On 1/2/2018 1:51 PM, Rowland Penny wrote:> On Tue, 2 Jan 2018 13:38:52 -0500 > lingpanda101 via samba <samba at lists.samba.org> wrote: > > >> A few other observations while attempting to switch. >> >> * I do not have a dns.keytab file. Should I or is created after >> attempting to switch? > See my earlier post about samba_dnsupgrade. > >> * running 'named-checkconf' throws an error. > It would, it cannot find the zones files that are now in AD. > > RowlandRowland, I think I'm on the home stretch :). However I am running into a issue after switching the backend. The switch command completes successfully. Bind starts but I get errors when attempting to run this command after reboot. samba_dnsupdate --verbose --all-names I get this error for all updates. TSIG error with server: tsig indicates error update failed: NOTAUTH(BADSIG) Failed nsupdate: 2 update(nsupdate): A gc._msdcs.domain.local 172.16.22.27 Calling nsupdate for A gc._msdcs.domain.local 172.16.22.27 (add) Successfully obtained Kerberos ticket to DNS/DDC1.domain.local as DDC2$ Outgoing update query: ;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id: 0 ;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0 ;; UPDATE SECTION: gc._msdcs.domain.local. 900 IN A 172.16.22.27 I can connect to the server via. Windows DNS Manager and browse. -- -- James
On Tue, 2 Jan 2018 14:15:11 -0500 lingpanda101 <lingpanda101 at gmail.com> wrote:> On 1/2/2018 1:51 PM, Rowland Penny wrote: > > On Tue, 2 Jan 2018 13:38:52 -0500 > > lingpanda101 via samba <samba at lists.samba.org> wrote: > > > > > >> A few other observations while attempting to switch. > >> > >> * I do not have a dns.keytab file. Should I or is created after > >> attempting to switch? > > See my earlier post about samba_dnsupgrade. > > > >> * running 'named-checkconf' throws an error. > > It would, it cannot find the zones files that are now in AD. > > > > Rowland > > Rowland, > > I think I'm on the home stretch :). However I am running into a > issue after switching the backend. The switch command completes > successfully. Bind starts but I get errors when attempting to run > this command after reboot. > > samba_dnsupdate --verbose --all-names > > I get this error for all updates. > > TSIG error with server: tsig indicates error > update failed: NOTAUTH(BADSIG) > Failed nsupdate: 2 > update(nsupdate): A gc._msdcs.domain.local 172.16.22.27 > Calling nsupdate for A gc._msdcs.domain.local 172.16.22.27 (add) > Successfully obtained Kerberos ticket to DNS/DDC1.domain.local as > DDC2$ Outgoing update query: > ;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id: 0 > ;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0 > ;; UPDATE SECTION: > gc._msdcs.domain.local. 900 IN A 172.16.22.27 > > > I can connect to the server via. Windows DNS Manager and browse. > >Try adding '--use-samba-tool' to the 'samba_dnsupdate' command Rowland
On 1/2/2018 2:23 PM, Rowland Penny wrote:> On Tue, 2 Jan 2018 14:15:11 -0500 > lingpanda101 <lingpanda101 at gmail.com> wrote: > >> On 1/2/2018 1:51 PM, Rowland Penny wrote: >>> On Tue, 2 Jan 2018 13:38:52 -0500 >>> lingpanda101 via samba <samba at lists.samba.org> wrote: >>> >>> >>>> A few other observations while attempting to switch. >>>> >>>> * I do not have a dns.keytab file. Should I or is created after >>>> attempting to switch? >>> See my earlier post about samba_dnsupgrade. >>> >>>> * running 'named-checkconf' throws an error. >>> It would, it cannot find the zones files that are now in AD. >>> >>> Rowland >> Rowland, >> >> I think I'm on the home stretch :). However I am running into a >> issue after switching the backend. The switch command completes >> successfully. Bind starts but I get errors when attempting to run >> this command after reboot. >> >> samba_dnsupdate --verbose --all-names >> >> I get this error for all updates. >> >> TSIG error with server: tsig indicates error >> update failed: NOTAUTH(BADSIG) >> Failed nsupdate: 2 >> update(nsupdate): A gc._msdcs.domain.local 172.16.22.27 >> Calling nsupdate for A gc._msdcs.domain.local 172.16.22.27 (add) >> Successfully obtained Kerberos ticket to DNS/DDC1.domain.local as >> DDC2$ Outgoing update query: >> ;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id: 0 >> ;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0 >> ;; UPDATE SECTION: >> gc._msdcs.domain.local. 900 IN A 172.16.22.27 >> >> >> I can connect to the server via. Windows DNS Manager and browse. >> >> > Try adding '--use-samba-tool' to the 'samba_dnsupdate' command > > RowlandRowland, All kinds of errors now with that command; 20 DNS updates and 0 DNS deletes needed Successfully obtained Kerberos ticket to DNS/DDC1.domain.local as DDC2$ update (samba-tool): A domain.local 172.16.22.27 Calling samba-tool dns for A domain.local 172.16.22.27 (add) Calling samba-tool dns add -k no -P ['172.16.22.27', 'domain.local', '@', 'A', '172.16.22.27'] ERROR(runtime): uncaught exception - (9711, 'WERR_DNS_ERROR_RECORD_ALREADY_EXISTS') File "/usr/local/samba/lib/python2.7/site-packages/samba/netcmd/__init__.py", line 176, in _run return self.run(*args, **kwargs) File "/usr/local/samba/lib/python2.7/site-packages/samba/netcmd/dns.py", line 940, in run raise e Failed 'samba-tool dns' based update of A domain.local 172.16.22.27 -- -- James
On 1/2/2018 2:23 PM, Rowland Penny wrote:> On Tue, 2 Jan 2018 14:15:11 -0500 > lingpanda101 <lingpanda101 at gmail.com> wrote: > >> On 1/2/2018 1:51 PM, Rowland Penny wrote: >>> On Tue, 2 Jan 2018 13:38:52 -0500 >>> lingpanda101 via samba <samba at lists.samba.org> wrote: >>> >>> >>>> A few other observations while attempting to switch. >>>> >>>> * I do not have a dns.keytab file. Should I or is created after >>>> attempting to switch? >>> See my earlier post about samba_dnsupgrade. >>> >>>> * running 'named-checkconf' throws an error. >>> It would, it cannot find the zones files that are now in AD. >>> >>> Rowland >> Rowland, >> >> I think I'm on the home stretch :). However I am running into a >> issue after switching the backend. The switch command completes >> successfully. Bind starts but I get errors when attempting to run >> this command after reboot. >> >> samba_dnsupdate --verbose --all-names >> >> I get this error for all updates. >> >> TSIG error with server: tsig indicates error >> update failed: NOTAUTH(BADSIG) >> Failed nsupdate: 2 >> update(nsupdate): A gc._msdcs.domain.local 172.16.22.27 >> Calling nsupdate for A gc._msdcs.domain.local 172.16.22.27 (add) >> Successfully obtained Kerberos ticket to DNS/DDC1.domain.local as >> DDC2$ Outgoing update query: >> ;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id: 0 >> ;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0 >> ;; UPDATE SECTION: >> gc._msdcs.domain.local. 900 IN A 172.16.22.27 >> >> >> I can connect to the server via. Windows DNS Manager and browse. >> >> > Try adding '--use-samba-tool' to the 'samba_dnsupdate' command > > RowlandI will add that DNS is replicating correctly. I deleted and added a DNS A record and it replicated instantaneously across sites. -- -- James