[Samba] DNS Update problems

Stephen Brandli steve at brandli.com
Fri Feb 14 18:00:22 UTC 2025 

Yes, .15 is a fixed IP.

After receiving this, I tried it again.  This involved deleting the DNS entry that I created manually and doing a new join.  This time it worked.  I know this wasn't working with the hosts file that I put in the email below, which is still the same.  However, I did make one change prior.  On the member server, resolv.conf had the line "options edns0 trust-ad."  I believe the line came from systemd-resolved.  My script for creating these machines (which are in containers) installs resolved because most of the containers use it.  For the domain controllers and the member server, while resolved is running, I replace the resolv.conf symlink with a copy of what it referred to and then modify that.  I turn off resolved and reboot.  So the options line came from resolved's stub resolv.conf.  I don't understand what exactly the options line does, but that's the only change that I am aware of.

I really appreciate your help on this.  I hope my experience helps others.

	Steve

-----Original Message-----
From: samba <samba-bounces at lists.samba.org> On Behalf Of Rowland Penny via samba
Sent: Friday, February 14, 2025 5:06 AM
To: samba at lists.samba.org
Cc: Rowland Penny <rpenny at samba.org>
Subject: Re: [Samba] DNS Update problems

On Wed, 12 Feb 2025 11:40:19 +0000
Stephen Brandli <steve at brandli.com> wrote:

> Roland, thanks for the reply.
> 
> >I think I can explain that, does /etc/hosts contain a line similar to
> >this:
> >x.x.x.x member.samdom.example.com member
> 
> Yes.  /etc/hosts:
> 
> 127.0.0.1 localhost
> 10.65.187.15 tower.domain.brandli.com tower
> ::1 localhost ip6-localhost ip6-loopback
> Ff02::1 ip6-allnodes
> Ff02::2 ip6-allrouters
> 
> Where .15 is tower's ip address, and domain.brandli.com is the domain.
> 
> Could this be permissions on something? 

I do not think so, I only get the join dns error if /etc/hosts isn't configured correctly. I take it that '10.65.187.15' is a fixed IP. 

> I first tried to join with
> brandli\steve, a user in the domain administrator's group.  This 
> failed.  I then tried with administrator and this work.  I've always 
> joined machines with brandli\steve before.  Don't know if this is 
> relevant.

Using a user that is a member of Domain Admins should work, at least it works for me, but I kinit first and then use kerberos.

Rowland

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

More information about the samba mailing list