[Samba] samba dc dns issue
Alex
samba at abisoft.biz
Fri Mar 13 15:44:19 UTC 2020
Hi,
After joining samba DC (vm-dc4) to MS AD, I've discovered that most DNS entries
were not populated. Below are the only entries in the AD for the new DC:
domain.com:VM-DC4 900 A 172.26.1.84
_msdcs.domain.com:d14c4206-79e3-441f-868a-6c693415256a 900 CNAME vm-dc4.domain.com.
Please, help me figure out what's going on.
Here is the excerpt from log.samba:
# grep dnsup log.samba
prefork_fork_master: Forking [dnsupdate] pre-fork master process
prefork_fork_master: Forking [dnsupdate] pre-fork master process
[2020/03/13 17:48:19.938956, 3] ../../source4/dsdb/dns/dns_update.c:126(dnsupdate_check_names)
[2020/03/13 17:48:19.981617, 3] ../../source4/dsdb/dns/dns_update.c:141(dnsupdate_check_names)
...
/usr/local/samba/sbin/samba_dnsupdate: Processing section "[sysvol]"
/usr/local/samba/sbin/samba_dnsupdate: Processing section "[netlogon]"
/usr/local/samba/sbin/samba_dnsupdate: pm_process() returned Yes
/usr/local/samba/sbin/samba_dnsupdate: added interface ens18 ip=172.26.1.84 bcast=172.26.255.255 netmask=255.255.0.0
/usr/local/samba/sbin/samba_dnsupdate: schema_fsmo_init: we are master[no] updates allowed[no]
/usr/local/samba/sbin/samba_dnsupdate: schema_fsmo_init: we are master[no] updates allowed[no]
/usr/local/samba/sbin/samba_dnsupdate: ldb_wrap open of secrets.ldb
[2020/03/13 17:48:22.992929, 3] ../../source4/dsdb/dns/dns_update.c:111(dnsupdate_spnupdate_done)
/usr/local/samba/sbin/samba_dnsupdate: Received smb_krb5 packet of length 199
/usr/local/samba/sbin/samba_dnsupdate: Received smb_krb5 packet of length 1449
/usr/local/samba/sbin/samba_dnsupdate: GENSEC backend 'gssapi_spnego' registered
/usr/local/samba/sbin/samba_dnsupdate: GENSEC backend 'gssapi_krb5' registered
/usr/local/samba/sbin/samba_dnsupdate: GENSEC backend 'gssapi_krb5_sasl' registered
/usr/local/samba/sbin/samba_dnsupdate: GENSEC backend 'spnego' registered
/usr/local/samba/sbin/samba_dnsupdate: GENSEC backend 'schannel' registered
/usr/local/samba/sbin/samba_dnsupdate: GENSEC backend 'naclrpc_as_system' registered
/usr/local/samba/sbin/samba_dnsupdate: GENSEC backend 'sasl-EXTERNAL' registered
/usr/local/samba/sbin/samba_dnsupdate: GENSEC backend 'ntlmssp' registered
/usr/local/samba/sbin/samba_dnsupdate: GENSEC backend 'ntlmssp_resume_ccache' registered
/usr/local/samba/sbin/samba_dnsupdate: GENSEC backend 'http_basic' registered
/usr/local/samba/sbin/samba_dnsupdate: GENSEC backend 'http_ntlm' registered
/usr/local/samba/sbin/samba_dnsupdate: GENSEC backend 'http_negotiate' registered
/usr/local/samba/sbin/samba_dnsupdate: GENSEC backend 'krb5' registered
/usr/local/samba/sbin/samba_dnsupdate: GENSEC backend 'fake_gssapi_krb5' registered
/usr/local/samba/sbin/samba_dnsupdate: Starting GENSEC mechanism gssapi_krb5_sasl
/usr/local/samba/sbin/samba_dnsupdate: Ticket in credentials cache for VM-DC4$@DOMAIN.COM will expire in 35998 secs
/usr/local/samba/sbin/samba_dnsupdate: Starting GENSEC mechanism gssapi_krb5_sasl
/usr/local/samba/sbin/samba_dnsupdate: GSSAPI credentials for VM-DC4$@DOMAIN.COM will expire in 35999 secs
/usr/local/samba/sbin/samba_dnsupdate: ; TSIG error with server: tsig verify failure
/usr/local/samba/sbin/samba_dnsupdate: update failed: SERVFAIL
...
/usr/local/samba/sbin/samba_dnsupdate: Failed update of 25 entries
samba_runcmd_io_handler: Child /usr/local/samba/sbin/samba_dnsupdate exited 25
[2020/03/13 17:58:24.726240, 0] ../../source4/dsdb/dns/dns_update.c:86(dnsupdate_nameupdate_done)
dnsupdate_nameupdate_done: Failed DNS update with exit code 25
Join command was:
samba-tool domain join domain.com DC -k yes --server=vm-dc1.domain.com --dns-backend SAMBA_INTERNAL -v -d 5 2>&1 | tee join.txt
# cat smb.conf
[global]
netbios name = VM-DC4
realm = DOMAIN.COM
server role = active directory domain controller
workgroup = DOMAIN
dns forwarder = 172.26.1.1
ntlm auth = mschapv2-and-ntlmv2-only
ldap server require strong auth = allow_sasl_over_tls
log level = 5
max log size = 5000
[sysvol]
path = /usr/local/samba/var/locks/sysvol
read only = No
[netlogon]
path = /usr/local/samba/var/locks/sysvol/domain.com/scripts
read only = No
# cat /etc/resolv.conf
# Generated by NetworkManager
search domain.com
nameserver 172.26.1.84
nameserver 172.26.1.81
nameserver 172.26.1.82
# samba -V
Version 4.12.0
# cat /etc/hosts
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
172.26.1.84 vm-dc4.domain.com vm-dc4
--
Best regards,
Alex
More information about the samba
mailing list