[Samba] samba_dnsupdate NOTAUTH
Rowland penny
rpenny at samba.org
Mon Feb 22 13:12:32 UTC 2016
On 22/02/16 12:49, Jason Voorhees wrote:
> Hello guys, hope you're doing good:
>
> I'm running a couple of Samba servers like follows:
>
> Primary DC
> =========
> Platform: Zentyal 4.2 development x68_64
> Samba: 4.3.4-Zentyal
> DNS: BIND9_DLZ_module
> Role: Primary Domain Controller
> Setup: By default, following Zentyal's web interface.
>
>
> Secondary DC
> ===========
> Platform: CentOS 7 x86_64
> Samba: 4.3.4 built from source
> DNS: SAMBA_INTERNAL
> Role: Backup Domain Controller:
> Setup: According to
> https://wiki.samba.org/index.php/Join_an_additional_Samba_DC_to_an_existing_Active_Directory
>
>
> I've recently noticed that the following log messages (repeated times)
> appear every 10 minutes on my CentOS BDC:
>
> Feb 22 07:38:12 storage samba[27405]: [2016/02/22 07:38:12.057697, 0]
> ../lib/util/util_runcmd.c:328(samba_runcmd_io_handler)
> Feb 22 07:38:12 storage samba[27405]:
> /usr/local/samba-4.3.4/sbin/samba_dnsupdate: update failed: NOTAUTH
>
> I have no idea what this error means. As I followed almost "by
> default" settings in the setup procedure I might suspect there's
> something missing that needs to be fixed or improved in my settings.
> The only suspicious stuff I noticed is that these 2 Samba servers have
> a couple of minutes of difference in time. I can fix this by using NTP
> but not sure if this is the cause of error.
>
> I hope someone can give me some ideas about this error or point me to
> some documentation resource.
>
> Any help is appreciated. Thanks in advance
>
> Have a nice day!
>
Do the DCs point at each other for dns ?
i.e. is /etc/resolv.conf on the first DC something like this:
search your.domian.com
nameserver ip.of.second.dc
nameserver ip.of.this.dc
and on the second DC:
search your.domian.com
nameserver ip.of.first.dc
nameserver ip.of.this.dc
I would also ensure that ntp is running on both DCs, using the same
external ntp servers and then your workstations would use your DCs for
their time servers.
One last comment, you haven't got a primary DC and a backup DC, you just
have two DCs. The only difference between your two DCs is the FSMO roles
and these can be moved from DC to DC.
Rowland
More information about the samba
mailing list