[Samba] Join AD fails DNS update
L.P.H. van Belle
belle at bazuin.nl
Tue Jun 24 08:04:00 MDT 2014
What you can do is the following.
setup the resolv.conf
check you hosts file
127.0.0.1 localhost localhost.localdomain.
( or put this in /etc/network/interfaces dns-domain dns-search dns-nameserver )
( or if you use resolvconf /etc/resolvconf/resolv.conf.d )
test ping hostname.domain.tld for your AD server.
If that does not work, add the ip / FQHN of you server to the hosts file.
but it should not be needed.
dns_lookup_realm = false
dns_lookup_kdc = true
default_realm = YOURINTERNAL.DOMAIN.TLD << IN CAPS !
setup your smb.conf ( from a 4.1.7 debian backports samba )
workgroup = INTERNAL
security = ADS
realm = YOURINTERNAL.DOMAIN.TLD << IN CAPS
encrypt passwords = yes
netbios name = HOSTNAME << IN CAPS
domain master = no
host msdfs = no
dedicated keytab file = /etc/krb5.keytab
kerberos method = secrets and keytab
client signing = if_required
## map id's outside to domain to tdb files.
idmap config *:backend = tdb
idmap config *:range = 50001-80000
## map ids from the domain the range may not overlap !
idmap config INTERNAL:backend = ad
idmap config INTERNAL:schema_mode = rfc2307
idmap config INTERNAL:range = 10000-40000
winbind nss info = rfc2307
winbind trusted domains only = no
winbind use default domain = yes
winbind enum users = yes
winbind enum groups = yes
winbind refresh tickets = yes
winbind offline logon = yes
net ads join -U Administrator
If you join and you get a dns error when adding.
Did you already added the hostname of the server in the AD DNS?
If So, thats why you get and error. Ignore it, and check if your member server joined the domain in the AD.
Should works, im having also a samba 3.6.6 in my wheezy sernet setup.
but if this still doesnt work, add wheezy-backport in your apt.sources
and upgrade 3.6.6 to the latest backports version, that one im using for my proxy setup.
for your sources.list if needed.
deb http://ftp.debian.org/debian/ wheezy-backports main contrib non-free
apt-get update and check with apt-cache policy samba before upgradeing.
>Van: debian at lhanke.de [mailto:samba-bounces at lists.samba.org]
>Namens Lars Hanke
>Verzonden: dinsdag 24 juni 2014 15:35
>Aan: samba at lists.samba.org
>Onderwerp: [Samba] Join AD fails DNS update
>This topic has been on the list two years ago, already, but apparently
>to no conclusion.
>I'm trying to join a Debian Wheezy machine (Samba 3.6.6) to my freshly
>made backports AD (Samba 4.1.7). This is what I see:
>root at samba4:/# net ads join -U Administrator at AD.MICROSULT.DE
>Enter Administrator at AD.MICROSULT.DE's password:
>Using short domain name -- AD
>Joined 'SAMBA4' to realm 'ad.microsult.de'
>DNS Update for samba4.ad.microsult.de failed: ERROR_DNS_INVALID_MESSAGE
>DNS update failed!
>root at samba4:/# host samba4.ad.microsult.de
>Host samba4.ad.microsult.de not found: 3(NXDOMAIN)
>root at samba4:/# net --version
>The old discussion (e.g.
>the message, but it stipulates that at least sometimes the
>was added. I didn't see any DNS update so far. I use DLZ like them.
>Any idea how to troubleshoot this situation?
> - lars.
>To unsubscribe from this list go to the following URL and read the
More information about the samba