[Samba] samba AD-DC with bind9, dyn-dns complains that "No AD dhcp user exists"

Carlos Jesus camjesus2 at gmail.com
Sun Sep 12 09:30:26 UTC 2021 

just to wrap things up, since I couldn't find a way to recreate the _msdcs
zone, I nuked the AD.and restarted from scratch. The tkey issue was due to
a badly configured apparmor (the k directive was missing from dns.keytab).
Now off to add the users and share permissions.

Thanks for all the help!
CJ

Rowland Penny via samba <samba at lists.samba.org> escreveu no dia sexta,
10/09/2021 à(s) 09:05:

> On Fri, 2021-09-10 at 08:44 +0100, Roy Eastwood via samba wrote:
> >
> > Rowland is your man here, but there is normally a file in the
> > "/usr/local/samba/private" folder called "dns_update_list".   This
> > normally includes the _.msdcs zone etc.
>
> It always includes _msdcs zone, but if the zone isn't there, it cannot
> create the zone.
>
> >   It is used by the samba_dnsupdate script to populate DNS when the
> > domain is created, or a DC is added.
>
> No it isn't used when a domain is created or a DC is added, it is used
> by samba_dnsupdate when Samba is started and then every 10 minutes
> thereafter.
>
> >    So you could inspect that file and confirm it includes the _msdcs
> > zone then try:
>
> It doesn't, that is what my ldbsearch was for.
>
> >
> > samba_dnsupdate --verbose  --all-names
>
> That will just update the records from dns_update_list, but it will not
> create records if the base DN does not exist.
>
> >
> > You said in an earlier post you were getting "dns_tkey_gssnegotiate:
> > TKEY is unacceptable errors" - this needs to be resolved first.
>
> No the dns problem needs fixing first, it might fix this problem as
> well.
>
> >    I have found in the past that the file dns.keytab is in the
> > folder: /usr/local/samba/private.   This needs to be moved to the
> > /usr/local/samba/bind-dns folder and the group permission set to
> > allow bind to read it.   May be worth checking this.   Also the first
> > line in /etc/resolv.conf needs to point to the actual ip address of
> > itself (not 127.0.0.1 and not other DCs in the domain).
> >
> > HTH
> >
> > Roy
>
> Rowland
>
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
>

More information about the samba mailing list