[Samba] [samba] DNS update failed!
Alexander R. Fahrutdinov
alex_mgsm at mail.ru
Wed Jul 28 23:08:29 MDT 2010
В сообщении от 28 июля 2010 18:10:29 автор k.maksimov написал:
> Alexander R. Fahrutdinov wrote:
> > В сообщении от 28 июля 2010 10:15:25 автор k.maksimov написал:
> >> Anton wrote:
> >>> On 28 July 2010 01:45, k.maksimov <k.maksimov at butb.by> wrote:
> >>>> I have two networks: 192.168.1.0 with netmask 255.255.255.0 and
> >>>> 172.16.0.0 with netmask 255.255.254.0, when I join in domain in first
> >>>> network hostname registered successfully, but in second network:
> >>>>
> >>>> sudo net ads join -U admin
> >>>> Enter admin's password:
> >>>> Using short domain name -- BUTB
> >>>> Joined 'TH-2-011' to realm 'butb.by'
> >>>> DNS update failed!
> >>>
> >>> As far as I can tell (I'm not entirely certain though) this is an
> >>> Active Directory / Windows Server configuration issue around loosening
> >>> permissions enough for the DHCP service to update the DNS records.
> >>>
> >>> I don't know exactly what settings need to be configured though, as I
> >>> didn't manage to get it working either. In the end I decided to keep
> >>> the standard security and just use static IPs and DNS records for
> >>> winbind machines.
> >>
> >> I'm use static IP and I haven't DHCP. and this problem not an AD:
> >> Windows machines successfully update DNS.
> >>
> >> also I have ~200 machines and I can't add every DNS record manually.
> >
It seems, secure DNS update has broken in samba. I tried to use different
versions of samba (3.2.4, 3.4.4, 3.5.4, etc), but always got an error during
DNS update, in spite of "wbinfo -t" and "net ads info" commands output was OK.
Secure DNS update via nss-update script has sucssefully completed, but it
requires a domain admin creditionals.
Guys from http://rc.quest.com/topics/ddns/old.php create a patch for nss-
update and GSSAPI library to use machine account instead admin one, but I
don't try this.
So, I don't promise to disable the secure DNS update, because it decrease AD
security.
Perghaps, somebody tell us, what we doing wrong?
More information about the samba
mailing list