Samba4 internal dns Failed DNS update

steve steve at steve-ss.com
Thu Apr 5 09:58:54 MDT 2012 

On 05/04/12 13:45, Kai Blin wrote:
> On 2012-04-05 12:41, steve wrote:
>
>> We we plan to have a forward and reverse zone. The fwd zone seems to be
>> there by default. Last time added a reverse zone using samba-tool last.
> Yep, that's expected and the way to do it.
>
>> Both worked fine but kept the values of machines which connected even
>> after a reboot. Maybe the nsupdate in smb.conf will get us there this
>> time. We are at 3608 of make on the new build.
> I'm not sure what you mean here. Zones are not expected to reset after a
> reboot. What _exactly_ is the problem you're seeing, and what _exactly_
> is your configuration?
>
> Cheers,
> Kai
>
  cat /usr/local/samba/etc/smb.conf
# Global parameters
[global]
     server role = domain controller
     workgroup = MARINA
     realm = hh3.site
     netbios name = HH3
     passdb backend = samba4
     server services = smb, rpc, nbt, wrepl, ldap, cldap, kdc, drepl, 
winbind, ntp_signd, kcc, dnsupdate, dns
         allow dns updates = True
         dns forwarder = 192.168.1.1
         dns recursive queries = yes
     nsupdate command = nsupdate

[netlogon]
     path = /usr/local/samba/var/locks/sysvol/hh3.site/scripts
     read only = No

[sysvol]
     path = /usr/local/samba/var/locks/sysvol
     read only = No

[home]
     path = /home2/MARINA
     read only = No

[profiles]
     path = /home2/MARINA/profiles
     read only = No

[dropbox]
     path = /home2/dropbox
     read only = No

Join xp client to the domain.
Login as administrator. Work normally e.g. install the microsoft remote 
tools adminpack and opera browser. All fine. Use ADUC. Fine. Login as a 
user created with samba-tool and access opera installed by administrator 
before. Fine.

After a while (3 hours this time):

the samba -i -d3 terminal gives:
../source4/dsdb/dns/dns_update.c:294: Failed DNS update - 
NT_STATUS_IO_TIMEOUT

After which there are no more verbose dns messages as is the subject of 
another thread but not a problem at the moment. We rt-clik a share or 
user in explorer and select the security tab. The users and groups of 
the share show as sid-rid. Wait 10 minutes. The users and groups now 
show as humanly readable names. Nothing can be done in the xp client 
until then and a message appears 'Naming information cannot be located 
because: The specified domain does not exist' OWTTE after which we must 
reboot the client and restart samba4.

Under bind9 the same config (minus the internal dns specific lines in 
smb.conf) work fine. Forward and reverse pings to the xp client fail. 
All contact is lost t the outside world on the xp client.

at his stage, all dig commands are from the forwarder.

Any ideas?
Cheers,
Steve

More information about the samba-technical mailing list