[Samba] joining second DC to domain and non creation of DC DNS records

Fri Oct 23 10:23:26 UTC 2015

Hi Rowland,

I have similar problem with sernet  4.2.4 package: no dns entry created and logs are showing NOTAUTH for dnsupdate
Here is my work around:

New DC joins domain with:
--dns-backend=BIND9_DLZ and --server=partnerDC.contoso.com

Don't start samba or bind yet !!

After that I've to correct some permissions rights on these folders/files (bind can read):
- private
- dns
- dns/*
- sam.ldb
- sam.ldb.d
- sam.ldb.d/*
- dns.keytab

If I start samba + bind, i have dnsupdate failed
Tips is to restart bind on partnerDC.contoso.com (partner replication on domain joined)
L.P.H von BELLE have similar troube, see: https://lists.samba.org/archive/samba/2015-April/191143.html

After bind restarted on partnerDC, you can start samba + bind after
All dns entry are created and replicated :-)

I don't know why I have to restart bind on partnerDC between second DC domain join and second DC samba start...

-----Message d'origine-----
De : samba [mailto:samba-bounces at lists.samba.org] De la part de Dirk Laurenz
Envoyé : vendredi 23 octobre 2015 12:01
À : Rowland Penny <rowlandpenny241155 at gmail.com>; sambalist <samba at lists.samba.org>
Objet : Re: [Samba] joining second DC to domain and non creation of DC DNS records

Hello Rowland,

just hat a similar problem with 4.3.0. What fixed my problem was:

stop samba
switch to samba internal backend
remove dns-dc record
switch back to bind backend
afterwards, everything worked for me

Am 22.10.2015 um 22:06 schrieb Rowland Penny:
> Hi, I am in the middle of creating (or should that be re-creating) my 
> test domain, creation of the first DC went without incidence, so I 
> moved on to the second DC and this is where the problems started.
>
> I downloaded samba 4.3.1 and compiled it, I then setup bind9 etc and 
> joined the new DC to the domain, everything seemed ok, so I then 
> started testing DNS. This is where I found that my nice new DC did not 
> have a DNS record.
>
> I then remember that there was a problem, so scanned the wiki (well 
> somebody has to read it) and found this page:
>
> https://wiki.samba.org/index.php/Check_and_fix_DNS_entries_on_DC_joins
>
> This described my problem precisely, so I started to follow it, but it 
> didn't fully fix my problem, in fact it changed it to another.
>
> So I went to this page : 
> https://wiki.samba.org/index.php/Dns_tkey_negotiategss:_TKEY_is_unacce
> ptable
>
> and started to follow it, but it all went pear shaped when I deleted 
> the bind dns account and then samba flatly refused to recreate it, 
> saying it still existed, when plainly it didn't ( I later found lower 
> down the page, that this was another known bug, but I totally missed 
> it when I first read the page. Note to Marc, I will be altering that
> page!)
>
> So, having totally missed the next bug, what did I do, well as this 
> was a new DC, I stopped bind and samba, removed /usr/local/samba and 
> re-ran 'make install' and tried again, this time everything worked.
> The only difference was that this time the new DCs dns record was 
> already in AD on the first DC.
>
> I now know how to join any more DCs, precreate the new DCs dns records 
> in AD before joining it.
>
> Rowland
>
>

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba