[Samba] Join AD fails DNS update
steve
steve at steve-ss.com
Thu Jun 26 08:47:31 MDT 2014
On Thu, 2014-06-26 at 14:27 +0200, Lars Hanke wrote:
> >> root at samba:/# nsupdate -D -l
> > You need:
> > nsupdate -g
>
> oops, missed that option in the man page.
>
> Yes, using nsupdate -g and a valid TGT I could add my samba4 record to
> the DNS - which seems to answer all your following questions.
>
> Thanks, this may prove valuable for all further investigation.
>
> I'd love this -D verbosity on named syslogs. This would help to figure
> out, what samba actually sends. I'll experiment with the '-d' option
> tonight.
>
> Thanks,
> - lars.
Hi
I don't think the join does much apart from add an A record for the
machine:
catral:/home/steve # net ads join -UAdministrator
Enter Administrator's password:
Using short domain name -- HH3
Joined 'CATRAL' to dns domain 'hh3.site'
catral:/home/steve #
bind replies simply:
2014-06-26T16:29:50.485203+02:00 hh16 named[2103]: samba_dlz: starting
transaction on zone hh3.site
2014-06-26T16:29:50.485943+02:00 hh16 named[2103]: samba_dlz: committed
transaction on zone hh3.site
on an smb.conf of:
[global]
workgroup = HH3
realm = HH3.SITE
security = ADS
kerberos method = system keytab
and an A record appears:
nslookup catral
Server: 192.168.1.16
Address: 192.168.1.16#53
Name: catral.hh3.site
Address: 192.168.1.25
samba-tool dns query hh16 hh3.site catral A -UAdministrator
Password for [HH3\Administrator]:
Name=, Records=1, Children=0
A: 192.168.1.25 (flags=f0, serial=1301, ttl=3600)
The full ddns update including A, AAAA and PTR on the client via
nsupdate -g (under sssd) looks like this:
2014-06-26T16:24:46.918055+02:00 hh16 named[2103]: samba_dlz: starting
transaction on zone hh3.site
2014-06-26T16:24:46.923381+02:00 hh16 named[2103]: samba_dlz: allowing
update of signer=CATRAL\$\@HH3.SITE name=catral.hh3.site
tcpaddr=192.168.1.25 type=A key=3058272441.sig-hh16.hh3.site/160/0
2014-06-26T16:24:46.923974+02:00 hh16 named[2103]: client
192.168.1.25#45673/key CATRAL\$\@HH3.SITE: updating zone
'hh3.site/NONE': deleting rrset at 'catral.hh3.site' A
2014-06-26T16:24:46.931087+02:00 hh16 named[2103]: samba_dlz: subtracted
rdataset catral.hh3.site
'catral.hh3.site.#0113600#011IN#011A#011192.168.1.25'
2014-06-26T16:24:46.934733+02:00 hh16 named[2103]: samba_dlz: subtracted
rdataset hh3.site 'hh3.site.#0113600#011IN#011SOA#011hh16.hh3.site.
hostmaster.hh3.site. 1300 900 600 86400 0'
2014-06-26T16:24:46.936719+02:00 hh16 named[2103]: samba_dlz: added
rdataset hh3.site 'hh3.site.#0113600#011IN#011SOA#011hh16.hh3.site.
hostmaster.hh3.site. 1301 900 600 86400 0'
2014-06-26T16:24:48.149630+02:00 hh16 named[2103]: samba_dlz: committed
transaction on zone hh3.site
2014-06-26T16:24:48.289150+02:00 hh16 named[2103]: samba_dlz: starting
transaction on zone hh3.site
2014-06-26T16:24:48.291793+02:00 hh16 named[2103]: samba_dlz: allowing
update of signer=CATRAL\$\@HH3.SITE name=catral.hh3.site
tcpaddr=192.168.1.25 type=AAAA key=669082013.sig-hh16.hh3.site/160/0
2014-06-26T16:24:48.292445+02:00 hh16 named[2103]: client
192.168.1.25#51878/key CATRAL\$\@HH3.SITE: updating zone
'hh3.site/NONE': deleting rrset at 'catral.hh3.site' AAAA
2014-06-26T16:24:48.292893+02:00 hh16 named[2103]: samba_dlz: committed
transaction on zone hh3.site
2014-06-26T16:24:48.487283+02:00 hh16 named[2103]: samba_dlz: starting
transaction on zone hh3.site
2014-06-26T16:24:48.491456+02:00 hh16 named[2103]: samba_dlz: allowing
update of signer=CATRAL\$\@HH3.SITE name=catral.hh3.site
tcpaddr=192.168.1.25 type=A key=3406268820.sig-hh16.hh3.site/160/0
2014-06-26T16:24:48.492269+02:00 hh16 named[2103]: client
192.168.1.25#50716/key CATRAL\$\@HH3.SITE: updating zone
'hh3.site/NONE': adding an RR at 'catral.hh3.site' A
2014-06-26T16:24:48.495603+02:00 hh16 named[2103]: samba_dlz: added
rdataset catral.hh3.site
'catral.hh3.site.#0113600#011IN#011A#011192.168.1.25'
2014-06-26T16:24:48.499268+02:00 hh16 named[2103]: samba_dlz: subtracted
rdataset hh3.site 'hh3.site.#0113600#011IN#011SOA#011hh16.hh3.site.
hostmaster.hh3.site. 1301 900 600 86400 0'
2014-06-26T16:24:48.501137+02:00 hh16 named[2103]: samba_dlz: added
rdataset hh3.site 'hh3.site.#0113600#011IN#011SOA#011hh16.hh3.site.
hostmaster.hh3.site. 1302 900 600 86400 0'
2014-06-26T16:24:49.792656+02:00 hh16 named[2103]: samba_dlz: committed
transaction on zone hh3.site
2014-06-26T16:24:51.295817+02:00 hh16 named[2103]: samba_dlz: starting
transaction on zone 1.168.192.in-addr.arpa
2014-06-26T16:24:51.300085+02:00 hh16 named[2103]: samba_dlz: allowing
update of signer=CATRAL\$\@HH3.SITE name=25.1.168.192.in-addr.arpa
tcpaddr=192.168.1.25 type=PTR key=2770023077.sig-hh16.hh3.site/160/0
2014-06-26T16:24:51.300783+02:00 hh16 named[2103]: client
192.168.1.25#47761/key CATRAL\$\@HH3.SITE: updating zone
'1.168.192.in-addr.arpa/NONE': deleting rrset at
'25.1.168.192.in-addr.arpa' PTR
2014-06-26T16:24:51.304773+02:00 hh16 named[2103]: samba_dlz: subtracted
rdataset 25.1.168.192.in-addr.arpa
'25.1.168.192.in-addr.arpa.#0113600#011IN#011PTR#011catral.hh3.site.'
2014-06-26T16:24:51.308932+02:00 hh16 named[2103]: samba_dlz: subtracted
rdataset 1.168.192.in-addr.arpa
'1.168.192.in-addr.arpa.#0113600#011IN#011SOA#011hh16.hh3.site.
hostmaster.hh3.site. 48 900 600 86400 3600'
2014-06-26T16:24:51.311249+02:00 hh16 named[2103]: samba_dlz: added
rdataset 1.168.192.in-addr.arpa
'1.168.192.in-addr.arpa.#0113600#011IN#011SOA#011hh16.hh3.site.
hostmaster.hh3.site. 49 900 600 86400 3600'
2014-06-26T16:24:52.164513+02:00 hh16 named[2103]: samba_dlz: committed
transaction on zone 1.168.192.in-addr.arpa
2014-06-26T16:24:52.270345+02:00 hh16 named[2103]: samba_dlz: starting
transaction on zone 1.168.192.in-addr.arpa
2014-06-26T16:24:52.274466+02:00 hh16 named[2103]: samba_dlz: allowing
update of signer=CATRAL\$\@HH3.SITE name=25.1.168.192.in-addr.arpa
tcpaddr=192.168.1.25 type=PTR key=1117518000.sig-hh16.hh3.site/160/0
2014-06-26T16:24:52.276199+02:00 hh16 named[2103]: client
192.168.1.25#37720/key CATRAL\$\@HH3.SITE: updating zone
'1.168.192.in-addr.arpa/NONE': adding an RR at
'25.1.168.192.in-addr.arpa' PTR
2014-06-26T16:24:52.280119+02:00 hh16 named[2103]: samba_dlz: added
rdataset 25.1.168.192.in-addr.arpa
'25.1.168.192.in-addr.arpa.#0113600#011IN#011PTR#011catral.hh3.site.'
2014-06-26T16:24:52.284008+02:00 hh16 named[2103]: samba_dlz: subtracted
rdataset 1.168.192.in-addr.arpa
'1.168.192.in-addr.arpa.#0113600#011IN#011SOA#011hh16.hh3.site.
hostmaster.hh3.site. 49 900 600 86400 3600'
2014-06-26T16:24:52.286022+02:00 hh16 named[2103]: samba_dlz: added
rdataset 1.168.192.in-addr.arpa
'1.168.192.in-addr.arpa.#0113600#011IN#011SOA#011hh16.hh3.site.
hostmaster.hh3.site. 50 900 600 86400 3600'
2014-06-26T16:24:53.286665+02:00 hh16 named[2103]: samba_dlz: committed
transaction on zone 1.168.192.in-addr.arpa
Whatever the join sends to nsupdate (if it sends anything) is with
different options to the minimalistic ones sssd offers when it calls out
to nsupdate.
Maybe this will help you get resolved.
HTH
Steve
More information about the samba
mailing list