[Samba] DNS samba update ERROR

Rowland Penny rpenny at samba.org
Mon Oct 23 15:12:32 UTC 2023 

On Mon, 23 Oct 2023 15:50:17 +0300
Bee Air via samba <samba at lists.samba.org> wrote:

> I have the closed local network with two domain controllers on MS
> Windows Server 2008 R2
> DC -  200.2.2.1 , DC1 - ip 200.2.2. <http://2.2.2.2/>2. Local domain -
> BEO.IMP
> I installed the domain controller on debian 12 (Samba 4.19.1-Debian)
> DCS3 - ip 200.2.2.15
> Сonnected to the domain and AD according to the article
> https://wiki.samba.org/index.php/Joining_a_Samba_DC_to_an_Existing_Active_Directory
> Dns is BIND 9.18.19-1

Sorry, but no it isn't, not from the DC smb.conf you have posted.
So, if Bind9 is running, I suggest you stop it and see if everything
then works.

Rowland

> 
> 
> /etc/samba/smb.conf
>   # Global parameters
>   [global]
>         netbios name = DCS3
>         realm = BEO.IMP
>         server role = active directory domain controller
>         workgroup = BEO
>         allow dns updates = nonsecure
>         template shell = /bin/bash
>         template homedir = /home/%U
>        server services = -dns
> 
>      log file = /var/log/samba/log.%m
>      max log size = 1000
>      logging = file
>      log level = 3 passdb:5 auth:5
>   [sysvol]
>         path = /var/lib/samba/sysvol
>         read only = No
> 
>   [netlogon]
>         path = /var/lib/samba/sysvol/beo.imp/scripts
>         read only = No
> 
> /etc/krb5.conf
>   [libdefaults]
>         dns_lookup_realm = false
>         dns_lookup_kdc = true
>         default_realm = BEO.IMP
>         kdc_timesync = 1
>         ccache_type = 4
>   [realms]
> 
>   [domain_realm]
> 
> /etc/resolve.conf
>   search BEO.IMP
>   nameserver 200.2.2.15
>   nameserver 200.2.2.1
>   nameserver 200.2.2.2
> 
> 
> 
> 
> 
> 
> 
> пн, 23 окт. 2023 г., 13:33 Rowland Penny via samba
> <samba at lists.samba.org>:
> 
> > On Mon, 23 Oct 2023 13:11:27 +0300
> > Bee Air via samba <samba at lists.samba.org> wrote:
> >
> > > Good day!
> > > Test the dynamic DNS updates
> > >
> > > # samba_dnsupdate --verbose
> > > IPs: ['200.2.2.15']
> > > Looking for DNS entry A dcs3.BEO.IMP 200.2.2.15 as dcs3.BEO.IMP.
> > > Looking for DNS entry CNAME
> > > 246933f5-768e-4399-9adb-251271d245e3._msdcs.BEO.IMP dcs3.BEO.IMP
> > > as 246933f5-768e-4399-9adb-
> > > 251271d245e3._msdcs.BEO.IMP.
> > > Looking for DNS entry NS BEO.IMP dcs3.BEO.IMP as BEO.IMP.
> > > Looking for DNS entry NS _msdcs.BEO.IMP dcs3.BEO.IMP as
> > > _msdcs.BEO.IMP. The DNS entry NS _msdcs.BEO.IMP dcs3.BEO.IMP,
> > > queried as _msdcs.BEO.IMP. does not exist
> > > need update: NS _msdcs.BEO.IMP dcs3.BEO.IMP
> > >
> > > .....
> > >
> > > dns_tkey_gssnegotiate: TKEY is unacceptable
> > > Failed nsupdate: 1
> > > Failed update of 1 entries
> > >
> > >
> > > I can't understand this message:
> > >
> > > The DNS entry NS _msdcs.BEO.IMP dcs3.BEO.IMP, queried as
> > > _msdcs.BEO.IMP. does not exist
> > > need update: NS _msdcs.BEO.IMP dcs3.BEO.IMP
> > >
> > >
> > > On the DC domain controller (Windows Server 2008 R2) there is an
> > > entry in DNS - *_msdcs.beo.imp*
> > >
> > > See attachment "dc-samba-dns002.jpg"
> >
> > Please post your jpg somewhere and supply a link, this list strips
> > attachments.
> >
> > Also, please do not post twice.
> >
> > Rowland
> >
> >
> >
> > --
> > To unsubscribe from this list go to the following URL and read the
> > instructions:  https://lists.samba.org/mailman/options/samba
> >

More information about the samba mailing list