[Samba] dns replication error due to deleted records

Luca Olivetti luca at wetron.es
Thu Oct 10 19:35:43 UTC 2019

El 10/10/19 a les 21:07, Rowland penny via samba ha escrit:

> It works in a similar way to how I update dns records and I have similar 
> records in AD and they replicate.

Oh, but they do. Until the replication chokes on those deleted records.
Never happened until September 25 (though I realized only today when a 
manually added host resolved erratically).

> Can you post your dhcpd.conf and smb.conf


========== dhcpd.conf
ddns-update-style none;
option domain-name "samba.wetron.es";
option domain-name-servers,;
option netbios-name-servers,;
option netbios-dd-server,;
option time-servers,;
option routers;
option wpad code 252 = text;
option wpad "http://wpad/proxy.pac\n";
option subnet-mask;

default-lease-time 86400; #un día
max-lease-time 86400; #un día


log-facility local7;

subnet netmask {

   on commit {
     set noname = concat("dhcp-", binary-to-ascii(10, 8, "-", 
     set ClientIP = binary-to-ascii(10, 8, ".", leased-address);
     set ClientName = pick-first-value(option host-name, host-decl-name, 
config-option host-name, noname);
     execute("/etc/dhcp/update.sh", "add", ClientIP, ClientName);

   on release {
     #ClientIP y ClientName estan asociado al lease
     execute("/etc/dhcp/update.sh", "delete", ClientIP, ClientName);

     on expiry {
     #ClientIP y ClientName estan asociado al lease
     execute("/etc/dhcp/update.sh", "delete", ClientIP, ClientName);


===== smb.conf (the other dc is the same, apart from the name)

# Global parameters
         workgroup = WETRON
         realm = SAMBA.WETRON.ES
         netbios name = DC1
         server role = active directory domain controller
         idmap_ldb:use rfc2307 = yes

         tls enabled = yes
         tls keyfile = /var/lib/samba/private/tls/dc1.samba.wetron.es.key
         tls certfile = /var/lib/samba/private/tls/dc1.samba.wetron.es.crt
         tls cafile = /var/lib/samba/private/tls/wetron.crt

         dns forwarder =
         # todos estos parametros no sirven en el DC, que solo mira
         # idmap_ldp:use rfc2307
         #dedicated  keytab file = /etc/krb5.keytab
         #kerberos method = secrets and keytab
         #idmap config *:backend = tdb
         #idmap config *:range = 60001-69999
         #idmap config WETRON:backend = ad
         #idmap config WETRON:schema_mode = rfc2307
         #idmap config WETRON:range = 490-60000
         #idmap config WETRON:default = yes

         #winbind nss info = rfc2307
         #winbind trusted domains only = no
         #winbind use default domain = yes

         # enum users/group parece que funciona

         winbind enum users = yes
         winbind enum groups = yes

         template homedir = /net/storage01/mnt/pool1/usuarios/%U
         template shell = /bin/false

         printing = bsd
         printcap name = /dev/null
         disable spoolss = yes

         ldap server require strong auth = allow_sasl_over_tls

         allow insecure wide links = yes

         # para radius - a partir de 4.7 se puede cambiar el yes por
         # mschapv2-and-ntlmv2-only

         ntlm auth = yes

         path = /var/lib/samba/sysvol/samba.wetron.es/scripts
         read only = No

         path = /var/lib/samba/sysvol
         read only = No
         wide links = Yes

Luca Olivetti
Wetron Automation Technology http://www.wetron.es/
Tel. +34 93 5883004 (Ext.3010)  Fax +34 93 5883007

More information about the samba mailing list