> > > Join command was: > samba-tool domain join domain.com DC -k yes --server=vm-dc1.domain.com --dns-backend > SAMBA_INTERNAL -v -d 5 2>&1 | tee join.txtHere, you have "--dns-backend SAMBA_INTERNAL" where perhaps you meant "--dns-backend=SAMBA_INTERNAL" ? I'm guessing that it was interpreted as "--dns-backend=NONE" Kris Lou klou at themusiclink.net On Fri, Mar 13, 2020 at 8:57 AM Rowland penny via samba < samba at lists.samba.org> wrote:> On 13/03/2020 15:44, Alex via samba wrote: > > Hi, > > > > After joining samba DC (vm-dc4) to MS AD, I've discovered that most DNS > entries > > were not populated. Below are the only entries in the AD for the new DC: > > > > domain.com:VM-DC4 900 A 172.26.1.84 > > _msdcs.domain.com:d14c4206-79e3-441f-868a-6c693415256a 900 CNAME > vm-dc4.domain.com. > > > > Please, help me figure out what's going on. > > Try either setting: > > ldap server require strong auth = no > > Or: > > dns update command = /usr/sbin/samba_dnsupdate --use-samba-tool > > in smb.conf > > Rowland > > > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba >
On 13/03/2020 16:04, Kris Lou via samba wrote:>> >> Join command was: >> samba-tool domain join domain.com DC -k yes --server=vm-dc1.domain.com --dns-backend >> SAMBA_INTERNAL -v -d 5 2>&1 | tee join.txt > > Here, you have "--dns-backend SAMBA_INTERNAL" where perhaps you meant > "--dns-backend=SAMBA_INTERNAL" ? > > I'm guessing that it was interpreted as "--dns-backend=NONE" > >Good catch, I missed that, probably because you do not have to provide it, it is the default. If this is a new DC, I would just demote it and start again, but this time without the '--dns-backend' switch. Rowland
Guys, thanks for the catch! This time I removed dns-backend key from the command line and tried both variants: with and without "dns update command" in smb.conf: samba-tool domain join domain.com DC -k yes --server=vm-dc1.domain.com -v -d 5 2>&1 | tee join.txt And both times I got similar errors: either WERR_DNS_ERROR_DS_UNAVAILABLE or "TSIG error with server: tsig verify failure"> On 13/03/2020 16:04, Kris Lou via samba wrote: >>> >>> Join command was: >>> samba-tool domain join domain.com DC -k yes --server=vm-dc1.domain.com --dns-backend >>> SAMBA_INTERNAL -v -d 5 2>&1 | tee join.txt >> >> Here, you have "--dns-backend SAMBA_INTERNAL" where perhaps you meant >> "--dns-backend=SAMBA_INTERNAL" ? >> >> I'm guessing that it was interpreted as "--dns-backend=NONE" >> >> > Good catch, I missed that, probably because you do not have to provide > it, it is the default.> If this is a new DC, I would just demote it and start again, but this > time without the '--dns-backend' switch.-- Best regards, Alex