[Samba] Member join to Active Directory -> DNS-Update fails

Bestattungen Vitt - Thomas Reitelbach t.reitelbach at bestattungen-vitt.de
Fri Oct 27 14:22:54 UTC 2023 

Hello Luis,

answering between the comments...

>> And this is the debug log on the machine where the DNS-Update is tried
>> upon:
>> Oct 27 14:58:21 vmads.vitt.site samba[16373]: [2023/10/27
>> 14:58:21.679662, 0]
>> ../source4/dns_server/dns_update.c:407(handle_one_update)
>> Oct 27 14:58:21 vmads.vitt.site samba[16373]: Can't handle updates of
>> type 255 yet
>> 
> I assume your record does not exist already.

Correct, it does not exist already. Neither the A nor the PTR record do 
exist at this moment.

>> I guess this is because this specific machine has an old samba version
>> (4.6.4) which lacks the necessary functions.
>> 
>> What are my options now?
>> a) update Samba on the old machine to a current version? (not 
>> preferred)
> Excelent idea. Try:

Unfortunately this is complicated. Current samba configure scripts need 
python3 which is unavailable for this old server. I would have to 
compile python and all its dependencies as well. I'll try not to do this 
;-)
Well, I COULD do this, but this is my last choice...

>> b) let the joining Fileserver choose a different AD-Server preferred 
>> for
>> DNS-Updates? (how would I do that?? the other AD servers are running 
>> on
>> debian 11 with samba 4.17.9) All FSMO-Roles are at the other AD 
>> servers.
> I don’t think you can do that unless you stop samba in the old server.
> Worth trying .

I'll test when the old server is unused. At the working hours this is 
not possible.

>> c) create the necessary DNS-Entry manually (tried that already with 
>> the
>> Windows DNS Client, this works)

Do I have to expect any problems when I join the new Fileserver and 
create the DNS entries manually? If I do so, the DNS-Records are 
immediately beeing synced between the three samba-internal dns servers 
as expected. Is there anything more to take care of?

>> The server with the old samba version is my old File server and AD
>> server in one machine
> You probably refer to a DC server, not an AD server.

The old server has always been used as Active Directory Domain 
Controller (this is what I called an AD server), first installed samba 
version was 4.0.5, self-compiled, one of the first versions with support 
for it. It is NOT an old NT-style PDC, if you mean this.

> Review your member server config, just in case your missing something:

The config at time of the Join is very basic:
[global]
### Grundkonfiguration ###
      security = ADS
      workgroup = ADVITT
      realm = ADVITT.SITE

      log file = /var/log/samba/%m.log
      log level = 1

      idmap config * : backend = autorid
      idmap config * : range = 10000-9999999

      vfs objects = acl_xattr
      map acl inherit = yes

-> true, no shares at this point.

Kerberos config:
[libdefaults]
      default_realm = ADVITT.SITE
      dns_lookup_realm = false
      dns_lookup_kdc = true

Time Syncronization is pulled via NTP from the AD-DC Servers.
Name resolution is set to the three AD-DC servers and Name resolution 
tests are OK.

I don't think I'm missing something important so far.

Cheers
Thomas

-- 
Bestattungen Vitt oHG
Inhaber Willi & Thomas Reitelbach
Rochusstraße 176
53123 Bonn-Duisdorf
Registergericht: Amtsgericht Bonn, HRA 7958

Facebook:     http://www.facebook.de/bestattungenvitt
Gedenkportal: http://begleiten.bestattungen-vitt.de
Internet:     http://www.bestattungen-vitt.de

Telefon: 0228 - 62 68 68
Fax: 0228 - 978 30 36

More information about the samba mailing list