[Samba] samba AD-DC with bind9, dyn-dns complains that "No AD dhcp user exists"
spindles7 at gmail.com
Fri Sep 10 07:44:45 UTC 2021
On 09 September 2021 23:35 Carlos Jesus wrote:
> No problem Roy, you're talking to the noise master here...
> Ok. Bottom line, is there any way to create _msdcs.domain without using
> samba-tool and/or RSAT? I don't really mind reseting ALL zones and
> repopulate them again using dhcp. Wouldn't delete
> /usr/local/samba/bind-dns/dns/sam.ldb.d/* and reset the DNS Backend to
> something like that?
Rowland is your man here, but there is normally a file in the "/usr/local/samba/private" folder called "dns_update_list". This normally includes the _.msdcs zone etc. It is used by the samba_dnsupdate script to populate DNS when the domain is created, or a DC is added. So you could inspect that file and confirm it includes the _msdcs zone then try:
samba_dnsupdate --verbose --all-names
You said in an earlier post you were getting "dns_tkey_gssnegotiate: TKEY is unacceptable errors" - this needs to be resolved first. I have found in the past that the file dns.keytab is in the folder: /usr/local/samba/private. This needs to be moved to the /usr/local/samba/bind-dns folder and the group permission set to allow bind to read it. May be worth checking this. Also the first line in /etc/resolv.conf needs to point to the actual ip address of itself (not 127.0.0.1 and not other DCs in the domain).
More information about the samba