[Samba] Join AD fails DNS update
Dr. Lars Hanke
lars at lhanke.de
Tue Jun 24 14:09:19 MDT 2014
Thanks Rowland, this gives a more comprehensive view.
> The problem is probably that you are only searching on port 389, try
> this search:
> ldbsearch -LLL -x -h localhost -p 3268 -b "DC=example,DC=com" -s sub -D
> "CN=Administrator,CN=Users,DC=example,DC=com" -w <ADpassword>
The syntax looks like ldapsearch instead of ldbsearch, but yes this
search returns the DNS entries maintained by the AD DC. It does not
contain any entry for a machine calles samba4, i.e. the error that it
cannot be added since it exists already is wrong, remember:
client 172.16.6.242#40938: updating zone 'ad.microsult.de/NONE': update
unsuccessful: samba4.ad.microsult.de/A: 'RRset exists (value dependent)'
prerequisite not satisfied (NXRRSET)
Still the only entity about the joined machine is:
ldapsearch -LLL -x -h localhost -p 3268 -b "DC=ad,DC=microsult,DC=de" -s
sub -D "CN=Administrator,CN=Users,DC=ad,DC=microsult,DC=de" -W | grep -i
samba4 | grep ^dn:
Enter LDAP Password:
dn: CN=samba4,CN=Computers,DC=ad,DC=microsult,DC=de
The process logging the error is named, but it claims to propagate an
error from within samba_dlz. Too tired to dig into the code tonight ...
... and we learned that the DNS records except root servers are not
stored in sam.ldb. However, a construct like:
for f in `find / -type f -name '*.ldb'`; do echo File: $f; ldbsearch
--url="$f" | grep -i samba | grep ^dn: ; done
showed it's in
private/sam.ldb.d/DC=DOMAINDNSZONES,DC=AD,DC=MICROSULT,DC=DE.ldb
but no, there's no trace of any machine called samba4 in it.
Cheers,
- lars.
More information about the samba
mailing list