[Samba] Trouble joining DC Bind9_DLZ

Tue Sep 3 10:25:21 UTC 2019

Hi,

 samba_dnsupdate --verbose --all-names
IPs: ['192.168.1.20']
force update: A samba4-dc1.empresa.com.br 192.168.1.20
force update: NS empresa.com.br samba4-dc1.empresa.com.br
force update: NS _msdcs.empresa.com.br samba4-dc1.empresa.com.br
force update: A empresa.com.br 192.168.1.20
force update: SRV _ldap._tcp.empresa.com.br samba4-dc1.empresa.com.br 389
force update: SRV _ldap._tcp.dc._msdcs.empresa.com.br
samba4-dc1.empresa.com.br 389
force update: SRV _ldap._tcp.db942639-cd54-4ef2-b31e-2dedf9f745fe.domains._
msdcs.empresa.com.br samba4-dc1.empresa.com.br 389
force update: SRV _kerberos._tcp.empresa.com.br samba4-dc1.empresa.com.br 88
force update: SRV _kerberos._udp.empresa.com.br samba4-dc1.empresa.com.br 88
force update: SRV _kerberos._tcp.dc._msdcs.empresa.com.br
samba4-dc1.empresa.com.br 88
force update: SRV _kpasswd._tcp.empresa.com.br samba4-dc1.empresa.com.br 464
force update: SRV _kpasswd._udp.empresa.com.br samba4-dc1.empresa.com.br 464
force update: CNAME a1ab021c-0ef7-4fd3-a69d-28afc7c1260a._
msdcs.empresa.com.br samba4-dc1.empresa.com.br
force update: SRV _ldap._tcp.Default-First-Site-Name._sites.empresa.com.br
samba4-dc1.empresa.com.br 389
force update: SRV _ldap._tcp.Default-First-Site-Name._sites.dc._
msdcs.empresa.com.br samba4-dc1.empresa.com.br 389
force update: SRV _kerberos._tcp.Default-First-Site-Name._
sites.empresa.com.br samba4-dc1.empresa.com.br 88
force update: SRV _kerberos._tcp.Default-First-Site-Name._sites.dc._
msdcs.empresa.com.br samba4-dc1.empresa.com.br 88
force update: SRV _ldap._tcp.pdc._msdcs.empresa.com.br
samba4-dc1.empresa.com.br 389
force update: A gc._msdcs.empresa.com.br 192.168.1.20
force update: SRV _gc._tcp.empresa.com.br samba4-dc1.empresa.com.br 3268
force update: SRV _ldap._tcp.gc._msdcs.empresa.com.br
samba4-dc1.empresa.com.br 3268
force update: SRV _gc._tcp.Default-First-Site-Name._sites.empresa.com.br
samba4-dc1.empresa.com.br 3268
force update: SRV _ldap._tcp.Default-First-Site-Name._sites.gc._
msdcs.empresa.com.br samba4-dc1.empresa.com.br 3268
force update: A DomainDnsZones.empresa.com.br 192.168.1.20
force update: SRV _ldap._tcp.DomainDnsZones.empresa.com.br
samba4-dc1.empresa.com.br 389
force update: SRV _ldap._tcp.Default-First-Site-Name._
sites.DomainDnsZones.empresa.com.br samba4-dc1.empresa.com.br 389
force update: A ForestDnsZones.empresa.com.br 192.168.1.20
force update: SRV _ldap._tcp.ForestDnsZones.empresa.com.br
samba4-dc1.empresa.com.br 389
force update: SRV _ldap._tcp.Default-First-Site-Name._
sites.ForestDnsZones.empresa.com.br samba4-dc1.empresa.com.br 389
29 DNS updates and 0 DNS deletes needed
Successfully obtained Kerberos ticket to DNS/samba4-dc1.empresa.com.br as
SAMBA4-DC1$
update(nsupdate): A samba4-dc1.empresa.com.br 192.168.1.20
Calling nsupdate for A samba4-dc1.empresa.com.br 192.168.1.20 (add)
Successfully obtained Kerberos ticket to DNS/samba4-dc1.empresa.com.br as
SAMBA4-DC1$
Outgoing update query:
;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id:      0
;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0
;; UPDATE SECTION:
samba4-dc1.empresa.com.br. 900 IN  A       192.168.1.20

dns_tkey_negotiategss: TKEY is unacceptable
Failed nsupdate: 1
update(nsupdate): NS empresa.com.br samba4-dc1.empresa.com.br
Calling nsupdate for NS empresa.com.br samba4-dc1.empresa.com.br (add)
Successfully obtained Kerberos ticket to DNS/samba4-dc1.empresa.com.br as
SAMBA4-DC1$
Outgoing update query:
;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id:      0
;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0
;; UPDATE SECTION:
empresa.com.br.       900     IN      NS      samba4-dc1.empresa.com.br.

dns_tkey_negotiategss: TKEY is unacceptable
Failed nsupdate: 1
update(nsupdate): NS _msdcs.empresa.com.br samba4-dc1.empresa.com.br
Calling nsupdate for NS _msdcs.empresa.com.br samba4-dc1.empresa.com.br
(add)
Successfully obtained Kerberos ticket to DNS/samba4-dc1.empresa.com.br as
SAMBA4-DC1$
Outgoing update query:
;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id:      0
;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0
;; UPDATE SECTION:
_msdcs.empresa.com.br. 900    IN      NS      samba4-dc1.empresa.com.br.

dns_tkey_negotiategss: TKEY is unacceptable
Failed nsupdate: 1
update(nsupdate): A empresa.com.br 192.168.1.20
Calling nsupdate for A empresa.com.br 192.168.1.20 (add)
Successfully obtained Kerberos ticket to DNS/samba4-dc1.empresa.com.br as
SAMBA4-DC1$
Outgoing update query:
;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id:      0
;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0
;; UPDATE SECTION:
empresa.com.br.       900     IN      A       192.168.1.20

dns_tkey_negotiategss: TKEY is unacceptable
Failed nsupdate: 1
update(nsupdate): SRV _ldap._tcp.empresa.com.br samba4-dc1.empresa.com.br
389
Calling nsupdate for SRV _ldap._tcp.empresa.com.br samba4-dc1.empresa.com.br
389 (add)
Successfully obtained Kerberos ticket to DNS/samba4-dc1.empresa.com.br as
SAMBA4-DC1$
Outgoing update query:
;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id:      0
;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0
;; UPDATE SECTION:
_ldap._tcp.empresa.com.br. 900 IN     SRV     0 100 389
samba4-dc1.empresa.com.br.

dns_tkey_negotiategss: TKEY is unacceptable
Failed nsupdate: 1
update(nsupdate): SRV _ldap._tcp.dc._msdcs.empresa.com.br
samba4-dc1.empresa.com.br 389
Calling nsupdate for SRV _ldap._tcp.dc._msdcs.empresa.com.br
samba4-dc1.empresa.com.br 389 (add)
Successfully obtained Kerberos ticket to DNS/samba4-dc1.empresa.com.br as
SAMBA4-DC1$
Outgoing update query:
;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id:      0
;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0
;; UPDATE SECTION:
_ldap._tcp.dc._msdcs.empresa.com.br. 900 IN SRV 0 100 389
samba4-dc1.empresa.com.br.

dns_tkey_negotiategss: TKEY is unacceptable
Failed nsupdate: 1
update(nsupdate): SRV
_ldap._tcp.db942639-cd54-4ef2-b31e-2dedf9f745fe.domains._
msdcs.empresa.com.br samba4-dc1.empresa.com.br 389
Calling nsupdate for SRV
_ldap._tcp.db942639-cd54-4ef2-b31e-2dedf9f745fe.domains._
msdcs.empresa.com.br samba4-dc1.empresa.com.br 389 (add)
Successfully obtained Kerberos ticket to DNS/samba4-dc1.empresa.com.br as
SAMBA4-DC1$
Outgoing update query:
;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id:      0
;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0
;; UPDATE SECTION:
_ldap._tcp.db942639-cd54-4ef2-b31e-2dedf9f745fe.domains._
msdcs.empresa.com.br. 900 IN SRV 0 100 389 samba4-dc1.empresa.com.br.

dns_tkey_negotiategss: TKEY is unacceptable
Failed nsupdate: 1
update(nsupdate): SRV _kerberos._tcp.empresa.com.br
samba4-dc1.empresa.com.br 88
Calling nsupdate for SRV _kerberos._tcp.empresa.com.br
samba4-dc1.empresa.com.br 88 (add)
Successfully obtained Kerberos ticket to DNS/samba4-dc1.empresa.com.br as
SAMBA4-DC1$
Outgoing update query:
;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id:      0
;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0
;; UPDATE SECTION:
_kerberos._tcp.empresa.com.br. 900 IN SRV     0 100 88
samba4-dc1.empresa.com.br.

dns_tkey_negotiategss: TKEY is unacceptable
Failed nsupdate: 1
update(nsupdate): SRV _kerberos._udp.empresa.com.br
samba4-dc1.empresa.com.br 88
Calling nsupdate for SRV _kerberos._udp.empresa.com.br
samba4-dc1.empresa.com.br 88 (add)
Successfully obtained Kerberos ticket to DNS/samba4-dc1.empresa.com.br as
SAMBA4-DC1$
Outgoing update query:
;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id:      0
;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0
;; UPDATE SECTION:
_kerberos._udp.empresa.com.br. 900 IN SRV     0 100 88
samba4-dc1.empresa.com.br.

dns_tkey_negotiategss: TKEY is unacceptable
Failed nsupdate: 1
update(nsupdate): SRV _kerberos._tcp.dc._msdcs.empresa.com.br
samba4-dc1.empresa.com.br 88
Calling nsupdate for SRV _kerberos._tcp.dc._msdcs.empresa.com.br
samba4-dc1.empresa.com.br 88 (add)
Successfully obtained Kerberos ticket to DNS/samba4-dc1.empresa.com.br as
SAMBA4-DC1$
Outgoing update query:
;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id:      0
;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0
;; UPDATE SECTION:
_kerberos._tcp.dc._msdcs.empresa.com.br. 900 IN SRV 0 100 88
samba4-dc1.empresa.com.br.

dns_tkey_negotiategss: TKEY is unacceptable
Failed nsupdate: 1
update(nsupdate): SRV _kpasswd._tcp.empresa.com.br samba4-dc1.empresa.com.br
464
Calling nsupdate for SRV _kpasswd._tcp.empresa.com.br
samba4-dc1.empresa.com.br 464 (add)
Successfully obtained Kerberos ticket to DNS/samba4-dc1.empresa.com.br as
SAMBA4-DC1$
Outgoing update query:
;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id:      0
;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0
;; UPDATE SECTION:
_kpasswd._tcp.empresa.com.br. 900 IN  SRV     0 100 464
samba4-dc1.empresa.com.br.

dns_tkey_negotiategss: TKEY is unacceptable
Failed nsupdate: 1
update(nsupdate): SRV _kpasswd._udp.empresa.com.br samba4-dc1.empresa.com.br
464
Calling nsupdate for SRV _kpasswd._udp.empresa.com.br
samba4-dc1.empresa.com.br 464 (add)
Successfully obtained Kerberos ticket to DNS/samba4-dc1.empresa.com.br as
SAMBA4-DC1$
Outgoing update query:
;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id:      0
;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0
;; UPDATE SECTION:
_kpasswd._udp.empresa.com.br. 900 IN  SRV     0 100 464
samba4-dc1.empresa.com.br.

dns_tkey_negotiategss: TKEY is unacceptable
Failed nsupdate: 1
update(nsupdate): CNAME a1ab021c-0ef7-4fd3-a69d-28afc7c1260a._
msdcs.empresa.com.br samba4-dc1.empresa.com.br
Calling nsupdate for CNAME a1ab021c-0ef7-4fd3-a69d-28afc7c1260a._
msdcs.empresa.com.br samba4-dc1.empresa.com.br (add)
Successfully obtained Kerberos ticket to DNS/samba4-dc1.empresa.com.br as
SAMBA4-DC1$
Outgoing update query:
;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id:      0
;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0
;; UPDATE SECTION:
a1ab021c-0ef7-4fd3-a69d-28afc7c1260a._msdcs.empresa.com.br. 900 IN CNAME
samba4-dc1.empresa.com.br.

dns_tkey_negotiategss: TKEY is unacceptable
Failed nsupdate: 1
update(nsupdate): SRV _ldap._tcp.Default-First-Site-Name._
sites.empresa.com.br samba4-dc1.empresa.com.br 389
Calling nsupdate for SRV _ldap._tcp.Default-First-Site-Name._
sites.empresa.com.br samba4-dc1.empresa.com.br 389 (add)
Successfully obtained Kerberos ticket to DNS/samba4-dc1.empresa.com.br as
SAMBA4-DC1$
Outgoing update query:
;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id:      0
;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0
;; UPDATE SECTION:
_ldap._tcp.Default-First-Site-Name._sites.empresa.com.br. 900 IN SRV 0 100
389 samba4-dc1.empresa.com.br.

dns_tkey_negotiategss: TKEY is unacceptable
Failed nsupdate: 1
update(nsupdate): SRV _ldap._tcp.Default-First-Site-Name._sites.dc._
msdcs.empresa.com.br samba4-dc1.empresa.com.br 389
Calling nsupdate for SRV _ldap._tcp.Default-First-Site-Name._sites.dc._
msdcs.empresa.com.br samba4-dc1.empresa.com.br 389 (add)
Successfully obtained Kerberos ticket to DNS/samba4-dc1.empresa.com.br as
SAMBA4-DC1$
Outgoing update query:
;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id:      0
;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0
;; UPDATE SECTION:
_ldap._tcp.Default-First-Site-Name._sites.dc._msdcs.empresa.com.br. 900 IN
SRV 0 100 389 samba4-dc1.empresa.com.br.

dns_tkey_negotiategss: TKEY is unacceptable
Failed nsupdate: 1
update(nsupdate): SRV _kerberos._tcp.Default-First-Site-Name._
sites.empresa.com.br samba4-dc1.empresa.com.br 88
Calling nsupdate for SRV _kerberos._tcp.Default-First-Site-Name._
sites.empresa.com.br samba4-dc1.empresa.com.br 88 (add)
Successfully obtained Kerberos ticket to DNS/samba4-dc1.empresa.com.br as
SAMBA4-DC1$
Outgoing update query:
;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id:      0
;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0
;; UPDATE SECTION:
_kerberos._tcp.Default-First-Site-Name._sites.empresa.com.br. 900 IN SRV 0
100 88 samba4-dc1.empresa.com.br.

dns_tkey_negotiategss: TKEY is unacceptable
Failed nsupdate: 1
update(nsupdate): SRV _kerberos._tcp.Default-First-Site-Name._sites.dc._
msdcs.empresa.com.br samba4-dc1.empresa.com.br 88
Calling nsupdate for SRV _kerberos._tcp.Default-First-Site-Name._sites.dc._
msdcs.empresa.com.br samba4-dc1.empresa.com.br 88 (add)
Successfully obtained Kerberos ticket to DNS/samba4-dc1.empresa.com.br as
SAMBA4-DC1$
Outgoing update query:
;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id:      0
;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0
;; UPDATE SECTION:
_kerberos._tcp.Default-First-Site-Name._sites.dc._msdcs.empresa.com.br. 900
IN SRV 0 100 88 samba4-dc1.empresa.com.br.

dns_tkey_negotiategss: TKEY is unacceptable
Failed nsupdate: 1
update(nsupdate): SRV _ldap._tcp.pdc._msdcs.empresa.com.br
samba4-dc1.empresa.com.br 389
Calling nsupdate for SRV _ldap._tcp.pdc._msdcs.empresa.com.br
samba4-dc1.empresa.com.br 389 (add)
Successfully obtained Kerberos ticket to DNS/samba4-dc1.empresa.com.br as
SAMBA4-DC1$
Outgoing update query:
;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id:      0
;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0
;; UPDATE SECTION:
_ldap._tcp.pdc._msdcs.empresa.com.br. 900 IN SRV 0 100 389
samba4-dc1.empresa.com.br.

dns_tkey_negotiategss: TKEY is unacceptable
Failed nsupdate: 1
update(nsupdate): A gc._msdcs.empresa.com.br 192.168.1.20
Calling nsupdate for A gc._msdcs.empresa.com.br 192.168.1.20 (add)
Successfully obtained Kerberos ticket to DNS/samba4-dc1.empresa.com.br as
SAMBA4-DC1$
Outgoing update query:
;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id:      0
;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0
;; UPDATE SECTION:
gc._msdcs.empresa.com.br. 900 IN      A       192.168.1.20

dns_tkey_negotiategss: TKEY is unacceptable
Failed nsupdate: 1
update(nsupdate): SRV _gc._tcp.empresa.com.br samba4-dc1.empresa.com.br 3268
Calling nsupdate for SRV _gc._tcp.empresa.com.br samba4-dc1.empresa.com.br
3268 (add)
Successfully obtained Kerberos ticket to DNS/samba4-dc1.empresa.com.br as
SAMBA4-DC1$
Outgoing update query:
;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id:      0
;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0
;; UPDATE SECTION:
_gc._tcp.empresa.com.br. 900  IN      SRV     0 100 3268
samba4-dc1.empresa.com.br.

dns_tkey_negotiategss: TKEY is unacceptable
Failed nsupdate: 1
update(nsupdate): SRV _ldap._tcp.gc._msdcs.empresa.com.br
samba4-dc1.empresa.com.br 3268
Calling nsupdate for SRV _ldap._tcp.gc._msdcs.empresa.com.br
samba4-dc1.empresa.com.br 3268 (add)
Successfully obtained Kerberos ticket to DNS/samba4-dc1.empresa.com.br as
SAMBA4-DC1$
Outgoing update query:
;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id:      0
;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0
;; UPDATE SECTION:
_ldap._tcp.gc._msdcs.empresa.com.br. 900 IN SRV 0 100 3268
samba4-dc1.empresa.com.br.

dns_tkey_negotiategss: TKEY is unacceptable
Failed nsupdate: 1
update(nsupdate): SRV _gc._tcp.Default-First-Site-Name._sites.empresa.com.br
samba4-dc1.empresa.com.br 3268
Calling nsupdate for SRV _gc._tcp.Default-First-Site-Name._
sites.empresa.com.br samba4-dc1.empresa.com.br 3268 (add)
Successfully obtained Kerberos ticket to DNS/samba4-dc1.empresa.com.br as
SAMBA4-DC1$
Outgoing update query:
;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id:      0
;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0
;; UPDATE SECTION:
_gc._tcp.Default-First-Site-Name._sites.empresa.com.br. 900 IN SRV 0 100
3268 samba4-dc1.empresa.com.br.

dns_tkey_negotiategss: TKEY is unacceptable
Failed nsupdate: 1
update(nsupdate): SRV _ldap._tcp.Default-First-Site-Name._sites.gc._
msdcs.empresa.com.br samba4-dc1.empresa.com.br 3268
Calling nsupdate for SRV _ldap._tcp.Default-First-Site-Name._sites.gc._
msdcs.empresa.com.br samba4-dc1.empresa.com.br 3268 (add)
Successfully obtained Kerberos ticket to DNS/samba4-dc1.empresa.com.br as
SAMBA4-DC1$
Outgoing update query:
;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id:      0
;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0
;; UPDATE SECTION:
_ldap._tcp.Default-First-Site-Name._sites.gc._msdcs.empresa.com.br. 900 IN
SRV 0 100 3268 samba4-dc1.empresa.com.br.

dns_tkey_negotiategss: TKEY is unacceptable
Failed nsupdate: 1
update(nsupdate): A DomainDnsZones.empresa.com.br 192.168.1.20
Calling nsupdate for A DomainDnsZones.empresa.com.br 192.168.1.20 (add)
Successfully obtained Kerberos ticket to DNS/samba4-dc1.empresa.com.br as
SAMBA4-DC1$
Outgoing update query:
;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id:      0
;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0
;; UPDATE SECTION:
DomainDnsZones.empresa.com.br. 900 IN A       192.168.1.20

dns_tkey_negotiategss: TKEY is unacceptable
Failed nsupdate: 1
update(nsupdate): SRV _ldap._tcp.DomainDnsZones.empresa.com.br
samba4-dc1.empresa.com.br 389
Calling nsupdate for SRV _ldap._tcp.DomainDnsZones.empresa.com.br
samba4-dc1.empresa.com.br 389 (add)
Successfully obtained Kerberos ticket to DNS/samba4-dc1.empresa.com.br as
SAMBA4-DC1$
Outgoing update query:
;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id:      0
;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0
;; UPDATE SECTION:
_ldap._tcp.DomainDnsZones.empresa.com.br. 900 IN SRV 0 100 389
samba4-dc1.empresa.com.br.

dns_tkey_negotiategss: TKEY is unacceptable
Failed nsupdate: 1
update(nsupdate): SRV _ldap._tcp.Default-First-Site-Name._
sites.DomainDnsZones.empresa.com.br samba4-dc1.empresa.com.br 389
Calling nsupdate for SRV _ldap._tcp.Default-First-Site-Name._
sites.DomainDnsZones.empresa.com.br samba4-dc1.empresa.com.br 389 (add)
Successfully obtained Kerberos ticket to DNS/samba4-dc1.empresa.com.br as
SAMBA4-DC1$
Outgoing update query:
;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id:      0
;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0
;; UPDATE SECTION:
_ldap._tcp.Default-First-Site-Name._sites.DomainDnsZones.empresa.com.br.
900 IN SRV 0 100 389 samba4-dc1.empresa.com.br.

dns_tkey_negotiategss: TKEY is unacceptable
Failed nsupdate: 1
update(nsupdate): A ForestDnsZones.empresa.com.br 192.168.1.20
Calling nsupdate for A ForestDnsZones.empresa.com.br 192.168.1.20 (add)
Successfully obtained Kerberos ticket to DNS/samba4-dc1.empresa.com.br as
SAMBA4-DC1$
Outgoing update query:
;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id:      0
;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0
;; UPDATE SECTION:
ForestDnsZones.empresa.com.br. 900 IN A       192.168.1.20

dns_tkey_negotiategss: TKEY is unacceptable
Failed nsupdate: 1
update(nsupdate): SRV _ldap._tcp.ForestDnsZones.empresa.com.br
samba4-dc1.empresa.com.br 389
Calling nsupdate for SRV _ldap._tcp.ForestDnsZones.empresa.com.br
samba4-dc1.empresa.com.br 389 (add)
Successfully obtained Kerberos ticket to DNS/samba4-dc1.empresa.com.br as
SAMBA4-DC1$
Outgoing update query:
;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id:      0
;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0
;; UPDATE SECTION:
_ldap._tcp.ForestDnsZones.empresa.com.br. 900 IN SRV 0 100 389
samba4-dc1.empresa.com.br.

dns_tkey_negotiategss: TKEY is unacceptable
Failed nsupdate: 1
update(nsupdate): SRV _ldap._tcp.Default-First-Site-Name._
sites.ForestDnsZones.empresa.com.br samba4-dc1.empresa.com.br 389
Calling nsupdate for SRV _ldap._tcp.Default-First-Site-Name._
sites.ForestDnsZones.empresa.com.br samba4-dc1.empresa.com.br 389 (add)
Successfully obtained Kerberos ticket to DNS/samba4-dc1.empresa.com.br as
SAMBA4-DC1$
Outgoing update query:
;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id:      0
;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0
;; UPDATE SECTION:
_ldap._tcp.Default-First-Site-Name._sites.ForestDnsZones.empresa.com.br.
900 IN SRV 0 100 389 samba4-dc1.empresa.com.br.

dns_tkey_negotiategss: TKEY is unacceptable
Failed nsupdate: 1
Failed update of 29 entries
root at samba4-dc1:~#

Regards,

Márcio Bacci

Em ter, 3 de set de 2019 às 07:05, L.P.H. van Belle <belle at bazuin.nl>
escreveu:

> Try running : samba_dnsupdate --verbose --all-names
> You will see what it does.
>
> Greetz,
>
> Louis
>
> (ps. Working on packages, so no time for the list atm. )
>
>
> > -----Oorspronkelijk bericht-----
> > Van: samba [mailto:samba-bounces at lists.samba.org] Namens
> > Marcio Demetrio Bacci via samba
> > Verzonden: dinsdag 3 september 2019 12:00
> > Aan: Rowland penny
> > CC: sambalist
> > Onderwerp: Re: [Samba] Trouble joining DC Bind9_DLZ
> >
> > Hi,
> >
> > There is no record for the forest:
> > ldbsearch --cross-ncs -H /var/lib/samba/private/sam.ldb -b
> > 'CN=MicrosoftDNS,DC=ForestDnsZones,DC=empresa,DC=com,DC=br' -s sub
> > '(&(objectclass=dnsZone)(dc=_msdcs.empresa.com.br))'
> > # returned 0 records
> > # 0 entries
> > # 0 referrals
> >
> > Can I fix this?
> >
> > Regards,
> >
> > Márcio Bacci
> >
> > Em ter, 3 de set de 2019 às 06:40, Rowland penny via samba <
> > samba at lists.samba.org> escreveu:
> >
> > > On 03/09/2019 10:07, Marcio Demetrio Bacci via samba wrote:
> > > > Hi,
> > > >
> > > > I'm using Samba 4.10.7 with Bind9_DLZ (9.10.3-P4-Debian),
> > but I'm not
> > > > getting to insert a new DC into the Domain. My SO is a VM
> > Debian 9.9.
> > > >
> > > > Following is the command used and the error:
> > > >
> > > > root at samba4-dc3:/var/lib/samba/private# samba-tool domain join
> > > > empresa.com.br DC -k yes --server=samba4-dc1.empresa.com.br
> > > > --dns-backend=BIND9_DLZ -d 3
> > > > INFO 2019-09-02 15:50:33,684 pid:6636
> > > >
> > /usr/lib/python3/dist-packages/samba/provision/__init__.py
> > #2291: Setting
> > > > up the privileges database
> > > > INFO 2019-09-02 15:50:34,188 pid:6636
> > > >
> > /usr/lib/python3/dist-packages/samba/provision/__init__.py
> > #2294: Setting
> > > > up idmap db
> > > > INFO 2019-09-02 15:50:34,549 pid:6636
> > > >
> > /usr/lib/python3/dist-packages/samba/provision/__init__.py
> > #2301: Setting
> > > > up SAM db
> > > > INFO 2019-09-02 15:50:34,644 pid:6636
> > > >
> > /usr/lib/python3/dist-packages/samba/provision/__init__.py
> > #882: Setting
> > > up
> > > > sam.ldb partitions and settings
> > > > INFO 2019-09-02 15:50:34,645 pid:6636
> > > >
> > /usr/lib/python3/dist-packages/samba/provision/__init__.py
> > #894: Setting
> > > up
> > > > sam.ldb rootDSE
> > > > INFO 2019-09-02 15:50:34,724 pid:6636
> > > > /usr/lib/python3/dist-packages/samba/provision/__init__.py #1302:
> > > > Pre-loading the Samba 4 and AD schema
> > > > partition_metadata: Migrating partition metadata: open of
> > metadata.tdb
> > > > gave: (null)
> > > > Unable to determine the DomainSID, can not enforce
> > uniqueness constraint
> > > on
> > > > local domainSIDs
> > > >
> > > > INFO 2019-09-02 15:50:34,892 pid:6636
> > > >
> > /usr/lib/python3/dist-packages/samba/provision/__init__.py #2351: A
> > > > Kerberos configuration suitable for Samba AD has been generated at
> > > > /var/lib/samba/private/krb5.conf
> > > > INFO 2019-09-02 15:50:34,893 pid:6636
> > > >
> > /usr/lib/python3/dist-packages/samba/provision/__init__.py
> > #2352: Merge
> > > the
> > > > contents of this file with your system krb5.conf or
> > replace it with this
> > > > one. Do not create a symlink!
> > > > Provision OK for domain DN empresa.com.br
> > > > Starting replication
> > > > Using binding ncacn_ip_tcp:samba4-dc1.empresa.com.br[,seal]
> > > > resolve_lmhosts: Attempting lmhosts lookup for name
> > > > samba4-dc1.empresa.com.br<0x20>
> > > > resolve_lmhosts: Attempting lmhosts lookup for name
> > > > samba4-dc1.empresa.com.br<0x20>
> > > > Schema-DN[CN=Schema,CN=Configuration,empresa.com.br]
> > objects[402/1518]
> > > > linked_values[0/0]
> > > > Schema-DN[CN=Schema,CN=Configuration,empresa.com.br]
> > objects[804/1518]
> > > > linked_values[0/0]
> > > > Schema-DN[CN=Schema,CN=Configuration,empresa.com.br]
> > objects[1206/1518]
> > > > linked_values[0/0]
> > > > Schema-DN[CN=Schema,CN=Configuration,empresa.com.br]
> > objects[1518/1518]
> > > > linked_values[0/0]
> > > > Analyze and apply schema objects
> > > > Replicated 1518 objects (0 linked attributes) for
> > > > CN=Schema,CN=Configuration,empresa.com.br
> > > > Partition[CN=Configuration,empresa.com.br] objects[402/2023]
> > > > linked_values[0/0]
> > > > Replicated 402 objects (0 linked attributes) for CN=Configuration,
> > > > empresa.com.br
> > > > Partition[CN=Configuration,empresa.com.br] objects[804/2023]
> > > > linked_values[0/0]
> > > > Replicated 402 objects (0 linked attributes) for CN=Configuration,
> > > > empresa.com.br
> > > > Partition[CN=Configuration,empresa.com.br] objects[1206/2023]
> > > > linked_values[0/0]
> > > > Replicated 402 objects (0 linked attributes) for CN=Configuration,
> > > > empresa.com.br
> > > > Partition[CN=Configuration,empresa.com.br] objects[1608/2023]
> > > > linked_values[0/0]
> > > > Replicated 402 objects (0 linked attributes) for CN=Configuration,
> > > > empresa.com.br
> > > > Partition[CN=Configuration,empresa.com.br] objects[2010/2023]
> > > > linked_values[0/20]
> > > > Replicated 402 objects (0 linked attributes) for CN=Configuration,
> > > > empresa.com.br
> > > > Partition[CN=Configuration,empresa.com.br] objects[2023/2023]
> > > > linked_values[36/36]
> > > > Replicated 13 objects (36 linked attributes) for CN=Configuration,
> > > > empresa.com.br
> > > > Replicating critical objects from the base DN of the domain
> > > > Partition[empresa.com.br] objects[103/103] linked_values[45/45]
> > > > Replicated 103 objects (45 linked attributes) for empresa.com.br
> > > > Partition[empresa.com.br] objects[402/2296] linked_values[0/0]
> > > > Replicated 402 objects (0 linked attributes) for empresa.com.br
> > > > Partition[empresa.com.br] objects[804/2296] linked_values[0/0]
> > > > Replicated 402 objects (0 linked attributes) for empresa.com.br
> > > > Partition[empresa.com.br] objects[1206/2296] linked_values[0/0]
> > > > Replicated 402 objects (0 linked attributes) for empresa.com.br
> > > > Partition[empresa.com.br] objects[1608/2296] linked_values[0/764]
> > > > Replicated 402 objects (0 linked attributes) for empresa.com.br
> > > > Partition[empresa.com.br] objects[2010/2296] linked_values[0/1066]
> > > > Replicated 402 objects (0 linked attributes) for empresa.com.br
> > > > Partition[empresa.com.br] objects[2296/2296]
> > linked_values[1066/1066]
> > > > ../../ldb_key_value/ldb_kv_index.c:2413: duplicate
> > attribute value in
> > > > CN=COMP0082,CN=Computers,empresa.com.br for index on
> > > servicePrincipalName,
> > > > duplicate of objectGUID 1c0cc09b-a4c2-4e2d-9544-d49f82b436f3 in
> > > > @INDEX:SERVICEPRINCIPALNAME:TERMSRV/COMP0082.EMPRESA.COM.BR
> > > > ../../ldb_key_value/ldb_kv_index.c:2413: duplicate
> > attribute value in
> > > > CN=COMP0013,CN=Computers,empresa.com.br for index on
> > > servicePrincipalName,
> > > > duplicate of objectGUID be74c1a9-d80b-4922-90f5-94a8c86632ad in
> > > > @INDEX:SERVICEPRINCIPALNAME:TERMSRV/COMP0013.EMPRESA.COM.BR
> > > > Replicated 286 objects (1066 linked attributes) for empresa.com.br
> > > > Done with always replicated NC (base, config, schema)
> > > > Replicating DC=DomainDnsZones,empresa.com.br
> > > > Partition[DC=DomainDnsZones,empresa.com.br] objects[402/692]
> > > > linked_values[0/0]
> > > > Replicated 402 objects (0 linked attributes) for
> > DC=DomainDnsZones,
> > > > empresa.com.br
> > > > Partition[DC=DomainDnsZones,empresa.com.br] objects[692/692]
> > > > linked_values[0/0]
> > > > Replicated 290 objects (0 linked attributes) for
> > DC=DomainDnsZones,
> > > > empresa.com.br
> > > > Replicating DC=ForestDnsZones,empresa.com.br
> > > > Partition[DC=ForestDnsZones,empresa.com.br] objects[40/40]
> > > > linked_values[0/0]
> > > > Replicated 40 objects (0 linked attributes) for DC=ForestDnsZones,
> > > > empresa.com.br
> > > > Exop on[CN=RID Manager$,CN=System,empresa.com.br] objects[3]
> > > > linked_values[0]
> > > > Discarding older DRS attribute update to objectClass on CN=RID
> > > > Manager$,CN=System,empresa.com.br from
> > > 032a8fdc-a9b8-425a-88c3-5125986fc59d
> > > >
> > > > #### OMITTED #####
> > > >
> > > > INFO 2019-09-02 15:50:51,647 pid:6636
> > > > /usr/lib/python3/dist-packages/samba/join.py #1169:
> > Adding DNS A record
> > > > SAMBA4-DC3.empresa.com.br for IPv4 IP: 172.30.1.19
> > > > INFO 2019-09-02 15:50:51,699 pid:6636
> > > > /usr/lib/python3/dist-packages/samba/join.py #1197:
> > Adding DNS CNAME
> > > record
> > > > 956bafb9-4aa8-4f91-8615-6b5af36b91fa._msdcs.empresa.com.br for
> > > > SAMBA4-DC3.empresa.com.br
> > > > Join failed - cleaning up
> > > This is where the join failed, you can ignore anything
> > after 'Join failed'
> > > > I have saw that there are duplicate objects in the base,
> > but I believe
> > > this
> > > > is not the cause of the problem.
> > > Yes
> > > >
> > > > Also I have verified that I can only find my FQDN domain.
> > The short name
> > > > does not respond. I don't know if that would be a problem.
> > > >
> > > > root at samba4-dc3:~# host -t A EMPRESA.COM.BR
> > > > EMPRESA.COM.BR has address 192.168.1.20
> > > > EMPRESA.COM.BR has address 192.168.1.22
> > > > root at samba4-dc3:~# host -t A EMPRESA
> > > > Host EMPRESA not found: 3(NXDOMAIN)
> > > That is because 'EMPRESA' is a NetBIOS name, not a a dns name.
> > >
> > > The join seems to be failing when it tries to add a CNAME
> > record or when
> > > its ownership is changed, so does the forest dns zone exist ?
> > >
> > > try running this on an existing DC:
> > >
> > > ldbsearch --cross-ncs -H /var/lib/samba/private/sam.ldb -b
> > > 'CN=MicrosoftDNS,DC=ForestDnsZones,DC=empresa,DC=com,DC=br' -s sub
> > > '(&(objectclass=dnsZone)(dc=_msdcs.empresa.com.br))'
> > >
> > > It should produce one AD object record.
> > >
> > > Rowland
> > >
> > >
> > >
> > >
> > > --
> > > To unsubscribe from this list go to the following URL and read the
> > > instructions:  https://lists.samba.org/mailman/options/samba
> > >
> > --
> > To unsubscribe from this list go to the following URL and read the
> > instructions:  https://lists.samba.org/mailman/options/samba
> >
> >
>
>