[Samba] DNS forwarding not working.

durwin at mgtsciences.com durwin at mgtsciences.com
Fri Apr 26 19:35:45 UTC 2019 

> > I followed this url to set up Samba AD DC.
> > https://github.com/thctlo/samba4/blob/master/full-howto-Ubuntu18.
> 04-samba-AD_DC.txt
> > 
> > I do have it working.  I am testing with a Windows 10 VM as a member
> > of the domain.
> > The machine joins the domain.  Also, as administrator, I can create
> > and enforce
> > Group Policies. from this Windows machine.
> > 
> > I have a Fedora 29 server which serves DHCP and DNS (and DDNS).  This
> > all works.
> > When I installed Samba DC, I specified this DNS server as a
> > forwarder.
> 
> Is this dns server also authoritative for the same dns domain as the AD
> domain ?

 Yes, the Fedora29 server is authoritative.

> 
> > 
> > On the DC server (named dc0) I can enter command,
> > > dig other_machine_in_lan 
> > and get correct response.
> > If I enter this command,
> > > dig @localhost other_machine_in_lan 
> > It fails.  Dig from domain member of course also fails.
> > 
> > I know you may need more information to diagnose, but there are so
> > many files that could
> > be part of the problem I do not know which to send.
> > 
> 
> Lets start with the smb.conf from the DC, your DC's FQDN and ipaddress
> (sanitised if you have to) and the same for your Fedora dns server.
=== DC server smb.conf ===
Ubuntu18.04> less /etc/samba/smb.conf
# Global parameters
[global]
    netbios name = DC0
    realm = company.COM
    server role = active directory domain controller
    server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc, drepl, 
winbindd, ntp_signd, kcc, dnsupdate
    workgroup = company
    idmap_ldb:use rfc2307 = yes

[netlogon]
    path = /var/lib/samba/sysvol/company.com/scripts
    read only = No

[sysvol]
    path = /var/lib/samba/sysvol
    read only = No
=== END DC server smb.conf ===

DC FQDN - dc0.company.com (172.23.93.25)

Fedora server - zaphod.company.com (172.23.93.3)

Did you need more from the DNS server?


I am also getting this in logs.

Apr 26 13:22:57 samba[1393]: task[dnsupdate][1393]: [2019/04/26 
13:22:57.535803,  0] 
../lib/util/util_runcmd.c:327(samba_runcmd_io_handler)
Apr 26 13:22:57 samba[1393]: task[dnsupdate][1393]: 
/usr/sbin/samba_dnsupdate: ERROR(runtime): uncaught exception - (9711, 
'WERR_DNS_ERROR_RECORD_ALREADY_EXISTS')
Apr 26 13:22:57 samba[1393]: task[dnsupdate][1393]: [2019/04/26 
13:22:57.537622,  0] 
../lib/util/util_runcmd.c:327(samba_runcmd_io_handler)
Apr 26 13:22:57 samba[1393]: task[dnsupdate][1393]: 
/usr/sbin/samba_dnsupdate:   File 
"/usr/lib/python2.7/dist-packages/samba/netcmd/__init__.py", line 177, in 
_run
Apr 26 13:22:57 samba[1393]: task[dnsupdate][1393]: [2019/04/26 
13:22:57.537800,  0] 
../lib/util/util_runcmd.c:327(samba_runcmd_io_handler)
Apr 26 13:22:57 samba[1393]: task[dnsupdate][1393]: 
/usr/sbin/samba_dnsupdate:     return self.run(*args, **kwargs)
Apr 26 13:22:57 samba[1393]: task[dnsupdate][1393]: [2019/04/26 
13:22:57.537959,  0] 
../lib/util/util_runcmd.c:327(samba_runcmd_io_handler)
Apr 26 13:22:57 samba[1393]: task[dnsupdate][1393]: 
/usr/sbin/samba_dnsupdate:   File 
"/usr/lib/python2.7/dist-packages/samba/netcmd/dns.py", line 945, in run
Apr 26 13:22:57 samba[1393]: task[dnsupdate][1393]: [2019/04/26 
13:22:57.538110,  0] 
../lib/util/util_runcmd.c:327(samba_runcmd_io_handler)
Apr 26 13:22:57 samba[1393]: task[dnsupdate][1393]: 
/usr/sbin/samba_dnsupdate:     raise e
Apr 26 13:22:57 samba[1393]: task[dnsupdate][1393]: [2019/04/26 
13:22:57.547687,  0] 
../source4/dsdb/dns/dns_update.c:330(dnsupdate_nameupdate_done)
Apr 26 13:22:57 samba[1393]: task[dnsupdate][1393]: 
../source4/dsdb/dns/dns_update.c:330: Failed DNS update - with error code 
28


This email message and any attachments are for the sole use of the 
intended recipient(s) and may contain proprietary and/or confidential 
information which may be privileged or otherwise protected from 
disclosure. Any unauthorized review, use, disclosure or distribution is 
prohibited. If you are not the intended recipient(s), please contact the 
sender by reply email and destroy the original message and any copies of 
the message as well as any attachments to the original message.

More information about the samba mailing list