[Samba] AD bind DNS broken after 4.7.3 -> 4.9.2 upgrade

Rowland Penny rpenny at samba.org
Mon Dec 31 16:29:12 UTC 2018

On Mon, 31 Dec 2018 16:15:41 +0100
Král Gergely via samba <samba at lists.samba.org> wrote:

> Hi,
> I have been running a Samba AD PDC with BIND9_DLZ on a Debian system
> for a year now without problems, and in the hope for ability to
> create AD backups I upgraded the samba packages (along with other
> packages with minor updates).
> Everything seemed OK during the upgrade, all processes restarted, but 
> soon after I found that PAM refuses to authenticate AD usernames. By 
> checking the samba logs I see weird messages constantly complaining 
> about dnsupdate errors.
> Since I read before that there were some database changes in 4.8, I
> ran "samba-tool dbcheck" with no errors. Bind9 logs look OK, but it
> refuses Windows workstations to update IP records, and I cannot get
> any domain names resolved in the samba domain zone. Bind resolves
> names in other zone OK.
> Can anyone give me a hint where to look for the cause of this by 
> checking the logs below, so I could the get the AD up running again? 
> Please let me know if I can provide any more information that may be 
> relevant.
> Thanks,
> Gergely Kral

OK, downgrade again, this is the third report about this problem in
about 10 days, see here:




More information about the samba mailing list