[Samba] Join AD fails DNS update
steve
steve at steve-ss.com
Tue Jun 24 08:07:19 MDT 2014
On Tue, 2014-06-24 at 15:34 +0200, Lars Hanke wrote:
> This topic has been on the list two years ago, already, but apparently
> to no conclusion.
>
> I'm trying to join a Debian Wheezy machine (Samba 3.6.6) to my freshly
> made backports AD (Samba 4.1.7). This is what I see:
>
> root at samba4:/# net ads join -U Administrator at AD.MICROSULT.DE
> Enter Administrator at AD.MICROSULT.DE's password:
> Using short domain name -- AD
> Joined 'SAMBA4' to realm 'ad.microsult.de'
> DNS Update for samba4.ad.microsult.de failed: ERROR_DNS_INVALID_MESSAGE
> DNS update failed!
> root at samba4:/# host samba4.ad.microsult.de
> Host samba4.ad.microsult.de not found: 3(NXDOMAIN)
> root at samba4:/# net --version
> Version 3.6.6
>
> The old discussion (e.g.
> http://www.spinics.net/lists/samba/msg102650.html) recommended to ignore
> the message, but it stipulates that at least sometimes the client entry
> was added. I didn't see any DNS update so far. I use DLZ like them.
>
> Any idea how to troubleshoot this situation?
You do not need to register the machine in dns but you may as well get
it right:
The hostname that your client is sending is not the hostname of the
machine you are attempting to join. You need to edit /etc/hostname
and /etc/hosts and a few other things. This is for Ubuntu. I think
debian is the same for dns:
http://linuxcostablanca.blogspot.com.es/2014/05/dns-good-enough-for-kerberos.html
Unless you are running a service that clients need to discover,
(frighteningly) the machine you join does not need to be registered in
DNS. The only requirement for AD is a keytab.
HTH
Steve
More information about the samba
mailing list