[Samba] [samba] DNS update failed!
Alexander R. Fahrutdinov
alex_mgsm at mail.ru
Fri Jul 30 03:31:28 MDT 2010
В сообщении от 30 июля 2010 09:39:05 автор Alexander R. Fahrutdinov написал:
> В сообщении от 29 июля 2010 17:05:53 автор k.maksimov написал:
> > Alexander R. Fahrutdinov wrote:
> > > В сообщении от 29 июля 2010 09:08:29 автор Alexander R. Fahrutdinov
>
> написал:
> > >> В сообщении от 28 июля 2010 18:10:29 автор k.maksimov написал:
> > >>> Alexander R. Fahrutdinov wrote:
> > >>>> В сообщении от 28 июля 2010 10:15:25 автор k.maksimov написал:
> > >>>>> Anton wrote:
> > >>>>>> On 28 July 2010 01:45, k.maksimov <k.maksimov at butb.by> wrote:
> > >>>>>>> I have two networks: 192.168.1.0 with netmask 255.255.255.0 and
> > >>>>>>> 172.16.0.0 with netmask 255.255.254.0, when I join in domain in
> > >>>>>>> first network hostname registered successfully, but in second
> > >>>>>>> network:
> > >>>>>>>
> > >>>>>>> sudo net ads join -U admin
> > >>>>>>> Enter admin's password:
> > >>>>>>> Using short domain name -- BUTB
> > >>>>>>> Joined 'TH-2-011' to realm 'butb.by'
> > >>>>>>> DNS update failed!
> > >>>>>>
> > >>>>>> As far as I can tell (I'm not entirely certain though) this is an
> > >>>>>> Active Directory / Windows Server configuration issue around
> > >>>>>> loosening permissions enough for the DHCP service to update the
> > >>>>>> DNS records.
> > >>>>>>
> > >>>>>> I don't know exactly what settings need to be configured though,
> > >>>>>> as I didn't manage to get it working either. In the end I decided
> > >>>>>> to keep the standard security and just use static IPs and DNS
> > >>>>>> records for winbind machines.
> > >>>>>
> > >>>>> I'm use static IP and I haven't DHCP. and this problem not an AD:
> > >>>>> Windows machines successfully update DNS.
> > >>>>>
> > >>>>> also I have ~200 machines and I can't add every DNS record
> > >>>>> manually.
> > >>
> > >> It seems, secure DNS update has broken in samba. I tried to use
> > >> different versions of samba (3.2.4, 3.4.4, 3.5.4, etc), but always got
> > >> an error during DNS update, in spite of "wbinfo -t" and "net ads info"
> > >> commands output was OK.
> > >>
> > >> Secure DNS update via nss-update script has sucssefully completed, but
> > >> it requires a domain admin creditionals.
> > >> Guys from http://rc.quest.com/topics/ddns/old.php create a patch for
> > >> nss- update and GSSAPI library to use machine account instead admin
> > >> one, but I don't try this.
> > >>
> > >> So, I don't promise to disable the secure DNS update, because it
> > >> decrease AD security.
> > >>
> > >> Perghaps, somebody tell us, what we doing wrong?
> > >
> > > Earlier I tested DNS update on samba package included in Debian Etch,
> > > Lenny and testing Debian branch.
> > >
> > > Now I download CentOS distribution and try to update DNS via "net ads
> > > dns register -P" command. I'm surprised when command reports
> > > "Successfully registered hostname with DNS" with samba 3.0.33 and
> > > 3.5.4 versions.
> > >
> > > So, it isn't samba problem, but problem of specific distribution.
> > >
> > > And what's your distribution?
> >
> > I'm use Linux Mint 9 (based on Ubuntu 10.4), samba is 3.4.7, and in
> > network 192.168.1.0/24 dns updated successfully via "net ads dns
> > register -P". So, it's samba problem:)
>
> Now I trying to update DNS from CentOS with two NICs: 192.168.33.131 and
> 10.0.3.15, and both addresses is being added to DNS sucsessfully.
>
> PS: "net ads dns register -P"
So, my tests:
Debian Etch:
samba & winbind 3.2.5-4~bpo41+1
libkrb53 1.4.4-7etch6
.>net ads dns register -P
.>Successfully registered hostname with DNS
Debian Lenny:
samba & winbind 3.4.8~dfsg-2~bpo50+1 and 3.2.5-4lenny12 (work with
both)
libkrb53 1.6.dfsg.4~beta1-5lenny4
.>net ads dns register -P
.>Successfully registered hostname with DNS
Debian Sid/Unstable (my case)
samba & winbind 3.4.8~dfsg-2 and 3.5.4~dfsg-1 (not work with both)
libkrb53 1.8.1+dfsg-5
.>net ads dns register -P
.>DNS update failed!
More information about the samba
mailing list