DNS update failed when joining samba3 to samba4

Christian Huldt christian at solvare.se
Sun Sep 19 09:15:53 MDT 2010

We are setting up a new network with samba4 as DC and samba3 for files  
and printers

However, bind as provided by ubuntu server 10.4.1 lts does not like  
the tkey settings and refuses the start with them

         tkey-gssapi-credential "DNS/arkitekt.msg83";
         tkey-domain "ARKITEKT.MSG83";

Of course I would like to fix this (any hints? kerberos works nicely,  
kinit and klist), but I wonder if this is a show-stopper?

Joining a samba3 server to the domain "works", I can see the server in  
the domain (but not connect to it yet...) but "DNS update failed!"  
seems like something that I should fix ASAP.

> # net ads join -Uadministrator
> Enter administrator's password:
> Using short domain name -- ARKITEKT
> Joined 'SOLVARE2' to realm 'arkitekt.msg83'
> DNS update failed!

Second question: we used to have dhcp add computers to dns through  
allow-update { key "rndc-key"; };, is this compatible with samba4 and  
the tkey stuff or should we change that (haven't added it yet)?

> # /usr/sbin/named -V
> BIND 9.7.0-P1 built with '--prefix=/usr' '--mandir=/usr/share/man'  
> '--infodir=/usr/share/info' '--sysconfdir=/etc/bind' '-- 
> localstatedir=/var' '--enable-threads' '--enable-largefile' '--with- 
> libtool' '--enable-shared' '--enable-static' '--with-openssl=/usr'  
> '--with-gssapi=/usr' '--with-gnu-ld' '--with-dlz-postgres=no' '-- 
> with-dlz-mysql=no' '--with-dlz-bdb=yes' '--with-dlz-filesystem=yes'  
> '--with-dlz-ldap=yes' '--with-dlz-stub=yes' '--with-geoip=/usr' '-- 
> enable-ipv6' 'CFLAGS=-fno-strict-aliasing -DDIG_SIGCHASE -O2'  
> 'LDFLAGS=-Wl,-Bsymbolic-functions' 'CPPFLAGS='

Christian Huldt
christian at solvare.se

No unicorns were harmed during the composition of this email.

More information about the samba-technical mailing list