Carlos Jesus
2021-Sep-08 14:22 UTC
[Samba] samba AD-DC with bind9, dyn-dns complains that "No AD dhcp user exists"
Hello again Rowland,
unfortunately, the problem seems to have escalated and it seems my DNS
zones are missing or corrupt. When I try
samba-tool dns zonelist ehsecondary
I get
ERROR(runtime): uncaught exception - (9717,
'WERR_DNS_ERROR_DS_UNAVAILABLE')
File
"/usr/local/samba/lib/python3.7/site-packages/samba/netcmd/__init__.py",
line 186, in _run return self.run(*args, **kwargs)
File
"/usr/local/samba/lib/python3.7/site-packages/samba/netcmd/dns.py",
line 670, in run request_filter)
Os this particular server bind9 is running:
systemctl status bind9
? bind9.service - BIND Domain Name Server
Loaded: loaded (/lib/systemd/system/bind9.service; enabled; vendor
preset: enabled)
Active: active (running) since Wed 2021-09-08 14:04:21 WEST; 59min ago
Docs: man:named(8)
Process: 3298 ExecStart=/usr/sbin/named $OPTIONS (code=exited,
status=0/SUCCESS)
Main PID: 3299 (named)
Tasks: 7 (limit: 2326)
Memory: 48.5M
CGroup: /system.slice/bind9.service
??3299 /usr/sbin/named -u bind
Sep 08 14:04:21 EhSecondary named[3299]: samba_dlz: started for DN
DC=SAMDOM,DC=local
Sep 08 14:04:21 EhSecondary named[3299]: samba_dlz: starting configure
Sep 08 14:04:21 EhSecondary named[3299]: samba_dlz: configured writeable
zone 'SAMDOM.local'
Sep 08 14:04:21 EhSecondary named[3299]: samba_dlz: configured writeable
zone '1.168.192.in-addr.arpa'
Sep 08 14:04:21 EhSecondary named[3299]: none:106: 'max-cache-size 90%'
-
setting to 1795MB (out of 1994MB)
Sep 08 14:04:21 EhSecondary named[3299]: obtaining root key for view
_default from '/etc/bind/bind.keys'
Sep 08 14:04:21 EhSecondary named[3299]: set up managed keys zone for view
_default, file 'managed-keys.bind'
Sep 08 14:04:21 EhSecondary named[3299]: none:106: 'max-cache-size 90%'
-
setting to 1795MB (out of 1994MB)
Sep 08 14:04:21 EhSecondary named[3299]: command channel listening on
127.0.0.1#953
Sep 08 14:04:21 EhSecondary systemd[1]: Started BIND Domain Name Server.
I tried recreating the zones, but I get the same error as before. Samba is
running for now.
I have disabled dhcp failover and even the dyndns script.
Help?
Best regards,
Carlos Jesus
Carlos Jesus <camjesus2 at gmail.com> escreveu no dia ter?a, 7/09/2021
?(s)
22:03:
> Ah.... crap....
> well thanks for the tip. I'll look it up on that google thingy...
>
> Carlos
>
> Rowland Penny via samba <samba at lists.samba.org> escreveu no dia
ter?a,
> 7/09/2021 ?(s) 20:43:
>
>> On Tue, 2021-09-07 at 20:25 +0100, Carlos Jesus via samba wrote:
>> > Hi all, once again I ask for your help since I'm out of ideas.
First
>> > my
>> > setup.
>> > Two DC's running Debian buster and samba 4.12.11 with bind9,
and
>> > dynamic
>> > dns through dhcp (in failover mode) using the wiki script. One of
the
>> > DC's
>> > is physical, the other is virtual (Proxmox).
>> > Both DC's have very similar configurations (but we all have
heard
>> > this a
>> > thousand times...) and on the physical DC all is well, let's
forget
>> > about
>> > it.
>> > On the virtual DC, I get the error "No AD dhcp user
exists"
>> > blablabla. If I
>> > run the suggested commands (kinit Administrator at SAMDOM.EXAMPLE
etc),
>> > it
>> > complains that the user already exists which can be confirmed by
>> > wbinfo
>> > -u|grep dhcpduser.
>> > The dhcp server is working since I get things like
>> > DHCPINFORM from 192.168.1.147 via br0
>> > DHCPACK to 192.168.1.147 (00:13:72:40:50:6a) via br0
>> > execute: /usr/local/bin/dhcp-dyndns.sh exit status 256
>> > Unfortunatly I don't know what "exit status 256" is
>> > Now:
>> > 1) /etc/dhcpd.keytab exists and with right permissions (root:root
>> > r--------)
>> > 2)bind9 is up and running
>> > 3) /etc/resolv.conf
>> > options rotate timeout:5
>> > search SAMDOM.EXAMPLE
>> > nameserver 192.168.1.150
>> > nameserver 192.168.1.149
>> > 4) Running TESTUSER="$(wbinfo -u | grep
'dhcpduser')" returns
>> > SAMDOM/dhcpduser (as expected, so why does the script thinks
TESTUSER
>> > is
>> > empty?)
>> > I can provide dhcpd.conf, named.conf and smb.conf however, they
are
>> > very
>> > simillar on both DC's.
>> >
>> > Any ideas?
>> > Best regards
>> >
>> > Carlos
>>
>> I have read somewhere that failover is broken in isc-dhcp-server on
>> buster, you need to compile it yourself. I am sorry, but I cannot
>> remember where I read this and it is late here, if you cannot find it,
>> I will try and find it myself tomorrow.
>>
>> Rowland
>>
>>
>>
>> --
>> To unsubscribe from this list go to the following URL and read the
>> instructions: https://lists.samba.org/mailman/options/samba
>>
>
Rowland Penny
2021-Sep-08 14:28 UTC
[Samba] samba AD-DC with bind9, dyn-dns complains that "No AD dhcp user exists"
On Wed, 2021-09-08 at 15:22 +0100, Carlos Jesus wrote:> Hello again Rowland, > unfortunately, the problem seems to have escalated > > Sep 08 14:04:21 EhSecondary named[3299]: samba_dlz: started for DN > DC=SAMDOM,DC=local > Sep 08 14:04:21 EhSecondary named[3299]: samba_dlz: starting > configure > Sep 08 14:04:21 EhSecondary named[3299]: samba_dlz: configured > writeable zone 'SAMDOM.local' > Sep 08 14:04:21 EhSecondary named[3299]: samba_dlz: configured > writeable zone '1.168.192.in-addr.arpa' > Sep 08 14:04:21 EhSecondary named[3299]: none:106: 'max-cache-size > 90%' - setting to 1795MB (out of 1994MB) > Sep 08 14:04:21 EhSecondary named[3299]: obtaining root key for view > _default from '/etc/bind/bind.keys' > Sep 08 14:04:21 EhSecondary named[3299]: set up managed keys zone for > view _default, file 'managed-keys.bind' > Sep 08 14:04:21 EhSecondary named[3299]: none:106: 'max-cache-size > 90%' - setting to 1795MB (out of 1994MB) > Sep 08 14:04:21 EhSecondary named[3299]: command channel listening on > 127.0.0.1#953 > Sep 08 14:04:21 EhSecondary systemd[1]: Started BIND Domain Name > Server. >Please post your named.conf files. Rowland