same
>zone
>and they do become visible to DNS lookups. I suspect it has something
>to
>do with half-dead entries in the database that are blocking it
FWIW The problem described here is the same one I described in the thread

[Samba] Cannot remove old NS record

If you look at the last post dated Jan 4, 2020 I describe the problem where I
deleted an old PTR and tried to create a new PTR because the IP address had
changed. I could never see the new pointer and there was strangeness having to
do with the PTR already existing after deletion. I blamed the issue on something
related to the old NS RR still hanging around and dropped the issue as it
wasn't impacting the AD operation.

What is of interest I am using CentOS 7 with the Sernet packages and BIND_DLZ
also.
-- 
Paul

L.P.H. van Belle

2020-Feb-28 09:37 UTC

head link

[Samba] New PTR records not visible

Please add yourself and comment in :
https://bugzilla.samba.org/show_bug.cgi?id=14268 

So far i see 2 related things and the "not visible" .. Looks like it
only happens on centos7.

Greetz, 
Louis
 
> -----Oorspronkelijk bericht-----
> Van: samba [mailto:samba-bounces at lists.samba.org] Namens Paul 
> R. Ganci via samba
> Verzonden: donderdag 27 februari 2020 18:22
> Aan: samba at lists.samba.org
> Onderwerp: Re: [Samba] New PTR records not visible
> 
> On February 28, 2020 4:02:10 AM GMT+13:00, Christian via 
> samba <samba at lists.samba.org> wrote:
> >Yet that still does not explain why the PTR record I create 
> for that IP
> >does not become visible. I can create other PTR records in the same
> >zone
> >and they do become visible to DNS lookups. I suspect it has something
> >to
> >do with half-dead entries in the database that are blocking it
> 
> FWIW The problem described here is the same one I described 
> in the thread
> 
> [Samba] Cannot remove old NS record
> 
> If you look at the last post dated Jan 4, 2020 I describe the 
> problem where I deleted an old PTR and tried to create a new 
> PTR because the IP address had changed. I could never see the 
> new pointer and there was strangeness having to do with the 
> PTR already existing after deletion. I blamed the issue on 
> something related to the old NS RR still hanging around and 
> dropped the issue as it wasn't impacting the AD operation.
> 
> What is of interest I am using CentOS 7 with the Sernet 
> packages and BIND_DLZ also. 
> -- 
> Paul
> -- 
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
> 
>

Reasonably Related Threads

Search for more maybe matching threads

samba - Feb 2020 - New PTR records not visible

[Samba] New PTR records not visible

[Samba] New PTR records not visible

[Samba] New PTR records not visible

[Samba] New PTR records not visible

[Samba] New PTR records not visible

[Samba] New PTR records not visible

Reasonably Related Threads