[Samba] samba 4.8.3 with BIND dynamic dns update failed
kacper.wirski at gmail.com
Mon Jul 30 19:01:25 UTC 2018
I ran today into new issue.
My setup is 2 DC's with samba 4.8.3 with BIND as dns, with secure dns
Everything is working pretty fine, except that today one of the recently
added machines was first unable to update, then unable to update it's
own entry. In bind log I see that update is refused.
Account that was failing with update was earlier - a couple of times
actually - added and removed from domain and I'm pretty certain that
this is the reason for the failure, but I couldn't "clean it up".
I removed machine from AD, deleted account from AD, restarted samba and
bind, added machine once again with the same name.
I did wbinfo -i <machine name> on both DC's and it seems fine. Overall
GPO's were being applied correctly, except for the secure DNS update.
Probably that's something easy to fix, right now I simply changed
machine name and added it again to AD - and as expected everything works
I suspect that "something " for whatever reason remembers previous AD
entry for this machine and there is some key-mismatch during secure
update (like different kvno is expected). Before I dig too deep into
this, I guess that someone has already had to come across this issue and
found a solution?
More information about the samba