Roy Eastwood
2021-Sep-10 07:44 UTC
[Samba] samba AD-DC with bind9, dyn-dns complains that "No AD dhcp user exists"
On 09 September 2021 23:35 Carlos Jesus wrote:> No problem Roy, you're talking to the noise master here... > Ok. Bottom line, is there any way to create _msdcs.domain without using > samba-tool and/or RSAT? I don't really mind reseting ALL zones and > repopulate them again using dhcp. Wouldn't delete > /usr/local/samba/bind-dns/dns/sam.ldb.d/* and reset the DNS Backend to > something like that?Rowland is your man here, but there is normally a file in the "/usr/local/samba/private" folder called "dns_update_list". This normally includes the _.msdcs zone etc. It is used by the samba_dnsupdate script to populate DNS when the domain is created, or a DC is added. So you could inspect that file and confirm it includes the _msdcs zone then try: samba_dnsupdate --verbose --all-names You said in an earlier post you were getting "dns_tkey_gssnegotiate: TKEY is unacceptable errors" - this needs to be resolved first. I have found in the past that the file dns.keytab is in the folder: /usr/local/samba/private. This needs to be moved to the /usr/local/samba/bind-dns folder and the group permission set to allow bind to read it. May be worth checking this. Also the first line in /etc/resolv.conf needs to point to the actual ip address of itself (not 127.0.0.1 and not other DCs in the domain). HTH Roy
Rowland Penny
2021-Sep-10 08:04 UTC
[Samba] samba AD-DC with bind9, dyn-dns complains that "No AD dhcp user exists"
On Fri, 2021-09-10 at 08:44 +0100, Roy Eastwood via samba wrote:> > Rowland is your man here, but there is normally a file in the > "/usr/local/samba/private" folder called "dns_update_list". This > normally includes the _.msdcs zone etc.It always includes _msdcs zone, but if the zone isn't there, it cannot create the zone.> It is used by the samba_dnsupdate script to populate DNS when the > domain is created, or a DC is added.No it isn't used when a domain is created or a DC is added, it is used by samba_dnsupdate when Samba is started and then every 10 minutes thereafter.> So you could inspect that file and confirm it includes the _msdcs > zone then try:It doesn't, that is what my ldbsearch was for.> > samba_dnsupdate --verbose --all-namesThat will just update the records from dns_update_list, but it will not create records if the base DN does not exist.> > You said in an earlier post you were getting "dns_tkey_gssnegotiate: > TKEY is unacceptable errors" - this needs to be resolved first.No the dns problem needs fixing first, it might fix this problem as well.> I have found in the past that the file dns.keytab is in the > folder: /usr/local/samba/private. This needs to be moved to the > /usr/local/samba/bind-dns folder and the group permission set to > allow bind to read it. May be worth checking this. Also the first > line in /etc/resolv.conf needs to point to the actual ip address of > itself (not 127.0.0.1 and not other DCs in the domain). > > HTH > > RoyRowland