14904 – Strange truncated repetition in the SRV records after samba-tool domain provision

Bug 14904 - Strange truncated repetition in the SRV records after samba-tool domain provision

Summary: Strange truncated repetition in the SRV records after samba-tool domain provi...

Status:	RESOLVED WORKSFORME

Alias:	None

Product:	Samba 4.1 and newer
Classification:	Unclassified
Component:	AD: LDB/DSDB/SAMDB (show other bugs)
Version:	4.13.5
Hardware:	x64 Linux

Importance:	P5 normal (vote)
Target Milestone:	---
Assignee:	Samba QA Contact
QA Contact:	Samba QA Contact

URL:
Keywords:

Depends on:
Blocks:

Reported:	2021-11-13 08:11 UTC by Michael Evans
Modified:	2021-11-14 11:48 UTC (History)
CC List:	0 users

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Michael Evans 2021-11-13 08:11:44 UTC

While trying to create a new Samba AD domain on a Debian 11 (Bullseye, the recent stable release) the SRV record verification step shows rather odd results.

Debian ships systemd service files.

samba --version
Version 4.13.5-Debian

systemctl disable smbd nmbd winbind ; systemctl unmask samba-ad-dc ; systemctl enable samba-ad-dc

Attempt to follow, with corrections for Debian specific paths.

https://wiki.samba.org/index.php/Setting_up_Samba_as_an_Active_Directory_Domain_Controller

systemctl stop samba-ad-dc
rm -r /run/samba/*.?db /var/cache/samba/*.?db /var/lib/samba/*.?db /var/lib/samba/private/*.?db

Can samba-tool purge every storage and configuration file samba uses, to make this distribution path customization friendly?

  samba-tool \
 domain provision \
 --use-rfc2307 \
 --realm=AD.AN-EXAMPLE.ORG --domain=AD \
 --server-role=dc --dns-backend=SAMBA_INTERNAL \
 --option="interfaces=lo eth0" --option="bind interfaces only=yes" \
 --adminpass=complexPassCanWeUseAPasswordFileOrFifoPlease_404 \
 --host-ip=10.0.0.1 --host-ip6=fd00::1 2>&1 | tee /root/samba-tool-provision.txt ;\
systemctl start samba-ad-dc ;\
host -t SRV _ldap._tcp.ad.some-example.org ; host -t SRV _kerberos._udp.ad.some-example.org


INFO 2021-11-13 07:44:02,606 pid:1262 /usr/lib/python3/dist-packages/samba/provision/__init__.py #489: Once the above files are installed, your Samba AD server will be ready to use
INFO 2021-11-13 07:44:02,606 pid:1262 /usr/lib/python3/dist-packages/samba/provision/__init__.py #494: Server Role:           active directory domain controller
INFO 2021-11-13 07:44:02,606 pid:1262 /usr/lib/python3/dist-packages/samba/provision/__init__.py #495: Hostname:              ad-ex1
INFO 2021-11-13 07:44:02,606 pid:1262 /usr/lib/python3/dist-packages/samba/provision/__init__.py #496: NetBIOS Domain:        AD
INFO 2021-11-13 07:44:02,606 pid:1262 /usr/lib/python3/dist-packages/samba/provision/__init__.py #497: DNS Domain:            ad.an-example.org
INFO 2021-11-13 07:44:02,607 pid:1262 /usr/lib/python3/dist-packages/samba/provision/__init__.py #498: DOMAIN SID:            S-1-5-21-2172881671-1179165834-3163489631


The exact results have been replaced with synthetic re-creations that are similar to what I'm seeing with the real FQDN.  The part before the DNS Domain is _exactly_ 15 characters long.  Note the strange truncated repetition in the SRV records.

_ldap._tcp.ad.an-example.org has SRV record 0 100 389 ad-ex1.ad.an-ex.ad.some-example.org.
_kerberos._udp.ad.an-example.org has SRV record 0 100 88 ad-ex1.ad.an-ex.ad.some-example.org.


If this is the result of user error please let me know where I've misunderstood the documentation (and hopefully someone can fix that).

If this is a bug that was resolved in a newer version, I'll see how that compares to Debian packages in different versions and try to figure out a decision.

Comment 1 Michael Evans 2021-11-14 11:48:30 UTC

Mostly operator error, though Samba's setup script should really print the values it's using which would have clued me in on this.

Debian, now with SystemD doesn't let you just update /etc/hostname and reboot.  If you do that you get everything that does things the old way speaking correctly, but then something pings dbus or whatever and unexpected results happen.

Now you have to update /etc/hostname (I think still) AND must also update an entirely obtuse configuration database parallel to the infrastructure that's existed for decades, even though the old stuff is still there and hasn't been replaced.

root@ad-ex1:~# hostnamectl
   Static hostname: ad-ex1
Transient hostname: ad-ex1.ad.an-example.org
         Icon name: computer-vm
           Chassis: vm
        Machine ID:
           Boot ID:
    Virtualization: kvm
  Operating System: Debian GNU/Linux 11 (bullseye)
            Kernel: Linux 5.10.0-9-cloud-amd64
      Architecture: x86-64
root@ad-ex1:~# hostnamectl set-hostname ad-ex1
root@ad-ex1:~# hostnamectl
   Static hostname: ad-ex1
         Icon name: computer-vm
           Chassis: vm
        Machine ID: 
           Boot ID: 
    Virtualization: kvm
  Operating System: Debian GNU/Linux 11 (bullseye)
            Kernel: Linux 5.10.0-9-cloud-amd64
      Architecture: x86-64

I happened to see the hostname in tmux while staring blankly at my screen tonight and went "wait, that's not right" at the quoted name.