Hello guys, hope you're doing good: I'm running a couple of Samba servers like follows: Primary DC ========Platform: Zentyal 4.2 development x68_64 Samba: 4.3.4-Zentyal DNS: BIND9_DLZ_module Role: Primary Domain Controller Setup: By default, following Zentyal's web interface. Secondary DC ==========Platform: CentOS 7 x86_64 Samba: 4.3.4 built from source DNS: SAMBA_INTERNAL Role: Backup Domain Controller: Setup: According to https://wiki.samba.org/index.php/Join_an_additional_Samba_DC_to_an_existing_Active_Directory I've recently noticed that the following log messages (repeated times) appear every 10 minutes on my CentOS BDC: Feb 22 07:38:12 storage samba[27405]: [2016/02/22 07:38:12.057697, 0] ../lib/util/util_runcmd.c:328(samba_runcmd_io_handler) Feb 22 07:38:12 storage samba[27405]: /usr/local/samba-4.3.4/sbin/samba_dnsupdate: update failed: NOTAUTH I have no idea what this error means. As I followed almost "by default" settings in the setup procedure I might suspect there's something missing that needs to be fixed or improved in my settings. The only suspicious stuff I noticed is that these 2 Samba servers have a couple of minutes of difference in time. I can fix this by using NTP but not sure if this is the cause of error. I hope someone can give me some ideas about this error or point me to some documentation resource. Any help is appreciated. Thanks in advance Have a nice day!
On 22/02/16 12:49, Jason Voorhees wrote:> Hello guys, hope you're doing good: > > I'm running a couple of Samba servers like follows: > > Primary DC > ========> Platform: Zentyal 4.2 development x68_64 > Samba: 4.3.4-Zentyal > DNS: BIND9_DLZ_module > Role: Primary Domain Controller > Setup: By default, following Zentyal's web interface. > > > Secondary DC > ==========> Platform: CentOS 7 x86_64 > Samba: 4.3.4 built from source > DNS: SAMBA_INTERNAL > Role: Backup Domain Controller: > Setup: According to > https://wiki.samba.org/index.php/Join_an_additional_Samba_DC_to_an_existing_Active_Directory > > > I've recently noticed that the following log messages (repeated times) > appear every 10 minutes on my CentOS BDC: > > Feb 22 07:38:12 storage samba[27405]: [2016/02/22 07:38:12.057697, 0] > ../lib/util/util_runcmd.c:328(samba_runcmd_io_handler) > Feb 22 07:38:12 storage samba[27405]: > /usr/local/samba-4.3.4/sbin/samba_dnsupdate: update failed: NOTAUTH > > I have no idea what this error means. As I followed almost "by > default" settings in the setup procedure I might suspect there's > something missing that needs to be fixed or improved in my settings. > The only suspicious stuff I noticed is that these 2 Samba servers have > a couple of minutes of difference in time. I can fix this by using NTP > but not sure if this is the cause of error. > > I hope someone can give me some ideas about this error or point me to > some documentation resource. > > Any help is appreciated. Thanks in advance > > Have a nice day! >Do the DCs point at each other for dns ? i.e. is /etc/resolv.conf on the first DC something like this: search your.domian.com nameserver ip.of.second.dc nameserver ip.of.this.dc and on the second DC: search your.domian.com nameserver ip.of.first.dc nameserver ip.of.this.dc I would also ensure that ntp is running on both DCs, using the same external ntp servers and then your workstations would use your DCs for their time servers. One last comment, you haven't got a primary DC and a backup DC, you just have two DCs. The only difference between your two DCs is the FSMO roles and these can be moved from DC to DC. Rowland
Hello Rowland, thanks for your help. My replies lines below:> Do the DCs point at each other for dns ? > > i.e. is /etc/resolv.conf on the first DC something like this: > > search your.domian.com > nameserver ip.of.second.dc > nameserver ip.of.this.dc > > and on the second DC: > > search your.domian.com > nameserver ip.of.first.dc > nameserver ip.of.this.dc >Yes, they both point to each other just as you suggested.> I would also ensure that ntp is running on both DCs, using the same external > ntp servers and then your workstations would use your DCs for their time > servers. >I've just configured NTP on both servers, they now have only 1 seconds of difference.> One last comment, you haven't got a primary DC and a backup DC, you just > have two DCs. The only difference between your two DCs is the FSMO roles and > these can be moved from DC to DC. >What type of DCs are these two servers? Some kind of two Primary or Master DC each one? Shouldn't I have a PDC and a BDC? (I thought this the recommeded setup for DCs). Please let me know if I'm doing anything wrong here. I'm going to check if samba_dnsupdate error messages dissapear in the following minutes/hours after synchronizing both servers using NTP, but I don't know what caused this error. Was it really caused by time differences between servers? or is there anything else that might need to be fixed? Thanks again