samba - Nov 2021 - DNS update failed: NT_STATUS_INVALID_PARAMETER

=== Description of problem :

I try my PC (Debian) add on AD-DC with:

net ads join  -U administrator

Output:

Enter administrator's password:
Using short domain name -- EXAMPLE
Joined 'PC-IJURISIC' to dns domain 'example-test.com'
No DNS domain configured for pc-ijurisic. Unable to perform DNS Update.
DNS update failed: NT_STATUS_INVALID_PARAMETER

But if I add in my /etc/hosts IP address (got by dhcpd)

192.168.0.112 pc-ijurisic.example-test.com pc-ijurisic

and I try agean:

net ads join  -U administrator

Output:

Enter administrator's password:
Using short domain name -- EXAMPLE
Joined 'PC-IJURISIC' to dns domain 'example-test.com'

=== Conclusion :

If my PC have static IP adress I don't have problem to added my 
workstation on domain, but I use dhcp for get IP address, DNS, etc for 
network.

Any tips how to fix ?

=== My configuration :

cat /etc/krb5.conf

[libdefaults]
        default_realm = EXAMPLE-TEST.COM
        dns_lookup_realm = false
        dns_lookup_kdc = true

[realms]
        EXAMPLE-TEST.COM = {
                kdc = dc1.example-test.com
                admin_server = dc1.example-test.com
        }

[domain_realm]
        .example-test.com = EXAMPLE-TEST.COM
        example-test.com = EXAMPLE-TEST.COM

cat /etc/samba/smb.conf

[global]
realm = EXAMPLE-TEST.COM
security = ADS
workgroup = EXAMPLE
idmap config * : backend = tdb
idmap config * : range = 3000-7999
idmap config EXAMPLE : backend = rid
idmap config EXAMPLE : range = 10000-999999
winbind use default domain = Yes
winbind refresh tickets = Yes
winbind nss info = rfc2307
winbind max domain connections = 10
winbind max clients = 10
template homedir = /home/%D/%U
template shell = /bin/bash
kerberos method = dedicated keytab
dedicated keytab file = /etc/krb5.keytab

cat /etc/nsswitch.conf

passwd:         files winbind systemd
group:          files winbind systemd
shadow:         files
gshadow:        files
hosts:          files mdns4_minimal [NOTFOUND=return] dns wins
networks:       files
protocols:      db files
services:       db files
ethers:         db files
rpc:            db files
netgroup:       nis

Just to double-check, 'example-test.com' isn't actually a domain
that ends
with '.local' is it?

'.local' is reserved for multicast DNS.  Microsoft recommended for years
to
create domains with '.local' at the end and it causes problems with
systems
that implement multicast DNS.

If it does end with '.local', you need to modify nsswitch.con so the
'hosts:' line either doesn't include mdns4_minimal line, or remove
the
'[NOTFOUND=return]' chunk.

If your domain ends with something other than .local that's not the issue.

-A


On Mon, Nov 15, 2021 at 3:49 AM Ivan Juri?i? via samba <
samba at lists.samba.org> wrote:
>
>
> === Description of problem :
>
> I try my PC (Debian) add on AD-DC with:
>
> net ads join  -U administrator
>
> Output:
>
> Enter administrator's password:
> Using short domain name -- EXAMPLE
> Joined 'PC-IJURISIC' to dns domain 'example-test.com'
> No DNS domain configured for pc-ijurisic. Unable to perform DNS Update.
> DNS update failed: NT_STATUS_INVALID_PARAMETER
>
> But if I add in my /etc/hosts IP address (got by dhcpd)
>
> 192.168.0.112 pc-ijurisic.example-test.com pc-ijurisic
>
> and I try agean:
>
> net ads join  -U administrator
>
> Output:
>
> Enter administrator's password:
> Using short domain name -- EXAMPLE
> Joined 'PC-IJURISIC' to dns domain 'example-test.com'
>
> === Conclusion :
>
> If my PC have static IP adress I don't have problem to added my
> workstation on domain, but I use dhcp for get IP address, DNS, etc for
> network.
>
> Any tips how to fix ?
>
> === My configuration :
>
> cat /etc/krb5.conf
>
> [libdefaults]
>         default_realm = EXAMPLE-TEST.COM
>         dns_lookup_realm = false
>         dns_lookup_kdc = true
>
> [realms]
>         EXAMPLE-TEST.COM = {
>                 kdc = dc1.example-test.com
>                 admin_server = dc1.example-test.com
>         }
>
> [domain_realm]
>         .example-test.com = EXAMPLE-TEST.COM
>         example-test.com = EXAMPLE-TEST.COM
>
> cat /etc/samba/smb.conf
>
> [global]
> realm = EXAMPLE-TEST.COM
> security = ADS
> workgroup = EXAMPLE
> idmap config * : backend = tdb
> idmap config * : range = 3000-7999
> idmap config EXAMPLE : backend = rid
> idmap config EXAMPLE : range = 10000-999999
> winbind use default domain = Yes
> winbind refresh tickets = Yes
> winbind nss info = rfc2307
> winbind max domain connections = 10
> winbind max clients = 10
> template homedir = /home/%D/%U
> template shell = /bin/bash
> kerberos method = dedicated keytab
> dedicated keytab file = /etc/krb5.keytab
>
> cat /etc/nsswitch.conf
>
> passwd:         files winbind systemd
> group:          files winbind systemd
> shadow:         files
> gshadow:        files
> hosts:          files mdns4_minimal [NOTFOUND=return] dns wins
> networks:       files
> protocols:      db files
> services:       db files
> ethers:         db files
> rpc:            db files
> netgroup:       nis
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
>