On Sun May 18 11:44:11 2025 Mark Foley via samba <samba at lists.samba.org>> > On Sun May 18 03:22:40 2025 Penny via samba <samba at lists.samba.org> wrote: > > > > On Sat, 17 May 2025 00:46:20 -0400 > > Mark Foley via samba <samba at lists.samba.org> wrote: > > > > > I'm trying to solve a couple of problems with Samba 4.18.19 and > > > Windows 11. I've described these in detail in previous messages in > > > this thread, so I'll be brief here:[snip]> > > I'm going to test 3 ways: > > > > > > A. I will upgrade Samba to the latest 4.22.1, downloaded from > > > samba.org, but keeping all the domain users, group, policies, etc. > > > > > > B. If that doesn't work I will wipe the system and install and > > > provision 4.22.1 from scratch. > > > > > > C. If that doesn't work I will stage an actual Windows DC and see if > > > the problem exists on that platform. > > > > > > If B does not work but C does, I'll file a bug report for Samba. Then > > > I'll have to decide whether I want to live with the > > > password/redirected-folders issues on Samba or go with Windows.[snip]> > > Results thus far: > > > > > > Plan A[failed, see previous thread messages ]> > > > I think this would have been a lot nearer: > > > > ./configure \ > > --enable-fhs \ > > --prefix=/usr \ > > --libdir=/usr/lib64 \ > > --includedir=/usr/include \ > > --bindir=/usr/bin \ > > --sbindir=/usr/sbin \ > > --mandir=/usr/man \ > > --sysconfdir=/etc \ > > --with-configdir=/etc/samba \ > > --with-piddir=/var/run \ > > --with-privatedir=/var/lib/samba/private \ > > --with-privatelibdir=/usr/lib64 \ > > --with-modulesdir=/usr/lib64 \ > > --with-lockdir=/var/cache/samba \ > > --with-logfilebase=/var/log/samba \ > > --localstatedir=/var \ > > --enable-cups \ > > --with-acl-support \ > > --with-automount \ > > --with-quotas \ > > --with-syslog \ > > --with-utmp \ > > --with-winbind \ > > --with-ldap \ > > --with-ads \ > > --without-fam \ > > --with-pam \ > > --with-pammodulesdir=/lib64/security \ > > --build=x86_64-slackware-linux || exit 1 > > Wow! Thanks for that! I'll use that on my next attempt. >[snip] For "Plan B", I created a completely clean install of Slackware and removed the supplied Samaba and kinit (MIT) packages. I configured Samba 4.22.1 exaclty per your (Roland's) suggestion, above, except that I also did --without-systemd and --disable-cups. (then make, make install) I followed the Wiki https://wiki.samba.org/index.php/Setting_up_Samba_as_an_Active_Directory_Domain_Controller I provisioned as: samba-tool domain provision \ --use-rfc2307 \ --realm=HPRS.LOCAL \ --domain=HPRS \ --server-role=dc \ --dns-backend=SAMBA_INTERNAL \ --option="interfaces=lo eth0" --option="bind interfaces only=yes" which failed the first time with "ModuleNotFoundError: No module named 'cryptography'", but I installed that and tried again and it provisioned without error. When I got to the testing bits, I had the following errors: # host -t SRV _ldap._tcp.hprs.local. Host _ldap._tcp.hprs.local. not found: 3(NXDOMAIN) # host -t SRV _kerberos._udp.hprs.local. Host _kerberos._udp.hprs.local. not found: 3(NXDOMAIN) # host -t A mail.hprs.local. Host mail.hprs.local. not found: 3(NXDOMAIN) # host -t PTR 192.168.0.2 Host 2.0.168.192.in-addr.arpa. not found: 3(NXDOMAIN) # kinit administrator -su: kinit: command not found This is disappointing. I did create a reverse zone, and listing that shows: # samba-tool dns zonelist mail -U Administrator Password for [HPRS\Administrator]: 3 zone(s) found pszZoneName : 0.168.192.in-addr.arpa Flags : DNS_RPC_ZONE_DSINTEGRATED DNS_RPC_ZONE_UPDATE_SECURE ZoneType : DNS_ZONE_TYPE_PRIMARY Version : 50 dwDpFlags : DNS_DP_AUTOCREATED DNS_DP_DOMAIN_DEFAULT DNS_DP_ENLISTED pszDpFqdn : DomainDnsZones.hprs.local pszZoneName : hprs.local Flags : DNS_RPC_ZONE_DSINTEGRATED DNS_RPC_ZONE_UPDATE_SECURE ZoneType : DNS_ZONE_TYPE_PRIMARY Version : 50 dwDpFlags : DNS_DP_AUTOCREATED DNS_DP_DOMAIN_DEFAULT DNS_DP_ENLISTED pszDpFqdn : DomainDnsZones.hprs.local pszZoneName : _msdcs.hprs.local Flags : DNS_RPC_ZONE_DSINTEGRATED DNS_RPC_ZONE_UPDATE_SECURE ZoneType : DNS_ZONE_TYPE_PRIMARY Version : 50 dwDpFlags : DNS_DP_AUTOCREATED DNS_DP_FOREST_DEFAULT DNS_DP_ENLISTED pszDpFqdn : ForestDnsZones.hprs.local So why does "host -t PTR 192.168.0.2" fail? likewise, there is an A record for 192.168.0.2: # samba-tool dns query mail.hprs.local hprs.local @ ALL -U administrator Name=, Records=3, Children=0 SOA: serial=110, refresh=900, retry=600, expire=86400, minttl=3600, ns=mail.hprs.local., email=hostmaster.hprs.local. (flags=600000f0, serial=110, ttl=3600) NS: mail.hprs.local. (flags=600000f0, serial=1, ttl=900) A: 192.168.0.2 (flags=600000f0, serial=1, ttl=900) Name=_msdcs, Records=0, Children=0 Name=_sites, Records=0, Children=1 Name=_tcp, Records=0, Children=4 Name=_udp, Records=0, Children=2 Name=DomainDnsZones, Records=0, Children=2 Name=ForestDnsZones, Records=0, Children=2 Name=mail, Records=1, Children=0 A: 192.168.0.2 (flags=f0, serial=1, ttl=900) So why does "host -t A mail.hprs.local." fail? It seems that 'host mail' should return results regardless.> > I personally would just join a test Debian Samba DC and point a client > > that has been having problems at it.I've built Samba from a download from samba.org before w/o problem, but not looking good this time. If the above DNS issues aren't something simple to resolve, I might go ahead and try the Debian approach, but that might not be immediate. --Mark
On Sun May 18 11:44:11 2025 Mark Foley via samba <samba at lists.samba.org>> > On Sun May 18 03:22:40 2025 Penny via samba <samba at lists.samba.org> wrote: > > > > On Sat, 17 May 2025 00:46:20 -0400 > > Mark Foley via samba <samba at lists.samba.org> wrote: > > > > > I'm trying to solve a couple of problems with Samba 4.18.19 and > > > Windows 11. I've described these in detail in previous messages in > > > this thread, so I'll be brief here:[snip]> > > I'm going to test 3 ways: > > > > > > A. I will upgrade Samba to the latest 4.22.1, downloaded from > > > samba.org, but keeping all the domain users, group, policies, etc. > > > > > > B. If that doesn't work I will wipe the system and install and > > > provision 4.22.1 from scratch. > > > > > > C. If that doesn't work I will stage an actual Windows DC and see if > > > the problem exists on that platform. > > > > > > If B does not work but C does, I'll file a bug report for Samba. Then > > > I'll have to decide whether I want to live with the > > > password/redirected-folders issues on Samba or go with Windows.[snip]> > > Results thus far: > > > > > > Plan A[failed, see previous thread messages ]> > > > I think this would have been a lot nearer: > > > > ./configure \ > > --enable-fhs \ > > --prefix=/usr \ > > --libdir=/usr/lib64 \ > > --includedir=/usr/include \ > > --bindir=/usr/bin \ > > --sbindir=/usr/sbin \ > > --mandir=/usr/man \ > > --sysconfdir=/etc \ > > --with-configdir=/etc/samba \ > > --with-piddir=/var/run \ > > --with-privatedir=/var/lib/samba/private \ > > --with-privatelibdir=/usr/lib64 \ > > --with-modulesdir=/usr/lib64 \ > > --with-lockdir=/var/cache/samba \ > > --with-logfilebase=/var/log/samba \ > > --localstatedir=/var \ > > --enable-cups \ > > --with-acl-support \ > > --with-automount \ > > --with-quotas \ > > --with-syslog \ > > --with-utmp \ > > --with-winbind \ > > --with-ldap \ > > --with-ads \ > > --without-fam \ > > --with-pam \ > > --with-pammodulesdir=/lib64/security \ > > --build=x86_64-slackware-linux || exit 1 > > Wow! Thanks for that! I'll use that on my next attempt. >[snip] For "Plan B", I created a completely clean install of Slackware and removed the supplied Samaba and kinit (MIT) packages. I configured Samba 4.22.1 exaclty per your (Roland's) suggestion, above, except that I also did --without-systemd and --disable-cups. (then make, make install) I followed the Wiki https://wiki.samba.org/index.php/Setting_up_Samba_as_an_Active_Directory_Domain_Controller I provisioned as: samba-tool domain provision \ --use-rfc2307 \ --realm=HPRS.LOCAL \ --domain=HPRS \ --server-role=dc \ --dns-backend=SAMBA_INTERNAL \ --option="interfaces=lo eth0" --option="bind interfaces only=yes" which failed the first time with "ModuleNotFoundError: No module named 'cryptography'", but I installed that and tried again and it provisioned without error. When I got to the testing bits, I had the following errors: # host -t SRV _ldap._tcp.hprs.local. Host _ldap._tcp.hprs.local. not found: 3(NXDOMAIN) # host -t SRV _kerberos._udp.hprs.local. Host _kerberos._udp.hprs.local. not found: 3(NXDOMAIN) # host -t A mail.hprs.local. Host mail.hprs.local. not found: 3(NXDOMAIN) # host -t PTR 192.168.0.2 Host 2.0.168.192.in-addr.arpa. not found: 3(NXDOMAIN) # kinit administrator -su: kinit: command not found This is disappointing. I did create a reverse zone, and listing that shows: # samba-tool dns zonelist mail -U Administrator 3 zone(s) found pszZoneName : 0.168.192.in-addr.arpa Flags : DNS_RPC_ZONE_DSINTEGRATED DNS_RPC_ZONE_UPDATE_SECURE ZoneType : DNS_ZONE_TYPE_PRIMARY Version : 50 dwDpFlags : DNS_DP_AUTOCREATED DNS_DP_DOMAIN_DEFAULT DNS_DP_ENLISTED pszDpFqdn : DomainDnsZones.hprs.local pszZoneName : hprs.local Flags : DNS_RPC_ZONE_DSINTEGRATED DNS_RPC_ZONE_UPDATE_SECURE ZoneType : DNS_ZONE_TYPE_PRIMARY Version : 50 dwDpFlags : DNS_DP_AUTOCREATED DNS_DP_DOMAIN_DEFAULT DNS_DP_ENLISTED pszDpFqdn : DomainDnsZones.hprs.local pszZoneName : _msdcs.hprs.local Flags : DNS_RPC_ZONE_DSINTEGRATED DNS_RPC_ZONE_UPDATE_SECURE ZoneType : DNS_ZONE_TYPE_PRIMARY Version : 50 dwDpFlags : DNS_DP_AUTOCREATED DNS_DP_FOREST_DEFAULT DNS_DP_ENLISTED pszDpFqdn : ForestDnsZones.hprs.local So why does "host -t PTR 192.168.0.2" fail? likewise, there is an A record for 192.168.0.2: # samba-tool dns query mail.hprs.local hprs.local @ ALL -U administrator Name=, Records=3, Children=0 SOA: serial=110, refresh=900, retry=600, expire=86400, minttl=3600, ns=mail.hprs.local., email=hostmaster.hprs.local. (flags=600000f0, serial=110, ttl=3600) NS: mail.hprs.local. (flags=600000f0, serial=1, ttl=900) A: 192.168.0.2 (flags=600000f0, serial=1, ttl=900) Name=_msdcs, Records=0, Children=0 Name=_sites, Records=0, Children=1 Name=_tcp, Records=0, Children=4 Name=_udp, Records=0, Children=2 Name=DomainDnsZones, Records=0, Children=2 Name=ForestDnsZones, Records=0, Children=2 Name=mail, Records=1, Children=0 A: 192.168.0.2 (flags=f0, serial=1, ttl=900) So why does "host -t A mail.hprs.local." fail? It seems that 'host mail' should return results regardless.> > I personally would just join a test Debian Samba DC and point a client > > that has been having problems at it.I've built Samba from a download from samba.org before w/o problem, but not looking good this time. If the above DNS issues aren't something simple to resolve, I might go ahead and try the Debian approach, but that might not be immediate. More ... Note that kinit was not found. Does Samba rely on the distro's kinit? I removed that package because I thought it might be MIT related. Would a non-functioning Kerberos affect DNS? The wiki https://wiki.samba.org/index.php/Samba_Internal_DNS_Back_End mentions kerberos. --Mark