[Samba] samab-4.10 nsupdate

James B. Byrne byrnejb at harte-lyne.ca
Tue Jun 30 15:46:22 UTC 2020 

I have a dc configured to use the samba internal dns service.  The version of
samba I am using is 4.10.15 packaged for FreeBSD.  Its build options state
this:

	BIND911        : off
	BIND916        : off
, , ,
	GSSAPI_BUILTIN : on
	GSSAPI_MIT     : off
	LDAP           : on
. . .
	NSUPDATE       : off

My smb4.conf file contains this:

[global]
  bind interfaces only = Yes
  dns forwarder = 192.168.18.161 216.185.71.33
  interfaces = lo0 localhost smb4-1
  netbios name = SMB4-1
  realm = BROCKLEY.HARTE-LYNE.CA
  server role = active directory domain controller
  workgroup = BROCKLEY
  idmap_ldb:use rfc2307 = yes
  vfs objects = dfs_samba4 zfsacl
  server services = -nbt
  rndc command = /usr/bin/true
  log level = 1
  log file = /var/log/samba4/smbd.log
  max log size = 10000
  debug timestamp = yes

  # Disable printing
  load printers = no
  printing = bsd
  printcap name = /dev/null
  disable spoolss = yes

When I run samba_dnsupdate I see this:

samba_dnsupdate --verbose -d4 --all-names
. . .
update(nsupdate): SRV
_ldap._tcp.Default-First-Site-Name._sites.ForestDnsZones.brockley.harte-lyne.ca
SMB4-1.brockley.harte-lyne.ca 389
Calling nsupdate for SRV
_ldap._tcp.Default-First-Site-Name._sites.ForestDnsZones.brockley.harte-lyne.ca
SMB4-1.brockley.harte-lyne.ca 389 (add)
Successfully obtained Kerberos ticket to DNS/SMB4-1.brockley.harte-lyne.ca as
SMB4-1$
Failed nsupdate: SRV
_ldap._tcp.Default-First-Site-Name._sites.ForestDnsZones.brockley.harte-lyne.ca
SMB4-1.brockley.harte-lyne.ca 389 : [Errno 2] No such file or directory:
'/usr/bin/nsupdate': '/usr/bin/nsupdate'
Failed update of 29 entries

Why is nsupdate required to update the internal dns service of samba?

If I install bind-tools (which provides the nsupdate program) and add  'dns
update command = /usr/local/sbin/nsupdate' to smb4.conf then when I run
samba_dnsupdate I get this:

samba_dnsupdate --verbose -d4 --all-names
. . .
update(nsupdate): SRV
_ldap._tcp.Default-First-Site-Name._sites.ForestDnsZones.brockley.harte-lyne.ca
SMB4-1.brockley.harte-lyne.ca 389
Calling nsupdate for SRV
_ldap._tcp.Default-First-Site-Name._sites.ForestDnsZones.brockley.harte-lyne.ca
SMB4-1.brockley.harte-lyne.ca 389 (add)
Successfully obtained Kerberos ticket to DNS/SMB4-1.brockley.harte-lyne.ca as
SMB4-1$
Failed nsupdate: SRV
_ldap._tcp.Default-First-Site-Name._sites.ForestDnsZones.brockley.harte-lyne.ca
SMB4-1.brockley.harte-lyne.ca 389 : [Errno 2] No such file or directory:
'/usr/bin/nsupdate': '/usr/bin/nsupdate'
Failed update of 29 entries

What am I doing wrong?


-- 
***          e-Mail is NOT a SECURE channel          ***
        Do NOT transmit sensitive data via e-Mail
 Do NOT open attachments nor follow links sent by e-Mail

James B. Byrne                mailto:ByrneJB at Harte-Lyne.ca
Harte & Lyne Limited          http://www.harte-lyne.ca
9 Brockley Drive              vox: +1 905 561 1241
Hamilton, Ontario             fax: +1 905 561 0757
Canada  L8E 3C3

More information about the samba mailing list