[Samba] Dynamic DNS updates from Windows 10 workstations

L.P.H. van Belle belle at bazuin.nl
Thu Apr 8 10:31:06 UTC 2021 

You dont need to "rejoin", if you know which records are wrong with the rights. You can add the COMPUTERNAME$ to the dns record with full control on the A and PTR record. 

The danger of a "re-join" is.. you forget keytab and KVNO is out sink then. 
so, if you are going for a rejoin, few pointers. 

- use samba-tool/net  to remove the computer from the domain.
- use ADUC to verify if its all gone in AD
- verify if DNS A and PTR is all gone. 
- backup/rename /etc/krb5.keytab, then make sure its gone before you re-join.
- any SPN/UPN's used, dont forget to re-add these also. 

things like that.. 

Good luck..! 

Louis


> -----Oorspronkelijk bericht-----
> Van: samba [mailto:samba-bounces at lists.samba.org] Namens Peter Milesson
> via samba
> Verzonden: donderdag 8 april 2021 11:51
> Aan: samba at lists.samba.org
> Onderwerp: Re: [Samba] Dynamic DNS updates from Windows 10 workstations
> 
> 
> 
> On 2021-04-08 09:34, cn--- via samba wrote:
> > Am 07.04.21 um 21:34 schrieb Peter Milesson via samba:
> >>>
> >> Hi Rowland,
> >>
> >> Thanks for your advice. The timestamp is really from 2019 almost
> >> exactly 2 years old. There are just a few very basic GPOs applied.
> >> The other workstations use the same GPOs. Some of the workstations
> >> update the data correctly, and a few not. The dnsmasq DHCP server
> >> which I use, is not able to handle any DNS updates, so that task is
> >> up to the Windows workstations.
> >>
> >> I will try to unjoin the offending workstations from the domain and
> >> join them again. If that does not help, I can always try to make
> >> clean installations of Windows. The offending workstations are mostly
> >> older (except one), originally upgraded from Windows 7, previously
> >> used in a Samba NT4 domain. I don't know if it's a long shot, but may
> >> really be the underlying cause.
> >
> > If the entries are old I would delete them first. If they where
> > created before a rejoin of the computer the entries belong to the old
> > computer account and can not be changed by the newly joined machine.
> > As you said it is mostly older computers that have that problem this
> > could be a problem.
> >
> > Regards
> >
> > Christian
> >
> Hi Christian,
> 
> See my previous answer to Louis. I'm going to delete the manually, if
> scavenging does not help. Otherwise it will be a rejoin to the domain.
> 
> Thanks for your input.
> 
> Best regards,
> 
> Peter
> 
> 
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba

More information about the samba mailing list