[Samba] Member join to Active Directory -> DNS-Update fails

Bestattungen Vitt - Thomas Reitelbach t.reitelbach at bestattungen-vitt.de
Fri Oct 27 13:24:00 UTC 2023 

Hello list,

I'm new to this list, i've searched via google and the mailing list 
archives but I cannot find a solution to my following problem, thus I 
hope for advice here.

I'm trying to join a new samba-driven Fileserver to an existing Active 
Directory Domain. It consists of three AD Servers, all Samba, there is 
no windows server at all.

My new file server is a fresh install of Debian 12 with stock samba 
packages, already prepared for domain join whith help of this site 
(https://wiki.samba.org/index.php/Setting_up_Samba_as_a_Domain_Member). 
At the step to join the domain with
"net ads join -U Administrator" or with "samba-tool domain join 
ADVITT.SITE MEMBER -U administrator" I have a problem -> Domain join 
works, but DNS-Update does not:

This is the output on the machine which I try to join:
root at fs1:~# net ads join -U Administrator
Password for [ADVITT\Administrator]:
Using short domain name -- ADVITT
Joined 'FS1' to dns domain 'advitt.site'
DNS Update for fs1.advitt.site failed: ERROR_DNS_UPDATE_FAILED
DNS update failed: NT_STATUS_UNSUCCESSFUL

And this is the debug log on the machine where the DNS-Update is tried 
upon:
Oct 27 14:58:21 vmads.vitt.site samba[16373]: [2023/10/27 
14:58:21.679662,  0] 
../source4/dns_server/dns_update.c:407(handle_one_update)
Oct 27 14:58:21 vmads.vitt.site samba[16373]: Can't handle updates of 
type 255 yet

I guess this is because this specific machine has an old samba version 
(4.6.4) which lacks the necessary functions.

What are my options now?
a) update Samba on the old machine to a current version? (not preferred)
b) let the joining Fileserver choose a different AD-Server preferred for 
DNS-Updates? (how would I do that?? the other AD servers are running on 
debian 11 with samba 4.17.9) All FSMO-Roles are at the other AD servers.
c) create the necessary DNS-Entry manually (tried that already with the 
Windows DNS Client, this works)
d) ---another idea??? ---

The server with the old samba version is my old File server and AD 
server in one machine and is going to be demoted and shut down soon (in 
the past I made the mistake to put File Server and AD Server on this 
machine) -> That's the reason why I want to join a new Fileserver to the 
domain.
But unfortunately I cannot shut down the old server bevor the new one is 
in place.

Sorry for the long explanation, hoping someone can push me in the right 
direction.

Thank you in advance.

-- 
Bestattungen Vitt oHG
Inhaber Willi & Thomas Reitelbach
Rochusstraße 176
53123 Bonn-Duisdorf
Registergericht: Amtsgericht Bonn, HRA 7958

Facebook:     http://www.facebook.de/bestattungenvitt
Gedenkportal: http://begleiten.bestattungen-vitt.de
Internet:     http://www.bestattungen-vitt.de

Telefon: 0228 - 62 68 68
Fax: 0228 - 978 30 36

More information about the samba mailing list