[Samba] net ads dns register failes (samba 3.4.7 on windows 2003 sp2)

Assarsson, Emil Emil.Assarsson at sonyericsson.com
Tue Oct 26 01:44:01 MDT 2010

Hi all,

I have some problems with dynamic DNS updating.
Samba 3.4.7
Windows 2003 sp2

# net ads dns register -P
DNS Update failed!

With debug ( -d9 ) I get this:
[2010/10/26 09:28:44,  3] libads/sasl.c:780(ads_sasl_spnego_bind)
  ads_sasl_spnego_bind: got OID=
[2010/10/26 09:28:44,  3] libads/sasl.c:789(ads_sasl_spnego_bind)
  ads_sasl_spnego_bind: got server principal name = losdcc01$@LOS.NET
[2010/10/26 09:28:44,  3] libsmb/clikrb5.c:687(ads_krb5_mk_req)
  ads_krb5_mk_req: krb5_cc_get_principal failed (No credentials cache found)
[2010/10/26 09:28:44,  3] libsmb/clikrb5.c:620(ads_cleanup_expired_creds)
  ads_cleanup_expired_creds: Ticket in ccache[MEMORY:net_ads] expiration Tue, 26 Oct 2010 19:28:44 CEST
[2010/10/26 09:28:44,  3] libsmb/clikrb5.c:729(ads_krb5_mk_req)
  ads_krb5_mk_req: server marked as OK to delegate to, building forwardable TGT
[2010/10/26 09:28:44,  2] lib/interface.c:340(add_interface)
  added interface eth0 ip=fe80::223:7dff:fe1b:a87e%eth0 bcast=fe80::ffff:ffff:ffff:ffff%eth0 netmask=ffff:ffff:ffff:ffff::
[2010/10/26 09:28:44,  2] lib/interface.c:340(add_interface)
  added interface eth0 ip= bcast= netmask=
[2010/10/26 09:28:44,  4] libads/dns.c:620(ads_dns_lookup_ns)
  ads_dns_lookup_ns: 23 records returned in the answer section.
DNS update failed!
[2010/10/26 09:28:48,  2] utils/net.c:779(main)
  return code = -1

When I try to find some more info with wireshark I find that the server refuses TKEY on the DNS request.

My current solution is to let DHCP do the update but it works poorly in a mixed environment. We have about 1000 clients moving around all over the place so we can't manually register.

Best regards
Emil Assarsson
Sony Ericsson Mobile Communications AB

"The information in this email, and attachment(s) thereto, is strictly confidential and may be legally privileged. It is intended solely for the named recipient(s), and access to this e-mail, or any attachment(s) thereto, by anyone else is unauthorized. Violations hereof may result in legal actions. Any attachment(s) to this e-mail has been checked for viruses, but please rely on your own virus-checker and procedures. If you contact us by e-mail, we will store your name and address to facilitate communications in the matter concerned. If you do not consent to us storing your name and address for above stated purpose, please notify the sender promptly. Also, if you are not the intended recipient please inform the sender by replying to this transmission, and delete the e-mail, its attachment(s), and any copies of it without, disclosing it."

More information about the samba mailing list