Good day to all!
I havea the closed local network with two domain controllers on MS Windows
Server 2008 R2
DC - ip 200.2.2.1 , DC1 - ip 200.2.2. <http://2.2.2.2/>2
I installed the domain controller on debian 12 (Samba 4.19.0-Debian) DCS3 -
ip 200.2.2.15
?onnected to the domain and AD according to the article
https://wiki.samba.org/index.php/Joining_a_Samba_DC_to_an_Existing_Active_Directory
Dns is internal samba.
When I test the dynamic DNS updates I have errors (see full command text
below)
1)
# samba_dnsupdate --verbose
IPs: ['200.2.2.15']
Looking for DNS entry A dcs3.BEO.IMP 200.2.2.15 as dcs3.BEO.IMP.
Looking for DNS entry CNAME
246933f5-768e-4399-9adb-251271d245e3._msdcs.BEO.IMP dcs3.BEO.IMP as
246933f5-768e-4399-9adb-251271d245e3._msdcs.BEO.IMP.
Looking for DNS entry NS BEO.IMP dcs3.BEO.IMP as BEO.IMP.
*Lookup of BEO.IMP. succeeded, but we failed to find a matching DNS entry
for NS BEO.IMP dcs3.BEO.IMP*
*need update: NS BEO.IMP dcs3.BEO.IMP*
Looking for DNS entry NS _msdcs.BEO.IMP dcs3.BEO.IMP as _msdcs.BEO.IMP.
*The DNS entry NS _msdcs.BEO.IMP dcs3.BEO.IMP, queried as _msdcs.BEO.IMP.
does not exist*
*need update: NS _msdcs.BEO.IMP dcs3.BEO.IMP*
...
*; TSIG error with server: tsig indicates errorupdate failed:
NOTAUTH(BADSIG)Failed nsupdate: 2Failed update of 2 entries*
2)
# samba_dnsupdate --use-samba-tool
...
ERROR(runtime): Could not contact RPC server [*WERR_DNS_ERROR_DS_UNAVAILABLE]
- (9717, 'WERR_DNS_ERROR_DS_UNAVAILABLE')*
File "/usr/lib/python3/dist-packages/samba/netcmd/dns.py", line 119,
in f
return attr(*args)
^^^^^^^^^^^
...
ERROR(runtime): Could not contact RPC server* [WERR_DNS_ERROR_DS_UNAVAILABLE]
- (9717, 'WERR_DNS_ERROR_DS_UNAVAILABLE')*
File "/usr/lib/python3/dist-packages/samba/netcmd/dns.py", line 119,
in f
return attr(*args)
^^^^^^^^^^^
Failed update of 2 entries
I need your suggestion, please. I've read articles on similar issues, but I
don't understand how to fix them.
----------------------
Configuration files:
/etc/resolve.conf
search BEO.IMP
nameserver 200.2.2.15
nameserver 200.2.2.1
nameserver 200.2.2.2
/etc/samba/smb.conf
# Global parameters
[global]
netbios name = DCS3
realm = BEO.IMP
server role = active directory domain controller
workgroup = BEO
dns forwarder = 200.2.2.1 200.2.2.2
allow dns updates = nonsecure
winbind separator = +
winbind cache time = 10
template shell = /bin/bash
template homedir = /home/%U
log file = /var/log/samba/log.%m
max log size = 1000
logging = file
log level = 3 passdb:5 auth:5
[sysvol]
path = /var/lib/samba/sysvol
read only = No
[netlogon]
path = /var/lib/samba/sysvol/beo.imp/scripts
read only = No
----------------------
Tests:
# systemctl status samba-ad-dc.service
? samba-ad-dc.service - Samba AD Daemon
Loaded: loaded (/lib/systemd/system/samba-ad-dc.service; enabled;
preset: enabled)
Active: active (running) since Wed 2023-10-04 16:13:06 MSK; 21h ago
Docs: man:samba(8)
man:samba(7)
man:smb.conf(5)
Process: 4804 ExecCondition=/usr/share/samba/is-configured samba
(code=exited, status=0/SUCCESS)
Main PID: 4806 (samba)
Status: "samba: ready to serve connections..."
Tasks: 59 (limit: 3940)
Memory: 494.8M
CPU: 18min 20.007s
CGroup: /system.slice/samba-ad-dc.service
??4806 "samba: root process"
??4809 "samba: tfork waiter process(4810)"
??4810 "samba: task[s3fs] pre-fork master"
??4811 "samba: tfork waiter process(4813)"
??4812 "samba: tfork waiter process(4814)"
??4813 "samba: task[rpc] pre-fork master"
??4814 /usr/sbin/smbd -D "--option=server role
check:inhibit=yes" --foreground
??4815 "samba: tfork waiter process(4817)"
??4816 "samba: tfork waiter process(4819)"
??4817 "samba: task[nbt] pre-fork master"
??4818 "samba: tfork waiter process(4820)"
??4819 "samba: task[rpc] pre-forked worker(0)"
??4820 "samba: task[wrepl] pre-fork master"
??4821 "samba: tfork waiter process(4823)"
??4822 "samba: tfork waiter process(4824)"
??4823 "samba: task[rpc] pre-forked worker(1)"
??4824 "samba: task[ldap] pre-fork master"
??4825 "samba: tfork waiter process(4827)"
??4826 "samba: tfork waiter process(4828)"
??4827 "samba: task[rpc] pre-forked worker(2)"
??4828 "samba: task[cldap] pre-fork master"
??4830 "samba: tfork waiter process(4832)"
??4831 "samba: tfork waiter process(4833)"
??4832 "samba: task[rpc] pre-forked worker(3)"
??4833 "samba: task[kdc] pre-fork master"
??4834 "samba: tfork waiter process(4835)"
??4835 "samba: task[drepl] pre-fork master"
??4836 "samba: tfork waiter process(4838)"
??4837 "samba: tfork waiter process(4840)"
??4838 "samba: task[kdc] pre-forked worker(0)"
??4839 "samba: tfork waiter process(4842)"
??4840 "samba: task[winbindd] pre-fork master"
??4841 "samba: tfork waiter process(4843)"
??4842 "samba: task[kdc] pre-forked worker(1)"
??4843 "samba: task[ntp_signd] pre-fork master"
??4844 "samba: tfork waiter process(4847)"
??4845 "samba: tfork waiter process(4848)"
??4846 "samba: tfork waiter process(4849)"
??4847 /usr/sbin/winbindd -D "--option=server role
check:inhibit=yes" --foreground
??4848 "samba: task[kcc] pre-fork master"
??4849 "samba: task[kdc] pre-forked worker(2)"
??4850 "samba: tfork waiter process(4853)"
??4852 "samba: tfork waiter process(4854)"
??4853 "samba: task[dnsupdate] pre-fork master"
??4854 "samba: task[kdc] pre-forked worker(3)"
??4855 "samba: tfork waiter process(4857)"
??4857 "samba: task[dns] pre-fork master"
??4869 "smbd: notifyd" .
??4870 "smbd: cleanupd "
??4871 "winbindd: domain child [BEO]"
??4872 "samba: tfork waiter process(4873)"
??4873 "samba: task[ldap] pre-forked worker(0)"
??4874 "samba: tfork waiter process(4875)"
??4875 "samba: task[ldap] pre-forked worker(1)"
??4876 "samba: tfork waiter process(4877)"
??4877 "samba: task[ldap] pre-forked worker(2)"
??4878 "samba: tfork waiter process(4879)"
??4879 "samba: task[ldap] pre-forked worker(3)"
??4922 "winbindd: idmap child"
??? 04 16:13:05 dcs3 systemd[1]: Starting samba-ad-dc.service - Samba AD
Daemon...
??? 04 16:13:06 dcs3 systemd[1]: Started samba-ad-dc.service - Samba AD
Daemon.
# netstat -lantp
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address
State PID/Program name
tcp 0 0 0.0.0.0:10000 0.0.0.0:*
LISTEN 1008/perl
tcp 0 0 0.0.0.0:3268 0.0.0.0:*
LISTEN 4824/samba: task[ld
tcp 0 0 0.0.0.0:3269 0.0.0.0:*
LISTEN 4824/samba: task[ld
tcp 0 0 0.0.0.0:636 0.0.0.0:*
LISTEN 4824/samba: task[ld
tcp 0 0 0.0.0.0:445 0.0.0.0:*
LISTEN 4814/smbd
tcp 0 0 0.0.0.0:389 0.0.0.0:*
LISTEN 4824/samba: task[ld
tcp 0 0 0.0.0.0:53632 0.0.0.0:*
LISTEN 788/sshd: /usr/sbin
tcp 0 0 0.0.0.0:464 0.0.0.0:*
LISTEN 4833/samba: task[kd
tcp 0 0 0.0.0.0:53 0.0.0.0:*
LISTEN 4857/samba: task[dn
tcp 0 0 0.0.0.0:49152 0.0.0.0:*
LISTEN 4813/samba: task[rp
tcp 0 0 127.0.0.1:631 0.0.0.0:*
LISTEN 104593/cupsd
tcp 0 0 0.0.0.0:49153 0.0.0.0:*
LISTEN 4819/samba: task[rp
tcp 0 0 0.0.0.0:49154 0.0.0.0:*
LISTEN 4819/samba: task[rp
tcp 0 0 0.0.0.0:88 0.0.0.0:*
LISTEN 4833/samba: task[kd
tcp 0 0 0.0.0.0:80 0.0.0.0:*
LISTEN 803/apache2
tcp 0 0 0.0.0.0:139 0.0.0.0:*
LISTEN 4814/smbd
tcp 0 0 0.0.0.0:135 0.0.0.0:*
LISTEN 4819/samba: task[rp
tcp 0 0 200.2.2.15:49153 200.2.3.61:49846
ESTABLISHED 4819/samba: task[rp
tcp 0 0 200.2.2.15:49153 200.2.2.2:64015
ESTABLISHED 4819/samba: task[rp
tcp 0 0 200.2.2.15:53632 200.2.3.45:60045
ESTABLISHED 1898/sshd: root at pts
tcp 0 0 200.2.2.15:48330 200.2.2.1:49157
ESTABLISHED 4835/samba: task[dr
tcp 0 0 200.2.2.15:3268 200.2.2.244:56883
TIME_WAIT -
tcp 0 0 200.2.2.15:49153 200.2.2.1:59268
ESTABLISHED 4819/samba: task[rp
tcp 0 0 200.2.2.15:34824 200.2.2.2:49155
ESTABLISHED 4835/samba: task[dr
tcp6 0 0 ::1:631 :::*
LISTEN 104593/cupsd
tcp6 0 0 :::3268 :::*
LISTEN 4824/samba: task[ld
tcp6 0 0 :::3269 :::*
LISTEN 4824/samba: task[ld
tcp6 0 0 :::9090 :::*
LISTEN 1/init
tcp6 0 0 :::636 :::*
LISTEN 4824/samba: task[ld
tcp6 0 0 :::445 :::*
LISTEN 4814/smbd
tcp6 0 0 :::389 :::*
LISTEN 4824/samba: task[ld
tcp6 0 0 :::53632 :::*
LISTEN 788/sshd: /usr/sbin
tcp6 0 0 :::464 :::*
LISTEN 4833/samba: task[kd
tcp6 0 0 :::53 :::*
LISTEN 4857/samba: task[dn
tcp6 0 0 :::49152 :::*
LISTEN 4813/samba: task[rp
tcp6 0 0 :::49153 :::*
LISTEN 4819/samba: task[rp
tcp6 0 0 :::49154 :::*
LISTEN 4819/samba: task[rp
tcp6 0 0 :::88 :::*
LISTEN 4833/samba: task[kd
tcp6 0 0 :::139 :::*
LISTEN 4814/smbd
tcp6 0 0 :::135 :::*
LISTEN 4819/samba: task[rp
# host -t A dcs3.beo.imp
dcs3.beo.imp has address 200.2.2.15
# ldbsearch -H /var/lib/samba/private/sam.ldb '(invocationId=*)'
--cross-ncs objectguid
...
# record 1
dn: CN=NTDS
Settings,CN=DC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=BEO,DC=IMP
objectGUID: d7152347-1902-4cc9-b4cf-06428a4ce3ad
# record 2
dn: CN=NTDS
Settings,CN=DC2,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=BEO,DC=IMP
objectGUID: d83691d2-f225-4a1f-88fb-e8d00aed0f91
# record 3
dn: CN=NTDS
Settings,CN=DCS3,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=BEO,DC=IMP
objectGUID: 246933f5-768e-4399-9adb-251271d245e3
# returned 3 records
# 3 entries
# 0 referrals
# host -t CNAME 246933f5-768e-4399-9adb-251271d245e3._msdcs.beo.imp.
246933f5-768e-4399-9adb-251271d245e3._msdcs.beo.imp is an alias for
dcs3.beo.imp.
# samba_dnsupdate --verbose
IPs: ['200.2.2.15']
Looking for DNS entry A dcs3.BEO.IMP 200.2.2.15 as dcs3.BEO.IMP.
Looking for DNS entry CNAME
246933f5-768e-4399-9adb-251271d245e3._msdcs.BEO.IMP dcs3.BEO.IMP as
246933f5-768e-4399-9adb-251271d245e3._msdcs.BEO.IMP.
Looking for DNS entry NS BEO.IMP dcs3.BEO.IMP as BEO.IMP.
Lookup of BEO.IMP. succeeded, but we failed to find a matching DNS entry
for NS BEO.IMP dcs3.BEO.IMP
need update: NS BEO.IMP dcs3.BEO.IMP
Looking for DNS entry NS _msdcs.BEO.IMP dcs3.BEO.IMP as _msdcs.BEO.IMP.
The DNS entry NS _msdcs.BEO.IMP dcs3.BEO.IMP, queried as _msdcs.BEO.IMP.
does not exist
need update: NS _msdcs.BEO.IMP dcs3.BEO.IMP
Looking for DNS entry A BEO.IMP 200.2.2.15 as BEO.IMP.
Looking for DNS entry SRV _ldap._tcp.BEO.IMP dcs3.BEO.IMP 389 as
_ldap._tcp.BEO.IMP.
Checking 0 100 389 dcs3.beo.imp. against SRV _ldap._tcp.BEO.IMP
dcs3.BEO.IMP 389
Looking for DNS entry SRV _ldap._tcp.dc._msdcs.BEO.IMP dcs3.BEO.IMP 389 as
_ldap._tcp.dc._msdcs.BEO.IMP.
Checking 0 100 389 dc.beo.imp. against SRV _ldap._tcp.dc._msdcs.BEO.IMP
dcs3.BEO.IMP 389
Checking 0 100 389 dcs3.beo.imp. against SRV _ldap._tcp.dc._msdcs.BEO.IMP
dcs3.BEO.IMP 389
Looking for DNS entry SRV _ldap._
tcp.3af1f6f1-2237-40db-8fa4-eda8c6476746.domains._msdcs.BEO.IMP
dcs3.BEO.IMP 389 as _ldap._tcp.3af1f6f1-2237-40db-8fa4-eda8c6476746.domains
._msdcs.BEO.IMP.
Checking 0 100 389 dc2.beo.imp. against SRV _ldap._
tcp.3af1f6f1-2237-40db-8fa4-eda8c6476746.domains._msdcs.BEO.IMP
dcs3.BEO.IMP 389
Checking 0 100 389 dc.beo.imp. against SRV _ldap._
tcp.3af1f6f1-2237-40db-8fa4-eda8c6476746.domains._msdcs.BEO.IMP
dcs3.BEO.IMP 389
Checking 0 100 389 dcs3.beo.imp. against SRV _ldap._
tcp.3af1f6f1-2237-40db-8fa4-eda8c6476746.domains._msdcs.BEO.IMP
dcs3.BEO.IMP 389
Looking for DNS entry SRV _kerberos._tcp.BEO.IMP dcs3.BEO.IMP 88 as
_kerberos._tcp.BEO.IMP.
Checking 0 100 88 dcs3.beo.imp. against SRV _kerberos._tcp.BEO.IMP
dcs3.BEO.IMP 88
Looking for DNS entry SRV _kerberos._udp.BEO.IMP dcs3.BEO.IMP 88 as
_kerberos._udp.BEO.IMP.
Checking 0 100 88 dc2.beo.imp. against SRV _kerberos._udp.BEO.IMP
dcs3.BEO.IMP 88
Checking 0 100 88 dcs3.beo.imp. against SRV _kerberos._udp.BEO.IMP
dcs3.BEO.IMP 88
Looking for DNS entry SRV _kerberos._tcp.dc._msdcs.BEO.IMP dcs3.BEO.IMP 88
as _kerberos._tcp.dc._msdcs.BEO.IMP.
Checking 0 100 88 dc.beo.imp. against SRV _kerberos._tcp.dc._msdcs.BEO.IMP
dcs3.BEO.IMP 88
Checking 0 100 88 dc2.beo.imp. against SRV _kerberos._tcp.dc._msdcs.BEO.IMP
dcs3.BEO.IMP 88
Checking 0 100 88 dcs3.beo.imp. against SRV
_kerberos._tcp.dc._msdcs.BEO.IMP dcs3.BEO.IMP 88
Looking for DNS entry SRV _kpasswd._tcp.BEO.IMP dcs3.BEO.IMP 464 as
_kpasswd._tcp.BEO.IMP.
Checking 0 100 464 dc2.beo.imp. against SRV _kpasswd._tcp.BEO.IMP
dcs3.BEO.IMP 464
Checking 0 100 464 dc.beo.imp. against SRV _kpasswd._tcp.BEO.IMP
dcs3.BEO.IMP 464
Checking 0 100 464 dcs3.beo.imp. against SRV _kpasswd._tcp.BEO.IMP
dcs3.BEO.IMP 464
Looking for DNS entry SRV _kpasswd._udp.BEO.IMP dcs3.BEO.IMP 464 as
_kpasswd._udp.BEO.IMP.
Checking 0 100 464 dc2.beo.imp. against SRV _kpasswd._udp.BEO.IMP
dcs3.BEO.IMP 464
Checking 0 100 464 dc.beo.imp. against SRV _kpasswd._udp.BEO.IMP
dcs3.BEO.IMP 464
Checking 0 100 464 dcs3.beo.imp. against SRV _kpasswd._udp.BEO.IMP
dcs3.BEO.IMP 464
Looking for DNS entry SRV _ldap._tcp.Default-First-Site-Name._sites.BEO.IMP
dcs3.BEO.IMP 389 as _ldap._tcp.Default-First-Site-Name._sites.BEO.IMP.
Checking 0 100 389 dcs3.beo.imp. against SRV
_ldap._tcp.Default-First-Site-Name._sites.BEO.IMP dcs3.BEO.IMP 389
Looking for DNS entry SRV
_ldap._tcp.Default-First-Site-Name._sites.dc._msdcs.BEO.IMP dcs3.BEO.IMP
389 as _ldap._tcp.Default-First-Site-Name._sites.dc._msdcs.BEO.IMP.
Checking 0 100 389 dcs3.beo.imp. against SRV
_ldap._tcp.Default-First-Site-Name._sites.dc._msdcs.BEO.IMP dcs3.BEO.IMP 389
Looking for DNS entry SRV
_kerberos._tcp.Default-First-Site-Name._sites.BEO.IMP dcs3.BEO.IMP 88 as
_kerberos._tcp.Default-First-Site-Name._sites.BEO.IMP.
Checking 0 100 88 dc2.beo.imp. against SRV
_kerberos._tcp.Default-First-Site-Name._sites.BEO.IMP dcs3.BEO.IMP 88
Checking 0 100 88 dc.beo.imp. against SRV
_kerberos._tcp.Default-First-Site-Name._sites.BEO.IMP dcs3.BEO.IMP 88
Checking 0 100 88 dcs3.beo.imp. against SRV
_kerberos._tcp.Default-First-Site-Name._sites.BEO.IMP dcs3.BEO.IMP 88
Looking for DNS entry SRV
_kerberos._tcp.Default-First-Site-Name._sites.dc._msdcs.BEO.IMP
dcs3.BEO.IMP 88 as
_kerberos._tcp.Default-First-Site-Name._sites.dc._msdcs.BEO.IMP.
Checking 0 100 88 dc.beo.imp. against SRV
_kerberos._tcp.Default-First-Site-Name._sites.dc._msdcs.BEO.IMP
dcs3.BEO.IMP 88
Checking 0 100 88 dcs3.beo.imp. against SRV
_kerberos._tcp.Default-First-Site-Name._sites.dc._msdcs.BEO.IMP
dcs3.BEO.IMP 88
Looking for DNS entry A gc._msdcs.BEO.IMP 200.2.2.15 as gc._msdcs.BEO.IMP.
Looking for DNS entry SRV _gc._tcp.BEO.IMP dcs3.BEO.IMP 3268 as
_gc._tcp.BEO.IMP.
Checking 0 100 3268 dc2.beo.imp. against SRV _gc._tcp.BEO.IMP dcs3.BEO.IMP
3268
Checking 0 100 3268 dcs3.beo.imp. against SRV _gc._tcp.BEO.IMP dcs3.BEO.IMP
3268
Looking for DNS entry SRV _ldap._tcp.gc._msdcs.BEO.IMP dcs3.BEO.IMP 3268 as
_ldap._tcp.gc._msdcs.BEO.IMP.
Checking 0 100 3268 dc2.beo.imp. against SRV _ldap._tcp.gc._msdcs.BEO.IMP
dcs3.BEO.IMP 3268
Checking 0 100 3268 dcs3.beo.imp. against SRV _ldap._tcp.gc._msdcs.BEO.IMP
dcs3.BEO.IMP 3268
Looking for DNS entry SRV _gc._tcp.Default-First-Site-Name._sites.BEO.IMP
dcs3.BEO.IMP 3268 as _gc._tcp.Default-First-Site-Name._sites.BEO.IMP.
Checking 0 100 3268 dc2.beo.imp. against SRV
_gc._tcp.Default-First-Site-Name._sites.BEO.IMP dcs3.BEO.IMP 3268
Checking 0 100 3268 dc.beo.imp. against SRV
_gc._tcp.Default-First-Site-Name._sites.BEO.IMP dcs3.BEO.IMP 3268
Checking 0 100 3268 dcs3.beo.imp. against SRV
_gc._tcp.Default-First-Site-Name._sites.BEO.IMP dcs3.BEO.IMP 3268
Looking for DNS entry SRV
_ldap._tcp.Default-First-Site-Name._sites.gc._msdcs.BEO.IMP dcs3.BEO.IMP
3268 as _ldap._tcp.Default-First-Site-Name._sites.gc._msdcs.BEO.IMP.
Checking 0 100 3268 dc.beo.imp. against SRV
_ldap._tcp.Default-First-Site-Name._sites.gc._msdcs.BEO.IMP dcs3.BEO.IMP
3268
Checking 0 100 3268 dcs3.beo.imp. against SRV
_ldap._tcp.Default-First-Site-Name._sites.gc._msdcs.BEO.IMP dcs3.BEO.IMP
3268
Looking for DNS entry A DomainDnsZones.BEO.IMP 200.2.2.15 as
DomainDnsZones.BEO.IMP.
Looking for DNS entry SRV _ldap._tcp.DomainDnsZones.BEO.IMP dcs3.BEO.IMP
389 as _ldap._tcp.DomainDnsZones.BEO.IMP.
Checking 0 100 389 dc.beo.imp. against SRV
_ldap._tcp.DomainDnsZones.BEO.IMP dcs3.BEO.IMP 389
Checking 0 100 389 dc2.beo.imp. against SRV
_ldap._tcp.DomainDnsZones.BEO.IMP dcs3.BEO.IMP 389
Checking 0 100 389 dcs3.beo.imp. against SRV
_ldap._tcp.DomainDnsZones.BEO.IMP dcs3.BEO.IMP 389
Looking for DNS entry SRV
_ldap._tcp.Default-First-Site-Name._sites.DomainDnsZones.BEO.IMP
dcs3.BEO.IMP 389 as
_ldap._tcp.Default-First-Site-Name._sites.DomainDnsZones.BEO.IMP.
Checking 0 100 389 dc.beo.imp. against SRV
_ldap._tcp.Default-First-Site-Name._sites.DomainDnsZones.BEO.IMP
dcs3.BEO.IMP 389
Checking 0 100 389 dc2.beo.imp. against SRV
_ldap._tcp.Default-First-Site-Name._sites.DomainDnsZones.BEO.IMP
dcs3.BEO.IMP 389
Checking 0 100 389 dcs3.beo.imp. against SRV
_ldap._tcp.Default-First-Site-Name._sites.DomainDnsZones.BEO.IMP
dcs3.BEO.IMP 389
Looking for DNS entry A ForestDnsZones.BEO.IMP 200.2.2.15 as
ForestDnsZones.BEO.IMP.
Looking for DNS entry SRV _ldap._tcp.ForestDnsZones.BEO.IMP dcs3.BEO.IMP
389 as _ldap._tcp.ForestDnsZones.BEO.IMP.
Checking 0 100 389 dc.beo.imp. against SRV
_ldap._tcp.ForestDnsZones.BEO.IMP dcs3.BEO.IMP 389
Checking 0 100 389 dc2.beo.imp. against SRV
_ldap._tcp.ForestDnsZones.BEO.IMP dcs3.BEO.IMP 389
Checking 0 100 389 dcs3.beo.imp. against SRV
_ldap._tcp.ForestDnsZones.BEO.IMP dcs3.BEO.IMP 389
Looking for DNS entry SRV
_ldap._tcp.Default-First-Site-Name._sites.ForestDnsZones.BEO.IMP
dcs3.BEO.IMP 389 as
_ldap._tcp.Default-First-Site-Name._sites.ForestDnsZones.BEO.IMP.
Checking 0 100 389 dcs3.beo.imp. against SRV
_ldap._tcp.Default-First-Site-Name._sites.ForestDnsZones.BEO.IMP
dcs3.BEO.IMP 389
2 DNS updates and 0 DNS deletes needed
ldb_wrap open of secrets.ldb
GENSEC backend 'gssapi_spnego' registered
GENSEC backend 'gssapi_krb5' registered
GENSEC backend 'gssapi_krb5_sasl' registered
GENSEC backend 'spnego' registered
GENSEC backend 'schannel' registered
GENSEC backend 'ncalrpc_as_system' registered
GENSEC backend 'sasl-EXTERNAL' registered
GENSEC backend 'ntlmssp' registered
GENSEC backend 'ntlmssp_resume_ccache' registered
GENSEC backend 'http_basic' registered
GENSEC backend 'http_ntlm' registered
GENSEC backend 'http_negotiate' registered
GENSEC backend 'krb5' registered
GENSEC backend 'fake_gssapi_krb5' registered
Starting GENSEC mechanism gssapi_krb5_sasl
Ticket in credentials cache for DCS3$@BEO.IMP will expire in 36000 secs
Successfully obtained Kerberos ticket to DNS/dcs3.BEO.IMP as DCS3$
update(nsupdate): NS BEO.IMP dcs3.BEO.IMP
Calling nsupdate for NS BEO.IMP dcs3.BEO.IMP (add)
Starting GENSEC mechanism gssapi_krb5_sasl
GSSAPI credentials for DCS3$@BEO.IMP will expire in 36000 secs
Successfully obtained Kerberos ticket to DNS/dcs3.BEO.IMP as DCS3$
Outgoing update query:
;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id: 0
;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0
;; UPDATE SECTION:
BEO.IMP. 900 IN NS dcs3.BEO.IMP.
; TSIG error with server: tsig indicates error
update failed: NOTAUTH(BADSIG)
Failed nsupdate: 2
update(nsupdate): NS _msdcs.BEO.IMP dcs3.BEO.IMP
Calling nsupdate for NS _msdcs.BEO.IMP dcs3.BEO.IMP (add)
Starting GENSEC mechanism gssapi_krb5_sasl
GSSAPI credentials for DCS3$@BEO.IMP will expire in 36000 secs
Successfully obtained Kerberos ticket to DNS/dcs3.BEO.IMP as DCS3$
Outgoing update query:
;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id: 0
;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0
;; UPDATE SECTION:
_msdcs.BEO.IMP. 900 IN NS dcs3.BEO.IMP.
; TSIG error with server: tsig indicates error
update failed: NOTAUTH(BADSIG)
Failed nsupdate: 2
Failed update of 2 entries
# samba_dnsupdate --use-samba-tool
ldb_wrap open of secrets.ldb
GENSEC backend 'gssapi_spnego' registered
GENSEC backend 'gssapi_krb5' registered
GENSEC backend 'gssapi_krb5_sasl' registered
GENSEC backend 'spnego' registered
GENSEC backend 'schannel' registered
GENSEC backend 'ncalrpc_as_system' registered
GENSEC backend 'sasl-EXTERNAL' registered
GENSEC backend 'ntlmssp' registered
GENSEC backend 'ntlmssp_resume_ccache' registered
GENSEC backend 'http_basic' registered
GENSEC backend 'http_ntlm' registered
GENSEC backend 'http_negotiate' registered
GENSEC backend 'krb5' registered
GENSEC backend 'fake_gssapi_krb5' registered
Starting GENSEC mechanism gssapi_krb5_sasl
Ticket in credentials cache for DCS3$@BEO.IMP will expire in 36000 secs
lpcfg_load: refreshing parameters from /etc/samba/smb.conf
ldb_wrap open of secrets.ldb
Using binding ncacn_ip_tcp:200.2.2.15[,sign]
Starting GENSEC mechanism spnego
Starting GENSEC submechanism ntlmssp
Got challenge flags:
Got NTLMSSP neg_flags=0x62898215
NTLMSSP_NEGOTIATE_UNICODE
NTLMSSP_REQUEST_TARGET
NTLMSSP_NEGOTIATE_SIGN
NTLMSSP_NEGOTIATE_NTLM
NTLMSSP_NEGOTIATE_ALWAYS_SIGN
NTLMSSP_TARGET_TYPE_DOMAIN
NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY
NTLMSSP_NEGOTIATE_TARGET_INFO
NTLMSSP_NEGOTIATE_VERSION
NTLMSSP_NEGOTIATE_128
NTLMSSP_NEGOTIATE_KEY_EXCH
NTLMSSP: Set final flags:
Got NTLMSSP neg_flags=0x62088215
NTLMSSP_NEGOTIATE_UNICODE
NTLMSSP_REQUEST_TARGET
NTLMSSP_NEGOTIATE_SIGN
NTLMSSP_NEGOTIATE_NTLM
NTLMSSP_NEGOTIATE_ALWAYS_SIGN
NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY
NTLMSSP_NEGOTIATE_VERSION
NTLMSSP_NEGOTIATE_128
NTLMSSP_NEGOTIATE_KEY_EXCH
NTLMSSP Sign/Seal - Initialising with flags:
Got NTLMSSP neg_flags=0x62088215
NTLMSSP_NEGOTIATE_UNICODE
NTLMSSP_REQUEST_TARGET
NTLMSSP_NEGOTIATE_SIGN
NTLMSSP_NEGOTIATE_NTLM
NTLMSSP_NEGOTIATE_ALWAYS_SIGN
NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY
NTLMSSP_NEGOTIATE_VERSION
NTLMSSP_NEGOTIATE_128
NTLMSSP_NEGOTIATE_KEY_EXCH
NTLMSSP Sign/Seal - Initialising with flags:
Got NTLMSSP neg_flags=0x62088215
NTLMSSP_NEGOTIATE_UNICODE
NTLMSSP_REQUEST_TARGET
NTLMSSP_NEGOTIATE_SIGN
NTLMSSP_NEGOTIATE_NTLM
NTLMSSP_NEGOTIATE_ALWAYS_SIGN
NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY
NTLMSSP_NEGOTIATE_VERSION
NTLMSSP_NEGOTIATE_128
NTLMSSP_NEGOTIATE_KEY_EXCH
ERROR(runtime): Could not contact RPC server
[WERR_DNS_ERROR_DS_UNAVAILABLE] - (9717,
'WERR_DNS_ERROR_DS_UNAVAILABLE')
File "/usr/lib/python3/dist-packages/samba/netcmd/dns.py", line 119,
in f
return attr(*args)
^^^^^^^^^^^
lpcfg_load: refreshing parameters from /etc/samba/smb.conf
ldb_wrap open of secrets.ldb
Using binding ncacn_ip_tcp:200.2.2.15[,sign]
Starting GENSEC mechanism spnego
Starting GENSEC submechanism ntlmssp
Got challenge flags:
Got NTLMSSP neg_flags=0x62898215
NTLMSSP_NEGOTIATE_UNICODE
NTLMSSP_REQUEST_TARGET
NTLMSSP_NEGOTIATE_SIGN
NTLMSSP_NEGOTIATE_NTLM
NTLMSSP_NEGOTIATE_ALWAYS_SIGN
NTLMSSP_TARGET_TYPE_DOMAIN
NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY
NTLMSSP_NEGOTIATE_TARGET_INFO
NTLMSSP_NEGOTIATE_VERSION
NTLMSSP_NEGOTIATE_128
NTLMSSP_NEGOTIATE_KEY_EXCH
NTLMSSP: Set final flags:
Got NTLMSSP neg_flags=0x62088215
NTLMSSP_NEGOTIATE_UNICODE
NTLMSSP_REQUEST_TARGET
NTLMSSP_NEGOTIATE_SIGN
NTLMSSP_NEGOTIATE_NTLM
NTLMSSP_NEGOTIATE_ALWAYS_SIGN
NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY
NTLMSSP_NEGOTIATE_VERSION
NTLMSSP_NEGOTIATE_128
NTLMSSP_NEGOTIATE_KEY_EXCH
NTLMSSP Sign/Seal - Initialising with flags:
Got NTLMSSP neg_flags=0x62088215
NTLMSSP_NEGOTIATE_UNICODE
NTLMSSP_REQUEST_TARGET
NTLMSSP_NEGOTIATE_SIGN
NTLMSSP_NEGOTIATE_NTLM
NTLMSSP_NEGOTIATE_ALWAYS_SIGN
NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY
NTLMSSP_NEGOTIATE_VERSION
NTLMSSP_NEGOTIATE_128
NTLMSSP_NEGOTIATE_KEY_EXCH
NTLMSSP Sign/Seal - Initialising with flags:
Got NTLMSSP neg_flags=0x62088215
NTLMSSP_NEGOTIATE_UNICODE
NTLMSSP_REQUEST_TARGET
NTLMSSP_NEGOTIATE_SIGN
NTLMSSP_NEGOTIATE_NTLM
NTLMSSP_NEGOTIATE_ALWAYS_SIGN
NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY
NTLMSSP_NEGOTIATE_VERSION
NTLMSSP_NEGOTIATE_128
NTLMSSP_NEGOTIATE_KEY_EXCH
ERROR(runtime): Could not contact RPC server
[WERR_DNS_ERROR_DS_UNAVAILABLE] - (9717,
'WERR_DNS_ERROR_DS_UNAVAILABLE')
File "/usr/lib/python3/dist-packages/samba/netcmd/dns.py", line 119,
in f
return attr(*args)
^^^^^^^^^^^
Failed update of 2 entries