[Samba] Upgrading BIND DNS Backend
raghav at exzatechconsulting.com
Thu May 11 17:29:29 UTC 2017
Upgrade DNS worked properly as you can see below.
Reading domain information
DNS accounts already exist
No zone file /usr/local/samba/private/dns/EXZA.LOCAL.zone
# is this the culprit?
DNS records will be automatically created
DNS partitions already exist
dns-dc account already exists
See /usr/local/samba/private/named.conf for an example configuration
include file for BIND
and /usr/local/samba/private/named.txt for further documentation
required for secure DNS updates
My /etc/resolv.conf reads as below.
ping exza.local timesout, nslookup also times out. Whereas ping
dc.exza.local responds properly and points to 192.168.100.17
smb.conf is shown below.
# Global parameters
netbios name = DC
realm = EXZA.LOCAL
workgroup = EXZA
# dns forwarder = 192.168.100.1
server role = active directory domain controller
idmap_ldb:use rfc2307 = yes
server services = -dns
path = /usr/local/samba/var/locks/sysvol/exza.local/scripts
read only = No
path = /usr/local/samba/var/locks/sysvol
read only = No
Thanks & Regards,
eXzaTech Consulting And Services Pvt. Ltd.
Ph: +91-9538849179, E-mail: raghav at exzatechconsulting.com
<mailto:raghav at exzatechconsulting.com>
URL: http://www.exzatechconsulting.com <http://www.exzatechconsulting.com/>
This e-mail communication and any attachments may be privileged and
confidential to eXza Technology Consulting & Services, and are intended
only for the use of the recipients named above If you are not the
addressee you may not copy, forward, disclose or use any part of it. If
you have received this message in error, please delete it and all copies
from your system and notify the sender immediately by return e-mail.
Internet communications cannot be guaranteed to be timely, secure, error
or virus-free. The sender does not accept liability for any errors or
Do not print this e-mail unless required. Save Paper & trees.
On Thursday 11 May 2017 09:25 PM, Marc Muehlfeld wrote:
> Hi Anantha,
> Am 11.05.2017 um 17:28 schrieb Anantha Raghava via samba:
>> [root at dc ~]# samba_dnsupdate --verbose --all-names
>> Failed to get Kerberos credentials, falling back to samba-tool: kinit
>> for DC$@EXZA.LOCAL failed (Cannot contact any KDC for requested realm)
> > ...
> > How to fix this issue?
> Does this Samba DC use an AD DNS server in /etc/resolv.conf to resolve
> the AD zone? The KDC is located using DNS.
> Since your previous problem was SELinux related: Have you tested if
> DNS updates succeed if you temporarily switch to "permissive" mode?
More information about the samba