Rowland Penny
2022-Nov-30 10:19 UTC
[Samba] accidentally upgraded DC to 4.17.3 ... didn't work
On 30/11/2022 10:03, Stefan G. Weichinger via samba wrote:> > starting adc1 broke DNS for the windows clients, so I had to stop it > again for now > > on adc1 I find: > > Nov 30 10:23:26 adc1 samba[80993]:?? /usr/sbin/samba_dnsupdate: ; TSIG > error with server: tsig verify failure > Nov 30 10:23:26 adc1 samba[80993]: [2022/11/30 10:23:26.255163,? 0] > ../../source4/dsdb/dns/dns_update.c:85(dnsupdate_n> > Nov 30 10:23:26 adc1 samba[80993]:?? dnsupdate_nameupdate_done: Failed > DNS update with exit code 41 > > I assumed that would be cleared after some initialization phase (like > last week). > >Did the new DC's nameserver point to its own ipaddress before you started Samba ? You could try adding: dns update command = /usr/sbin/samba_dnsupdate --use-samba-tool to the DC's smb.conf and then restart Samba. Rowland
Stefan G. Weichinger
2022-Nov-30 10:58 UTC
[Samba] accidentally upgraded DC to 4.17.3 ... didn't work
Am 30.11.22 um 11:19 schrieb Rowland Penny via samba:> > > On 30/11/2022 10:03, Stefan G. Weichinger via samba wrote: >> >> starting adc1 broke DNS for the windows clients, so I had to stop it >> again for now >> >> on adc1 I find: >> >> Nov 30 10:23:26 adc1 samba[80993]:?? /usr/sbin/samba_dnsupdate: ; TSIG >> error with server: tsig verify failure >> Nov 30 10:23:26 adc1 samba[80993]: [2022/11/30 10:23:26.255163,? 0] >> ../../source4/dsdb/dns/dns_update.c:85(dnsupdate_n> >> Nov 30 10:23:26 adc1 samba[80993]:?? dnsupdate_nameupdate_done: Failed >> DNS update with exit code 41 >> >> I assumed that would be cleared after some initialization phase (like >> last week). >> >> > > Did the new DC's nameserver point to its own ipaddress before you > started Samba ?adc1 has the IP 10.0.0.231 on interface "eno1" the resolv.conf contains its own IP at first and 10.0.0.230 for "adc2" at second -> # resolv.conf nameserver 10.0.0.231 nameserver 10.0.0.230 search arbeitsgruppe.my.tld both DCs have several VLAN-interfaces and IPs as well on adc2 I have bind interfaces only = yes interfaces = lo enp0s31f6 while on adc1 these lines are currently missing -> smb.conf was created from scratch at the join Last week there were numerous DNS-records added: one per VLAN ... maybe that is a problem, I removed them last week to run the DC in plain VLAN1= LAN only. I assume I should add that binding-config to adc1 as well.> You could try adding: > > dns update command = /usr/sbin/samba_dnsupdate --use-samba-tool > > to the DC's smb.conf and then restart Samba.Can do, have to check with the customer first: breaking the DNS as before isn't good while people are working.