[Samba] DNS update failed: NT_STATUS_INVALID_PARAMETER

Tue Nov 16 09:58:15 UTC 2021

=== Solution :

1. I complete purge avahi:

apt purge avahi-daemon

2. Update /etc/nsswitch.conf

hosts:  files dns wins

3. Now I reboot my PC

After reboot of my Debian PC added on Domain without problems.

Thanks Aaron !!!

Dana 15.11.2021 15:49, Aaron C. de Bruyn via samba je napisao(la):

> Just to double-check, 'example-test.com' isn't actually a domain that 
> ends
> with '.local' is it?
> 
> '.local' is reserved for multicast DNS.  Microsoft recommended for 
> years to
> create domains with '.local' at the end and it causes problems with 
> systems
> that implement multicast DNS.
> 
> If it does end with '.local', you need to modify nsswitch.con so the
> 'hosts:' line either doesn't include mdns4_minimal line, or remove the
> '[NOTFOUND=return]' chunk.
> 
> If your domain ends with something other than .local that's not the 
> issue.
> 
> -A
> 
> On Mon, Nov 15, 2021 at 3:49 AM Ivan Jurišić via samba <
> samba at lists.samba.org> wrote:
> 
>> === Description of problem :
>> 
>> I try my PC (Debian) add on AD-DC with:
>> 
>> net ads join  -U administrator
>> 
>> Output:
>> 
>> Enter administrator's password:
>> Using short domain name -- EXAMPLE
>> Joined 'PC-IJURISIC' to dns domain 'example-test.com'
>> No DNS domain configured for pc-ijurisic. Unable to perform DNS 
>> Update.
>> DNS update failed: NT_STATUS_INVALID_PARAMETER
>> 
>> But if I add in my /etc/hosts IP address (got by dhcpd)
>> 
>> 192.168.0.112 pc-ijurisic.example-test.com pc-ijurisic
>> 
>> and I try agean:
>> 
>> net ads join  -U administrator
>> 
>> Output:
>> 
>> Enter administrator's password:
>> Using short domain name -- EXAMPLE
>> Joined 'PC-IJURISIC' to dns domain 'example-test.com'
>> 
>> === Conclusion :
>> 
>> If my PC have static IP adress I don't have problem to added my
>> workstation on domain, but I use dhcp for get IP address, DNS, etc for
>> network.
>> 
>> Any tips how to fix ?
>> 
>> === My configuration :
>> 
>> cat /etc/krb5.conf
>> 
>> [libdefaults]
>> default_realm = EXAMPLE-TEST.COM
>> dns_lookup_realm = false
>> dns_lookup_kdc = true
>> 
>> [realms]
>> EXAMPLE-TEST.COM = {
>> kdc = dc1.example-test.com
>> admin_server = dc1.example-test.com
>> }
>> 
>> [domain_realm]
>> .example-test.com = EXAMPLE-TEST.COM
>> example-test.com = EXAMPLE-TEST.COM
>> 
>> cat /etc/samba/smb.conf
>> 
>> [global]
>> realm = EXAMPLE-TEST.COM
>> security = ADS
>> workgroup = EXAMPLE
>> idmap config * : backend = tdb
>> idmap config * : range = 3000-7999
>> idmap config EXAMPLE : backend = rid
>> idmap config EXAMPLE : range = 10000-999999
>> winbind use default domain = Yes
>> winbind refresh tickets = Yes
>> winbind nss info = rfc2307
>> winbind max domain connections = 10
>> winbind max clients = 10
>> template homedir = /home/%D/%U
>> template shell = /bin/bash
>> kerberos method = dedicated keytab
>> dedicated keytab file = /etc/krb5.keytab
>> 
>> cat /etc/nsswitch.conf
>> 
>> passwd:         files winbind systemd
>> group:          files winbind systemd
>> shadow:         files
>> gshadow:        files
>> hosts:          files mdns4_minimal [NOTFOUND=return] dns wins
>> networks:       files
>> protocols:      db files
>> services:       db files
>> ethers:         db files
>> rpc:            db files
>> netgroup:       nis
>> --
>> To unsubscribe from this list go to the following URL and read the
>> instructions:  https://lists.samba.org/mailman/options/samba