[Samba] Join AD fails DNS update
steve
steve at steve-ss.com
Thu Jun 26 10:46:55 MDT 2014
On Thu, 2014-06-26 at 18:19 +0200, Lars Hanke wrote:
> Hi Steve,
>
> >> I'd love this -D verbosity on named syslogs. This would help to figure
> >> out, what samba actually sends. I'll experiment with the '-d' option
> >> tonight.
>
> Unfortunately -d 100 doesn't make named any more verbose. I'm already
> imagining me hooking up a gdb. Didn't do that for at leat 5 years ...
>
> > I don't think the join does much apart from add an A record for the
> > machine:
>
> Yes, but it obviously ties this to conditions, which fail to verify. And
> no-one seems to have an idea, which conditions this would be.
> Unfortunately your syslog does not disclose any details of successful
> prerequisite processing.
>
>
bind needs to be able to read the keytab on the DC and have write access
on the dns dbs. dns settings on the client have to be perfect. I don't
think yours is at the time of the join.
Can you post your named or bind conf?
The syslog proves that I have the correct dns settings in /etc/hosts
and /etc/reslov.conf, that named can read the dns keytab, write to the
required partitions and that I am able to verify both the machine and
get a tgt as a user who is allowed to perform the dns update. If any of
those are missing for you. . .
If you wish to verify whether nsupdate is used during the join process
then remove it before the join. I don't think it is as we cannot
reproduce that (lack of) verbosity at the command line. Sorry, no time
to do that over here at the moment. Alternatively you could ask the at
samba-technical.
HTH
Steve
More information about the samba
mailing list