samba - Feb 2020 - Samba] Samba 4.11.6 cannot JOIN - 'Could not find machine account'

On 15/02/2020 20:08, Rick Hollinbeck wrote:
> Andrew and Rowland - thank you for your input.
>
> I've actually made some progress finally!
>
> I double checked the items mentioned in this old thread describing solving
the same
> behavior:
> https://www.spinics.net/lists/samba/msg148337.html
>
> One little thing was different in my Windows Server's DNS
> (which had been upgraded over the years to 2008 functionality, as Rowland
says.)
>
> My domain zone (i.e. office.example.com) was set to replicate Forest wide,
like the _msdcs
> zone.
> I didn't think it mattered since this is a single domain forest.
> Anyway, I changed this to Domain-wide replication and, like a miracle, the
error went away
> and the Samba join finished!
>
> (It would be nice if Samba detected this replication situation and worked
around it or issued a
> good message - windows (e.g. dcdiag) seemed fine with it.)
>
> But, now I have a new problem with the joined Samba DC...
>
> I cannot get bind9 to run now - it fails because bind9_dlz cannot update
the reverse lookup
> zone:
Not sure about this, I use dhcp to update the records, but I seem to 
remember something about the windows clients needing to be configured to 
update the reverse because they do not do this by
default.
>
> $ sudo systemctl start bind9
> $ sudo systemctl status bind9
>
>   bind9.service - BIND Domain Name Server
>     Loaded: loaded (/lib/systemd/system/bind9.service; enabled; vendor
preset: enabled)
>     Active: failed (Result: exit-code) since Sat 2020-02-15 19:15:27 UTC;
13min ago
>       Docs: man:named(8)
>    Process: 677 ExecStart=/usr/sbin/named -f $OPTIONS (code=exited,
status=1/FAILURE)
>   Main PID: 677 (code=exited, status=1/FAILURE)
>
> Feb 15 19:15:25 samba1 named[677]: sizing zone task pool based on 5 zones
5 zones ?

I only have 3, can you run 'samba-tool dns zonelist <Your Samba AD DC 
shorthostname>' on your Samba AD DC.
> Feb 15 19:15:25 samba1 named[677]: Loading 'AD DNS Zone' using
driver dlopen
> Feb 15 19:15:27 samba1 named[677]: samba_dlz: started for DN
> DC=office,DC=example,DC=com
> Feb 15 19:15:27 samba1 named[677]: samba_dlz: starting configure
> Feb 15 19:15:27 samba1 named[677]: samba_dlz: configured writeable zone
> 'office.example.com'
> Feb 15 19:15:27 samba1 named[677]: samba_dlz: Failed to configure zone
> '..InProgress-5E38D3A5052380AD-0.168.192.in-addr.arpa'
> Feb 15 19:15:27 samba1 named[677]: loading configuration: empty label
> Feb 15 19:15:27 samba1 named[677]: exiting (due to fatal error)
> Feb 15 19:15:27 samba1 systemd[1]: bind9.service: Main process exited,
code=exited,
> status=1/FAILURE
> Feb 15 19:15:27 samba1 systemd[1]: bind9.service: Failed with result
'exit-code'.
>
> ----
>
> I've checked that my reverse zone on the Windows side is set to
Domain-Level replication
> and it is.
>
> I've also checked the named.conf stuff mentioned in the samba BIND9_DLZ
wiki and
> van-belle's Ubuntu howto.
>
> I'm stuck again now trying to solve this new one!
>
> BTW, after join, should I edit /etc/resolv.conf to include 127.0.0.1 ?
> (I've seen various posts about this, but it's confusing.)
No, just use the Samba DC's ipaddress

Rowland