[Samba] Samba 4.3.0 and DNS entries missing for DCs
Thierry Hotelier
Thierry.Hotelier at supagro.fr
Thu Nov 19 14:44:40 UTC 2015
hello,
we've just upgraded from samba 3.6.6 to samba 4.3.0. We are using
INTERNAL as dns backend. We have 1 domain and 6 DCs on 5 different
sites. Replication between DCs is ok as we can see with "samba-tool drs
showrepl". We configured them like it is described on the wiki and used
the RSAT tool "Sites and services" to add sites, subnets, links ... But
for the 4 DCs not on our main site, some DNS entries are missing and it
is not possible to add them with samba_dnsupdate (part of the result of
the command below).
As described by other people recently we need to put "allow dns updates
= nonsecure" in smb.conf in order to have dynamic DNS to work.
Is it correct to think that these DCs are not used by the clients ? And
that adding the dns entries missing is sufficient to correct the problem ?
I've slightly modified samba_dnsupdate in order to collect the commands
send to nsupdate (the temporay files are not deleted). What is the
better way to add these entries ? I think of either executing them on
the "pdc" or trying executing nsupdate without option -g.
Regards,
Thierry
# samba_dnsupdate --verbose
IPs: ['192.168.0.1']
Looking for DNS entry A dc-site1.samdom.example.lan 192.168.0.1 as
dc-site1.samdom.example.lan.
Looking for DNS entry A samdom.example.lan 192.168.0.1 as
samdom.example.lan.
Failed to find matching DNS entry A samdom.example.lan 192.168.0.1
Looking for DNS entry SRV _ldap._tcp.samdom.example.lan
dc-site1.samdom.example.lan 389 as _ldap._tcp.samdom.example.lan.
Checking 0 100 389 dc-princ1.samdom.example.lan. against SRV
_ldap._tcp.samdom.example.lan dc-site1.samdom.example.lan 389
Checking 0 100 389 dc-princ2.samdom.example.lan. against SRV
_ldap._tcp.samdom.example.lan dc-site1.samdom.example.lan 389
Failed to find matching DNS entry SRV _ldap._tcp.samdom.example.lan
dc-site1.samdom.example.lan 389
Looking for DNS entry SRV _ldap._tcp.dc._msdcs.samdom.example.lan
dc-site1.samdom.example.lan 389 as _ldap._tcp.dc._msdcs.samdom.example.lan.
Checking 0 100 389 dc-princ1.samdom.example.lan. against SRV
_ldap._tcp.dc._msdcs.samdom.example.lan dc-site1.samdom.example.lan 389
Checking 0 100 389 dc-princ2.samdom.example.lan. against SRV
_ldap._tcp.dc._msdcs.samdom.example.lan dc-site1.samdom.example.lan 389
Failed to find matching DNS entry SRV
_ldap._tcp.dc._msdcs.samdom.example.lan dc-site1.samdom.example.lan 389
Looking for DNS entry SRV
_ldap._tcp.4e70c2a8-652f-41f9-8713-385fcd661d44.domains._msdcs.samdom.example.lan
dc-site1.samdom.example.lan 389 as
_ldap._tcp.4e70c2a8-652f-41f9-8713-385fcd661d44.domains._msdcs.samdom.example.lan.
Checking 0 100 389 dc-princ1.samdom.example.lan. against SRV
_ldap._tcp.4e70c2a8-652f-41f9-8713-385fcd661d44.domains._msdcs.samdom.example.lan
dc-site1.samdom.example.lan 389
Checking 0 100 389 dc-princ2.samdom.example.lan. against SRV
_ldap._tcp.4e70c2a8-652f-41f9-8713-385fcd661d44.domains._msdcs.samdom.example.lan
dc-site1.samdom.example.lan 389
Failed to find matching DNS entry SRV
_ldap._tcp.4e70c2a8-652f-41f9-8713-385fcd661d44.domains._msdcs.samdom.example.lan
dc-site1.samdom.example.lan 389
[.....]
Calling nsupdate for A samdom.example.lan 192.168.0.1 (add)
Outgoing update query:
;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id: 0
;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0
;; UPDATE SECTION:
samdom.example.lan. 900 IN A 192.168.0.1
dns_tkey_negotiategss: TKEY is unacceptable
Failed nsupdate: 1
Calling nsupdate for SRV _ldap._tcp.samdom.example.lan
dc-site1.samdom.example.lan 389 (add)
Outgoing update query:
;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id: 0
;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0
;; UPDATE SECTION:
_ldap._tcp.samdom.example.lan. 900 IN SRV 0 100 389
dc-site1.samdom.example.lan.
dns_tkey_negotiategss: TKEY is unacceptable
Failed nsupdate: 1
Calling nsupdate for SRV _ldap._tcp.dc._msdcs.samdom.example.lan
dc-site1.samdom.example.lan 389 (add)
Outgoing update query:
;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id: 0
;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0
;; UPDATE SECTION:
_ldap._tcp.dc._msdcs.samdom.example.lan. 900 IN SRV 0 100 389
dc-site1.samdom.example.lan.
dns_tkey_negotiategss: TKEY is unacceptable
Failed nsupdate: 1
Calling nsupdate for SRV
_ldap._tcp.4e70c2a8-652f-41f9-8713-385fcd661d44.domains._msdcs.samdom.example.lan
dc-site1.samdom.example.lan 389 (add)
Outgoing update query:
;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id: 0
;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0
;; UPDATE SECTION:
_ldap._tcp.4e70c2a8-652f-41f9-8713-385fcd661d44.domains._msdcs.samdom.example.lan.
900 IN SRV 0 100 389 dc-site1.samdom.example.lan.
[.....]
dns_tkey_negotiategss: TKEY is unacceptable
Failed nsupdate: 1
Calling nsupdate for SRV
_ldap._tcp.SITE1._sites.ForestDnsZones.samdom.example.lan
dc-site1.samdom.example.lan 389 (add)
Outgoing update query:
;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id: 0
;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0
;; UPDATE SECTION:
_ldap._tcp.SITE1._sites.ForestDnsZones.samdom.example.lan. 900 IN SRV 0
100 389 dc-site1.samdom.example.lan.
dns_tkey_negotiategss: TKEY is unacceptable
Failed nsupdate: 1
Failed update of 24 entries
More information about the samba
mailing list