[Samba] Samba AD DC + external DHCP + BIND9_DLZ dynamic dns updates doesn't work for domain members.

Rowland Penny rpenny at samba.org
Tue Oct 16 17:52:11 UTC 2018


On Tue, 16 Oct 2018 19:37:21 +0200
"Zuzanna K. Filutowska via samba" <samba at lists.samba.org> wrote:

> W dniu wto, 16.10.2018 o godzinie 18∶25 +0100, użytkownik Rowland
> Penny via samba napisał:
> > On Tue, 16 Oct 2018 18:47:30 +0200
> > "Zuzanna K. Filutowska via samba" <samba at lists.samba.org> wrote:
> > 
> > > Dear All,
> > > 
> > > I have a setup with samba acting as active directory domain
> > > controller, DNS updates are done via bind DLZ. I have recompiled
> > > it to allow spnego. DHCP server is external, no changes in it are
> > > possible. Domain members try to register in the DNS, KDC is aware
> > > of them, however no DNS entries for them are created and BIND
> > > returns errors. Any hints are welcome since I really need it
> > > working. Thank you in advance.
> > > 
> > > samba log:
> > >   samba version 4.8.5 started.
> > >   Copyright Andrew Tridgell and the Samba Team 1992-2018
> > > [2018/10/16 18:29:56.934115,
> > > 0] ../source4/smbd/server.c:638(binary_smbd_main)
> > > binary_smbd_main: samba: using 'standard' process model
> > > [2018/10/16 18:29:57.251109,
> > > 0] ../lib/util/util_runcmd.c:327(samba_runcmd_io_handler) /usr/sbin/krb5kdc:
> > > krb5kdc: starting...
> > > 
> > 
> > Is this on a red-hat OS using MIT for Samba ?
> > If so, I suggest you recompile Samba to use Heimdal instead. There
> > are numerous limitations with using MIT, because of these, using
> > MIT is still considered experimental.
> 
> It is Fedora Server and it uses MIT, these are default packages that
> come with the system.
> 

I would suggest you file a bug on Fedora, whilst you can provision an
AD DC with the Fedora packages, there are several problems that make
them unsuitable in production (Computer GPO's not applying, for
instance) and it looks like you may possibly have found another problem.

Rowland



More information about the samba mailing list