[Samba] Missing DNS entry after "domain join"

Wed Oct 14 12:24:04 UTC 2015

The third DC just finished to install itself using Sernet's packages in
version 4.2.4-SerNet-RedHat-18.el7 and some records were missing: dig
samba.domain.tld was showing 1 DC when 3 DC were existing.

After samba_dnsupdate it seems to be back to normal. Unfortunately as there
are so much records for each DC injected I have no idea how to fully test
if things are _really_ working well.

I'll redo some tests with compiled 4.3.0, to recheck and try to understand.

And I'll add some samba_dnsupdate at some point of my deployment scripts :/

2015-10-14 13:18 GMT+02:00 mathias dufresne <infractory at gmail.com>:

> Hi Andrew,
>
> First thank you for your reply. Does it means we have to run
> samba_dnsupdate after the join? Every time?
>
> I performed that samba_dnsupdate command on DC with FSMO on both domains I
> have using 4.3.0. On one it seems to have did the job, on the other it
> didn't.
>
> The only differences between both servers are:
> - how Samba was compiled (not the same configure option)
> - one domain was compiled as shown in my previous mail, the other uses
> RPMs I built using others configure options + these systems do not have all
> packages needed during compilation installed. Of course I can provide .spec
> for these RPM and/or configure command line and package list.
>
> After samba_dnsupdate:
>
> On compiled Samba:
> A samba.domain.tld -> shows every DC
> SRV _ldap._tcp.samba.domain.tld -> shows every DC
> <DCname>.samba.domain.tld -> all DC have A record.
> objectGUID record -> existing for all DC
>
> On RPM Samba:
> A samba.domain.tld -> shows FSMO only
> SRV _ldap._tcp.samba.domain.tld -> shows FSMO only
> <DCname>.samba.domain.tld -> all DC have A record.
> objectGUID record -> existing on 2 DC, missing on the third one
>
> Here the options set into the .spec for creating these RPMs, in case it
> helps:
> ------------------------------------------------
> PATH_OPTS="\
> --enable-fhs \
> --with-lockdir=%{_localstatedir}/cache/samba \
> --prefix=%{_prefix} \
> --exec-prefix=%{_exec_prefix} \
> --bindir=%{_bindir} \
> --sbindir=%{_sbindir} \
> --sysconfdir=%{_sysconfdir} \
> --datadir=%{_datadir} \
> --includedir=%{_includedir} \
> --libdir=%{_libdir} \
> --libexecdir=%{_libexecdir} \
> --localstatedir=%{_localstatedir} \
> --sharedstatedir=%{_sharedstatedir} \
> --mandir=%{_mandir} \
> --infodir=%{_infodir} \
> --with-pammodulesdir=/%{_lib}/security \
> "
>
> BUILD_OPTS="\
> --disable-rpath-install \
> --bundled-libraries=ALL \
> %if %{make_devel}
> --enable-developer \
> --picky-developer \
> --enable-krb5developer \
> %endif
> "
>
> CONF_OPTS="\
> --enable-cups \
> --enable-gnutls \
> --with-acl-support \
> --with-aio-support \
> --with-automount \
> --with-pam \
> --with-pam_smbpass \
> --with-quotas \
> --with-syslog \
> --with-utmp \
> --with-winbind \
> --with-ads \
> --with-dnsupdate \
> --without-dmapi \
>   --without-profiling-data \
> "
>
> ./configure $PATH_OPTS $BUILD_OPTS $CONF_OPTS
> ------------------------------------------------
>
> Now I'm about to install a third domain using Samba using Sernet's
> packages in version 4.2.4-18.el7 to check how these entries are created
> using that older version.
>
> Best regards,
>
> mathias
>
>
> 2015-10-14 12:05 GMT+02:00 Andrew Bartlett <abartlet at samba.org>:
>
>> On Wed, 2015-10-14 at 11:52 +0200, mathias dufresne wrote:
>> >
>> > As this compilation was performed using almost no option and
>> > absolutely no
>> > patch, I'm wondering why all these DNS records are missing.
>>
>> samba_dnsupdate is meant to create these, once it runs.
>>
>> Now, if it happens to update the local replica, and not the remote one,
>> then we likely have an issue, as nobody will ever find the updates.
>>
>> In any case, this is how it was expected to work.
>>
>> Andrew Bartlett
>>
>> --
>> Andrew Bartlett                       http://samba.org/~abartlet/
>> Authentication Developer, Samba Team  http://samba.org
>> Samba Developer, Catalyst IT
>> http://catalyst.net.nz/services/samba
>>
>>
>>
>>
>