[Samba] samba_dnsupdate NOTAUTH
Jason Voorhees
jvoorhees1 at gmail.com
Wed Feb 24 15:28:21 UTC 2016
Thank you all guys for your help. I've been busy these days.
Today I exprienced some issues on users management on my Zentyal DC,
then I noticed that samba process was using lot of memory and paging
space was near 50% usage or even more. I had to kill the process and
starting again which in fact fixed my user management issue but I also
noticed that after that time I didn't get any more "NOTAUTH" errors
about samba_dnsupdate on my CentOS 7 PDC.
It's curious but maybe Zentyal DC running Samba was having some kind
of issue before that caused the other CentOS 7 DC to fail the DNS
replication.
Now I can run "samba_dnsupdate --verbose --all-names" without issues.
Thank you Rowland, after reading a bit about FSMO roles now I
understand that PDC & BDC terms are deprecated.
Have a nice day!
On Tue, Feb 23, 2016 at 9:20 AM, L.P.H. van Belle <belle at bazuin.nl> wrote:
> Im suggesting, Since the following: NOTAUTH :
> is a failure on dns updates is
> OR incorrect manual changes in bind and/or incorrect rights.
>
> And check the needed rights on what the dns needs.
> I dont know if your using bind or internal dns.
> For bind : look here
> https://wiki.samba.org/index.php/Configure_BIND_as_backend_for_Samba_AD
>
> And for the NTP Server config.
> Dont use a pool, use a stratum 1 server in you country.
> The, for example, debian.ntp-pool.. etc gave me errors in time syncing.
> Go here for a stable ntp server in you country.
> http://support.ntp.org/bin/view/Servers/StratumOneTimeServers
> set all your dc's to this ntp server. ( or use a "proxy" ntp server ) to sync your DC's
>
> and optional, it can be fault keytab files.
> You can recreate them if needed.
> Found here : https://wiki.samba.org/index.php/Keytab_Extraction
>
>
> Greetz,
>
> Louis
>
>
>> -----Oorspronkelijk bericht-----
>> Van: samba [mailto:samba-bounces at lists.samba.org] Namens Rowland penny
>> Verzonden: dinsdag 23 februari 2016 14:32
>> Aan: samba at lists.samba.org
>> Onderwerp: Re: [Samba] samba_dnsupdate NOTAUTH
>>
>> On 23/02/16 13:15, Jason Voorhees wrote:
>> > Hello Rowland, thanks for your help.
>> >
>> > My replies lines below:
>> >
>> >
>> >> Do the DCs point at each other for dns ?
>> >>
>> >> i.e. is /etc/resolv.conf on the first DC something like this:
>> >>
>> >> search your.domian.com
>> >> nameserver ip.of.second.dc
>> >> nameserver ip.of.this.dc
>> >>
>> >> and on the second DC:
>> >>
>> >> search your.domian.com
>> >> nameserver ip.of.first.dc
>> >> nameserver ip.of.this.dc
>> >>
>> > Yes, they both point to each other just as you suggested.
>> >
>> >> I would also ensure that ntp is running on both DCs, using the same
>> external
>> >> ntp servers and then your workstations would use your DCs for their
>> time
>> >> servers.
>> >>
>> > I've just configured NTP on both servers, they now have only 1 seconds
>> > of difference.
>> >
>> >> One last comment, you haven't got a primary DC and a backup DC, you
>> just
>> >> have two DCs. The only difference between your two DCs is the FSMO
>> roles and
>> >> these can be moved from DC to DC.
>> >>
>> > What type of DCs are these two servers? Some kind of two Primary or
>> > Master DC each one? Shouldn't I have a PDC and a BDC? (I thought this
>> > the recommeded setup for DCs). Please let me know if I'm doing
>> > anything wrong here.
>>
>> You can call them what you want, but all Samba AD DCs are the same, they
>> both hold the same replicating database, the only difference is what
>> FSMO roles each DC holds and you can move these roles. The terms 'PDC' &
>> 'BDC' are used with an NT4-style domain, where they mean something.
>> Whilst there is a 'PDC emulator' FSMO role (see here for info:
>> https://support.microsoft.com/en-us/kb/197132), there isn't a 'BDC
>> emulator' FSMO role.
>>
>> >
>> > I'm going to check if samba_dnsupdate error messages dissapear in the
>> > following minutes/hours after synchronizing both servers using NTP,
>> > but I don't know what caused this error. Was it really caused by time
>> > differences between servers? or is there anything else that might need
>> > to be fixed?
>>
>> It could be the time difference, but if it seems not then have a look
>> here:
>>
>> https://wiki.samba.org/index.php/Samba_AD_DC_Troubleshooting
>>
>> Rowland
>> >
>> > Thanks again
>>
>>
>> --
>> To unsubscribe from this list go to the following URL and read the
>> instructions: https://lists.samba.org/mailman/options/samba
>
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
More information about the samba
mailing list