[Samba] [samba] DNS update failed!

Alexander R. Fahrutdinov alex_mgsm at mail.ru
Thu Jul 29 23:39:05 MDT 2010


В сообщении от 29 июля 2010 17:05:53 автор k.maksimov написал:
> Alexander R. Fahrutdinov wrote:
> > В сообщении от 29 июля 2010 09:08:29 автор Alexander R. Fahrutdinov 
написал:
> >> В сообщении от 28 июля 2010 18:10:29 автор k.maksimov написал:
> >>> Alexander R. Fahrutdinov wrote:
> >>>> В сообщении от 28 июля 2010 10:15:25 автор k.maksimov написал:
> >>>>> Anton wrote:
> >>>>>> On 28 July 2010 01:45, k.maksimov <k.maksimov at butb.by> wrote:
> >>>>>>> I have two networks: 192.168.1.0 with netmask 255.255.255.0 and
> >>>>>>> 172.16.0.0 with netmask 255.255.254.0, when I join in domain in
> >>>>>>> first network hostname registered successfully, but in second
> >>>>>>> network:
> >>>>>>> 
> >>>>>>> sudo net ads join -U admin
> >>>>>>> Enter admin's password:
> >>>>>>> Using short domain name -- BUTB
> >>>>>>> Joined 'TH-2-011' to realm 'butb.by'
> >>>>>>> DNS update failed!
> >>>>>> 
> >>>>>> As far as I can tell (I'm not entirely certain though)  this is an
> >>>>>> Active Directory / Windows Server configuration issue around
> >>>>>> loosening permissions enough for the DHCP service to update the DNS
> >>>>>> records.
> >>>>>> 
> >>>>>> I don't know exactly what settings need to be configured though, as
> >>>>>> I didn't manage to get it working either. In the end I decided to
> >>>>>> keep the standard security and just use static IPs and DNS records
> >>>>>> for winbind machines.
> >>>>> 
> >>>>> I'm use static IP and I haven't DHCP. and this problem not an AD:
> >>>>> Windows machines successfully update DNS.
> >>>>> 
> >>>>> also I have ~200 machines and I can't add every DNS record manually.
> >> 
> >> It seems, secure DNS update has broken in samba. I tried to use
> >> different versions of samba (3.2.4, 3.4.4, 3.5.4, etc), but always got
> >> an error during DNS update, in spite of "wbinfo -t" and "net ads info"
> >> commands output was OK.
> >> 
> >> Secure DNS update via nss-update script has sucssefully completed, but
> >> it requires a domain admin creditionals.
> >> Guys from http://rc.quest.com/topics/ddns/old.php create a patch for
> >> nss- update and GSSAPI library to use machine account instead admin
> >> one, but I don't try this.
> >> 
> >> So, I don't promise to disable the secure DNS update, because it
> >> decrease AD security.
> >> 
> >> Perghaps, somebody tell us, what we doing wrong?
> > 
> > Earlier I tested DNS update on samba package included in Debian Etch,
> > Lenny and testing Debian branch.
> > 
> > Now I download CentOS distribution and try to update DNS via "net ads dns
> > register -P" command. I'm surprised when command reports "Successfully
> > registered hostname with DNS" with samba 3.0.33 and 3.5.4 versions.
> > 
> > So, it isn't samba problem, but problem of specific distribution.
> > 
> > And what's your distribution?
> 
> I'm use Linux Mint 9 (based on Ubuntu 10.4), samba is 3.4.7, and in network
> 192.168.1.0/24 dns updated successfully via "net ads dns register -P". So,
> it's samba problem:)

Now I trying to update DNS from CentOS with two NICs: 192.168.33.131 and 
10.0.3.15, and both addresses is being added to DNS sucsessfully.

PS: "net ads dns register -P"


More information about the samba mailing list