Hi,
We have a Samba AD domain with an Ubuntu 16 box as the AD DC . We then promoted
a Windows 2008R2 box as a DC. The DNS zone/data in the Samba AD gets replicated
to the Windows DC. However, when we try to add a host entry in Windows DNS, we
get the message
The host record abcd.LIN.GROUP cannot be created. Refused.
When we try to create the same in the Samba AD box, it works.
The DNS backend is BIND9_DLZ.
We followed the following to setup/diagnose the BIND9_DLZ. We've added the
entries in named.conf.options/apparmor.d
https://wiki.samba.org/index.php/BIND9_DLZ_DNS_Back_End
klist -kte dns.keytab
Keytab name: FILE:dns.keytab
KVNO Timestamp Principal
---- ----------------- --------------------------------------------------------
1 18/02/19 14:05:10 DNS/SERVER5.LIN.group at LIN.GROUP (des-cbc-crc)
1 18/02/19 14:05:10 dns-SERVER5 at LIN.GROUP (des-cbc-crc)
1 18/02/19 14:05:10 DNS/SERVER5.LIN.group at LIN.GROUP (des-cbc-md5)
1 18/02/19 14:05:10 dns-SERVER5 at LIN.GROUP (des-cbc-md5)
1 18/02/19 14:05:10 DNS/SERVER5.LIN.group at LIN.GROUP (arcfour-hmac)
1 18/02/19 14:05:10 dns-SERVER5 at LIN.GROUP (arcfour-hmac)
1 18/02/19 14:05:10 DNS/SERVER5.LIN.group at LIN.GROUP
(aes128-cts-hmac-sha1-96)
1 18/02/19 14:05:10 dns-SERVER5 at LIN.GROUP (aes128-cts-hmac-sha1-96)
1 18/02/19 14:05:10 DNS/SERVER5.LIN.group at LIN.GROUP
(aes256-cts-hmac-sha1-96)
1 18/02/19 14:05:10 dns-SERVER5 at LIN.GROUP (aes256-cts-hmac-sha1-96)
ldbsearch -H sam.ldb 'cn=dns-SERVER5' dn
dn: CN=dns-SERVER5,CN=Users,DC=LIN,DC=group
[global]
workgroup = LIN
realm = LIN.GROUP
netbios name = SERVER5
server role = active directory domain controller
idmap_ldb:use rfc2307 = yes
log file = /var/log/samba/log.%m
log level = 4
winbind nss info = rfc2307
allow dns updates = nonsecure and secure
dns forwarder = 8.8.8.8
Regards,
Praveen Ghimire
