[Samba] samba_dnsupdate NOTAUTH

Tue Feb 23 14:20:23 UTC 2016

Im suggesting, Since the following:  NOTAUTH  : 
is a failure on dns updates is 
OR incorrect manual changes in bind and/or incorrect rights. 

And check the needed rights on what the dns needs. 
I dont know if your using bind or internal dns. 
For bind : look here 
https://wiki.samba.org/index.php/Configure_BIND_as_backend_for_Samba_AD

And for the NTP Server config. 
Dont use a pool, use a stratum 1 server in you country. 
The, for example, debian.ntp-pool..  etc  gave me errors in time syncing. 
Go here for a stable ntp server in you country.
http://support.ntp.org/bin/view/Servers/StratumOneTimeServers 
set all your dc's to this ntp server. ( or use a "proxy" ntp server ) to sync your DC's 

and optional, it can be fault keytab files. 
You can recreate them if needed. 
Found here :  https://wiki.samba.org/index.php/Keytab_Extraction

Greetz, 

Louis

> -----Oorspronkelijk bericht-----
> Van: samba [mailto:samba-bounces at lists.samba.org] Namens Rowland penny
> Verzonden: dinsdag 23 februari 2016 14:32
> Aan: samba at lists.samba.org
> Onderwerp: Re: [Samba] samba_dnsupdate NOTAUTH
> 
> On 23/02/16 13:15, Jason Voorhees wrote:
> > Hello Rowland, thanks for your help.
> >
> > My replies lines below:
> >
> >
> >> Do the DCs point at each other for dns ?
> >>
> >> i.e. is /etc/resolv.conf on the first DC something like this:
> >>
> >> search your.domian.com
> >> nameserver ip.of.second.dc
> >> nameserver ip.of.this.dc
> >>
> >> and on the second DC:
> >>
> >> search your.domian.com
> >> nameserver ip.of.first.dc
> >> nameserver ip.of.this.dc
> >>
> > Yes, they both point to each other just as you suggested.
> >
> >> I would also ensure that ntp is running on both DCs, using the same
> external
> >> ntp servers and then your workstations would use your DCs for their
> time
> >> servers.
> >>
> > I've just configured NTP on both servers, they now have only 1 seconds
> > of difference.
> >
> >> One last comment, you haven't got a primary DC and a backup DC, you
> just
> >> have two DCs. The only difference between your two DCs is the FSMO
> roles and
> >> these can be moved from DC to DC.
> >>
> > What type of DCs are these two servers? Some kind of two Primary or
> > Master DC each one? Shouldn't I have a PDC and a BDC? (I thought this
> > the recommeded setup for DCs). Please let me know if I'm doing
> > anything wrong here.
> 
> You can call them what you want, but all Samba AD DCs are the same, they
> both hold the same replicating database, the only difference is what
> FSMO roles each DC holds and you can move these roles. The terms 'PDC' &
> 'BDC' are used with an NT4-style domain, where they mean something.
> Whilst there is a 'PDC emulator' FSMO role (see here for info:
> https://support.microsoft.com/en-us/kb/197132), there isn't a 'BDC
> emulator' FSMO role.
> 
> >
> > I'm going to check if samba_dnsupdate error messages dissapear in the
> > following minutes/hours after synchronizing both servers using NTP,
> > but I don't know what caused this error. Was it really caused by time
> > differences between servers? or is there anything else that might need
> > to be fixed?
> 
> It could be the time difference, but if it seems not then have a look
> here:
> 
> https://wiki.samba.org/index.php/Samba_AD_DC_Troubleshooting
> 
> Rowland
> >
> > Thanks again
> 
> 
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba