[Samba] samba AD-DC with bind9, dyn-dns complains that "No AD dhcp user exists"

Roy Eastwood spindles7 at gmail.com
Fri Sep 10 07:44:45 UTC 2021

On 09 September 2021 23:35 Carlos Jesus wrote:
> No problem Roy, you're talking to the noise master here...
> Ok. Bottom line, is there any way to create _msdcs.domain without using
> samba-tool and/or RSAT? I don't really mind reseting ALL zones and
> repopulate them again using dhcp. Wouldn't delete
> /usr/local/samba/bind-dns/dns/sam.ldb.d/* and reset the DNS Backend to
> something like that?

Rowland is your man here, but there is normally a file in the "/usr/local/samba/private" folder called "dns_update_list".   This normally includes the _.msdcs zone etc.   It is used by the samba_dnsupdate script to populate DNS when the domain is created, or a DC is added.   So you could inspect that file and confirm it includes the _msdcs zone then try:

samba_dnsupdate --verbose  --all-names

You said in an earlier post you were getting "dns_tkey_gssnegotiate: TKEY is unacceptable errors" - this needs to be resolved first.   I have found in the past that the file dns.keytab is in the folder: /usr/local/samba/private.   This needs to be moved to the /usr/local/samba/bind-dns folder and the group permission set to allow bind to read it.   May be worth checking this.   Also the first line in /etc/resolv.conf needs to point to the actual ip address of itself (not and not other DCs in the domain).



More information about the samba mailing list