thr3ads.net - samba - [Samba] DNS Update Failing [Nov 2021]

If this information is useful, please help other people find it:
Share via:

Rob Campbell

2021-Oct-31 18:46 UTC

[Samba] DNS Update Failing

My domain members (DM01, DM02, FSDM01) can nslookup the DC (DC01) but the
DC can't nslookup the members.

https://wiki.samba.org/index.php/Troubleshooting_Samba_Domain_Members#DNS_Update_failed:_ERROR_DNS_UPDATE_FAILED
Sends me to
https://wiki.samba.org/index.php/Testing_Dynamic_DNS_Updates
Which sends me to
https://wiki.samba.org/index.php/Samba_Internal_DNS_Back_End#Troubleshooting

netstat -tulpn | grep ":53"
tcp        0      0 0.0.0.0:53              0.0.0.0:*               LISTEN
     14311/samba: task[d
tcp6       0      0 :::53                   :::*                    LISTEN
     14311/samba: task[d
udp        0      0 0.0.0.0:53              0.0.0.0:*
    14311/samba: task[d
udp6       0      0 :::53                   :::*
     14311/samba: task[d

[root at DC01/var/log/samba$] cat log.samba:
[2021/10/31 14:11:04.615525,  0]
../../lib/util/util_runcmd.c:352(samba_runcmd_io_handler)
  /usr/sbin/samba_dnsupdate: Traceback (most recent call last):
[2021/10/31 14:11:04.615757,  0]
../../lib/util/util_runcmd.c:352(samba_runcmd_io_handler)
  /usr/sbin/samba_dnsupdate:   File "/usr/sbin/samba_dnsupdate", line
298,
in check_dns_name
[2021/10/31 14:11:04.615834,  0]
../../lib/util/util_runcmd.c:352(samba_runcmd_io_handler)
  /usr/sbin/samba_dnsupdate:     ans = check_one_dns_name(normalised_name,
d.type, d)
[2021/10/31 14:11:04.615858,  0]
../../lib/util/util_runcmd.c:352(samba_runcmd_io_handler)
  /usr/sbin/samba_dnsupdate:   File "/usr/sbin/samba_dnsupdate", line
275,
in check_one_dns_name
[2021/10/31 14:11:04.615895,  0]
../../lib/util/util_runcmd.c:352(samba_runcmd_io_handler)
  /usr/sbin/samba_dnsupdate:     return resolver.resolve(name, name_type)
[2021/10/31 14:11:04.615916,  0]
../../lib/util/util_runcmd.c:352(samba_runcmd_io_handler)
  /usr/sbin/samba_dnsupdate:   File
"/usr/lib/python3/dist-packages/dns/resolver.py", line 1040, in
resolve
[2021/10/31 14:11:04.616069,  0]
../../lib/util/util_runcmd.c:352(samba_runcmd_io_handler)
  /usr/sbin/samba_dnsupdate:     (nameserver, port, tcp, backoff)
resolution.next_nameserver()
[2021/10/31 14:11:04.616102,  0]
../../lib/util/util_runcmd.c:352(samba_runcmd_io_handler)
  /usr/sbin/samba_dnsupdate:   File
"/usr/lib/python3/dist-packages/dns/resolver.py", line 598, in
next_nameserver
[2021/10/31 14:11:04.616249,  0]
../../lib/util/util_runcmd.c:352(samba_runcmd_io_handler)
  /usr/sbin/samba_dnsupdate:     raise NoNameservers(request=self.request,
errors=self.errors)
[2021/10/31 14:11:04.616326,  0]
../../lib/util/util_runcmd.c:352(samba_runcmd_io_handler)
  /usr/sbin/samba_dnsupdate: dns.resolver.NoNameservers: All nameservers
failed to answer the query DC01.home.test-server.lan. IN A: Server 10.0.0.1
UDP port 53 answered SERVFAIL
[2021/10/31 14:11:04.616406,  0]
../../lib/util/util_runcmd.c:352(samba_runcmd_io_handler)
  /usr/sbin/samba_dnsupdate:
[2021/10/31 14:11:04.616503,  0]
../../lib/util/util_runcmd.c:352(samba_runcmd_io_handler)
  /usr/sbin/samba_dnsupdate: During handling of the above exception,
another exception occurred:
[2021/10/31 14:11:04.616526,  0]
../../lib/util/util_runcmd.c:352(samba_runcmd_io_handler)
  /usr/sbin/samba_dnsupdate:
[2021/10/31 14:11:04.616561,  0]
../../lib/util/util_runcmd.c:352(samba_runcmd_io_handler)
  /usr/sbin/samba_dnsupdate: Traceback (most recent call last):
[2021/10/31 14:11:04.616603,  0]
../../lib/util/util_runcmd.c:352(samba_runcmd_io_handler)
  /usr/sbin/samba_dnsupdate:   File "/usr/sbin/samba_dnsupdate", line
848,
in <module>
[2021/10/31 14:11:04.616680,  0]
../../lib/util/util_runcmd.c:352(samba_runcmd_io_handler)
  /usr/sbin/samba_dnsupdate:     elif not check_dns_name(d):
[2021/10/31 14:11:04.616726,  0]
../../lib/util/util_runcmd.c:352(samba_runcmd_io_handler)
  /usr/sbin/samba_dnsupdate:   File "/usr/sbin/samba_dnsupdate", line
302,
in check_dns_name
[2021/10/31 14:11:04.616771,  0]
../../lib/util/util_runcmd.c:352(samba_runcmd_io_handler)
  /usr/sbin/samba_dnsupdate:     raise Exception("Unable to contact a
working DNS server while looking for %s as %s" % (d, normalised_name))
[2021/10/31 14:11:04.616832,  0]
../../lib/util/util_runcmd.c:352(samba_runcmd_io_handler)
  /usr/sbin/samba_dnsupdate: Exception: Unable to contact a working DNS
server while looking for A DC01.home.test-server.lan 10.0.0.19 as
DC01.home.test-server.lan.
[2021/10/31 14:11:04.656491,  0]
../../source4/dsdb/dns/dns_update.c:85(dnsupdate_nameupdate_done)
  dnsupdate_nameupdate_done: Failed DNS update with exit code 1

[root at DC01/var/log/samba$] samba_dnsupdate --verbose --all-names
IPs: ['10.0.0.19']
force update: A DC01.home.test-server.lan 10.0.0.19
force update: CNAME
f79b5e15-ea2b-4afd-a8ca-bb16e2531521._msdcs.home.test-server.lan
DC01.home.test-server.lan
force update: NS home.test-server.lan DC01.home.test-server.lan
force update: NS _msdcs.home.test-server.lan DC01.home.test-server.lan
force update: A home.test-server.lan 10.0.0.19
force update: SRV _ldap._tcp.home.test-server.lan DC01.home.test-server.lan
389
force update: SRV _ldap._tcp.dc._msdcs.home.test-server.lan
DC01.home.test-server.lan 389
force update: SRV
_ldap._tcp.3cc42946-b7ec-46c9-9760-1d885e427ca9.domains._msdcs.home.test-server.lan
DC01.home.test-server.lan 389
force update: SRV _kerberos._tcp.home.test-server.lan
DC01.home.test-server.lan 88
force update: SRV _kerberos._udp.home.test-server.lan
DC01.home.test-server.lan 88
force update: SRV _kerberos._tcp.dc._msdcs.home.test-server.lan
DC01.home.test-server.lan 88
force update: SRV _kpasswd._tcp.home.test-server.lan
DC01.home.test-server.lan 464
force update: SRV _kpasswd._udp.home.test-server.lan
DC01.home.test-server.lan 464
force update: SRV
_ldap._tcp.Default-First-Site-Name._sites.home.test-server.lan
DC01.home.test-server.lan 389
force update: SRV
_ldap._tcp.Default-First-Site-Name._sites.dc._msdcs.home.test-server.lan
DC01.home.test-server.lan 389
force update: SRV
_kerberos._tcp.Default-First-Site-Name._sites.home.test-server.lan
DC01.home.test-server.lan 88
force update: SRV
_kerberos._tcp.Default-First-Site-Name._sites.dc._msdcs.home.test-server.lan
DC01.home.test-server.lan 88
force update: SRV _ldap._tcp.pdc._msdcs.home.test-server.lan
DC01.home.test-server.lan 389
force update: A gc._msdcs.home.test-server.lan 10.0.0.19
force update: SRV _gc._tcp.home.test-server.lan DC01.home.test-server.lan
3268
force update: SRV _ldap._tcp.gc._msdcs.home.test-server.lan
DC01.home.test-server.lan 3268
force update: SRV
_gc._tcp.Default-First-Site-Name._sites.home.test-server.lan
DC01.home.test-server.lan 3268
force update: SRV
_ldap._tcp.Default-First-Site-Name._sites.gc._msdcs.home.test-server.lan
DC01.home.test-server.lan 3268
force update: A DomainDnsZones.home.test-server.lan 10.0.0.19
force update: SRV _ldap._tcp.DomainDnsZones.home.test-server.lan
DC01.home.test-server.lan 389
force update: SRV
_ldap._tcp.Default-First-Site-Name._sites.DomainDnsZones.home.test-server.lan
DC01.home.test-server.lan 389
force update: A ForestDnsZones.home.test-server.lan 10.0.0.19
force update: SRV _ldap._tcp.ForestDnsZones.home.test-server.lan
DC01.home.test-server.lan 389
force update: SRV
_ldap._tcp.Default-First-Site-Name._sites.ForestDnsZones.home.test-server.lan
DC01.home.test-server.lan 389
29 DNS updates and 0 DNS deletes needed
Failed to get Kerberos credentials, falling back to samba-tool: kinit for
DC01$@HOME.TEST-SERVER.LAN failed (Cannot contact any KDC for requested
realm)

[root at DC01/var/log/samba$] klist -e -t -k
Keytab name: FILE:/etc/krb5.keytab
klist: Key table file '/etc/krb5.keytab' not found while starting keytab
scan

[root at DC01/var/log/samba$] klist -t -k /var/lib/samba/private/secrets.keytab
Keytab name: FILE:/var/lib/samba/private/secrets.keytab
KVNO Timestamp           Principal
---- -------------------
------------------------------------------------------
   1 10/27/2021 14:17:28 HOST/dc01 at HOME.TEST-SERVER.LAN
   1 10/27/2021 14:17:28 HOST/dc01.home.test-server.lan at HOME.TEST-SERVER.LAN
   1 10/27/2021 14:17:28 DC01$@HOME.TEST-SERVER.LAN
   1 10/27/2021 14:17:28 HOST/dc01 at HOME.TEST-SERVER.LAN
   1 10/27/2021 14:17:28 HOST/dc01.home.test-server.lan at HOME.TEST-SERVER.LAN
   1 10/27/2021 14:17:28 DC01$@HOME.TEST-SERVER.LAN
   1 10/27/2021 14:17:28 HOST/dc01 at HOME.TEST-SERVER.LAN
   1 10/27/2021 14:17:28 HOST/dc01.home.test-server.lan at HOME.TEST-SERVER.LAN
   1 10/27/2021 14:17:28 DC01$@HOME.TEST-SERVER.LAN

Copied file
[root at DC01/var/log/samba$] cp /var/lib/samba/private/secrets.keytab
/etc/krb5.keytab

[root at DC01/var/log/samba$] klist -e -t -k
Keytab name: FILE:/etc/krb5.keytab
KVNO Timestamp           Principal
---- -------------------
------------------------------------------------------
   1 10/27/2021 14:17:28 HOST/dc01 at HOME.TEST-SERVER.LAN
(aes256-cts-hmac-sha1-96)
   1 10/27/2021 14:17:28 HOST/dc01.home.test-server.lan at HOME.TEST-SERVER.LAN
(aes256-cts-hmac-sha1-96)
   1 10/27/2021 14:17:28 DC01$@HOME.TEST-SERVER.LAN
(aes256-cts-hmac-sha1-96)
   1 10/27/2021 14:17:28 HOST/dc01 at HOME.TEST-SERVER.LAN
(aes128-cts-hmac-sha1-96)
   1 10/27/2021 14:17:28 HOST/dc01.home.test-server.lan at HOME.TEST-SERVER.LAN
(aes128-cts-hmac-sha1-96)
   1 10/27/2021 14:17:28 DC01$@HOME.TEST-SERVER.LAN
(aes128-cts-hmac-sha1-96)
   1 10/27/2021 14:17:28 HOST/dc01 at HOME.TEST-SERVER.LAN
(DEPRECATED:arcfour-hmac)
   1 10/27/2021 14:17:28 HOST/dc01.home.test-server.lan at HOME.TEST-SERVER.LAN
(DEPRECATED:arcfour-hmac)
   1 10/27/2021 14:17:28 DC01$@HOME.TEST-SERVER.LAN
(DEPRECATED:arcfour-hmac)

That didn't really help anything.  At least it didn't help these issues

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
In all things, Be Intentional.

Rob Campbell

2021-Oct-31 19:13 UTC

head link

[Samba] DNS Update Failing

My /etc/resolv.conf was overwritten.  What service does this on Debian?
I've disabled systemd-resolved already.

Getting a different error now.
samba_dnsupdate --verbose --all-names
*29 DNS updates* and 0 DNS deletes needed
Successfully obtained Kerberos ticket to DNS/DC01.home.test-server.lan as
DC01$
update(nsupdate): A DC01.home.test-server.lan 10.0.0.19
Calling nsupdate for A DC01.home.test-server.lan 10.0.0.19 (add)
Successfully obtained Kerberos ticket to DNS/DC01.home.test-server.lan as
DC01$
Outgoing update query:
;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id:      0
;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0
;; UPDATE SECTION:
DC01.home.test-server.lan. 900 IN A 10.0.0.19

; TSIG error with server: tsig indicates error
update failed: NOTAUTH(BADSIG)
Failed nsupdate: 2
update(nsupdate): CNAME
f79b5e15-ea2b-4afd-a8ca-bb16e2531521._msdcs.home.test-server.lan
DC01.home.test-server.lan
...

*Failed update of 29 entries*
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
In all things, Be Intentional.


On Sun, Oct 31, 2021 at 2:46 PM Rob Campbell <robcampbell08105 at
gmail.com>
wrote:
> My domain members (DM01, DM02, FSDM01) can nslookup the DC (DC01) but the
> DC can't nslookup the members.
>
>
>
https://wiki.samba.org/index.php/Troubleshooting_Samba_Domain_Members#DNS_Update_failed:_ERROR_DNS_UPDATE_FAILED
> Sends me to
> https://wiki.samba.org/index.php/Testing_Dynamic_DNS_Updates
> Which sends me to
>
>
https://wiki.samba.org/index.php/Samba_Internal_DNS_Back_End#Troubleshooting
>
> netstat -tulpn | grep ":53"
> tcp        0      0 0.0.0.0:53              0.0.0.0:*
> LISTEN      14311/samba: task[d
> tcp6       0      0 :::53                   :::*                    LISTEN
>      14311/samba: task[d
> udp        0      0 0.0.0.0:53              0.0.0.0:*
>       14311/samba: task[d
> udp6       0      0 :::53                   :::*
>      14311/samba: task[d
>
> [root at DC01/var/log/samba$] cat log.samba:
> [2021/10/31 14:11:04.615525,  0]
> ../../lib/util/util_runcmd.c:352(samba_runcmd_io_handler)
>   /usr/sbin/samba_dnsupdate: Traceback (most recent call last):
> [2021/10/31 14:11:04.615757,  0]
> ../../lib/util/util_runcmd.c:352(samba_runcmd_io_handler)
>   /usr/sbin/samba_dnsupdate:   File "/usr/sbin/samba_dnsupdate",
line 298,
> in check_dns_name
> [2021/10/31 14:11:04.615834,  0]
> ../../lib/util/util_runcmd.c:352(samba_runcmd_io_handler)
>   /usr/sbin/samba_dnsupdate:     ans = check_one_dns_name(normalised_name,
> d.type, d)
> [2021/10/31 14:11:04.615858,  0]
> ../../lib/util/util_runcmd.c:352(samba_runcmd_io_handler)
>   /usr/sbin/samba_dnsupdate:   File "/usr/sbin/samba_dnsupdate",
line 275,
> in check_one_dns_name
> [2021/10/31 14:11:04.615895,  0]
> ../../lib/util/util_runcmd.c:352(samba_runcmd_io_handler)
>   /usr/sbin/samba_dnsupdate:     return resolver.resolve(name, name_type)
> [2021/10/31 14:11:04.615916,  0]
> ../../lib/util/util_runcmd.c:352(samba_runcmd_io_handler)
>   /usr/sbin/samba_dnsupdate:   File
> "/usr/lib/python3/dist-packages/dns/resolver.py", line 1040, in
resolve
> [2021/10/31 14:11:04.616069,  0]
> ../../lib/util/util_runcmd.c:352(samba_runcmd_io_handler)
>   /usr/sbin/samba_dnsupdate:     (nameserver, port, tcp, backoff) >
resolution.next_nameserver()
> [2021/10/31 14:11:04.616102,  0]
> ../../lib/util/util_runcmd.c:352(samba_runcmd_io_handler)
>   /usr/sbin/samba_dnsupdate:   File
> "/usr/lib/python3/dist-packages/dns/resolver.py", line 598, in
> next_nameserver
> [2021/10/31 14:11:04.616249,  0]
> ../../lib/util/util_runcmd.c:352(samba_runcmd_io_handler)
>   /usr/sbin/samba_dnsupdate:     raise NoNameservers(request=self.request,
> errors=self.errors)
> [2021/10/31 14:11:04.616326,  0]
> ../../lib/util/util_runcmd.c:352(samba_runcmd_io_handler)
>   /usr/sbin/samba_dnsupdate: dns.resolver.NoNameservers: All nameservers
> failed to answer the query DC01.home.test-server.lan. IN A: Server 10.0.0.1
> UDP port 53 answered SERVFAIL
> [2021/10/31 14:11:04.616406,  0]
> ../../lib/util/util_runcmd.c:352(samba_runcmd_io_handler)
>   /usr/sbin/samba_dnsupdate:
> [2021/10/31 14:11:04.616503,  0]
> ../../lib/util/util_runcmd.c:352(samba_runcmd_io_handler)
>   /usr/sbin/samba_dnsupdate: During handling of the above exception,
> another exception occurred:
> [2021/10/31 14:11:04.616526,  0]
> ../../lib/util/util_runcmd.c:352(samba_runcmd_io_handler)
>   /usr/sbin/samba_dnsupdate:
> [2021/10/31 14:11:04.616561,  0]
> ../../lib/util/util_runcmd.c:352(samba_runcmd_io_handler)
>   /usr/sbin/samba_dnsupdate: Traceback (most recent call last):
> [2021/10/31 14:11:04.616603,  0]
> ../../lib/util/util_runcmd.c:352(samba_runcmd_io_handler)
>   /usr/sbin/samba_dnsupdate:   File "/usr/sbin/samba_dnsupdate",
line 848,
> in <module>
> [2021/10/31 14:11:04.616680,  0]
> ../../lib/util/util_runcmd.c:352(samba_runcmd_io_handler)
>   /usr/sbin/samba_dnsupdate:     elif not check_dns_name(d):
> [2021/10/31 14:11:04.616726,  0]
> ../../lib/util/util_runcmd.c:352(samba_runcmd_io_handler)
>   /usr/sbin/samba_dnsupdate:   File "/usr/sbin/samba_dnsupdate",
line 302,
> in check_dns_name
> [2021/10/31 14:11:04.616771,  0]
> ../../lib/util/util_runcmd.c:352(samba_runcmd_io_handler)
>   /usr/sbin/samba_dnsupdate:     raise Exception("Unable to contact a
> working DNS server while looking for %s as %s" % (d, normalised_name))
> [2021/10/31 14:11:04.616832,  0]
> ../../lib/util/util_runcmd.c:352(samba_runcmd_io_handler)
>   /usr/sbin/samba_dnsupdate: Exception: Unable to contact a working DNS
> server while looking for A DC01.home.test-server.lan 10.0.0.19 as
> DC01.home.test-server.lan.
> [2021/10/31 14:11:04.656491,  0]
> ../../source4/dsdb/dns/dns_update.c:85(dnsupdate_nameupdate_done)
>   dnsupdate_nameupdate_done: Failed DNS update with exit code 1
>
> [root at DC01/var/log/samba$] samba_dnsupdate --verbose --all-names
> IPs: ['10.0.0.19']
> force update: A DC01.home.test-server.lan 10.0.0.19
> force update: CNAME
> f79b5e15-ea2b-4afd-a8ca-bb16e2531521._msdcs.home.test-server.lan
> DC01.home.test-server.lan
> force update: NS home.test-server.lan DC01.home.test-server.lan
> force update: NS _msdcs.home.test-server.lan DC01.home.test-server.lan
> force update: A home.test-server.lan 10.0.0.19
> force update: SRV _ldap._tcp.home.test-server.lan
> DC01.home.test-server.lan 389
> force update: SRV _ldap._tcp.dc._msdcs.home.test-server.lan
> DC01.home.test-server.lan 389
> force update: SRV
>
_ldap._tcp.3cc42946-b7ec-46c9-9760-1d885e427ca9.domains._msdcs.home.test-server.lan
> DC01.home.test-server.lan 389
> force update: SRV _kerberos._tcp.home.test-server.lan
> DC01.home.test-server.lan 88
> force update: SRV _kerberos._udp.home.test-server.lan
> DC01.home.test-server.lan 88
> force update: SRV _kerberos._tcp.dc._msdcs.home.test-server.lan
> DC01.home.test-server.lan 88
> force update: SRV _kpasswd._tcp.home.test-server.lan
> DC01.home.test-server.lan 464
> force update: SRV _kpasswd._udp.home.test-server.lan
> DC01.home.test-server.lan 464
> force update: SRV
> _ldap._tcp.Default-First-Site-Name._sites.home.test-server.lan
> DC01.home.test-server.lan 389
> force update: SRV
> _ldap._tcp.Default-First-Site-Name._sites.dc._msdcs.home.test-server.lan
> DC01.home.test-server.lan 389
> force update: SRV
> _kerberos._tcp.Default-First-Site-Name._sites.home.test-server.lan
> DC01.home.test-server.lan 88
> force update: SRV
>
_kerberos._tcp.Default-First-Site-Name._sites.dc._msdcs.home.test-server.lan
> DC01.home.test-server.lan 88
> force update: SRV _ldap._tcp.pdc._msdcs.home.test-server.lan
> DC01.home.test-server.lan 389
> force update: A gc._msdcs.home.test-server.lan 10.0.0.19
> force update: SRV _gc._tcp.home.test-server.lan DC01.home.test-server.lan
> 3268
> force update: SRV _ldap._tcp.gc._msdcs.home.test-server.lan
> DC01.home.test-server.lan 3268
> force update: SRV
> _gc._tcp.Default-First-Site-Name._sites.home.test-server.lan
> DC01.home.test-server.lan 3268
> force update: SRV
> _ldap._tcp.Default-First-Site-Name._sites.gc._msdcs.home.test-server.lan
> DC01.home.test-server.lan 3268
> force update: A DomainDnsZones.home.test-server.lan 10.0.0.19
> force update: SRV _ldap._tcp.DomainDnsZones.home.test-server.lan
> DC01.home.test-server.lan 389
> force update: SRV
>
_ldap._tcp.Default-First-Site-Name._sites.DomainDnsZones.home.test-server.lan
> DC01.home.test-server.lan 389
> force update: A ForestDnsZones.home.test-server.lan 10.0.0.19
> force update: SRV _ldap._tcp.ForestDnsZones.home.test-server.lan
> DC01.home.test-server.lan 389
> force update: SRV
>
_ldap._tcp.Default-First-Site-Name._sites.ForestDnsZones.home.test-server.lan
> DC01.home.test-server.lan 389
> 29 DNS updates and 0 DNS deletes needed
> Failed to get Kerberos credentials, falling back to samba-tool: kinit for
> DC01$@HOME.TEST-SERVER.LAN failed (Cannot contact any KDC for requested
> realm)
>
> [root at DC01/var/log/samba$] klist -e -t -k
> Keytab name: FILE:/etc/krb5.keytab
> klist: Key table file '/etc/krb5.keytab' not found while starting
keytab
> scan
>
> [root at DC01/var/log/samba$] klist -t -k
> /var/lib/samba/private/secrets.keytab
> Keytab name: FILE:/var/lib/samba/private/secrets.keytab
> KVNO Timestamp           Principal
> ---- -------------------
> ------------------------------------------------------
>    1 10/27/2021 14:17:28 HOST/dc01 at HOME.TEST-SERVER.LAN
>    1 10/27/2021 14:17:28
> HOST/dc01.home.test-server.lan at HOME.TEST-SERVER.LAN
>    1 10/27/2021 14:17:28 DC01$@HOME.TEST-SERVER.LAN
>    1 10/27/2021 14:17:28 HOST/dc01 at HOME.TEST-SERVER.LAN
>    1 10/27/2021 14:17:28
> HOST/dc01.home.test-server.lan at HOME.TEST-SERVER.LAN
>    1 10/27/2021 14:17:28 DC01$@HOME.TEST-SERVER.LAN
>    1 10/27/2021 14:17:28 HOST/dc01 at HOME.TEST-SERVER.LAN
>    1 10/27/2021 14:17:28
> HOST/dc01.home.test-server.lan at HOME.TEST-SERVER.LAN
>    1 10/27/2021 14:17:28 DC01$@HOME.TEST-SERVER.LAN
>
> Copied file
> [root at DC01/var/log/samba$] cp /var/lib/samba/private/secrets.keytab
> /etc/krb5.keytab
>
> [root at DC01/var/log/samba$] klist -e -t -k
> Keytab name: FILE:/etc/krb5.keytab
> KVNO Timestamp           Principal
> ---- -------------------
> ------------------------------------------------------
>    1 10/27/2021 14:17:28 HOST/dc01 at HOME.TEST-SERVER.LAN
> (aes256-cts-hmac-sha1-96)
>    1 10/27/2021 14:17:28
> HOST/dc01.home.test-server.lan at HOME.TEST-SERVER.LAN
> (aes256-cts-hmac-sha1-96)
>    1 10/27/2021 14:17:28 DC01$@HOME.TEST-SERVER.LAN
> (aes256-cts-hmac-sha1-96)
>    1 10/27/2021 14:17:28 HOST/dc01 at HOME.TEST-SERVER.LAN
> (aes128-cts-hmac-sha1-96)
>    1 10/27/2021 14:17:28
> HOST/dc01.home.test-server.lan at HOME.TEST-SERVER.LAN
> (aes128-cts-hmac-sha1-96)
>    1 10/27/2021 14:17:28 DC01$@HOME.TEST-SERVER.LAN
> (aes128-cts-hmac-sha1-96)
>    1 10/27/2021 14:17:28 HOST/dc01 at HOME.TEST-SERVER.LAN
> (DEPRECATED:arcfour-hmac)
>    1 10/27/2021 14:17:28
> HOST/dc01.home.test-server.lan at HOME.TEST-SERVER.LAN
> (DEPRECATED:arcfour-hmac)
>    1 10/27/2021 14:17:28 DC01$@HOME.TEST-SERVER.LAN
> (DEPRECATED:arcfour-hmac)
>
> That didn't really help anything.  At least it didn't help these
issues
>
> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> In all things, Be Intentional.
>

Rowland Penny

2021-Oct-31 19:14 UTC

head link

[Samba] DNS Update Failing

On Sun, 2021-10-31 at 14:46 -0400, Rob Campbell via samba
wrote:> My domain members (DM01, DM02, FSDM01) can nslookup the DC (DC01) but
> the
> DC can't nslookup the members.
> 
>
https://wiki.samba.org/index.php/Troubleshooting_Samba_Domain_Members#DNS_Update_failed:_ERROR_DNS_UPDATE_FAILED
> Sends me to
> https://wiki.samba.org/index.php/Testing_Dynamic_DNS_Updates
> Which sends me to
>
https://wiki.samba.org/index.php/Samba_Internal_DNS_Back_End#Troubleshooting
> 
> netstat -tulpn | grep ":53"
> tcp        0      0
> 0.0.0.0:53              0.0.0.0:*               LISTEN
>      14311/samba: task[d
> tcp6       0      0
> :::53                   :::*                    LISTEN
>      14311/samba: task[d
> udp        0      0 0.0.0.0:53              0.0.0.0:*
>     14311/samba: task[d
> udp6       0      0 :::53                   :::*
>      14311/samba: task[d
> 
> [root at DC01/var/log/samba$] cat log.samba:
> [2021/10/31 14:11:04.615525,  0]
> ../../lib/util/util_runcmd.c:352(samba_runcmd_io_handler)
>   /usr/sbin/samba_dnsupdate: Traceback (most recent call last):
> [2021/10/31 14:11:04.615757,  0]
> ../../lib/util/util_runcmd.c:352(samba_runcmd_io_handler)
>   /usr/sbin/samba_dnsupdate:   File "/usr/sbin/samba_dnsupdate",
line
> 298,
> in check_dns_name
> [2021/10/31 14:11:04.615834,  0]
> ../../lib/util/util_runcmd.c:352(samba_runcmd_io_handler)
>   /usr/sbin/samba_dnsupdate:     ans >
check_one_dns_name(normalised_name,
> d.type, d)
> [2021/10/31 14:11:04.615858,  0]
> ../../lib/util/util_runcmd.c:352(samba_runcmd_io_handler)
>   /usr/sbin/samba_dnsupdate:   File "/usr/sbin/samba_dnsupdate",
line
> 275,
> in check_one_dns_name
> [2021/10/31 14:11:04.615895,  0]
> ../../lib/util/util_runcmd.c:352(samba_runcmd_io_handler)
>   /usr/sbin/samba_dnsupdate:     return resolver.resolve(name,
> name_type)
> [2021/10/31 14:11:04.615916,  0]
> ../../lib/util/util_runcmd.c:352(samba_runcmd_io_handler)
>   /usr/sbin/samba_dnsupdate:   File
> "/usr/lib/python3/dist-packages/dns/resolver.py", line 1040, in
> resolve
> [2021/10/31 14:11:04.616069,  0]
> ../../lib/util/util_runcmd.c:352(samba_runcmd_io_handler)
>   /usr/sbin/samba_dnsupdate:     (nameserver, port, tcp, backoff) >
resolution.next_nameserver()
> [2021/10/31 14:11:04.616102,  0]
> ../../lib/util/util_runcmd.c:352(samba_runcmd_io_handler)
>   /usr/sbin/samba_dnsupdate:   File
> "/usr/lib/python3/dist-packages/dns/resolver.py", line 598, in
> next_nameserver
> [2021/10/31 14:11:04.616249,  0]
> ../../lib/util/util_runcmd.c:352(samba_runcmd_io_handler)
>   /usr/sbin/samba_dnsupdate:     raise
> NoNameservers(request=self.request,
> errors=self.errors)
> [2021/10/31 14:11:04.616326,  0]
> ../../lib/util/util_runcmd.c:352(samba_runcmd_io_handler)
>   /usr/sbin/samba_dnsupdate: dns.resolver.NoNameservers: All
> nameservers
> failed to answer the query DC01.home.test-server.lan. IN A: Server
> 10.0.0.1
> UDP port 53 answered SERVFAIL
> [2021/10/31 14:11:04.616406,  0]
> ../../lib/util/util_runcmd.c:352(samba_runcmd_io_handler)
>   /usr/sbin/samba_dnsupdate:
> [2021/10/31 14:11:04.616503,  0]
> ../../lib/util/util_runcmd.c:352(samba_runcmd_io_handler)
>   /usr/sbin/samba_dnsupdate: During handling of the above exception,
> another exception occurred:
> [2021/10/31 14:11:04.616526,  0]
> ../../lib/util/util_runcmd.c:352(samba_runcmd_io_handler)
>   /usr/sbin/samba_dnsupdate:
> [2021/10/31 14:11:04.616561,  0]
> ../../lib/util/util_runcmd.c:352(samba_runcmd_io_handler)
>   /usr/sbin/samba_dnsupdate: Traceback (most recent call last):
> [2021/10/31 14:11:04.616603,  0]
> ../../lib/util/util_runcmd.c:352(samba_runcmd_io_handler)
>   /usr/sbin/samba_dnsupdate:   File "/usr/sbin/samba_dnsupdate",
line
> 848,
> in <module>
> [2021/10/31 14:11:04.616680,  0]
> ../../lib/util/util_runcmd.c:352(samba_runcmd_io_handler)
>   /usr/sbin/samba_dnsupdate:     elif not check_dns_name(d):
> [2021/10/31 14:11:04.616726,  0]
> ../../lib/util/util_runcmd.c:352(samba_runcmd_io_handler)
>   /usr/sbin/samba_dnsupdate:   File "/usr/sbin/samba_dnsupdate",
line
> 302,
> in check_dns_name
> [2021/10/31 14:11:04.616771,  0]
> ../../lib/util/util_runcmd.c:352(samba_runcmd_io_handler)
>   /usr/sbin/samba_dnsupdate:     raise Exception("Unable to contact a
> working DNS server while looking for %s as %s" % (d,
> normalised_name))
> [2021/10/31 14:11:04.616832,  0]
> ../../lib/util/util_runcmd.c:352(samba_runcmd_io_handler)
>   /usr/sbin/samba_dnsupdate: Exception: Unable to contact a working
> DNS
> server while looking for A DC01.home.test-server.lan 10.0.0.19 as
> DC01.home.test-server.lan.
> [2021/10/31 14:11:04.656491,  0]
> ../../source4/dsdb/dns/dns_update.c:85(dnsupdate_nameupdate_done)
>   dnsupdate_nameupdate_done: Failed DNS update with exit code 1
> 
> [root at DC01/var/log/samba$] samba_dnsupdate --verbose --all-names
> IPs: ['10.0.0.19']
> force update: A DC01.home.test-server.lan 10.0.0.19
> force update: CNAME
> f79b5e15-ea2b-4afd-a8ca-bb16e2531521._msdcs.home.test-server.lan
> DC01.home.test-server.lan
> force update: NS home.test-server.lan DC01.home.test-server.lan
> force update: NS _msdcs.home.test-server.lan DC01.home.test-
> server.lan
> force update: A home.test-server.lan 10.0.0.19
> force update: SRV _ldap._tcp.home.test-server.lan DC01.home.test-
> server.lan
> 389
> force update: SRV _ldap._tcp.dc._msdcs.home.test-server.lan
> DC01.home.test-server.lan 389
> force update: SRV
> _ldap._tcp.3cc42946-b7ec-46c9-9760-
> 1d885e427ca9.domains._msdcs.home.test-server.lan
> DC01.home.test-server.lan 389
> force update: SRV _kerberos._tcp.home.test-server.lan
> DC01.home.test-server.lan 88
> force update: SRV _kerberos._udp.home.test-server.lan
> DC01.home.test-server.lan 88
> force update: SRV _kerberos._tcp.dc._msdcs.home.test-server.lan
> DC01.home.test-server.lan 88
> force update: SRV _kpasswd._tcp.home.test-server.lan
> DC01.home.test-server.lan 464
> force update: SRV _kpasswd._udp.home.test-server.lan
> DC01.home.test-server.lan 464
> force update: SRV
> _ldap._tcp.Default-First-Site-Name._sites.home.test-server.lan
> DC01.home.test-server.lan 389
> force update: SRV
> _ldap._tcp.Default-First-Site-Name._sites.dc._msdcs.home.test-
> server.lan
> DC01.home.test-server.lan 389
> force update: SRV
> _kerberos._tcp.Default-First-Site-Name._sites.home.test-server.lan
> DC01.home.test-server.lan 88
> force update: SRV
> _kerberos._tcp.Default-First-Site-Name._sites.dc._msdcs.home.test-
> server.lan
> DC01.home.test-server.lan 88
> force update: SRV _ldap._tcp.pdc._msdcs.home.test-server.lan
> DC01.home.test-server.lan 389
> force update: A gc._msdcs.home.test-server.lan 10.0.0.19
> force update: SRV _gc._tcp.home.test-server.lan DC01.home.test-
> server.lan
> 3268
> force update: SRV _ldap._tcp.gc._msdcs.home.test-server.lan
> DC01.home.test-server.lan 3268
> force update: SRV
> _gc._tcp.Default-First-Site-Name._sites.home.test-server.lan
> DC01.home.test-server.lan 3268
> force update: SRV
> _ldap._tcp.Default-First-Site-Name._sites.gc._msdcs.home.test-
> server.lan
> DC01.home.test-server.lan 3268
> force update: A DomainDnsZones.home.test-server.lan 10.0.0.19
> force update: SRV _ldap._tcp.DomainDnsZones.home.test-server.lan
> DC01.home.test-server.lan 389
> force update: SRV
> _ldap._tcp.Default-First-Site-Name._sites.DomainDnsZones.home.test-
> server.lan
> DC01.home.test-server.lan 389
> force update: A ForestDnsZones.home.test-server.lan 10.0.0.19
> force update: SRV _ldap._tcp.ForestDnsZones.home.test-server.lan
> DC01.home.test-server.lan 389
> force update: SRV
> _ldap._tcp.Default-First-Site-Name._sites.ForestDnsZones.home.test-
> server.lan
> DC01.home.test-server.lan 389
> 29 DNS updates and 0 DNS deletes needed
> Failed to get Kerberos credentials, falling back to samba-tool: kinit
> for
> DC01$@HOME.TEST-SERVER.LAN failed (Cannot contact any KDC for
> requested
> realm)
> 
> [root at DC01/var/log/samba$] klist -e -t -k
> Keytab name: FILE:/etc/krb5.keytab
> klist: Key table file '/etc/krb5.keytab' not found while starting
> keytab
> scan
> 
> [root at DC01/var/log/samba$] klist -t -k
> /var/lib/samba/private/secrets.keytab
> Keytab name: FILE:/var/lib/samba/private/secrets.keytab
> KVNO Timestamp           Principal
> ---- -------------------
> ------------------------------------------------------
>    1 10/27/2021 14:17:28 HOST/dc01 at HOME.TEST-SERVER.LAN
>    1 10/27/2021 14:17:28 
> HOST/dc01.home.test-server.lan at HOME.TEST-SERVER.LAN
>    1 10/27/2021 14:17:28 DC01$@HOME.TEST-SERVER.LAN
>    1 10/27/2021 14:17:28 HOST/dc01 at HOME.TEST-SERVER.LAN
>    1 10/27/2021 14:17:28 
> HOST/dc01.home.test-server.lan at HOME.TEST-SERVER.LAN
>    1 10/27/2021 14:17:28 DC01$@HOME.TEST-SERVER.LAN
>    1 10/27/2021 14:17:28 HOST/dc01 at HOME.TEST-SERVER.LAN
>    1 10/27/2021 14:17:28 
> HOST/dc01.home.test-server.lan at HOME.TEST-SERVER.LAN
>    1 10/27/2021 14:17:28 DC01$@HOME.TEST-SERVER.LAN
> 
> Copied file
> [root at DC01/var/log/samba$] cp /var/lib/samba/private/secrets.keytab
> /etc/krb5.keytab
> 
> [root at DC01/var/log/samba$] klist -e -t -k
> Keytab name: FILE:/etc/krb5.keytab
> KVNO Timestamp           Principal
> ---- -------------------
> ------------------------------------------------------
>    1 10/27/2021 14:17:28 HOST/dc01 at HOME.TEST-SERVER.LAN
> (aes256-cts-hmac-sha1-96)
>    1 10/27/2021 14:17:28 
> HOST/dc01.home.test-server.lan at HOME.TEST-SERVER.LAN
> (aes256-cts-hmac-sha1-96)
>    1 10/27/2021 14:17:28 DC01$@HOME.TEST-SERVER.LAN
> (aes256-cts-hmac-sha1-96)
>    1 10/27/2021 14:17:28 HOST/dc01 at HOME.TEST-SERVER.LAN
> (aes128-cts-hmac-sha1-96)
>    1 10/27/2021 14:17:28 
> HOST/dc01.home.test-server.lan at HOME.TEST-SERVER.LAN
> (aes128-cts-hmac-sha1-96)
>    1 10/27/2021 14:17:28 DC01$@HOME.TEST-SERVER.LAN
> (aes128-cts-hmac-sha1-96)
>    1 10/27/2021 14:17:28 HOST/dc01 at HOME.TEST-SERVER.LAN
> (DEPRECATED:arcfour-hmac)
>    1 10/27/2021 14:17:28 
> HOST/dc01.home.test-server.lan at HOME.TEST-SERVER.LAN
> (DEPRECATED:arcfour-hmac)
>    1 10/27/2021 14:17:28 DC01$@HOME.TEST-SERVER.LAN
> (DEPRECATED:arcfour-hmac)
> 
> That didn't really help anything.  At least it didn't help these
> issues
It looks like your DC cannot find itself :-O

Can you post the contents of the following files from the DC:
/etc/hostname
/etc/hosts
/etc/resolv.conf
/etc/krb5.conf
/etc/samba/smb.conf
/etc/nsswitch.conf

Rowland

L.P.H. van Belle

2021-Nov-01 10:39 UTC

head link

[Samba] DNS Update Failing

Can also be the "resolvconf" package..
If that's installed, or configure it properly or remove it. 


That should fix it. 

Greetz, 

Louis
 
> -----Oorspronkelijk bericht-----
> Van: samba [mailto:samba-bounces at lists.samba.org] Namens 
> Rowland Penny via samba
> Verzonden: zondag 31 oktober 2021 20:22
> Aan: samba at lists.samba.org
> Onderwerp: Re: [Samba] DNS Update Failing
> 
> On Sun, 2021-10-31 at 15:13 -0400, Rob Campbell via samba wrote:
> > My /etc/resolv.conf was overwritten.  What service does this on
> > Debian?
> 
> Usually resolvconf or networkmanger, but it usually says at the top of
> /etc/resolv.conf
> 
> > I've disabled systemd-resolved already.
> > 
> > Getting a different error now.
> > samba_dnsupdate --verbose --all-names
> > *29 DNS updates* and 0 DNS deletes needed
> > Successfully obtained Kerberos ticket to DNS/DC01.home.test-
> > server.lan as
> > DC01$
> > update(nsupdate): A DC01.home.test-server.lan 10.0.0.19
> > Calling nsupdate for A DC01.home.test-server.lan 10.0.0.19 (add)
> > Successfully obtained Kerberos ticket to DNS/DC01.home.test-
> > server.lan as
> > DC01$
> > Outgoing update query:
> > ;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id:     
0
> > ;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0
> > ;; UPDATE SECTION:
> > DC01.home.test-server.lan. 900 IN A 10.0.0.19
> > 
> > ; TSIG error with server: tsig indicates error
> > update failed: NOTAUTH(BADSIG)
> > Failed nsupdate: 2
> > update(nsupdate): CNAME
> > f79b5e15-ea2b-4afd-a8ca-bb16e2531521._msdcs.home.test-server.lan
> > DC01.home.test-server.lan
> > ...
> > 
> 
> Try adding this line to your smb.conf:
> 
> dns update command = /usr/sbin/samba_dnsupdate --use-samba-tool
> 
> Restart Samba, it usually works
> 
> Rowland
> 
> 
> 
> -- 
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
> 
>

samba - Nov 2021 - DNS Update Failing

[Samba] DNS Update Failing

[Samba] DNS Update Failing

[Samba] DNS Update Failing

[Samba] DNS Update Failing