[Samba] [samba] DNS update failed!

k.maksimov k.maksimov at butb.by
Wed Aug 4 00:21:07 MDT 2010 

Alexander R. Fahrutdinov wrote:
> В сообщении от 30 июля 2010 09:39:05 автор Alexander R. Fahrutdinov написал:
>   
>> В сообщении от 29 июля 2010 17:05:53 автор k.maksimov написал:
>>     
>>> Alexander R. Fahrutdinov wrote:
>>>       
>>>> В сообщении от 29 июля 2010 09:08:29 автор Alexander R. Fahrutdinov
>>>>         
>> написал:
>>     
>>>>> В сообщении от 28 июля 2010 18:10:29 автор k.maksimov написал:
>>>>>           
>>>>>> Alexander R. Fahrutdinov wrote:
>>>>>>             
>>>>>>> В сообщении от 28 июля 2010 10:15:25 автор k.maksimov написал:
>>>>>>>               
>>>>>>>> Anton wrote:
>>>>>>>>                 
>>>>>>>>> On 28 July 2010 01:45, k.maksimov <k.maksimov at butb.by> wrote:
>>>>>>>>>                   
>>>>>>>>>> I have two networks: 192.168.1.0 with netmask 255.255.255.0 and
>>>>>>>>>> 172.16.0.0 with netmask 255.255.254.0, when I join in domain in
>>>>>>>>>> first network hostname registered successfully, but in second
>>>>>>>>>> network:
>>>>>>>>>>
>>>>>>>>>> sudo net ads join -U admin
>>>>>>>>>> Enter admin's password:
>>>>>>>>>> Using short domain name -- BUTB
>>>>>>>>>> Joined 'TH-2-011' to realm 'butb.by'
>>>>>>>>>> DNS update failed!
>>>>>>>>>>                     
>>>>>>>>> As far as I can tell (I'm not entirely certain though)  this is an
>>>>>>>>> Active Directory / Windows Server configuration issue around
>>>>>>>>> loosening permissions enough for the DHCP service to update the
>>>>>>>>> DNS records.
>>>>>>>>>
>>>>>>>>> I don't know exactly what settings need to be configured though,
>>>>>>>>> as I didn't manage to get it working either. In the end I decided
>>>>>>>>> to keep the standard security and just use static IPs and DNS
>>>>>>>>> records for winbind machines.
>>>>>>>>>                   
>>>>>>>> I'm use static IP and I haven't DHCP. and this problem not an AD:
>>>>>>>> Windows machines successfully update DNS.
>>>>>>>>
>>>>>>>> also I have ~200 machines and I can't add every DNS record
>>>>>>>> manually.
>>>>>>>>                 
>>>>> It seems, secure DNS update has broken in samba. I tried to use
>>>>> different versions of samba (3.2.4, 3.4.4, 3.5.4, etc), but always got
>>>>> an error during DNS update, in spite of "wbinfo -t" and "net ads info"
>>>>> commands output was OK.
>>>>>
>>>>> Secure DNS update via nss-update script has sucssefully completed, but
>>>>> it requires a domain admin creditionals.
>>>>> Guys from http://rc.quest.com/topics/ddns/old.php create a patch for
>>>>> nss- update and GSSAPI library to use machine account instead admin
>>>>> one, but I don't try this.
>>>>>
>>>>> So, I don't promise to disable the secure DNS update, because it
>>>>> decrease AD security.
>>>>>
>>>>> Perghaps, somebody tell us, what we doing wrong?
>>>>>           
>>>> Earlier I tested DNS update on samba package included in Debian Etch,
>>>> Lenny and testing Debian branch.
>>>>
>>>> Now I download CentOS distribution and try to update DNS via "net ads
>>>> dns register -P" command. I'm surprised when command reports
>>>> "Successfully registered hostname with DNS" with samba 3.0.33 and
>>>> 3.5.4 versions.
>>>>
>>>> So, it isn't samba problem, but problem of specific distribution.
>>>>
>>>> And what's your distribution?
>>>>         
>>> I'm use Linux Mint 9 (based on Ubuntu 10.4), samba is 3.4.7, and in
>>> network 192.168.1.0/24 dns updated successfully via "net ads dns
>>> register -P". So, it's samba problem:)
>>>       
>> Now I trying to update DNS from CentOS with two NICs: 192.168.33.131 and
>> 10.0.3.15, and both addresses is being added to DNS sucsessfully.
>>
>> PS: "net ads dns register -P"
>>     
> So, my tests:
>
> Debian Etch:
>         samba & winbind 3.2.5-4~bpo41+1
>         libkrb53                        1.4.4-7etch6
>
> .>net ads dns register -P
> .>Successfully registered hostname with DNS
>
> Debian Lenny:
>         samba & winbind 3.4.8~dfsg-2~bpo50+1 and 3.2.5-4lenny12 (work with 
> both)
>
>         libkrb53                        1.6.dfsg.4~beta1-5lenny4
>
> .>net ads dns register -P
> .>Successfully registered hostname with DNS
>
> Debian Sid/Unstable (my case)
>         samba & winbind 3.4.8~dfsg-2 and 3.5.4~dfsg-1 (not work with both)
>
>         libkrb53                        1.8.1+dfsg-5
>
> .>net ads dns register -P
> .>DNS update failed!
>   
I try CentOS, Suse and Slackware, and ever, in second network, DNS 
wasn't update. :(

More information about the samba mailing list