Carlos Jesus
2021-Sep-09 22:35 UTC
[Samba] samba AD-DC with bind9, dyn-dns complains that "No AD dhcp user exists"
No problem Roy, you're talking to the noise master here... Ok. Bottom line, is there any way to create _msdcs.domain without using samba-tool and/or RSAT? I don't really mind reseting ALL zones and repopulate them again using dhcp. Wouldn't delete /usr/local/samba/bind-dns/dns/sam.ldb.d/* and reset the DNS Backend to something like that? Roy Eastwood via samba <samba at lists.samba.org> escreveu no dia quinta, 9/09/2021 ?(s) 18:07:> On 09 September 2021 17:52 Rowland Penny wrote: > > On Thu, 2021-09-09 at 17:38 +0100, Roy Eastwood via samba wrote: > > > > > > I get the same error when I run your command, yet I DO have the > > > _msdcs zone. Maybe there's still something amiss with your > > > ldbsearch command? > > > > > > Roy > > > > > > > > > > Okay, when I run the command, I get this: > > > [snip] > apologies, when I correct spurious characters which somehow got inserted > with copy & paste I too get a similar output! Sorry for the noise. > Roy > > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba >
Roy Eastwood
2021-Sep-10 07:44 UTC
[Samba] samba AD-DC with bind9, dyn-dns complains that "No AD dhcp user exists"
On 09 September 2021 23:35 Carlos Jesus wrote:> No problem Roy, you're talking to the noise master here... > Ok. Bottom line, is there any way to create _msdcs.domain without using > samba-tool and/or RSAT? I don't really mind reseting ALL zones and > repopulate them again using dhcp. Wouldn't delete > /usr/local/samba/bind-dns/dns/sam.ldb.d/* and reset the DNS Backend to > something like that?Rowland is your man here, but there is normally a file in the "/usr/local/samba/private" folder called "dns_update_list". This normally includes the _.msdcs zone etc. It is used by the samba_dnsupdate script to populate DNS when the domain is created, or a DC is added. So you could inspect that file and confirm it includes the _msdcs zone then try: samba_dnsupdate --verbose --all-names You said in an earlier post you were getting "dns_tkey_gssnegotiate: TKEY is unacceptable errors" - this needs to be resolved first. I have found in the past that the file dns.keytab is in the folder: /usr/local/samba/private. This needs to be moved to the /usr/local/samba/bind-dns folder and the group permission set to allow bind to read it. May be worth checking this. Also the first line in /etc/resolv.conf needs to point to the actual ip address of itself (not 127.0.0.1 and not other DCs in the domain). HTH Roy