DNS, DHCP, Samba Dynamic Issues

[talkinggoat]

I recently began having issues with our Zentyal 6 server, in regards to dynamic DNS, DHCP and Samba. DNS queries no longer work, dynamic DNS registration through DHCP and Samba DLZ no longer works. I installed a new perimeter firewall and changed the IP of the Zentyal box to something else; ever since then, things haven't worked quite right. It doesn't seem that Samba can update the changes in DNS, using DLZ.

I thought that maybe it was the dns.keytab, located in /var/lib/samba/private, so I deleted, recreated and reinitialized it...

Code: [Select]

sudo samba-tool domain exportkeytab --principal=dns-ZENTYAL@MY.DOMAIN.COM /var/lib/samba/private/dns.keytab
sudo ktutil -v -k /var/lib/samba/private/dns.keytab list
sudo kinit -k -t /var/lib/samba/private/dns.keytab dns-ZENTYALOf course, I have sterilized the actual principal and domain, using dns-ZENTYAL and MYDOMAIN.COM. You can find these entries by typing:

Code: [Select]

sudo klist
That doesn't seem to have helped, since it is not allowing some of the cleanup to take place. I ran the command:

Code: [Select]

sudo samba_dnsupdate --verbose
There are multiple instances where the update failed, for instance, here is some of the output, again, sterilized.

Code: [Select]

update (samba-tool): A DomainDnsZones.MYDOMAIN.com 192.168.15.2
Calling samba-tool dns for A DomainDnsZones.MYDOMAIN.com 192.168.15.2 (add)
Calling samba-tool dns add -k no -P ['192.168.15.2', 'MYDOMAIN.com', 'DomainDnsZones', 'A', '192.168.15.2']
lpcfg_load: refreshing parameters from /etc/samba/smb.conf
ldb_wrap open of secrets.ldb
Using binding ncacn_ip_tcp:192.168.15.2[,sign]
Failed to connect host 192.168.15.2 on port 135 - NT_STATUS_CONNECTION_REFUSED
Failed to connect host 192.168.15.2 (192.168.15.2) on port 135 - NT_STATUS_CONNECTION_REFUSED.
ERROR: Connecting to DNS RPC server 192.168.15.2 failed with (-1073741258, 'The transport-connection attempt was refused by the remote system.')
  File "/usr/lib/python2.7/dist-packages/samba/netcmd/dns.py", line 44, in dns_connect
    dns_conn = dnsserver.dnsserver(binding_str, lp, creds)
Failed 'samba-tool dns' based update of A DomainDnsZones.MYDOMAIN.com 192.168.15.2
This failure also happens for ForestDnsZones, gc(._msdcs), SERVERNAME, @.

The Samba server IS listening, but on the wrong IP...

Code: [Select]

netstat -nap | grep :135
tcp        0      0 192.168.15.1:135        0.0.0.0:*               LISTEN      2426/samba         
tcp        0      0 127.0.1.1:135           0.0.0.0:*               LISTEN      2426/samba
tcp        0      0 127.0.0.1:135           0.0.0.0:*               LISTEN      2426/samba
If you notice, Samba is listening on the OLD IP address and Zentyal has not told all its services to switch to the new IP address of 192.168.15.2. When the command, samba_dnsupdate is run, it's looking on the correct address, but Zentyal is starting Samba on the wrong address, so the update fails to change the corresponding DNS properties in the Samba database. This also means that HTTPS, IMAP and almost everything else is listening on the wrong IP.


Does anyone know why or how to fix it?

[doncamilo]

 

I did a trial in lab and Zentyal 6.0 has managed the change of the IP correctly. Did you try to do the process manually?

Code: [Select]

samba-tool dns delete -U admindc --password=admindc 10.5.20.87 lab6.lan ForestDnsZones A 192.168.6.1
samba-tool dns add -U admindc --password=admindc 10.5.20.87 lab6.lan ForestDnsZones A 192.168.6.2
# etc

Cheers!

[B8emg]

I wonder if it's because of the issue I have raised herer - https://forum.zentyal.org/index.php/topic,34771.0.html?

I did a trial in lab and Zentyal 6.0 has managed the change of the IP correctly. Did you try to do the process manually?

Code: [Select]

samba-tool dns delete -U admindc --password=admindc 10.5.20.87 lab6.lan ForestDnsZones A 192.168.6.1
samba-tool dns add -U admindc --password=admindc 10.5.20.87 lab6.lan ForestDnsZones A 192.168.6.2
# etc

Cheers!