[Samba] DNS Update problems
Stephen Brandli
steve at brandli.com
Wed Feb 12 02:37:14 UTC 2025
Still having problems with DNS Update:
I have two brand-new dc's running 4.21.3. The first of these was newly installed and joined a 4.9.5 domain. Then, the old dc's were retired. All seems well with the dc's. Replication, samba_dnsupdate checkout, and they both respond to DNS inquiries. Samba-tool dbcheck also finds no errors.
Installed a new 4.21.3 member server and joined it. Got:
Using short domain name -- BRANDLI
Joined 'TOWER' to dns domain 'domain.brandli.com'
DNS Update for tower.domain.brandli.com failed: ERROR_DNS_UPDATE_FAILED
DNS update failed: NT_STATUS_UNSUCCESSFUL
No errors in any logs on domain controllers or member server (unless I'm looking in the wrong place). The new server is in the domain computer list. But, the forward DNS record (A) is not there.
I see the wiki page with instructions on what to do in case of this error: run samba_dnsupdate. I did that. Still getting the error on join.
The resolv.conf on the member server points to the domain controllers.
I have had problems with computers not being able to update their DNS records from before this upgrade, especially two laptops that move locations and therefore IP addresses. I have had to add records DNS records manually. So, my guess is that something is missing, maybe a DNS record?, that prevents DNS updates in general.
I don't want to add IP addresses manually every time this is necessary.
In case it's helpful, here's the smb.conf of the member server:
[global]
security = ads
workgroup = BRANDLI
realm = DOMAIN.BRANDLI.COM
log file = /var/log/samba/tower.log
log level = 1
idmap config * : backend = tdb
idmap config * : range = 3000-7999
idmap config BRANDLI:backend = ad
idmap config BRANDLI:schema_mode = rfc2307
idmap config BRANDLI:range = 1000-1499
idmap config BRANDLI:unix_nss_info = no
idmap config BRANDLI:unix_primary_group = yes
inherit acls = yes
[Personal]
path = /home/shares/personal
writeable = yes
valid users = steve bj
force user = steve
force group = steve
What can I do to crack this nut? Thanks!
Steve
More information about the samba
mailing list