[Samba] samba_dlz: Failed to configure zone... already exists

Jim Seymour jseymour at LinxNet.com
Thu Sep 3 14:57:59 UTC 2015

On Thu, 3 Sep 2015 15:07:37 +0100
Rowland Penny <rowlandpenny241155 at gmail.com> wrote:

> The kerberos default_realm must be the samba AD DC domain name and 
> usually

So if I put the Samba AD DC in, say, "addc.example.com,"
"addc.example.com" must be the Kerberos default_realm?

> the samba DNS server (internal or bind) is just the dns
> server for the samba4 AD DC.

Yes, but I need example.com's zone to be a "normal" (i.e.: static)
zone.  It is now, and will remain, *the* zone for the corporate LAN at
this location.

So, since a Samba AD DC must have dynamic zones, I guess that means
Samba must "run in" a sub-zone.

This is the problem to which I referred a couple days ago.

I find it odd that this seems to be such an unusual configuration.  Has
the *nix world become contaminated with typical MS-Win server thinking:
That a server can do only one thing at a time?  It's an AD DC, to it
can't do anything else?

> This does not mean that you cannot add
> other zones to AD, this is easily done with samba-tool, in fact as
> standard, you have to create the reverse zone if you require it.

Don't see how that solves the problem.

> I wouldn't use 'pdc.example.com' as you do not have a pdc and should
> get out of the habit of referring to it as the PDC, a PDC is a very 
> different thing from an AD DC, all DCs are equal apart from the FSMO 
> roles. How about 'ad.example.com' or 'samba.example.com'

Very well.  I defaulted to that because I keep seeing references to
it.  I'll call it "addc.example.com".

Note: My mail server employs *very* aggressive anti-spam
filtering.  If you reply to this email and your email is
rejected, please accept my apologies and let me know via my
web form at <http://jimsun.LinxNet.com/contact/scform.php>.

More information about the samba mailing list