[Samba] DNS update failed: NT_STATUS_INVALID_PARAMETER

Aaron C. de Bruyn aaron at heyaaron.com
Mon Nov 15 14:49:30 UTC 2021 

Just to double-check, 'example-test.com' isn't actually a domain that ends
with '.local' is it?

'.local' is reserved for multicast DNS.  Microsoft recommended for years to
create domains with '.local' at the end and it causes problems with systems
that implement multicast DNS.

If it does end with '.local', you need to modify nsswitch.con so the
'hosts:' line either doesn't include mdns4_minimal line, or remove the
'[NOTFOUND=return]' chunk.

If your domain ends with something other than .local that's not the issue.

-A


On Mon, Nov 15, 2021 at 3:49 AM Ivan Jurišić via samba <
samba at lists.samba.org> wrote:

>
>
> === Description of problem :
>
> I try my PC (Debian) add on AD-DC with:
>
> net ads join  -U administrator
>
> Output:
>
> Enter administrator's password:
> Using short domain name -- EXAMPLE
> Joined 'PC-IJURISIC' to dns domain 'example-test.com'
> No DNS domain configured for pc-ijurisic. Unable to perform DNS Update.
> DNS update failed: NT_STATUS_INVALID_PARAMETER
>
> But if I add in my /etc/hosts IP address (got by dhcpd)
>
> 192.168.0.112 pc-ijurisic.example-test.com pc-ijurisic
>
> and I try agean:
>
> net ads join  -U administrator
>
> Output:
>
> Enter administrator's password:
> Using short domain name -- EXAMPLE
> Joined 'PC-IJURISIC' to dns domain 'example-test.com'
>
> === Conclusion :
>
> If my PC have static IP adress I don't have problem to added my
> workstation on domain, but I use dhcp for get IP address, DNS, etc for
> network.
>
> Any tips how to fix ?
>
> === My configuration :
>
> cat /etc/krb5.conf
>
> [libdefaults]
>         default_realm = EXAMPLE-TEST.COM
>         dns_lookup_realm = false
>         dns_lookup_kdc = true
>
> [realms]
>         EXAMPLE-TEST.COM = {
>                 kdc = dc1.example-test.com
>                 admin_server = dc1.example-test.com
>         }
>
> [domain_realm]
>         .example-test.com = EXAMPLE-TEST.COM
>         example-test.com = EXAMPLE-TEST.COM
>
> cat /etc/samba/smb.conf
>
> [global]
> realm = EXAMPLE-TEST.COM
> security = ADS
> workgroup = EXAMPLE
> idmap config * : backend = tdb
> idmap config * : range = 3000-7999
> idmap config EXAMPLE : backend = rid
> idmap config EXAMPLE : range = 10000-999999
> winbind use default domain = Yes
> winbind refresh tickets = Yes
> winbind nss info = rfc2307
> winbind max domain connections = 10
> winbind max clients = 10
> template homedir = /home/%D/%U
> template shell = /bin/bash
> kerberos method = dedicated keytab
> dedicated keytab file = /etc/krb5.keytab
>
> cat /etc/nsswitch.conf
>
> passwd:         files winbind systemd
> group:          files winbind systemd
> shadow:         files
> gshadow:        files
> hosts:          files mdns4_minimal [NOTFOUND=return] dns wins
> networks:       files
> protocols:      db files
> services:       db files
> ethers:         db files
> rpc:            db files
> netgroup:       nis
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
>

More information about the samba mailing list