[Samba] Order of Dcs resolv.conf
Rowland Penny
rpenny at samba.org
Tue Apr 10 13:32:51 UTC 2018
On Tue, 10 Apr 2018 10:13:05 -0300
Carlos via samba <samba at lists.samba.org> wrote:
> Hi!
> I have a question about order in dcs is /etc/resolv.conf , my
> configuration:
>
> DC01:
> /etc/resolv.conf
>
> IP DC02
> IP DC01
>
> DC02
> /etc/resolv.conf
>
> IP DC01
> IP DC02
>
> https://wiki.samba.org/index.php/Joining_a_Samba_DC_to_an_Existing_Active_Directory#DNS_Configuration_on_Domain_Controllers
>
> ---
>
>
> However this setting causes the error:
>
>
> samba_dnsupdate --verbose --all-names
>
> dns_tkey_negotiategss: TKEY is unacceptable
> Failed nsupdate: 1
> Failed update of 28 entries
If the first IP in /etc/resolv.conf isn't the DCs own, samba_dnsupdate
will connect to the other DC and use its kerberos key and,
surprise,surprise, it doesn't work. The wiki page was written to
prevent 'islanding', the only problem with that is, you don't get
'islanding' on an AD DC.
>
> If you change to
> DC01
> IP DC01
> IP DC02
>
> DC02
> IP DC02
> IP DC01
>
> Problem does not exist.
>
And there is the proof ;-)
> What would be the correct one?
The second one, I will amend the wiki page.
Rowland
More information about the samba
mailing list