[Samba] AD RODC not being used because of missing DNS entries?
Rowland Penny
rpenny at samba.org
Fri Oct 19 21:03:10 UTC 2018
On Fri, 19 Oct 2018 22:09:27 +0200 (CEST)
tomict via samba <samba at lists.samba.org> wrote:
> Hi All,
>
> Is it correct that my RODC domain controller (DC2.ad.example.nl) has
> only one entry in the (internal) DNS on domain controller DC1? It
> seems to me that because of missing dns entries it is not used by
> clients in the ad domain
>
> I recently installed a second Domain Controller (DC2) along the
> smooth running first domain controller DC1. Samba version 4.8.5,
> Centos 7 Linux, further config files below.
>
> The command used to join the DC2 as RODC:
> # samba-tool domain join ad.example.nl RODC -U
> "ad.example.nl\Administrator" (see
> https://wiki.samba.org/index.php/Join_a_domain_as_a_RODC) This seemed
> to run OK, DC2 was joined to the domain.
>
> Before I restarted the samba-ad service, I set the uidNumber of DC2
> because I use idmap backend = ad on the other domain members.
>
> Machine and user accounts are replicated to DC2.
> The A record entry for DC2.ad.example was added to the dns on DC1,
> but nothing more.
>
> I see no entries voor ldap, kerberos etc. For example:
> # host -t SRV _ldap._tcp.dc._msdcs.ad.example.nl
> returns:
> _ldap._tcp.dc._msdcs.ad.example.nl has SRV record 0 100 389
> DC1.ad.example.nl.
>
> and
> # host ad.example.nl
> returns:
> ad.example.nl has address 192.168.223.100
> which is the address of DC1. I thought it should also return a second
> ip address for DC2.
>
> in the /var/log/samba/log.samba I see truckloads of this:
> [2018/10/19 21:51:05.039345,
> 0] ../source4/dsdb/dns/dns_update.c:330(dnsupdate_nameupdate_done) ../source4/dsdb/dns/dns_update.c:330:
> Failed DNS update - with error code 4
>
>
> Should I add the records manually? Should they have been added when I
> joined the RODC to the domain? Or am I wrong about something else
> (very likely)?
>
Never ran an RODC (yet), but this all sounds like the problems that
used to occur when joining a second DC, try reading this:
https://wiki.samba.org/index.php/Verifying_and_Creating_a_DC_DNS_Record
You could try restarting Samba, there is a script 'samba_dnsupdate',
which uses a file 'dns_update list' to create missing dns entries. The
script is run at start up.
Rowland
More information about the samba
mailing list