[Samba] Samba AD DC + external DHCP + BIND9_DLZ dynamic dns updates doesn't work for domain members.

Rowland Penny rpenny at samba.org
Tue Oct 16 18:55:51 UTC 2018 

On Tue, 16 Oct 2018 20:45:04 +0200
"Zuzanna K. Filutowska via samba" <samba at lists.samba.org> wrote:

> W dniu wto, 16.10.2018 o godzinie 18∶52 +0100, użytkownik Rowland
> Penny via samba napisał:
> > On Tue, 16 Oct 2018 19:37:21 +0200
> > "Zuzanna K. Filutowska via samba" <samba at lists.samba.org> wrote:
> > 
> > > W dniu wto, 16.10.2018 o godzinie 18∶25 +0100, użytkownik Rowland
> > > Penny via samba napisał:
> > > > On Tue, 16 Oct 2018 18:47:30 +0200
> > > > "Zuzanna K. Filutowska via samba" <samba at lists.samba.org> wrote:
> > > > 
> > > > > Dear All,
> > > > > 
> > > > > I have a setup with samba acting as active directory domain
> > > > > controller, DNS updates are done via bind DLZ. I have
> > > > > recompiled it to allow spnego. DHCP server is external, no
> > > > > changes in it are possible. Domain members try to register in
> > > > > the DNS, KDC is aware of them, however no DNS entries for
> > > > > them are created and BIND returns errors. Any hints are
> > > > > welcome since I really need it working. Thank you in advance.
> > > > > 
> > > > > samba log:
> > > > >   samba version 4.8.5 started.
> > > > >   Copyright Andrew Tridgell and the Samba Team 1992-2018
> > > > > [2018/10/16 18:29:56.934115,
> > > > > 0] ../source4/smbd/server.c:638(binary_smbd_main)
> > > > > binary_smbd_main: samba: using 'standard' process model
> > > > > [2018/10/16 18:29:57.251109,
> > > > > 0] ../lib/util/util_runcmd.c:327(samba_runcmd_io_handler)
> > > > > /usr/sbin/krb5kdc:
> > > > > krb5kdc: starting...
> > > > > 
> > > > 
> > > > Is this on a red-hat OS using MIT for Samba ?
> > > > If so, I suggest you recompile Samba to use Heimdal instead.
> > > > There are numerous limitations with using MIT, because of
> > > > these, using MIT is still considered experimental.
> > > 
> > > It is Fedora Server and it uses MIT, these are default packages
> > > that come with the system.
> > > 
> > 
> > I would suggest you file a bug on Fedora, whilst you can provision
> > an AD DC with the Fedora packages, there are several problems that
> > make them unsuitable in production (Computer GPO's not applying, for
> > instance) and it looks like you may possibly have found another
> > problem.
> 
> I am now trying to use SAMBA INTERNAL but dns dynamic updates doesn't
> work either. No errors in logs. It was annoying, now is
> depressing. :->
> 
> Do you have any good howto at hand to migrate to heimdal kerberos?
> 

Either compile Samba on Fedora and join this to your original DC or use
a different OS that comes with Heimdal Samba packages.

There is always the Samba wiki:

https://wiki.samba.org/index.php/Main_Page

Rowland

More information about the samba mailing list