[Samba] [samba] DNS update failed!

k.maksimov k.maksimov at butb.by
Thu Jul 29 07:05:53 MDT 2010 

Alexander R. Fahrutdinov wrote:

> В сообщении от 29 июля 2010 09:08:29 автор Alexander R. Fahrutdinov написал:
>   
>> В сообщении от 28 июля 2010 18:10:29 автор k.maksimov написал:
>>     
>>> Alexander R. Fahrutdinov wrote:
>>>       
>>>> В сообщении от 28 июля 2010 10:15:25 автор k.maksimov написал:
>>>>         
>>>>> Anton wrote:
>>>>>           
>>>>>> On 28 July 2010 01:45, k.maksimov <k.maksimov at butb.by> wrote:
>>>>>>             
>>>>>>> I have two networks: 192.168.1.0 with netmask 255.255.255.0 and
>>>>>>> 172.16.0.0 with netmask 255.255.254.0, when I join in domain in
>>>>>>> first network hostname registered successfully, but in second
>>>>>>> network:
>>>>>>>
>>>>>>> sudo net ads join -U admin
>>>>>>> Enter admin's password:
>>>>>>> Using short domain name -- BUTB
>>>>>>> Joined 'TH-2-011' to realm 'butb.by'
>>>>>>> DNS update failed!
>>>>>>>               
>>>>>> As far as I can tell (I'm not entirely certain though)  this is an
>>>>>> Active Directory / Windows Server configuration issue around
>>>>>> loosening permissions enough for the DHCP service to update the DNS
>>>>>> records.
>>>>>>
>>>>>> I don't know exactly what settings need to be configured though, as I
>>>>>> didn't manage to get it working either. In the end I decided to keep
>>>>>> the standard security and just use static IPs and DNS records for
>>>>>> winbind machines.
>>>>>>             
>>>>> I'm use static IP and I haven't DHCP. and this problem not an AD:
>>>>> Windows machines successfully update DNS.
>>>>>
>>>>> also I have ~200 machines and I can't add every DNS record manually.
>>>>>           
>> It seems, secure DNS update has broken in samba. I tried to use different
>> versions of samba (3.2.4, 3.4.4, 3.5.4, etc), but always got an error
>> during DNS update, in spite of "wbinfo -t" and "net ads info" commands
>> output was OK.
>>
>> Secure DNS update via nss-update script has sucssefully completed, but it
>> requires a domain admin creditionals.
>> Guys from http://rc.quest.com/topics/ddns/old.php create a patch for nss-
>> update and GSSAPI library to use machine account instead admin one, but I
>> don't try this.
>>
>> So, I don't promise to disable the secure DNS update, because it decrease
>> AD security.
>>
>> Perghaps, somebody tell us, what we doing wrong?
>>     
>
> Earlier I tested DNS update on samba package included in Debian Etch, Lenny 
> and testing Debian branch.
>
> Now I download CentOS distribution and try to update DNS via "net ads dns 
> register -P" command. I'm surprised when command reports "Successfully 
> registered hostname with DNS" with samba 3.0.33 and 3.5.4 versions. 
>
> So, it isn't samba problem, but problem of specific distribution. 
>
> And what's your distribution?
>   
I'm use Linux Mint 9 (based on Ubuntu 10.4), samba is 3.4.7, and in network 192.168.1.0/24 dns updated successfully via "net ads dns 
register -P". So, it's samba problem:)

More information about the samba mailing list