[Samba] DNS problems on windows AD

Olivier Weinstoerffer olivier.weinstoerffer at sword-performance.com
Fri Jan 22 15:09:04 UTC 2016


Hi Marc,

in fact I see them in Outbound:
DC=ForestDnsZones,DC=simalaya-group,DC=com
        Default-First-Site-Name\SPSAD02 via RPC
                DSA object GUID: 38ee74c8-5b57-4b71-b601-88bdcc628a8d
                Last attempt @ Wed Dec 30 11:45:38 2015 CET was successful
                0 consecutive failure(s).
                Last success @ Wed Dec 30 11:45:38 2015 CET

DC=DomainDnsZones,DC=simalaya-group,DC=com
        Default-First-Site-Name\SPSAD02 via RPC
                DSA object GUID: 38ee74c8-5b57-4b71-b601-88bdcc628a8d
                Last attempt @ Thu Dec 31 16:32:43 2015 CET was successful
                0 consecutive failure(s).
                Last success @ Thu Dec 31 16:32:43 2015 CET

But it says last success was 30Dec.

I added new hosts to my samba DC today and they appear on the Windows DC
too.
But from the windows DC I still cannot add any DNS entry

I see this error on the windows event viewer:
The DNS server was unable to initialize Active Directory security
interfaces. Check that the Active Directory is functioning properly and
restart the DNS server. The event data contains the error.

all other stuff are working (creating users...)


thanks
Olivier

On Mon, Jan 18, 2016 at 8:06 PM, Marc Muehlfeld <mmuehlfeld at samba.org>
wrote:

> Hello Olivier,
>
> sorry for the delay.
>
>
> Am 08.01.2016 um 16:52 schrieb Olivier Weinstoerffer:
> > samba is 4.1.22.
> > I let the dcpromote choose the DC.
> > DNS is internal
> > Yes the windows DC has also global catalog
>
>
> I can reproduce the "refused" error here when trying to add an DNS
> record to the Windows 2008R2 DC.
>
> I saw, that DNS changes made on the Samba DCs are not replicated to the
> Windows DC as well. I see no "outbound neighbors" entry for
> DomainDnsZones and ForestDnsZones from my existing Samba 4.3.4 DCs to
> the Windows DC:
>
> # samba-tool drs showrepl
> ...
> ==== OUTBOUND NEIGHBORS ====
>
> DC=DomainDnsZones,DC=samdom,DC=example,DC=com
>         Default-First-Site-Name\DC1 via RPC
>                 DSA object GUID: 4a6bd92a-6612-4b15-aa8c-9ec371e8994f
>                 Last attempt @ NTTIME(0) was successful
>                 0 consecutive failure(s).
>                 Last success @ NTTIME(0)
> ...
> DC=ForestDnsZones,DC=samdom,DC=example,DC=com
>         Default-First-Site-Name\DC1 via RPC
>                 DSA object GUID: 4a6bd92a-6612-4b15-aa8c-9ec371e8994f
>                 Last attempt @ NTTIME(0) was successful
>                 0 consecutive failure(s).
>                 Last success @ NTTIME(0)
>
>
>
> For both an entry should be listed to the Windows DC, like in my example
> on the Wiki page (that's why I guess, it worked in the past or did
> something wrong today :-)). Can you confirm that you also have no
> Domain/ForestDnsZones entry to the Windows host in the "outbound" area?
>
>
> Regards,
> Marc
>



-- 

*Olivier Weinstoerffer*

Chief technical Architect

*Sword Performance Solutions*

M +41 79 390 42 00

T +41 61 723 01 88

E olivier.weinstoerffer at sword-performance.com

Sch├╝tzengraben 7

4051 Basel, Switzerland
www.sword-performance.com

Sword Performance Solutions AG, a company registered in Switzerland with
registered number CHE-109.703.611 and whose registered office is in Basel,
Switzerland is part of the Sword Group.
This email (and any attachments) is intended for the named recipient(s) and
is private and confidential. If it is not for you, please inform us and
then delete it. If you are not the intended recipient(s), the use,
disclosure, copying or distribution of any information contained within
this email is prohibited. Messages to and from us may be monitored. If the
content is not about the business of the Sword Group then the message is
neither from nor sanctioned by us.
Internet communications are not secure. You should scan this message and
any attachments for viruses. Under no circumstances do we accept liability
for any loss or damage which may result from your receipt of this email or
any attachment.


More information about the samba mailing list