[Samba] after DCs migration to 4.7, two things
lists
lists at merit.unu.edu
Tue Nov 7 20:07:21 UTC 2017
Hi Marc,
Thanks for your reply!
> Check if your dynamic DNS works. For details and troubleshooting, see:
> https://wiki.samba.org/index.php/Testing_Dynamic_DNS_Updates
I'm not sure about the "--all-names" option, but the regular
"samba_dnsupdate --verbose" updated all dns records for all DCs shortly
after I joined them.
The problematic dns records here are workstations, trying to add a
dynamic dns record.
I took a look with the Microsoft DNS tool, and noticed that the current
workstation dns records are listed with timestamp 'static'. As I come
from samba 4.5 with internal dns, perhaps this is the way samba adds them..?
So I removed both A/AAAA for the p002507 dns entry, and ran on the
windows p002507 workstation: "ipconfig /registerdns"
suddenly it worked: A new dns record appeared, now with timestamp
"7-11-2017 20:00:00", both A and AAAA records. And they are renewed
every hour, I noticed.
As I don't think we require dns of our domain clients, I am now thinking
to simply delete all regular workstation "static" dns records, to allow
them to be be recreated automatically using bind9_dlz.
This seems kind of drastic... Would doing this have unforeseen
side-effects I should take into consideration?
And anyone on my second issue, on
> [2017/11/07 18:23:25.114429, 1] ../source4/auth/gensec/gensec_gssapi.c:790(gensec_gssapi_update_internal)
> GSS server Update(krb5)(1) Update failed: Miscellaneous failure (see text): Failed to find DC4$@SAMBA.COMPANY.COM(kvno 1) in keytab FILE:/var/lib/samba/private/secrets.keytab (arcfour-hmac-md5)
> [2017/11/07 18:23:25.114456, 1] ../auth/gensec/spnego.c:411(gensec_spnego_parse_negTokenInit)
> SPNEGO(gssapi_krb5) NEG_TOKEN_INIT failed: NT_STATUS_LOGON_FAILURE
That one worries me a bit more than the DNS thing...
Have a nice evening everyone!
MJ
More information about the samba
mailing list