[Samba] Changing the IP Address of a Samba AD DC doesn't work - samba_dnsupdate crashes

Garming Sam garming at catalyst.net.nz
Mon Jun 12 23:32:51 UTC 2017 

Hi,

It seems like hardcoding the new address in your /etc/krb5.conf might
work. Upgrading should make this more reliable, but a conf change might
be all you need for now.


Cheers,

Garming


On 12/06/17 22:32, Julian Timm via samba wrote:
> Hello!
>
> I've followed your tutorial to change the IP Address of our Samba AD DC: 
> https://wiki.samba.org/index.php/Changing_the_IP_Address_of_a_Samba_AD_DC
>
> But the samba_dnsupdate tool always crashes with this output:
>
> samba_dnsupdate --verbose
> Unknown parameter encountered: "ks"
> Ignoring unknown parameter "ks"
> IPs: ['192.168.68.201']
> Looking for DNS entry A mydomain.lan 192.168.68.201 as mydomain.lan.
> Failed to find matching DNS entry A mydomain.lan 192.168.68.201
> Looking for DNS entry A PDC.mydomain.lan 192.168.68.201 as PDC.mydomain.lan.
> Failed to find matching DNS entry A PDC.mydomain.lan 192.168.68.201
> Looking for DNS entry A gc._msdcs.mydomain.lan 192.168.68.201 as gc._msdcs.mydomain.lan.
> Failed to find matching DNS entry A gc._msdcs.mydomain.lan 192.168.68.201
> Looking for DNS entry CNAME 43bd4564-2ae5-4e61-a5ee-f1c2e80e9c37._msdcs.mydomain.lan PDC.mydomain.lan as 43bd4564-2ae5-4e61-a5ee-f1c2e80e9c37._msdcs.mydomain.lan.
> Looking for DNS entry SRV _kpasswd._tcp.mydomain.lan PDC.mydomain.lan 464 as _kpasswd._tcp.mydomain.lan.
> Checking 0 100 464 PDC.mydomain.lan. against SRV _kpasswd._tcp.mydomain.lan PDC.mydomain.lan 464
> Looking for DNS entry SRV _kpasswd._udp.mydomain.lan PDC.mydomain.lan 464 as _kpasswd._udp.mydomain.lan.
> Checking 0 100 464 PDC.mydomain.lan. against SRV _kpasswd._udp.mydomain.lan PDC.mydomain.lan 464
> Looking for DNS entry SRV _kerberos._tcp.mydomain.lan PDC.mydomain.lan 88 as _kerberos._tcp.mydomain.lan.
> Checking 0 100 88 PDC.mydomain.lan. against SRV _kerberos._tcp.mydomain.lan PDC.mydomain.lan 88
> Looking for DNS entry SRV _kerberos._tcp.dc._msdcs.mydomain.lan PDC.mydomain.lan 88 as _kerberos._tcp.dc._msdcs.mydomain.lan.
> Checking 0 100 88 PDC.mydomain.lan. against SRV _kerberos._tcp.dc._msdcs.mydomain.lan PDC.mydomain.lan 88
> Looking for DNS entry SRV _kerberos._tcp.Default-First-Site-Name._sites.mydomain.lan PDC.mydomain.lan 88 as _kerberos._tcp.Default-First-Site-Name._sites.mydomain.lan.
> Checking 0 100 88 PDC.mydomain.lan. against SRV _kerberos._tcp.Default-First-Site-Name._sites.mydomain.lan PDC.mydomain.lan 88
> Looking for DNS entry SRV _kerberos._tcp.Default-First-Site-Name._sites.dc._msdcs.mydomain.lan PDC.mydomain.lan 88 as _kerberos._tcp.Default-First-Site-Name._sites.dc._msdcs.mydomain.lan.
> Checking 0 100 88 PDC.mydomain.lan. against SRV _kerberos._tcp.Default-First-Site-Name._sites.dc._msdcs.mydomain.lan PDC.mydomain.lan 88
> Looking for DNS entry SRV _kerberos._udp.mydomain.lan PDC.mydomain.lan 88 as _kerberos._udp.mydomain.lan.
> Checking 0 100 88 PDC.mydomain.lan. against SRV _kerberos._udp.mydomain.lan PDC.mydomain.lan 88
> Looking for DNS entry SRV _ldap._tcp.mydomain.lan PDC.mydomain.lan 389 as _ldap._tcp.mydomain.lan.
> Checking 0 100 389 PDC.mydomain.lan. against SRV _ldap._tcp.mydomain.lan PDC.mydomain.lan 389
> Looking for DNS entry SRV _ldap._tcp.dc._msdcs.mydomain.lan PDC.mydomain.lan 389 as _ldap._tcp.dc._msdcs.mydomain.lan.
> Checking 0 100 389 PDC.mydomain.lan. against SRV _ldap._tcp.dc._msdcs.mydomain.lan PDC.mydomain.lan 389
> Looking for DNS entry SRV _ldap._tcp.gc._msdcs.mydomain.lan PDC.mydomain.lan 3268 as _ldap._tcp.gc._msdcs.mydomain.lan.
> Checking 0 100 3268 PDC.mydomain.lan. against SRV _ldap._tcp.gc._msdcs.mydomain.lan PDC.mydomain.lan 3268
> Looking for DNS entry SRV _ldap._tcp.pdc._msdcs.mydomain.lan PDC.mydomain.lan 389 as _ldap._tcp.pdc._msdcs.mydomain.lan.
> Checking 0 100 389 PDC.mydomain.lan. against SRV _ldap._tcp.pdc._msdcs.mydomain.lan PDC.mydomain.lan 389
> Looking for DNS entry SRV _ldap._tcp.Default-First-Site-Name._sites.mydomain.lan PDC.mydomain.lan 389 as _ldap._tcp.Default-First-Site-Name._sites.mydomain.lan.
> Checking 0 100 389 PDC.mydomain.lan. against SRV _ldap._tcp.Default-First-Site-Name._sites.mydomain.lan PDC.mydomain.lan 389
> Looking for DNS entry SRV _ldap._tcp.Default-First-Site-Name._sites.dc._msdcs.mydomain.lan PDC.mydomain.lan 389 as _ldap._tcp.Default-First-Site-Name._sites.dc._msdcs.mydomain.lan.
> Checking 0 100 389 PDC.mydomain.lan. against SRV _ldap._tcp.Default-First-Site-Name._sites.dc._msdcs.mydomain.lan PDC.mydomain.lan 389
> Looking for DNS entry SRV _ldap._tcp.Default-First-Site-Name._sites.gc._msdcs.mydomain.lan PDC.mydomain.lan 3268 as _ldap._tcp.Default-First-Site-Name._sites.gc._msdcs.mydomain.lan.
> Checking 0 100 3268 PDC.mydomain.lan. against SRV _ldap._tcp.Default-First-Site-Name._sites.gc._msdcs.mydomain.lan PDC.mydomain.lan 3268
> Looking for DNS entry SRV _ldap._tcp.61911020-60b6-42e6-8e50-6addd34584df.domains._msdcs.mydomain.lan PDC.mydomain.lan 389 as _ldap._tcp.61911020-60b6-42e6-8e50-6addd34584df.domains._msdcs.mydomain.lan.
> Checking 0 100 389 PDC.mydomain.lan. against SRV _ldap._tcp.61911020-60b6-42e6-8e50-6addd34584df.domains._msdcs.mydomain.lan PDC.mydomain.lan 389
> Looking for DNS entry SRV _gc._tcp.mydomain.lan PDC.mydomain.lan 3268 as _gc._tcp.mydomain.lan.
> Checking 0 100 3268 PDC.mydomain.lan. against SRV _gc._tcp.mydomain.lan PDC.mydomain.lan 3268
> Looking for DNS entry SRV _gc._tcp.Default-First-Site-Name._sites.mydomain.lan PDC.mydomain.lan 3268 as _gc._tcp.Default-First-Site-Name._sites.mydomain.lan.
> Checking 0 100 3268 PDC.mydomain.lan. against SRV _gc._tcp.Default-First-Site-Name._sites.mydomain.lan PDC.mydomain.lan 3268
> Looking for DNS entry A mydomain.lan 192.168.18.201 as mydomain.lan.
> Looking for DNS entry A PDC.mydomain.lan 192.168.18.201 as PDC.mydomain.lan.
> Looking for DNS entry A gc._msdcs.mydomain.lan 192.168.18.201 as gc._msdcs.mydomain.lan.
> Traceback (most recent call last):
>   File "/usr/sbin/samba_dnsupdate", line 621, in <module>
>     get_credentials(lp)
>   File "/usr/sbin/samba_dnsupdate", line 125, in get_credentials
>     raise e
> RuntimeError: kinit for PDC$@mydomain.LAN failed (Cannot contact any KDC for requested realm)
>
> -> Old IP: 192.168.18.201
> -> New IP: 192.168.18.201
>
> Kinit failed because it still uses the old address.
>
> We are using Ubuntu 14.04.5 with Samba 4.3.11.
>
> How can i fix this problem?
>
> Thanks for help!
>
> Julian
>

More information about the samba mailing list