[Samba] Upgrading BIND DNS Backend

Anantha Raghava raghav at exzatechconsulting.com
Thu May 11 17:29:29 UTC 2017

Hello Marc,

Upgrade DNS worked properly as you can see below.


samba_upgradedns --dns-backend=BIND9_DLZ
Reading domain information
DNS accounts already exist
No zone file /usr/local/samba/private/dns/EXZA.LOCAL.zone             
         # is this the culprit?
DNS records will be automatically created
DNS partitions already exist
dns-dc account already exists
See /usr/local/samba/private/named.conf for an example configuration 
include file for BIND
and /usr/local/samba/private/named.txt for further documentation 
required for secure DNS updates


My /etc/resolv.conf reads as below.

domain exza.local

ping exza.local timesout, nslookup also times out. Whereas ping 
dc.exza.local responds properly and points to

smb.conf is shown below.


# Global parameters
         netbios name = DC
         realm = EXZA.LOCAL
         workgroup = EXZA
         # dns forwarder =
         server role = active directory domain controller
         idmap_ldb:use rfc2307 = yes
         server services = -dns

     path = /usr/local/samba/var/locks/sysvol/exza.local/scripts
         read only = No

         path = /usr/local/samba/var/locks/sysvol
         read only = No



Thanks & Regards,

Anantha Raghava

eXzaTech Consulting And Services Pvt. Ltd.

Ph: +91-9538849179, E-mail: raghav at exzatechconsulting.com 
<mailto:raghav at exzatechconsulting.com>

URL: http://www.exzatechconsulting.com <http://www.exzatechconsulting.com/>

This e-mail communication and any attachments may be privileged and 
confidential to eXza Technology Consulting & Services, and are intended 
only for the use of the recipients named above If you are not the 
addressee you may not copy, forward, disclose or use any part of it. If 
you have received this message in error, please delete it and all copies 
from your system and notify the sender immediately by return e-mail. 
Internet communications cannot be guaranteed to be timely, secure, error 
or virus-free. The sender does not accept liability for any errors or 

Do not print this e-mail unless required. Save Paper & trees.

On Thursday 11 May 2017 09:25 PM, Marc Muehlfeld wrote:
> Hi Anantha,
> Am 11.05.2017 um 17:28 schrieb Anantha Raghava via samba:
>> [root at dc ~]# samba_dnsupdate --verbose --all-names
>> ...
>> Failed to get Kerberos credentials, falling back to samba-tool: kinit 
>> for DC$@EXZA.LOCAL failed (Cannot contact any KDC for requested realm)
> > ...
> > How to fix this issue?
> Does this Samba DC use an AD DNS server in /etc/resolv.conf to resolve 
> the AD zone? The KDC is located using DNS.
> Since your previous problem was SELinux related: Have you tested if 
> DNS updates succeed if you temporarily switch to "permissive" mode?
> Regards,
> Marc

More information about the samba mailing list