On 1/2/2018 2:23 PM, Rowland Penny wrote:> On Tue, 2 Jan 2018 14:15:11 -0500 > lingpanda101 <lingpanda101 at gmail.com> wrote: > >> On 1/2/2018 1:51 PM, Rowland Penny wrote: >>> On Tue, 2 Jan 2018 13:38:52 -0500 >>> lingpanda101 via samba <samba at lists.samba.org> wrote: >>> >>> >>>> A few other observations while attempting to switch. >>>> >>>> * I do not have a dns.keytab file. Should I or is created after >>>> attempting to switch? >>> See my earlier post about samba_dnsupgrade. >>> >>>> * running 'named-checkconf' throws an error. >>> It would, it cannot find the zones files that are now in AD. >>> >>> Rowland >> Rowland, >> >> I think I'm on the home stretch :). However I am running into a >> issue after switching the backend. The switch command completes >> successfully. Bind starts but I get errors when attempting to run >> this command after reboot. >> >> samba_dnsupdate --verbose --all-names >> >> I get this error for all updates. >> >> TSIG error with server: tsig indicates error >> update failed: NOTAUTH(BADSIG) >> Failed nsupdate: 2 >> update(nsupdate): A gc._msdcs.domain.local 172.16.22.27 >> Calling nsupdate for A gc._msdcs.domain.local 172.16.22.27 (add) >> Successfully obtained Kerberos ticket to DNS/DDC1.domain.local as >> DDC2$ Outgoing update query: >> ;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id: 0 >> ;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0 >> ;; UPDATE SECTION: >> gc._msdcs.domain.local. 900 IN A 172.16.22.27 >> >> >> I can connect to the server via. Windows DNS Manager and browse. >> >> > Try adding '--use-samba-tool' to the 'samba_dnsupdate' command > > RowlandI will add that DNS is replicating correctly. I deleted and added a DNS A record and it replicated instantaneously across sites. -- -- James
On Tue, 2 Jan 2018 14:40:10 -0500 lingpanda101 <lingpanda101 at gmail.com> wrote:> On 1/2/2018 2:23 PM, Rowland Penny wrote: > > On Tue, 2 Jan 2018 14:15:11 -0500 > > lingpanda101 <lingpanda101 at gmail.com> wrote: > > > >> On 1/2/2018 1:51 PM, Rowland Penny wrote: > >>> On Tue, 2 Jan 2018 13:38:52 -0500 > >>> lingpanda101 via samba <samba at lists.samba.org> wrote: > >>> > >>> > >>>> A few other observations while attempting to switch. > >>>> > >>>> * I do not have a dns.keytab file. Should I or is created > >>>> after attempting to switch? > >>> See my earlier post about samba_dnsupgrade. > >>> > >>>> * running 'named-checkconf' throws an error. > >>> It would, it cannot find the zones files that are now in AD. > >>> > >>> Rowland > >> Rowland, > >> > >> I think I'm on the home stretch :). However I am running > >> into a issue after switching the backend. The switch command > >> completes successfully. Bind starts but I get errors when > >> attempting to run this command after reboot. > >> > >> samba_dnsupdate --verbose --all-names > >> > >> I get this error for all updates. > >> > >> TSIG error with server: tsig indicates error > >> update failed: NOTAUTH(BADSIG) > >> Failed nsupdate: 2 > >> update(nsupdate): A gc._msdcs.domain.local 172.16.22.27 > >> Calling nsupdate for A gc._msdcs.domain.local 172.16.22.27 (add) > >> Successfully obtained Kerberos ticket to DNS/DDC1.domain.local as > >> DDC2$ Outgoing update query: > >> ;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id: 0 > >> ;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0 > >> ;; UPDATE SECTION: > >> gc._msdcs.domain.local. 900 IN A 172.16.22.27 > >> > >> > >> I can connect to the server via. Windows DNS Manager and browse. > >> > >> > > Try adding '--use-samba-tool' to the 'samba_dnsupdate' command > > > > Rowland > > I will add that DNS is replicating correctly. I deleted and added a > DNS A record and it replicated instantaneously across sites. >The problem is that only the owner (or a member of dnsadmins) of a dns record can update it. You seem to be trying to use a computer account (fairly common) that doesn't own the records. Rowland
On 1/2/2018 2:49 PM, Rowland Penny wrote:> On Tue, 2 Jan 2018 14:40:10 -0500 > lingpanda101 <lingpanda101 at gmail.com> wrote: > >> On 1/2/2018 2:23 PM, Rowland Penny wrote: >>> On Tue, 2 Jan 2018 14:15:11 -0500 >>> lingpanda101 <lingpanda101 at gmail.com> wrote: >>> >>>> On 1/2/2018 1:51 PM, Rowland Penny wrote: >>>>> On Tue, 2 Jan 2018 13:38:52 -0500 >>>>> lingpanda101 via samba <samba at lists.samba.org> wrote: >>>>> >>>>> >>>>>> A few other observations while attempting to switch. >>>>>> >>>>>> * I do not have a dns.keytab file. Should I or is created >>>>>> after attempting to switch? >>>>> See my earlier post about samba_dnsupgrade. >>>>> >>>>>> * running 'named-checkconf' throws an error. >>>>> It would, it cannot find the zones files that are now in AD. >>>>> >>>>> Rowland >>>> Rowland, >>>> >>>> I think I'm on the home stretch :). However I am running >>>> into a issue after switching the backend. The switch command >>>> completes successfully. Bind starts but I get errors when >>>> attempting to run this command after reboot. >>>> >>>> samba_dnsupdate --verbose --all-names >>>> >>>> I get this error for all updates. >>>> >>>> TSIG error with server: tsig indicates error >>>> update failed: NOTAUTH(BADSIG) >>>> Failed nsupdate: 2 >>>> update(nsupdate): A gc._msdcs.domain.local 172.16.22.27 >>>> Calling nsupdate for A gc._msdcs.domain.local 172.16.22.27 (add) >>>> Successfully obtained Kerberos ticket to DNS/DDC1.domain.local as >>>> DDC2$ Outgoing update query: >>>> ;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id: 0 >>>> ;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0 >>>> ;; UPDATE SECTION: >>>> gc._msdcs.domain.local. 900 IN A 172.16.22.27 >>>> >>>> >>>> I can connect to the server via. Windows DNS Manager and browse. >>>> >>>> >>> Try adding '--use-samba-tool' to the 'samba_dnsupdate' command >>> >>> Rowland >> I will add that DNS is replicating correctly. I deleted and added a >> DNS A record and it replicated instantaneously across sites. >> > The problem is that only the owner (or a member of dnsadmins) of a dns > record can update it. You seem to be trying to use a computer account > (fairly common) that doesn't own the records. > > RowlandActually it looks as if Bind isn't running. Though I could've sworn it did at one point. service bind9 restart * Stopping domain name service... bind9 rndc: connect failed: 127.0.0.1#953: connection refused [ OK ] * Starting domain name service... bind9 [fail] Log shows; Jan 2 15:20:51 ddc2 named[2793]: ---------------------------------------------------- Jan 2 15:20:51 ddc2 named[2793]: BIND 9 is maintained by Internet Systems Consortium, Jan 2 15:20:51 ddc2 named[2793]: Inc. (ISC), a non-profit 501(c)(3) public-benefit Jan 2 15:20:51 ddc2 named[2793]: corporation. Support and training for BIND 9 are Jan 2 15:20:51 ddc2 named[2793]: available at https://www.isc.org/support Jan 2 15:20:51 ddc2 named[2793]: ---------------------------------------------------- Jan 2 15:20:51 ddc2 named[2793]: adjusted limit on open files from 4096 to 1048576 Jan 2 15:20:51 ddc2 named[2793]: found 2 CPUs, using 2 worker threads Jan 2 15:20:51 ddc2 named[2793]: using 2 UDP listeners per interface Jan 2 15:20:51 ddc2 named[2793]: using up to 4096 sockets Jan 2 15:20:51 ddc2 named[2793]: loading configuration from '/etc/bind/named.conf' Jan 2 15:20:51 ddc2 named[2793]: /etc/bind/named.conf:15: 'options' redefined near 'options' Jan 2 15:20:51 ddc2 named[2793]: loading configuration: already exists Jan 2 15:20:51 ddc2 named[2793]: exiting (due to fatal error) It seems to stem from the issue I had before "/etc/bind/named.conf:15: 'options' redefined near 'options'" -- -- James