[Samba] DNS samba update ERROR

Bee Air beeairway at gmail.com
Fri Oct 6 12:45:08 UTC 2023 

Thanks, Rowland, for the quick response!

Dns is internal samba.
I fixed some configuration files:

/etc/samba/smb.conf
  # Global parameters
  [global]
        netbios name = DCS3
        realm = BEO.IMP
        server role = active directory domain controller
        workgroup = BEO
        allow dns updates = nonsecure
        template shell = /bin/bash
        template homedir = /home/%U

     log file = /var/log/samba/log.%m
     max log size = 1000
     logging = file
     log level = 3 passdb:5 auth:5
  [sysvol]
        path = /var/lib/samba/sysvol
        read only = No

  [netlogon]
        path = /var/lib/samba/sysvol/beo.imp/scripts
        read only = No

/etc/krb5.conf
  [libdefaults]
        dns_lookup_realm = false
        dns_lookup_kdc = true
        default_realm = BEO.IMP
        kdc_timesync = 1
        ccache_type = 4
  [realms]

  [domain_realm]

/etc/resolve.conf
  search BEO.IMP
  nameserver 200.2.2.15
  nameserver 200.2.2.1
  nameserver 200.2.2.2

But the DNS problem was not resolved.
If you use the following commands when accessing DC or DC2, the information
is displayed correctly:
# samba-tool dns zonelist dc
# samba-tool dns serverinfo dc
# samba-tool dns roothints dc

But if you turn to DCS3 - "ERROR(runtime): Could not contact RPC server
[WERR_DNS_ERROR_DS_UNAVAILABLE] - (9717, 'WERR_DNS_ERROR_DS_UNAVAILABLE')"
# samba-tool dns zonelist dcs3
# samba-tool dns serverinfo dcs3
# samba-tool dns roothints dcs3

GENSEC backend 'gssapi_spnego' registered
GENSEC backend 'gssapi_krb5' registered
GENSEC backend 'gssapi_krb5_sasl' registered
GENSEC backend 'spnego' registered
GENSEC backend 'schannel' registered
GENSEC backend 'ncalrpc_as_system' registered
GENSEC backend 'sasl-EXTERNAL' registered
GENSEC backend 'ntlmssp' registered
GENSEC backend 'ntlmssp_resume_ccache' registered
GENSEC backend 'http_basic' registered
GENSEC backend 'http_ntlm' registered
GENSEC backend 'http_negotiate' registered
GENSEC backend 'krb5' registered
GENSEC backend 'fake_gssapi_krb5' registered
Using binding ncacn_ip_tcp:dcs3[,sign]
resolve_lmhosts: Attempting lmhosts lookup for name dcs3<0x20>
resolve_lmhosts: Attempting lmhosts lookup for name dcs3<0x20>
Starting GENSEC mechanism spnego
Starting GENSEC submechanism gssapi_krb5
Ticket in credentials cache for master at BEO.IMP will expire in 32259 secs
ERROR(runtime): Could not contact RPC server
[WERR_DNS_ERROR_DS_UNAVAILABLE] - (9717, 'WERR_DNS_ERROR_DS_UNAVAILABLE')
  File "/usr/lib/python3/dist-packages/samba/netcmd/dns.py", line 119, in f
    return attr(*args)
           ^^^^^^^^^^^


I found an article with a similar problem, but it didn't help.
https://lists.samba.org/archive/samba/2015-June/192273.html
I have servers DC and DC2 - Windows Server 2008 R2

How to work with DNS internal Samba?

чт, 5 окт. 2023 г., 16:55 Rowland Penny via samba <samba at lists.samba.org>:

> On Thu, 5 Oct 2023 16:09:18 +0300
> Bee Air via samba <samba at lists.samba.org> wrote:
>
> > Good day to all!
> >
> > I havea the closed local network with two domain controllers on MS
> > Windows Server 2008 R2
> > DC - ip 200.2.2.1 , DC1 - ip 200.2.2. <http://2.2.2.2/>2
> > I installed the domain controller on debian 12 (Samba 4.19.0-Debian)
> > DCS3 - ip 200.2.2.15
> > Сonnected to the domain and AD according to the article
> >
> https://wiki.samba.org/index.php/Joining_a_Samba_DC_to_an_Existing_Active_Directory
> > Dns is internal samba.
> >
> > When I test the dynamic DNS updates I have errors (see full command
> > text below)
> > 1)
> > # samba_dnsupdate --verbose
> > IPs: ['200.2.2.15']
> > Looking for DNS entry A dcs3.BEO.IMP 200.2.2.15 as dcs3.BEO.IMP.
> > Looking for DNS entry CNAME
> > 246933f5-768e-4399-9adb-251271d245e3._msdcs.BEO.IMP dcs3.BEO.IMP as
> > 246933f5-768e-4399-9adb-251271d245e3._msdcs.BEO.IMP.
> > Looking for DNS entry NS BEO.IMP dcs3.BEO.IMP as BEO.IMP.
> > *Lookup of BEO.IMP. succeeded, but we failed to find a matching DNS
> > entry for NS BEO.IMP dcs3.BEO.IMP*
> > *need update: NS BEO.IMP dcs3.BEO.IMP*
> > Looking for DNS entry NS _msdcs.BEO.IMP dcs3.BEO.IMP as
> > _msdcs.BEO.IMP. *The DNS entry NS _msdcs.BEO.IMP dcs3.BEO.IMP,
> > queried as _msdcs.BEO.IMP. does not exist*
> > *need update: NS _msdcs.BEO.IMP dcs3.BEO.IMP*
> >
>
> The only problem I can see from your set up is the 'dns forwarder' line
> in your smb.conf , it appears to be pointing at your other DCs and it
> should point to nameservers outside your AD dns domain e.g. Googles
> 8.8.8.8
>
> I take it that you have tried restarting the DC and that a firewall
> isn't getting in the way.
> I also take it that you have installed all the required Samba packages.
>
> Rowland
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
>

More information about the samba mailing list