[Samba] [samba] DNS update failed!

Thu Jul 29 06:21:03 MDT 2010

В сообщении от 29 июля 2010 09:08:29 автор Alexander R. Fahrutdinov написал:
> В сообщении от 28 июля 2010 18:10:29 автор k.maksimov написал:
> > Alexander R. Fahrutdinov wrote:
> > > В сообщении от 28 июля 2010 10:15:25 автор k.maksimov написал:
> > >> Anton wrote:
> > >>> On 28 July 2010 01:45, k.maksimov <k.maksimov at butb.by> wrote:
> > >>>> I have two networks: 192.168.1.0 with netmask 255.255.255.0 and
> > >>>> 172.16.0.0 with netmask 255.255.254.0, when I join in domain in
> > >>>> first network hostname registered successfully, but in second
> > >>>> network:
> > >>>> 
> > >>>> sudo net ads join -U admin
> > >>>> Enter admin's password:
> > >>>> Using short domain name -- BUTB
> > >>>> Joined 'TH-2-011' to realm 'butb.by'
> > >>>> DNS update failed!
> > >>> 
> > >>> As far as I can tell (I'm not entirely certain though)  this is an
> > >>> Active Directory / Windows Server configuration issue around
> > >>> loosening permissions enough for the DHCP service to update the DNS
> > >>> records.
> > >>> 
> > >>> I don't know exactly what settings need to be configured though, as I
> > >>> didn't manage to get it working either. In the end I decided to keep
> > >>> the standard security and just use static IPs and DNS records for
> > >>> winbind machines.
> > >>
> > >> I'm use static IP and I haven't DHCP. and this problem not an AD:
> > >> Windows machines successfully update DNS.
> > >> 
> > >> also I have ~200 machines and I can't add every DNS record manually.
> 
> It seems, secure DNS update has broken in samba. I tried to use different
> versions of samba (3.2.4, 3.4.4, 3.5.4, etc), but always got an error
> during DNS update, in spite of "wbinfo -t" and "net ads info" commands
> output was OK.
> 
> Secure DNS update via nss-update script has sucssefully completed, but it
> requires a domain admin creditionals.
> Guys from http://rc.quest.com/topics/ddns/old.php create a patch for nss-
> update and GSSAPI library to use machine account instead admin one, but I
> don't try this.
> 
> So, I don't promise to disable the secure DNS update, because it decrease
> AD security.
> 
> Perghaps, somebody tell us, what we doing wrong?

Earlier I tested DNS update on samba package included in Debian Etch, Lenny 
and testing Debian branch.

Now I download CentOS distribution and try to update DNS via "net ads dns 
register -P" command. I'm surprised when command reports "Successfully 
registered hostname with DNS" with samba 3.0.33 and 3.5.4 versions. 

So, it isn't samba problem, but problem of specific distribution. 

And what's your distribution?