[Samba] samab-4.10 nsupdate

Rowland penny rpenny at samba.org
Tue Jun 30 16:03:05 UTC 2020 

On 30/06/2020 16:46, James B. Byrne via samba wrote:
> I have a dc configured to use the samba internal dns service.  The version of
> samba I am using is 4.10.15 packaged for FreeBSD.  Its build options state
> this:
>
> 	BIND911        : off
> 	BIND916        : off
> , , ,
> 	GSSAPI_BUILTIN : on
> 	GSSAPI_MIT     : off
> 	LDAP           : on
> . . .
> 	NSUPDATE       : off
>
> My smb4.conf file contains this:
>
> [global]
>    bind interfaces only = Yes
>    dns forwarder = 192.168.18.161 216.185.71.33
>    interfaces = lo0 localhost smb4-1
>    netbios name = SMB4-1
>    realm = BROCKLEY.HARTE-LYNE.CA
>    server role = active directory domain controller
>    workgroup = BROCKLEY
>    idmap_ldb:use rfc2307 = yes
>    vfs objects = dfs_samba4 zfsacl
>    server services = -nbt
>    rndc command = /usr/bin/true
>    log level = 1
>    log file = /var/log/samba4/smbd.log
>    max log size = 10000
>    debug timestamp = yes
>
>    # Disable printing
>    load printers = no
>    printing = bsd
>    printcap name = /dev/null
>    disable spoolss = yes
>
> When I run samba_dnsupdate I see this:
>
> samba_dnsupdate --verbose -d4 --all-names
> . . .
> update(nsupdate): SRV
> _ldap._tcp.Default-First-Site-Name._sites.ForestDnsZones.brockley.harte-lyne.ca
> SMB4-1.brockley.harte-lyne.ca 389
> Calling nsupdate for SRV
> _ldap._tcp.Default-First-Site-Name._sites.ForestDnsZones.brockley.harte-lyne.ca
> SMB4-1.brockley.harte-lyne.ca 389 (add)
> Successfully obtained Kerberos ticket to DNS/SMB4-1.brockley.harte-lyne.ca as
> SMB4-1$
> Failed nsupdate: SRV
> _ldap._tcp.Default-First-Site-Name._sites.ForestDnsZones.brockley.harte-lyne.ca
> SMB4-1.brockley.harte-lyne.ca 389 : [Errno 2] No such file or directory:
> '/usr/bin/nsupdate': '/usr/bin/nsupdate'
> Failed update of 29 entries
>
> Why is nsupdate required to update the internal dns service of samba?
I wasn't privy to that decision, but it just is ;-)
>
> If I install bind-tools (which provides the nsupdate program) and add  'dns
> update command = /usr/local/sbin/nsupdate' to smb4.conf then when I run
> samba_dnsupdate I get this:
>
> samba_dnsupdate --verbose -d4 --all-names
> . . .

Could be because you added the wrong line to your smb4.conf (why does 
freebsd call it smb4.conf ?), try:

nsupdate command = /usr/local/sbin/nsupdate -g

Rowland

More information about the samba mailing list