Bestattungen Vitt - Thomas Reitelbach
2023-Oct-27 13:24 UTC
[Samba] Member join to Active Directory -> DNS-Update fails
Hello list, I'm new to this list, i've searched via google and the mailing list archives but I cannot find a solution to my following problem, thus I hope for advice here. I'm trying to join a new samba-driven Fileserver to an existing Active Directory Domain. It consists of three AD Servers, all Samba, there is no windows server at all. My new file server is a fresh install of Debian 12 with stock samba packages, already prepared for domain join whith help of this site (https://wiki.samba.org/index.php/Setting_up_Samba_as_a_Domain_Member). At the step to join the domain with "net ads join -U Administrator" or with "samba-tool domain join ADVITT.SITE MEMBER -U administrator" I have a problem -> Domain join works, but DNS-Update does not: This is the output on the machine which I try to join: root at fs1:~# net ads join -U Administrator Password for [ADVITT\Administrator]: Using short domain name -- ADVITT Joined 'FS1' to dns domain 'advitt.site' DNS Update for fs1.advitt.site failed: ERROR_DNS_UPDATE_FAILED DNS update failed: NT_STATUS_UNSUCCESSFUL And this is the debug log on the machine where the DNS-Update is tried upon: Oct 27 14:58:21 vmads.vitt.site samba[16373]: [2023/10/27 14:58:21.679662, 0] ../source4/dns_server/dns_update.c:407(handle_one_update) Oct 27 14:58:21 vmads.vitt.site samba[16373]: Can't handle updates of type 255 yet I guess this is because this specific machine has an old samba version (4.6.4) which lacks the necessary functions. What are my options now? a) update Samba on the old machine to a current version? (not preferred) b) let the joining Fileserver choose a different AD-Server preferred for DNS-Updates? (how would I do that?? the other AD servers are running on debian 11 with samba 4.17.9) All FSMO-Roles are at the other AD servers. c) create the necessary DNS-Entry manually (tried that already with the Windows DNS Client, this works) d) ---another idea??? --- The server with the old samba version is my old File server and AD server in one machine and is going to be demoted and shut down soon (in the past I made the mistake to put File Server and AD Server on this machine) -> That's the reason why I want to join a new Fileserver to the domain. But unfortunately I cannot shut down the old server bevor the new one is in place. Sorry for the long explanation, hoping someone can push me in the right direction. Thank you in advance. -- Bestattungen Vitt oHG Inhaber Willi & Thomas Reitelbach Rochusstra?e 176 53123 Bonn-Duisdorf Registergericht: Amtsgericht Bonn, HRA 7958 Facebook: http://www.facebook.de/bestattungenvitt Gedenkportal: http://begleiten.bestattungen-vitt.de Internet: http://www.bestattungen-vitt.de Telefon: 0228 - 62 68 68 Fax: 0228 - 978 30 36
Luis Peromarta
2023-Oct-27 13:49 UTC
[Samba] Member join to Active Directory -> DNS-Update fails
Hi, On Oct 27, 2023 at 15:41 +0200, Bestattungen Vitt - Thomas Reitelbach via samba <samba at lists.samba.org>, wrote:> Hello list, > > > And this is the debug log on the machine where the DNS-Update is tried > upon: > Oct 27 14:58:21 vmads.vitt.site samba[16373]: [2023/10/27 > 14:58:21.679662, 0] > ../source4/dns_server/dns_update.c:407(handle_one_update) > Oct 27 14:58:21 vmads.vitt.site samba[16373]: Can't handle updates of > type 255 yet >I assume your record does not exist already.> I guess this is because this specific machine has an old samba version > (4.6.4) which lacks the necessary functions. > > What are my options now? > a) update Samba on the old machine to a current version? (not preferred)Excelent idea. Try: http://samba.bigbird.es/doku.php?id=samba:upgrade-sama> b) let the joining Fileserver choose a different AD-Server preferred for > DNS-Updates? (how would I do that?? the other AD servers are running on > debian 11 with samba 4.17.9) All FSMO-Roles are at the other AD servers.I don?t think you can do that unless you stop samba in the old server. Worth trying .> c) create the necessary DNS-Entry manually (tried that already with the > Windows DNS Client, this works) > d) ---another idea??? --- > > The server with the old samba version is my old File server and AD > server in one machineYou probably refer to a DC server, not an AD server.> ?and is going to be demoted and shut down soon (in > the past I made the mistake to put File Server and AD Server on this > machine)Bad idea. You know that already ;)> -> That's the reason why I want to join a new Fileserver to the > domain.Review your member server config, just in case your missing something: http://samba.bigbird.es/doku.php?id=samba:file-server And post your smb.conf on the new member server and one of the new DCs would help diagnose.> But unfortunately I cannot shut down the old server bevor the new one is > in place. > > Sorry for the long explanation, hoping someone can push me in the right > direction. > > Thank you in advance. >