[Samba] samba AD-DC with bind9, dyn-dns complains that "No AD dhcp user exists"
Rowland Penny
rpenny at samba.org
Fri Sep 10 08:04:19 UTC 2021
On Fri, 2021-09-10 at 08:44 +0100, Roy Eastwood via samba wrote:
>
> Rowland is your man here, but there is normally a file in the
> "/usr/local/samba/private" folder called "dns_update_list". This
> normally includes the _.msdcs zone etc.
It always includes _msdcs zone, but if the zone isn't there, it cannot
create the zone.
> It is used by the samba_dnsupdate script to populate DNS when the
> domain is created, or a DC is added.
No it isn't used when a domain is created or a DC is added, it is used
by samba_dnsupdate when Samba is started and then every 10 minutes
thereafter.
> So you could inspect that file and confirm it includes the _msdcs
> zone then try:
It doesn't, that is what my ldbsearch was for.
>
> samba_dnsupdate --verbose --all-names
That will just update the records from dns_update_list, but it will not
create records if the base DN does not exist.
>
> You said in an earlier post you were getting "dns_tkey_gssnegotiate:
> TKEY is unacceptable errors" - this needs to be resolved first.
No the dns problem needs fixing first, it might fix this problem as
well.
> I have found in the past that the file dns.keytab is in the
> folder: /usr/local/samba/private. This needs to be moved to the
> /usr/local/samba/bind-dns folder and the group permission set to
> allow bind to read it. May be worth checking this. Also the first
> line in /etc/resolv.conf needs to point to the actual ip address of
> itself (not 127.0.0.1 and not other DCs in the domain).
>
> HTH
>
> Roy
Rowland
More information about the samba
mailing list