[Samba] FW: samba_kcc issue after joining the domain as a DC
L.P.H. van Belle
belle at bazuin.nl
Wed Feb 12 10:32:49 UTC 2020
Failed DNS update with exit code 2
... Hmm, i dont know that exit code 2 is.. Rowland you?
But as far i know you can ignore them, however personaly I would suggest to
upgrade now to bind9_DLZ dns. Much more flexible, only bit more work to setup.
But what does ;
/usr/local/samba/sbin/samba_dnsupdate -d10
Or ;
/usr/local/samba/sbin/samba_dnsupdate --use-samba-tool -d10 tell you.
Show you because its actively : REFUSED
So maybe the debug output tells a bit more.
Greetz,
Louis
> -----Oorspronkelijk bericht-----
> Van: samba [mailto:samba-bounces at lists.samba.org] Namens Alex
> via samba
> Verzonden: woensdag 12 februari 2020 11:16
> Aan: Rowland penny
> CC: Alex
> Onderwerp: Re: [Samba] FW: samba_kcc issue after joining the
> domain as a DC
>
> Rowland,
>
> Just to confirm: after changing the zone to a domain-wide, Samba has
> successfully performed the join.
>
> Samba daemon has also started well, but printed these errors
> in the log:
> [2020/02/12 13:03:34.097665, 0]
> ../../lib/util/util_runcmd.c:352(samba_runcmd_io_handler)
> /usr/local/samba/sbin/samba_dnsupdate: ; TSIG error with
> server: tsig verify failure
> [2020/02/12 13:03:34.169520, 0]
> ../../lib/util/util_runcmd.c:352(samba_runcmd_io_handler)
> /usr/local/samba/sbin/samba_dnsupdate: update failed: REFUSED
> [2020/02/12 13:03:41.624259, 0]
> ../../source4/dsdb/dns/dns_update.c:331(dnsupdate_nameupdate_done)
> dnsupdate_nameupdate_done: Failed DNS update with exit code 2
>
> Is there anything I should worry about? According to some
> posts, this seems to
> be expected for SAMBA_INTERNAL backened. Can you confirm pls?
>
> Anyway, thank you for your help very much!
>
> > I'm sorry, after double-checking the Louis's link I've
> found that the domain
> > zone should be domain-wide, while the _msdcs stuff should
> be forest wide. I'll
> > change it and try again. Apologies.
>
> >>>>>> # samba-tool dns zonelist 172.26.1.81
> >>>>>> Password for [administrator at domain.com]:
> >>>>>> 2 zone(s) found
> >>>>>>
> >>>>>> pszZoneName : _msdcs.domain.com
> >>>>>> Flags :
> DNS_RPC_ZONE_DSINTEGRATED DNS_RPC_ZONE_UPDATE_SECURE
> >>>>>> ZoneType : DNS_ZONE_TYPE_PRIMARY
> >>>>>> Version : 50
> >>>>>> dwDpFlags : DNS_DP_AUTOCREATED
> DNS_DP_FOREST_DEFAULT DNS_DP_ENLISTED
> >>>>>> pszDpFqdn : ForestDnsZones.domain.com
> >>>>>>
> >>>>>> pszZoneName : domain.com
> >>>>>> Flags :
> DNS_RPC_ZONE_DSINTEGRATED DNS_RPC_ZONE_UPDATE_SECURE
> >>>>>> ZoneType : DNS_ZONE_TYPE_PRIMARY
> >>>>>> Version : 50
> >>>>>> dwDpFlags : DNS_DP_AUTOCREATED
> DNS_DP_FOREST_DEFAULT DNS_DP_ENLISTED
> >>>>>> pszDpFqdn : ForestDnsZones.domain.com
> >>>>>>
> >>>>> I have three zones, one being the reverse zone, but my
> domain zone is this:
> >>>>> pszZoneName : samdom.example.com
> >>>>> Flags : DNS_RPC_ZONE_DSINTEGRATED
> >>>>> DNS_RPC_ZONE_UPDATE_SECURE
> >>>>> ZoneType : DNS_ZONE_TYPE_PRIMARY
> >>>>> Version : 50
> >>>>> dwDpFlags : DNS_DP_AUTOCREATED
> DNS_DP_DOMAIN_DEFAULT
> >>>>> DNS_DP_ENLISTED
> >>>>> pszDpFqdn : DomainDnsZones.samdom.example.com
> >>>>> Notice the difference in the last line.
> >>>> I see the difference. I guess it's b/c you didn't
> upgrade the zone to
> >>>> forest-wide. Should I revert my zones to be domain-wide?
> >>>>
> >>> Alex, mine is correct, yours is wrong.
>
> >> Rowland, I really appreciate your help and you're
> probably right. But could you
> >> please shed some light on why yours is correct (or why
> mine is not)? At this
> >> moment, my AD is fully functional, no issues at all.
>
> >> In my humble opinion, this looks more like a bug in Samba
> joining procedure, b/c
> >> it should work well the existing AD configuration.
> However, it doesn't.
>
> >>> I could probably dump a list of dns DN's if needed.
>
> >> Yes, please do.
>
> --
> Best regards,
> Alex
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
>
>
More information about the samba
mailing list