[Samba] Inconsistency in LSA database prevents me to edit DNS zone

thierry DeTheGeek dethegeek at gmail.com
Sun Feb 28 08:34:29 UTC 2016

Hi all

A few month ago I had to change the IP address of my DC running Samba 4 and
Bind 9 as backend, in a LXC container running Debian 8u2.

I followed this documentation

The documentation was rather good, but I found it was incomplete while
updating the DNS entries with

samba_dnsupdate --verbose

I had to use the DNS management MMC console to update all entries
containing the old IP address of my DC, not mentioned in the errors
reported by the above command.

A few weeks later I wanted to add a DNS entry in the DNS server and all
attempts are rejected with the following message :

The Local Security Authority (LSA) database contains an internal

I workarounded the issue with samba-tool.

Today I wanted to do more complex DNS settings and I wish to use RSAT
instead of samba-tool.

This is the only issue I noticed so far. I'm created a few GPOs whithout
any issue, my domain members and SMB shares are working great too.

Do someone have an idea about this issue ?

More information about the samba mailing list