[Samba] after DCs migration to 4.7, two things

[lists]

Hi Marc,

Thanks for your reply!

> Check if your dynamic DNS works. For details and troubleshooting, see:
> https://wiki.samba.org/index.php/Testing_Dynamic_DNS_Updates

I'm not sure about the "--all-names" option, but the regular 
"samba_dnsupdate --verbose" updated all dns records for all DCs shortly 
after I joined them.

The problematic dns records here are workstations, trying to add a 
dynamic dns record.

I took a look with the Microsoft DNS tool, and noticed that the current 
workstation dns records are listed with timestamp 'static'. As I come 
from samba 4.5 with internal dns, perhaps this is the way samba adds them..?

So I removed both A/AAAA for the p002507 dns entry, and ran on the 
windows p002507 workstation: "ipconfig /registerdns"
suddenly it worked: A new dns record appeared, now with timestamp 
"7-11-2017 20:00:00", both A and AAAA records. And they are renewed 
every hour, I noticed.

As I don't think we require dns of our domain clients, I am now thinking 
to simply delete all regular workstation "static" dns records, to allow 
them to be be recreated automatically using bind9_dlz.

This seems kind of drastic... Would doing this have unforeseen 
side-effects I should take into consideration?

And anyone on my second issue, on
> [2017/11/07 18:23:25.114429,  1] ../source4/auth/gensec/gensec_gssapi.c:790(gensec_gssapi_update_internal)
>   GSS server Update(krb5)(1) Update failed:  Miscellaneous failure (see text): Failed to find DC4$@SAMBA.COMPANY.COM(kvno 1) in keytab FILE:/var/lib/samba/private/secrets.keytab (arcfour-hmac-md5)
> [2017/11/07 18:23:25.114456,  1] ../auth/gensec/spnego.c:411(gensec_spnego_parse_negTokenInit)
>   SPNEGO(gssapi_krb5) NEG_TOKEN_INIT failed: NT_STATUS_LOGON_FAILURE 

That one worries me a bit more than the DNS thing...

Have a nice evening everyone!

MJ