[Samba] DNS problems when adding samba DC to win2008R2
Carlos Jesus
camjesus2 at gmail.com
Sun Sep 13 15:46:46 UTC 2020
Hello all,I'm trying to add a self compiled samba 4.12 DC to a Windows
2008R2 domain.Adding the samba DC was troublesome but successful (I had to
modify join.py as I swa in another thread "Join Samba to a Windows AD
ERR_DS_NO_CROSSREF_FOR_NC". After that I could join the samba DC and
everything seemed ok.
But now, when I check the DNS server on the samba DC using the windows DNS
manager, I get "Zone not loaded by DNS server. The zone data may not be
available in ADor the zone data is corrupt". I cannot access that specific
zone._msdcs seems ok and also reverse zone seems to work.
samba_dnsupdate --verbose --all-names gives no error.
But syslog complains that (MyDomain is just a bogus name)
Sep 13 16:18:07 DC2 samba[16975]: UpdateRefs failed with
WERR_DS_DRA_BUSY/NT code 0xc00020f6 for
541b7f45-3e95-4e74-be56-37fc37338fb9._msdcs.MyDomain.lx.pt
CN=Configuration,DC=MyDomain,DC=lx,DC=pt
Sep 13 16:24:23 DC2 samba[16970]: [2020/09/13 16:24:23.129173, 0]
../../source4/rpc_server/dnsserver/dnsdata.c:409(dnsp_to_dns_copy)
Sep 13 16:24:23 DC2 samba[16970]: dnsserver: Found Unhandled DNS record
type=49ndr_push_DNS_RPC_DATA: ndr_push_error(Bad Switch): Bad switch value
49 at librpc/gen_ndr/ndr_dnsserver.c:548
and bind.log says13-Sep-2020 16:19:52.315 notify: notice: client
@0x7f21640a9f20 192.168.59.111#55998: received notify for zone
'59.168.192.in-addr.arpa': not authoritative
13-Sep-2020 16:20:28.656 notify: notice: client @0x7f21640a9f20
192.168.59.111#56617: received notify for zone '59.168.192.in-addr.arpa':
not authoritative
13-Sep-2020 16:20:56.836 notify: notice: client @0x7f21640a9f20
192.168.59.111#56531: received notify for zone '59.168.192.in-addr.arpa':
not authoritative
13-Sep-2020 16:22:03.949 notify: notice: client @0x7f21640a9f20
192.168.59.111#55973: received notify for zone '59.168.192.in-addr.arpa':
not authoritative
I've setup bind according to "
https://wiki.samba.org/index.php/Setting_up_a_BIND_DNS_Server"
Recreating the zone works for a while. Restarting bind gives no error.
Any help on getting the DNS working would be very much appreciated.
Best regards,
Carlos
Some details on my setup:
DC1 - windows server 2008R2 +DNS +DHCP (IP=192.168.59.111)
DC2 - debian Buster +DNS (bind 9.11.5) Samba 4.12.6 (192.168.59.112) - no
DHCP
resolv.conf:
domain MyDomain.lx.pt
search MyDomain.lx.pt
nameserver 192.168.59.112
my named.conf.options:
acl internals { 127.0.0.0/8; 192.168.59.0/24; };
options {
directory "/var/cache/bind";
version "Go Away 0.0.7";
notify no;
empty-zones-enable no;
auth-nxdomain yes;
forwarders { 8.8.8.8; 8.8.4.4; };
allow-transfer { none; };
listen-on-v6 { none; };
listen-on port 53 { 192.168.59.112; 127.0.0.1; ::1; };
dnssec-validation no;
dnssec-enable no;
dnssec-lookaside no;
minimal-responses yes;
allow-query {
127.0.0.1;
192.168.59.0/24;
};
allow-query-cache {
127.0.0.1;
192.168.59.0/24;
};
recursion yes;
allow-recursion {
127.0.0.1;
192.168.59.0/24;
};
tkey-gssapi-keytab "/usr/local/samba/bind-dns/dns.keytab";
};
zone "." {
type hint;
file "named.root";
};
zone "localhost" {
type master;
file "master/localhost.zone";
};
zone "0.0.127.in-addr.arpa" {
type master;
file "master/0.0.127.zone";
};
my smb.conf
[global]
netbios name = DC2
realm = MyDomain.LX.PT
server role = active directory domain controller
workgroup = MyDomain
idmap_ldb:use rfc2307 = yes
log level = 1 auth_json_audit:2@/var/log/samba/auth.log sam:2@
/var/log/$
log file = /var/log/samba/samba.log
server services = -dns
template shell = /bin/bash
template homedir = /home/%U
More information about the samba
mailing list