[Samba] Problems setting up samba bind9_dlz on Ubuntu 18.04

David Masshardt david at masshardt.ch
Sun Nov 24 12:36:22 UTC 2019 

Hi,

I hope someone can help me with the following problem. I followed the following guides to setup samba as an additional active directory server to my windows server with bind9 dns:

https://www.tecmint.com/join-additio...r-replication/<https://www.tecmint.com/join-additional-ubuntu-dc-to-samba4-ad-dc-failover-replication/>
https://wiki.samba.org/index.php/BIN...roubleshooting<https://wiki.samba.org/index.php/BIND9_DLZ_DNS_Back_End#Troubleshooting>

The active directory replication works, but the dns replication does not. When I'm running "samba_dnsupdate --all-names" I get the following output:

; TSIG error with server: tsig verify failure
; TSIG error with server: tsig verify failure
update failed: REFUSED
; TSIG error with server: tsig verify failure
update failed: REFUSED
; TSIG error with server: tsig verify failure
; TSIG error with server: tsig verify failure
; TSIG error with server: tsig verify failure
; TSIG error with server: tsig verify failure
; TSIG error with server: tsig verify failure
; TSIG error with server: tsig verify failure
; TSIG error with server: tsig verify failure
; TSIG error with server: tsig verify failure
; TSIG error with server: tsig verify failure
; TSIG error with server: tsig verify failure
; TSIG error with server: tsig verify failure
; TSIG error with server: tsig verify failure
; TSIG error with server: tsig verify failure
; TSIG error with server: tsig verify failure
; TSIG error with server: tsig verify failure
; TSIG error with server: tsig verify failure
Failed update of 19 entries

Here is a list of versions:

Ubuntu: 18.04
Samba: 4.7.6-Ubuntu
bind9: 9.11.3-1ubuntu1.11-Ubuntu

And this is my smb.conf:

[global]
netbios name = DC01
realm = DOMAIN.COM
server role = active directory domain controller
workgroup = DOMAIN.COM
dns forwarder = 172.17.1.1
idmap_ldb:use rfc2307 = yes

template shell = /bin/bash
winbind use default domain = true
winbind offline logon = false
winbind nss info = rfc2307
winbind enum users = yes
winbind enum groups = yes
server services = -dns

[netlogon]
path = /var/lib/samba/sysvol/domain.com/scripts
read only = No

[sysvol]
path = /var/lib/samba/sysvol
read only = No

I'm not really sure if samba is even using bind9. I've enabled the logging of bind9, but I cannot see any logs when running the dns update.

Did I miss a step to activate the bind9 module?

More information about the samba mailing list