David STIEVENARD
2016-May-05 08:52 UTC
[Samba] standalone ADDC with samba_internal dns backend - windows client do not register in dns
good lords of Kobol, that solved my problem ! thank you very much ! As we can consider this as an official workaround, should it be in the wiki ? (this is definitively in my docs now :) On 05/04/2016 07:55 PM, lingpanda101 at gmail.com wrote:> On 5/4/2016 5:02 AM, David STIEVENARD wrote: >> Hi >> >> first project with samba, first post on this mailing list and, >> actually, first time using a mailing list ever ;-) >> >> >> >> In summary >> =========================================>> I try to install samba in a test VMs, everything seems fine but when >> windows client joins the domain it doesn't register in samba's >> internal dns >> >> >> >> in detail >> =========================================>> My objective >> - for a small business (200 users), get rid of an old microsoft AD >> and use Samba instead >> - before going into production, I test the setup on VMs to learn how >> the beast behaves >> - I use the "internal_dns" as a dns backend >> >> >> Problem : >> - domain provision is ok >> - all tests are ok >> - windows client (7pro or 10pro) joins the domain without complaining >> but it doesn't register in the dns >> >> >> My source of informations : >> - for the setup : >> https://wiki.samba.org/index.php/Setup_a_Samba_Active_Directory_Domain_Controller >> - for the verification : >> https://wiki.samba.org/index.php/Setup_a_Samba_Active_Directory_Domain_Controller#Testing_your_Samba_Domain_Controller >> - all thoses tests on the domains are ok >> - I found also this >> https://wiki.samba.org/index.php/Fix_DNS_dynamic_updates_in_Samba_versions_prior_4.0.7 >> but the version I use are older then 4.0.7 >> - tried ipconfig /registerdns -> same problem >> >> >> The operating systems OS I tested : >> - samba 4.2.7 binary pkg on FreeBSD 10.2 -> works, I can't find why >> - samba 4.3.3 binary pkg or ports on FreeBSD 10.2 -> same problem >> - samba 4.3.8 binary pkg on FreeBSD 10.3 -> same problem >> - samba 4.4.2 with github on Debian 8.4 -> same problem >> >> >> Any suggestion will be appreciated ! >> >> Thanks >> DS >> >> > > David, > > Secure updates are broken on Samba 4.3 and higher when using the > internal DNS. You must use 'allow dns updates = nonsecure' in your > smb.conf global section. Otherwise use bind. > > See bug https://bugzilla.samba.org/show_bug.cgi?id=11520 >
Andrew Bartlett
2016-May-14 10:19 UTC
[Samba] standalone ADDC with samba_internal dns backend - windows client do not register in dns
On Thu, 2016-05-05 at 16:52 +0800, David STIEVENARD wrote:> good lords of Kobol, that solved my problem ! > thank you very much ! > > As we can consider this as an official workaround, should it be in > the > wiki ? (this is definitively in my docs now :) >Turning off DNS update security really should not be recommended at all. I realise this is a difficult situation, and we hope to address this regression soon. Andrew Bartlett -- Andrew Bartlett http://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org Samba Developer, Catalyst IT http://catalyst.net.nz/services/samba
mathias dufresne
2016-May-23 14:42 UTC
[Samba] standalone ADDC with samba_internal dns backend - windows client do not register in dns
In short: BIND9_DLZ to avoid issues. Regarding your issue with internal DNS and client updates, I don't know if Windows client rely on DNS I would check SOA record of root zone to verify it is set up correctly (ie it is aiming a valid DC, up and well running) with: dig -t SOA your.domain.tld (on linux) nslookup -type=soa your.domain.tld (on windows) You must receive a reply. The reply must be a valid DC with working DNS service because SOA is "where to write updates", if no SOA is available, no update can work. Another point which could help (rather than ill speaking about internal DNS) is the fact the DNS root zone security tab (available running MS DNS console from RSAT, then right click on the root zone to get "properties" then "security tab") there is a line granting to "authenticated users" the right to "create all child objects". For me, this security configuration is meant to grant any authenticated user (a computer is also a user) to update the zone to create new entry, so for machines can create their own DNS entry. Regarding deletion of DNS entry as the user who creates this entry is the host itself (my-machine.ad.domain.tld is created by computer-user named "my-machine$"), the host is owner of the object and as "full control" on the entry. 2016-05-14 12:19 GMT+02:00 Andrew Bartlett <abartlet at samba.org>:> On Thu, 2016-05-05 at 16:52 +0800, David STIEVENARD wrote: > > good lords of Kobol, that solved my problem ! > > thank you very much ! > > > > As we can consider this as an official workaround, should it be in > > the > > wiki ? (this is definitively in my docs now :) > > > > Turning off DNS update security really should not be recommended at > all. > > I realise this is a difficult situation, and we hope to address this > regression soon. > > Andrew Bartlett > > -- > Andrew Bartlett http://samba.org/~abartlet/ > Authentication Developer, Samba Team http://samba.org > Samba Developer, Catalyst IT > http://catalyst.net.nz/services/samba > > > > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba >
Apparently Analagous Threads
- standalone ADDC with samba_internal dns backend - windows client do not register in dns
- standalone ADDC with samba_internal dns backend - windows client do not register in dns
- standalone ADDC with samba_internal dns backend - windows client do not register in dns
- Win 10 Pro /registerdns issue with Samba 4.3.9 / TKEY Refused SOA
- DNS backend SAMBA_INTERNAL name resolution through VPN