[Samba] Workstation AD members failing DNS updates - and worse!

Mark Nienberg mnlists at tippingstructural.com
Wed Oct 5 17:21:07 UTC 2016 

On Fri, Sep 30, 2016 at 11:27 AM, Michael A Weber via samba <
samba at lists.samba.org> wrote:

> I have Samba 4.4.5, built from source on CentOS 6.8 using Bind 9.8.2 and
> configured in the last couple months.  It’s in place and functioning, but
> I’m having a few issues I’m trying to iron out.
>
> First, the workstations added to the AD domain are not able to make DNS
> updates if the IP address changes after the domain join.  However, at the
> time of the AD join, the DNS entries were created successfully.
>
> This, however, is now a secondary problem as I have a new, potentially
> larger issue that I cannot identify its cause and I believe needs to be
> addressed before we get workstations updating DNS entries.
>
> When I was configuring everything, I tested the DNS configuration and
> managed to iron out all the SELinux problems with samba_dnsupdate —verbose
> —all-names, and that did function correctly…
>
> …but now if I run it, it is failing.
>
> 27 updates it wants to perform, and all 27 fail with similar (this is
> sanitized):
>
> 27 DNS updates and 0 DNS deletes needed
> update(nsupdate): A addc.domain2.domain1.tld 192.168.237.21
> Calling nsupdate for A addc.domain2.domain1.tld 192.168.237.21 (add)
> Outgoing update query:
> ;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id:      0
> ;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0
> ;; UPDATE SECTION:
> addc.domain2.domain1.tld. 900 IN        A       192.168.237.21
>
> update failed: NOTAUTH
> Failed nsupdate: 2
>
> I’ve googled the NOTAUTH errors but cannot find anything particular to my
> system which may be the cause, I’ve gone back and verified all my
> configuration information is seemingly correct per the wiki pages, checked
> permissions on needed .keytab and .conf files, checked logs for any SELinux
> errors, and nothing.  I can’t figure out what I may have changed which made
> my working configuration stop working.
>
> So, I’d like to get this working first and then try to get the workstation
> DNS updates functioning, too.
>
> Any ideas?  I’m completely lost (or, looking at things for so many hours
> have glossed over my poor eyes and I just can’t see what is the problem).
>


You might try adding this to smb.conf at least for debugging. If it works
again then you can focus on the auth issues.
allow dns updates = nonsecure

More information about the samba mailing list