Domain Name Resolution and LDAP
Hello all, I've got a query for the networking types. I'm currently trying to get a wiki to LDAP authentication. Despite my best attempts it keeps failing. I can't understand the following. Some commands can resolve the ip address of internal servers when using there FQDN while others cannot. This is all within a Windows network. The server I'm trying to configure is Debian Squeeze. I am wondering if this might be why the LDAP authentication is not working. Any thoughts? Cheers, Chris ############## Find the ip address of thesun.tesla.local ############## wikiserver:~# dig thesun.tesla.local ; <<>> DiG 9.7.3 <<>> thesun.tesla.local ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 45615 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0 ;; QUESTION SECTION: ;thesun.tesla.local. IN A ;; ANSWER SECTION: thesun.tesla.local. 3600 IN A 10.0.0.10 ;; Query time: 1 msec ;; SERVER: 10.0.0.10#53(10.0.0.10) ;; WHEN: Wed Sep 5 15:36:29 2012 ;; MSG SIZE rcvd: 52 ############### Then check if port 389 is open. It fails to resolve the IP address. ############### wikiserver:~# nmap -p 389 thesun.tesla.local Starting Nmap 5.00 ( http://nmap.org ) at 2012-09-05 15:37 NZST Failed to resolve given hostname/IP: thesun.tesla.local. Note that you can't use '/mask' AND '1-4,7,100-' style IP ranges WARNING: No targets were specified, so 0 hosts scanned. Nmap done: 0 IP addresses (0 hosts up) scanned in 5.15 seconds wikiserver:~# ############## Try again using the IP address Promptly returns an answer ############## wikiserver:~# nmap -p 389 10.0.0.10 Starting Nmap 5.00 ( http://nmap.org ) at 2012-09-05 15:37 NZST Interesting ports on thesun.tesla.local (10.0.0.10): PORT STATE SERVICE 389/tcp open ldap MAC Address: 00:50:56:93:76:FB (VMWare) Nmap done: 1 IP address (1 host up) scanned in 0.44 seconds wikiserver:~#
On Wed, 05 Sep 2012 15:46:57 +1200, mailinglist wrote:
Hello all,
I've got a query for the networking types.
Just as a follow up. On an ubuntu box on the same network chris(a)wiki:~$ nmap -p 389 thesun.tesla.local Starting Nmap 4.53 ( http://insecure.org ) at 2012-09-05 15:52 NZST Interesting ports on thesun.tesla.local (10.0.0.10): PORT STATE SERVICE 389/tcp open ldap Nmap done: 1 IP address (1 host up) scanned in 6.561 seconds chris(a)wiki:~$ So it seems that there is something about the server config and not the DNS that is preventing this.
Have you got reverse dns setup? CR ________________________________________ From: wlug-bounces(a)list.waikato.ac.nz [wlug-bounces(a)list.waikato.ac.nz] On Behalf Of mailinglist [mailinglist(a)blahdeblah.co.nz] Sent: Wednesday, 5 September 2012 3:54 p.m. To: Waikato Linux Users Group Subject: Re: [wlug] Domain Name Resolution and LDAP On Wed, 05 Sep 2012 15:46:57 +1200, mailinglist wrote:
Hello all,
I've got a query for the networking types.
Just as a follow up. On an ubuntu box on the same network chris(a)wiki:~$ nmap -p 389 thesun.tesla.local Starting Nmap 4.53 ( http://insecure.org ) at 2012-09-05 15:52 NZST Interesting ports on thesun.tesla.local (10.0.0.10): PORT STATE SERVICE 389/tcp open ldap Nmap done: 1 IP address (1 host up) scanned in 6.561 seconds chris(a)wiki:~$ So it seems that there is something about the server config and not the DNS that is preventing this. _______________________________________________ wlug mailing list | wlug(a)list.waikato.ac.nz Unsubscribe: http://list.waikato.ac.nz/mailman/listinfo/wlug -- This message was scanned by the Turnstone managed spam filter and is believed to be clean.
resolv.conf - is it the same for both ubuntu and debian boxes? On 9/5/12, Cameron Rangeley <Cameron.Rangeley(a)turnstone.co.nz> wrote:
Have you got reverse dns setup?
CR ________________________________________ From: wlug-bounces(a)list.waikato.ac.nz [wlug-bounces(a)list.waikato.ac.nz] On Behalf Of mailinglist [mailinglist(a)blahdeblah.co.nz] Sent: Wednesday, 5 September 2012 3:54 p.m. To: Waikato Linux Users Group Subject: Re: [wlug] Domain Name Resolution and LDAP
On Wed, 05 Sep 2012 15:46:57 +1200, mailinglist wrote:
Hello all,
I've got a query for the networking types.
Just as a follow up. On an ubuntu box on the same network
chris(a)wiki:~$ nmap -p 389 thesun.tesla.local
Starting Nmap 4.53 ( http://insecure.org ) at 2012-09-05 15:52 NZST Interesting ports on thesun.tesla.local (10.0.0.10): PORT STATE SERVICE 389/tcp open ldap
Nmap done: 1 IP address (1 host up) scanned in 6.561 seconds chris(a)wiki:~$
So it seems that there is something about the server config and not the DNS that is preventing this. _______________________________________________ wlug mailing list | wlug(a)list.waikato.ac.nz Unsubscribe: http://list.waikato.ac.nz/mailman/listinfo/wlug
-- This message was scanned by the Turnstone managed spam filter and is believed to be clean. _______________________________________________ wlug mailing list | wlug(a)list.waikato.ac.nz Unsubscribe: http://list.waikato.ac.nz/mailman/listinfo/wlug
-- live simply, be :-)
Are you running bind? or any DNS server on the network? CR ________________________________________ From: wlug-bounces(a)list.waikato.ac.nz [wlug-bounces(a)list.waikato.ac.nz] On Behalf Of Noel Villamor [noelrv(a)gmail.com] Sent: Wednesday, 5 September 2012 4:02 p.m. To: Waikato Linux Users Group Subject: Re: [wlug] Domain Name Resolution and LDAP resolv.conf - is it the same for both ubuntu and debian boxes? On 9/5/12, Cameron Rangeley <Cameron.Rangeley(a)turnstone.co.nz> wrote:
Have you got reverse dns setup?
CR ________________________________________ From: wlug-bounces(a)list.waikato.ac.nz [wlug-bounces(a)list.waikato.ac.nz] On Behalf Of mailinglist [mailinglist(a)blahdeblah.co.nz] Sent: Wednesday, 5 September 2012 3:54 p.m. To: Waikato Linux Users Group Subject: Re: [wlug] Domain Name Resolution and LDAP
On Wed, 05 Sep 2012 15:46:57 +1200, mailinglist wrote:
Hello all,
I've got a query for the networking types.
Just as a follow up. On an ubuntu box on the same network
chris(a)wiki:~$ nmap -p 389 thesun.tesla.local
Starting Nmap 4.53 ( http://insecure.org ) at 2012-09-05 15:52 NZST Interesting ports on thesun.tesla.local (10.0.0.10): PORT STATE SERVICE 389/tcp open ldap
Nmap done: 1 IP address (1 host up) scanned in 6.561 seconds chris(a)wiki:~$
So it seems that there is something about the server config and not the DNS that is preventing this. _______________________________________________ wlug mailing list | wlug(a)list.waikato.ac.nz Unsubscribe: http://list.waikato.ac.nz/mailman/listinfo/wlug
-- This message was scanned by the Turnstone managed spam filter and is believed to be clean. _______________________________________________ wlug mailing list | wlug(a)list.waikato.ac.nz Unsubscribe: http://list.waikato.ac.nz/mailman/listinfo/wlug
-- live simply, be :-) _______________________________________________ wlug mailing list | wlug(a)list.waikato.ac.nz Unsubscribe: http://list.waikato.ac.nz/mailman/listinfo/wlug -- This message was scanned by the Turnstone managed spam filter and is believed to be clean.
Hi guys, Thanks for all the quick response? Stopping the avahi-daemon resolved the issue - though not all of my LDAP issues just yet. avahi uses .local as the TLD and because our MS system uses tesla.local, they obviously get a bit confused. Thanks again, Cheers, Chris On Wed, 5 Sep 2012 16:08:35 +1200, Cameron Rangeley wrote:
Are you running bind? or any DNS server on the network?
CR
________________________________________ From: wlug-bounces(a)list.waikato.ac.nz [wlug-bounces(a)list.waikato.ac.nz] On Behalf Of Noel Villamor [noelrv(a)gmail.com] Sent: Wednesday, 5 September 2012 4:02 p.m. To: Waikato Linux Users Group Subject: Re: [wlug] Domain Name Resolution and LDAP
resolv.conf
- is it the same for both ubuntu and debian boxes?
On 9/5/12, Cameron Rangeley <Cameron.Rangeley(a)turnstone.co.nz> wrote:
Have you got reverse dns setup?
CR ________________________________________ From: wlug-bounces(a)list.waikato.ac.nz [wlug-bounces(a)list.waikato.ac.nz] On Behalf Of mailinglist [mailinglist(a)blahdeblah.co.nz] Sent: Wednesday, 5 September 2012 3:54 p.m. To: Waikato Linux Users Group Subject: Re: [wlug] Domain Name Resolution and LDAP
On Wed, 05 Sep 2012 15:46:57 +1200, mailinglist wrote:
Hello all,
I've got a query for the networking types.
Just as a follow up. On an ubuntu box on the same network
chris(a)wiki:~$ nmap -p 389 thesun.tesla.local
Starting Nmap 4.53 ( http://insecure.org ) at 2012-09-05 15:52 NZST Interesting ports on thesun.tesla.local (10.0.0.10): PORT STATE SERVICE 389/tcp open ldap
Nmap done: 1 IP address (1 host up) scanned in 6.561 seconds chris(a)wiki:~$
So it seems that there is something about the server config and not the DNS that is preventing this. _______________________________________________ wlug mailing list | wlug(a)list.waikato.ac.nz Unsubscribe: http://list.waikato.ac.nz/mailman/listinfo/wlug
-- This message was scanned by the Turnstone managed spam filter and is believed to be clean. _______________________________________________ wlug mailing list | wlug(a)list.waikato.ac.nz Unsubscribe: http://list.waikato.ac.nz/mailman/listinfo/wlug
--
live simply, be :-) _______________________________________________ wlug mailing list | wlug(a)list.waikato.ac.nz Unsubscribe: http://list.waikato.ac.nz/mailman/listinfo/wlug
-- This message was scanned by the Turnstone managed spam filter and is believed to be clean. _______________________________________________ wlug mailing list | wlug(a)list.waikato.ac.nz Unsubscribe: http://list.waikato.ac.nz/mailman/listinfo/wlug
Hi, You might want to consider what you actually call your internal network. Having a fully qualified domain name like "my machine.local." is a bad idea, it's better to have "mymachine.internal.lan." or "my machine.internal.local.". You should also consider setting up an DNS server if you have more than a few machines with static addressing, that way you don't have to keep shifting or updating hosts files. Kind regards, Andreas On 5/09/2012, at 4:17 PM, mailinglist wrote:
Hi guys,
Thanks for all the quick response?
Stopping the avahi-daemon resolved the issue - though not all of my LDAP issues just yet.
avahi uses .local as the TLD and because our MS system uses tesla.local, they obviously get a bit confused.
Thanks again,
Cheers,
Chris
On Wed, 5 Sep 2012 16:08:35 +1200, Cameron Rangeley wrote:
Are you running bind? or any DNS server on the network?
CR
________________________________________ From: wlug-bounces(a)list.waikato.ac.nz [wlug-bounces(a)list.waikato.ac.nz] On Behalf Of Noel Villamor [noelrv(a)gmail.com] Sent: Wednesday, 5 September 2012 4:02 p.m. To: Waikato Linux Users Group Subject: Re: [wlug] Domain Name Resolution and LDAP
resolv.conf
- is it the same for both ubuntu and debian boxes?
On 9/5/12, Cameron Rangeley <Cameron.Rangeley(a)turnstone.co.nz> wrote:
Have you got reverse dns setup?
CR ________________________________________ From: wlug-bounces(a)list.waikato.ac.nz [wlug-bounces(a)list.waikato.ac.nz] On Behalf Of mailinglist [mailinglist(a)blahdeblah.co.nz] Sent: Wednesday, 5 September 2012 3:54 p.m. To: Waikato Linux Users Group Subject: Re: [wlug] Domain Name Resolution and LDAP
On Wed, 05 Sep 2012 15:46:57 +1200, mailinglist wrote:
Hello all,
I've got a query for the networking types.
Just as a follow up. On an ubuntu box on the same network
chris(a)wiki:~$ nmap -p 389 thesun.tesla.local
Starting Nmap 4.53 ( http://insecure.org ) at 2012-09-05 15:52 NZST Interesting ports on thesun.tesla.local (10.0.0.10): PORT STATE SERVICE 389/tcp open ldap
Nmap done: 1 IP address (1 host up) scanned in 6.561 seconds chris(a)wiki:~$
So it seems that there is something about the server config and not the DNS that is preventing this. _______________________________________________ wlug mailing list | wlug(a)list.waikato.ac.nz Unsubscribe: http://list.waikato.ac.nz/mailman/listinfo/wlug
-- This message was scanned by the Turnstone managed spam filter and is believed to be clean. _______________________________________________ wlug mailing list | wlug(a)list.waikato.ac.nz Unsubscribe: http://list.waikato.ac.nz/mailman/listinfo/wlug
--
live simply, be :-) _______________________________________________ wlug mailing list | wlug(a)list.waikato.ac.nz Unsubscribe: http://list.waikato.ac.nz/mailman/listinfo/wlug
-- This message was scanned by the Turnstone managed spam filter and is believed to be clean. _______________________________________________ wlug mailing list | wlug(a)list.waikato.ac.nz Unsubscribe: http://list.waikato.ac.nz/mailman/listinfo/wlug
_______________________________________________ wlug mailing list | wlug(a)list.waikato.ac.nz Unsubscribe: http://list.waikato.ac.nz/mailman/listinfo/wlug
On Wed, 5 Sep 2012 16:23:48 +1200, Andreas Löf wrote:
Hi,
You might want to consider what you actually call your internal network. Having a fully qualified domain name like "my machine.local." is a bad idea, it's better to have "mymachine.internal.lan." or "my machine.internal.local.".
You should also consider setting up an DNS server if you have more than a few machines with static addressing, that way you don't have to keep shifting or updating hosts files.
Kind regards,
Andreas
Hi Andreas, Yes, thanks for the advice. I did a bit of research on this sometime ago and talked with our IT guys about not have .local as a TLD. In fact, I thought servername.lan.tesla.co.nz was probably the best option. Unfortunately it was all a bit after the fact and they weren't/aren't interest in changing for now. The default when setting up an Active Directory network is .local. Certainly something to look at during the next major rehash of the system. We do have a DNS server. Cheers, Chris
participants (4)
-
Andreas Löf -
Cameron Rangeley -
mailinglist -
Noel Villamor