Author Topic: [SOLVED] SAMBA Error On Activation+SAMBA DNS Update Fail+Join a Win client Fail  (Read 21628 times)

davidegn

  • Zen Apprentice
  • *
  • Posts: 7
  • Karma: +0/-0
    • View Profile
Hi,

I set up a new installation of Zentyal 3.2 by formatting the old Zentyal 3.0 (that was working perfectly)

I have set uo a domain by installing and configuring the DNS Service and Users and Computers modules without detect any problems. Everything work as expected after the update of the DNS Service to the new version 3.2.4.

After, I have installed and configured the "File Sharing and Domain Services" (by defining also one shared folder) but, when I have tried to activate it, I have obtained the following error:

Quote
Some modules reported error when saving changes . More information on the logs in /var/log/zentyal/

Error connecting with SMB server after 10 tries."

Here below, there is the log "zentyal.log" generated after the attempt to enable the module:

Quote
2013/11/18 03:16:41 INFO> Base.pm:1078 EBox::Module::Base::__ANON__ - Using custom template for /etc/krb5.conf: /etc/zentyal/stubs/users/krb5.conf.mas
2013/11/18 03:16:48 INFO> GlobalImpl.pm:617 EBox::GlobalImpl::saveAllModules - Saving config and restarting services: firewall dns samba logs
2013/11/18 03:16:48 INFO> Base.pm:229 EBox::Module::Base::save - Restarting service for module: firewall
2013/11/18 03:16:49 INFO> Base.pm:229 EBox::Module::Base::save - Restarting service for module: dns
2013/11/18 03:16:53 ERROR> Sudo.pm:231 EBox::Sudo::_rootError - root command nsupdate -l -t 10 /var/lib/zentyal/tmp/iGtEuVOl15 failed.
Error output: update failed: REFUSED

Command output: .
Exit value: 2 at /usr/share/perl5/Error.pm line 182
   Error::throw('EBox::Exceptions::Sudo::Command', 'cmd', 'nsupdate -l -t 10 /var/lib/zentyal/tmp/iGtEuVOl15', 'output', 'ARRAY(0x5f3be38)', 'error', 'ARRAY(0x1ed3018)', 'exitValue', 2, ...) called at /usr/share/perl5/EBox/Sudo.pm line 231
   EBox::Sudo::_rootError('/usr/bin/sudo -p sudo: /var/lib/zentyal/tmp/_bVSY0gX9S.cmd 2>...', 'nsupdate -l -t 10 /var/lib/zentyal/tmp/iGtEuVOl15', 512, 'ARRAY(0x5f3be38)', 'ARRAY(0x1ed3018)') called at /usr/share/perl5/EBox/Sudo.pm line 201
   EBox::Sudo::_root(1, 'nsupdate -l -t 10 /var/lib/zentyal/tmp/iGtEuVOl15') called at /usr/share/perl5/EBox/Sudo.pm line 152
   EBox::Sudo::root('nsupdate -l -t 10 /var/lib/zentyal/tmp/iGtEuVOl15') called at /usr/share/perl5/EBox/DNS.pm line 1582
   EBox::DNS::_launchNSupdate('EBox::DNS=HASH(0x3f94ed0)', 'File::Temp=GLOB(0x5fac408)') called at /usr/share/perl5/EBox/DNS.pm line 1553
   EBox::DNS::_updateDynDirectZone('EBox::DNS=HASH(0x3f94ed0)', 'HASH(0x5f14f98)') called at /usr/share/perl5/EBox/DNS.pm line 767
   EBox::DNS::_setConf('EBox::DNS=HASH(0x3f94ed0)') called at /usr/share/perl5/EBox/Module/Base.pm line 977
   EBox::Module::Base::_regenConfig('EBox::DNS=HASH(0x3f94ed0)') called at /usr/share/perl5/EBox/Module/Service.pm line 961
   EBox::Module::Service::_regenConfig('EBox::DNS=HASH(0x3f94ed0)') called at /usr/share/perl5/EBox/Module/Base.pm line 232
   EBox::Module::Base::save('EBox::DNS=HASH(0x3f94ed0)') called at /usr/share/perl5/EBox/GlobalImpl.pm line 654
   EBox::GlobalImpl::saveAllModules('EBox::GlobalImpl=HASH(0x31a7b48)', 'progress', 'EBox::ProgressIndicator=HASH(0x16417b8)') called at /usr/share/perl5/EBox/Global.pm line 95
   EBox::Global::AUTOLOAD('EBox::Global=HASH(0x31a4c78)', 'progress', 'EBox::ProgressIndicator=HASH(0x16417b8)') called at /usr/share/zentyal/global-action line 36
2013/11/18 03:16:53 ERROR> DNS.pm:1585 EBox::DNS::__ANON__ - nsupdate error: root command nsupdate -l -t 10 /var/lib/zentyal/tmp/iGtEuVOl15 failed.
Error output: update failed: REFUSED

Command output: .
Exit value: 2
2013/11/18 03:16:54 INFO> DNS.pm:91 EBox::DNS::appArmorProfiles - Setting DNS apparmor profile
2013/11/18 03:16:59 INFO> Base.pm:229 EBox::Module::Base::save - Restarting service for module: samba
2013/11/18 03:16:59 INFO> Base.pm:1078 EBox::Module::Base::__ANON__ - Using custom template for /etc/samba/smb.conf: /etc/zentyal/stubs/samba/smb.conf.mas
2013/11/18 03:17:00 INFO> Samba.pm:249 EBox::Samba::_postServiceHook - Setting roaming profiles...
2013/11/18 03:17:01 INFO> Samba.pm:302 EBox::Samba::_postServiceHook - Applying new permissions to the share 'DataStorage'...
2013/11/18 03:17:02 WARN> SmbClient.pm:68 EBox::Samba::SmbClient::__ANON__ - Error connecting with SMB server: Failed to connect: NT_STATUS_INVALID_PARAMETER at /usr/share/perl5/EBox/Samba/SmbClient.pm line 61.
, retrying (1 attempts)
2013/11/18 03:17:03 WARN> SmbClient.pm:68 EBox::Samba::SmbClient::__ANON__ - Error connecting with SMB server: Failed to connect: NT_STATUS_INVALID_PARAMETER at /usr/share/perl5/EBox/Samba/SmbClient.pm line 61.
, retrying (2 attempts)
2013/11/18 03:17:04 WARN> SmbClient.pm:68 EBox::Samba::SmbClient::__ANON__ - Error connecting with SMB server: Failed to connect: NT_STATUS_INVALID_PARAMETER at /usr/share/perl5/EBox/Samba/SmbClient.pm line 61.
, retrying (3 attempts)
2013/11/18 03:17:05 WARN> SmbClient.pm:68 EBox::Samba::SmbClient::__ANON__ - Error connecting with SMB server: Failed to connect: NT_STATUS_INVALID_PARAMETER at /usr/share/perl5/EBox/Samba/SmbClient.pm line 61.
, retrying (4 attempts)
2013/11/18 03:17:06 WARN> SmbClient.pm:68 EBox::Samba::SmbClient::__ANON__ - Error connecting with SMB server: Failed to connect: NT_STATUS_INVALID_PARAMETER at /usr/share/perl5/EBox/Samba/SmbClient.pm line 61.
, retrying (5 attempts)
2013/11/18 03:17:07 WARN> SmbClient.pm:68 EBox::Samba::SmbClient::__ANON__ - Error connecting with SMB server: Failed to connect: NT_STATUS_INVALID_PARAMETER at /usr/share/perl5/EBox/Samba/SmbClient.pm line 61.
, retrying (6 attempts)
2013/11/18 03:17:08 WARN> SmbClient.pm:68 EBox::Samba::SmbClient::__ANON__ - Error connecting with SMB server: Failed to connect: NT_STATUS_INVALID_PARAMETER at /usr/share/perl5/EBox/Samba/SmbClient.pm line 61.
, retrying (7 attempts)
2013/11/18 03:17:09 WARN> SmbClient.pm:68 EBox::Samba::SmbClient::__ANON__ - Error connecting with SMB server: Failed to connect: NT_STATUS_INVALID_PARAMETER at /usr/share/perl5/EBox/Samba/SmbClient.pm line 61.
, retrying (8 attempts)
2013/11/18 03:17:10 WARN> SmbClient.pm:68 EBox::Samba::SmbClient::__ANON__ - Error connecting with SMB server: Failed to connect: NT_STATUS_INVALID_PARAMETER at /usr/share/perl5/EBox/Samba/SmbClient.pm line 61.
, retrying (9 attempts)
2013/11/18 03:17:11 WARN> SmbClient.pm:68 EBox::Samba::SmbClient::__ANON__ - Error connecting with SMB server: Failed to connect: NT_STATUS_INVALID_PARAMETER at /usr/share/perl5/EBox/Samba/SmbClient.pm line 61.
, retrying (10 attempts)
2013/11/18 03:17:12 DEBUG> SmbClient.pm:72 EBox::Samba::SmbClient::new - Error connecting with SMB server after 10 tries. at /usr/share/perl5/EBox/Samba/SmbClient.pm line 72
   EBox::Samba::SmbClient::new('EBox::Samba::SmbClient', 'target', 'bravo-server.retebravo.local', 'service', 'DataStorage', 'RID', 500) called at /usr/share/perl5/EBox/Samba.pm line 304
   EBox::Samba::_postServiceHook('EBox::Samba=HASH(0x446a648)', 1) called at /usr/share/perl5/EBox/Module/Service.pm line 969
   EBox::Module::Service::_regenConfig('EBox::Samba=HASH(0x446a648)') called at /usr/share/perl5/EBox/Module/Base.pm line 232
   EBox::Module::Base::save('EBox::Samba=HASH(0x446a648)') called at /usr/share/perl5/EBox/GlobalImpl.pm line 654
   EBox::GlobalImpl::saveAllModules('EBox::GlobalImpl=HASH(0x31a7b48)', 'progress', 'EBox::ProgressIndicator=HASH(0x16417b8)') called at /usr/share/perl5/EBox/Global.pm line 95
   EBox::Global::AUTOLOAD('EBox::Global=HASH(0x31a4c78)', 'progress', 'EBox::ProgressIndicator=HASH(0x16417b8)') called at /usr/share/zentyal/global-action line 36


and here below the log "/var/log/samba/samba.log"

Quote
[2013/11/18 03:16:59.731622,  0] ../source4/smbd/server.c:370(binary_smbd_main)
  samba version 4.1.1 started.
  Copyright Andrew Tridgell and the Samba Team 1992-2013
[2013/11/18 03:16:59.981793,  0] ../source4/smbd/server.c:492(binary_smbd_main)
  samba: using 'standard' process model
[2013/11/18 03:17:20.072581,  0] ../source4/dsdb/dns/dns_update.c:294(dnsupdate_nameupdate_done)
  ../source4/dsdb/dns/dns_update.c:294: Failed DNS update - NT_STATUS_IO_TIMEOUT


By checking the log files, it seems that there are two different problems:
 - The SMB server doesn't work as expected because the SMBclient is not able to contact by SAMBA share "/mnt/DataStorage"

- The integration of the DNS with SAMBA doesn't work.

Supporting the second point, I tested the DNS configuration with the following command:

dig _kerberos._udp.mydomain srv

Before activating the "File Sharing and Domain Services", the answer of this command has been the following:

;; ANSWER SECTION:
_kpasswd._tcp.mydomain. 900 IN SRV 100 100 8464 myserver.mydomain.

After the activation of the "File Sharing and Domain Services", the answer of the command has been the following:

;; ANSWER SECTION:
_kpasswd._tcp.mydomain. 900 IN SRV 0 100 464 myserver.mydomain.

The test result indicates that, after the activation of the "File Sharing and Domain Services", the DNS loses his configuration (it is different of the configuration indicates in the relevant section of the DNS module configuration).

These problems are present from the first official release of the Zentyal 3.2, and although the high number of upgrade for the Samba module, this problem still unsolved.

In addition, by trying to join a windows client in the domain (both windows XP and Windows 7), after the request of specify an administrator user of the domain, windows generates the following error:

Quote
During the adding of this computer to the domain, the following error is occurred:

The specified network name is no longer available

I can confirm that with zentyal 3.0, the same configuration was working properly before I decide to upgrade the server with zentyal 3.2 starting from scratch.

I already open also a tiket about this issue but I hope that some of you can help me to bypass this problem to come back up with my nework. Now, everthing is down.

Installed Components:
- Backup 3.2
- Certification Authority 3.2
- Common Library 3.2.1
- Core 3.2.4
- DNS Service 3.2.4
- FTP 3.2.1
- File Sharing and Domain Services 3.2.9
- Firewall 3.2
- NTP Service 3.2
- Network Configuration 3.2.3
- Network Objects 3.2
- Network Services 3.2
- Software Management 3.2.1
- Users and Computers 3.2.3
- VPN Service 3.2.1
« Last Edit: January 04, 2014, 01:50:27 am by davidegn »

davidegn

  • Zen Apprentice
  • *
  • Posts: 7
  • Karma: +0/-0
    • View Profile
Any suggestion??

I'm very frustrating... With this issue, I'm not able to restore the domain.

Please, if there is something that can share with me its configuration that is working between DNS + Users and Group + Samba, for me can be a great help.

Now, I'm i retry a lot of time, I did a lot of test but nothing, the problem still persist.

serg34serg

  • Zen Apprentice
  • *
  • Posts: 18
  • Karma: +0/-0
    • View Profile
Try to temporarily change the server name, or domain name,  - reconfiguration happens many services, inс. samba&dns
And modify file
/usr/share/zentyal/stubs/samba/smb.conf.mas
find and remove # (63 line)
Quote
# Commented out until Samba 4 supports Guests sharing or Kerberos auth fails.
    auth methods = <% $customAuthMethodsForGuest %>
them restarting samba
« Last Edit: November 28, 2013, 11:17:59 am by serg34serg »

davidegn

  • Zen Apprentice
  • *
  • Posts: 7
  • Karma: +0/-0
    • View Profile
Thanks a lot for your answer.

I tried all your advices but unfortunately the problem still exist.

My old domain was mydomain.local and now is mydomain.lan. In additions, i removed all DNS, Users and Group Module and Samba to reinstall the domain from scratch.

The problem is the same. It is incredible that for all of you Samba is working and for me no. I didn't do any out of standard configuration and it doesn't work.

soorploom

  • Zen Apprentice
  • *
  • Posts: 19
  • Karma: +4/-11
    • View Profile
I'm sorry to say that the problems experienced by you with z3.2 and the many variations and patches of samba, and other modules, now at 3.2.10, are shared by others.

I originally upgraded a working system, stupid, I now know, to z3.2. Utter failure. Since the appearance of z3.2, I've installed, reinstalled, deleted, changed, upgraded, sworn, wished for better days but to no avail. Samba is broken, not working, dead despite the many attempts to do something with it. All, may I add, in total silence from the Zentyal people who have never acknowledged, in as many words, that z3.2 has more bugs than a dead cat on a hot day.

I can empathise with you and others in your and their plight but short of waiting for a solution that actually works or just taking to the bottle, reverting to the previous version may be the best way forward, ehm, backward, hopefully, only in the short term.

davidegn

  • Zen Apprentice
  • *
  • Posts: 7
  • Karma: +0/-0
    • View Profile
Hi Guys,
I solved this problem by manually update the file /opt/samba4/private/dns_update_list.
In that file there is the map of the services vs ports and it was not automatically updated in accordance with the default configuration of zentyal. Here below, there is the "dns_update_list" updated file:

Code: [Select]
# this is a list of DNS entries which will be put into DNS using
# dynamic DNS update. It is processed by the samba_dnsupdate script

A                                                        ${DNSDOMAIN} $IP
A                                                        ${HOSTNAME} $IP
AAAA                                                     ${DNSDOMAIN} $IP
AAAA                                                     ${HOSTNAME} $IP

A                                                        gc._msdcs.${DNSFOREST} $IP
AAAA                                                     gc._msdcs.${DNSFOREST} $IP


CNAME ${NTDSGUID}._msdcs.${DNSFOREST}                    ${HOSTNAME}

SRV _kpasswd._tcp.${DNSDOMAIN}                           ${HOSTNAME} 8464
SRV _kpasswd._udp.${DNSDOMAIN}                           ${HOSTNAME} 8464

SRV _kerberos._tcp.${DNSDOMAIN}                          ${HOSTNAME} 8880
SRV _kerberos._tcp.dc._msdcs.${DNSDOMAIN}                ${HOSTNAME} 8880
SRV _kerberos._tcp.dc._msdcs.${DNSFOREST}                ${HOSTNAME} 8880
SRV _kerberos._tcp.${SITE}._sites.${DNSDOMAIN}           ${HOSTNAME} 8880
SRV _kerberos._tcp.${SITE}._sites.dc._msdcs.${DNSDOMAIN} ${HOSTNAME} 8880
SRV _kerberos._tcp.${SITE}._sites.dc._msdcs.${DNSFOREST} ${HOSTNAME} 8880

SRV _kerberos._udp.${DNSDOMAIN}                          ${HOSTNAME} 8880

SRV _ldap._tcp.${DNSDOMAIN}                              ${HOSTNAME} 390
SRV _ldap._tcp.dc._msdcs.${DNSDOMAIN}                    ${HOSTNAME} 390
SRV _ldap._tcp.dc._msdcs.${DNSFOREST}                    ${HOSTNAME} 390
SRV _ldap._tcp.gc._msdcs.${DNSFOREST}                    ${HOSTNAME} 3268
SRV _ldap._tcp.pdc._msdcs.${DNSDOMAIN}                   ${HOSTNAME} 390
SRV _ldap._tcp.pdc._msdcs.${DNSFOREST}                   ${HOSTNAME} 390
SRV _ldap._tcp.${SITE}._sites.${DNSDOMAIN}          ${HOSTNAME} 390
SRV _ldap._tcp.${SITE}._sites.dc._msdcs.${DNSDOMAIN}     ${HOSTNAME} 390
SRV _ldap._tcp.${SITE}._sites.dc._msdcs.${DNSFOREST}     ${HOSTNAME} 390
SRV _ldap._tcp.${SITE}._sites.gc._msdcs.${DNSFOREST}     ${HOSTNAME} 3268
SRV _ldap._tcp.${DOMAINGUID}.domains._msdcs.${DNSFOREST} ${HOSTNAME} 390


SRV _gc._tcp.${DNSFOREST}                                ${HOSTNAME} 3268
SRV _gc._tcp.${SITE}._sites.${DNSFOREST}                 ${HOSTNAME} 3268

# Records for partition DomainDnsZones
A DomainDnsZones.${DNSFOREST} $IP
SRV _ldap._tcp.DomainDnsZones.${DNSFOREST} ${HOSTNAME} 390
SRV _ldap._tcp.${SITE}._sites.DomainDnsZones.${DNSFOREST} ${HOSTNAME} 390
# Records for partition ForestDnsZones
A ForestDnsZones.${DNSFOREST} $IP
SRV _ldap._tcp.ForestDnsZones.${DNSFOREST} ${HOSTNAME} 390
SRV _ldap._tcp.${SITE}._sites.ForestDnsZones.${DNSFOREST} ${HOSTNAME} 390

After that the "dns_update_list" file has been updated, it is necessary to run as root the samba dns update:

sudo samba_dnsupdate

After this procedure, all DNS records have been updated and also with SAMBA enabled has been possible to login by using ubuntu client with SSSD and from windows client (also the join has stared to work).

This solution started to work after the samba module version 3.2.10.

I hope that this workaround is useful for everyone that is affected by the same problem.

Regards