Rowland Penny
2025-Nov-03 19:57 UTC
[Samba] Join linux-client trixi not working no dns update
On Mon, 3 Nov 2025 20:30:53 +0100 Stefan Kania via samba <samba at lists.samba.org> wrote:> Hello to everyone, > > I just set up a new domain for testing Samba 4.22 with debian trixi. > All packages are direct from the distribution repository no backport > no nothing special. > > I have two DCs who replicate everyting that is working fine. Then I > try to join a linux client, also with trixi and packages from the > debian trixi repository. Here is my smb.conf of the client: --------- > [global] workgroup = example > realm = EXAMPLE.NET > security = ADS > winbind refresh tickets = Yes > winbind use default domain = yes > template shell = /bin/bash > idmap config * : range = 10000 - 19999 > idmap config EXAMPLE : backend = rid > idmap config EXAMPLE : range = 1000000 - 1999999 > interfaces = 192.168.56.33 > bind interfaces only = yes > --------- > > Both DCs are as "nameserver" added to resolv.conf. The krb5.conf is > --------- > [libdefaults] > default_realm = EXAMPLE.NET > dns_lookup_realm = false > dns_lookup_kdc = true > > [realms] > EXAMPLE.NET = { > default_domain = example.net > --------- > > I can get a ticket with "kinit administrator" a "host -t srv > _kerberos._tcp.example.net" gives me the two DCs > > then I join: > ---------- > root at client01:~# net ads join -U administrator > Password for [EXAMPLE\administrator]: > Using short domain name -- EXAMPLE > Joined 'CLIENT01' to dns domain 'example.net' > gse_get_client_auth_token: gss_init_sec_context failed with [A > parameter was malformed Miscellaneous failure (see text): Success] > DNS Update for client01.example.net failed: ERROR_DNS_INVALID_MESSAGE > DNS update failed: NT_STATUS_UNSUCCESSFUL ---------- > > As you can see, the join is working, the acount will be created: > ----------- > root at dc01:~# samba-tool computer list > DC02$ > DC01$ > CLIENT01$ > ----------- > The object is replicated to the other DC > On the DC I see: > ------------ > Nov 03 20:13:59 dc01 named[821]: samba_dlz: starting transaction on > zone example.net Nov 03 20:13:59 dc01 named[821]: client > @0x7f3e52b31000 192.168.56.33#38638: updating zone > 'example.net/NONE': update unsuccessful: client01.example.net/A: > 'RRset exists (value dependent)' prerequisite not satisfied (NXRRSET) > Nov 03 20:13:59 dc01 named[821]: samba_dlz: cancelling transaction on > zone example.net Nov 03 20:13:59 dc01 named[821]: samba_dlz: spnego > update failed Nov 03 20:13:59 dc01 named[821]: client @0x7f3e52b31000 > 192.168.56.33#38638: updating zone 'example.net/NONE': update failed: > rejected by secure update (REFUSED) ------------ > > If I try a "net ads dns register -U administrator" the same result > _:-( > > Any idea ? > > > Stefan >First thoughts, what is in /etc/hosts ? Rowland
Stefan Kania
2025-Nov-03 22:19 UTC
[Samba] Join linux-client trixi not working no dns update
Am 03.11.25 um 20:57 schrieb Rowland Penny via samba:> First thoughts, what is in /etc/hosts ?Content of /etc/hosts is: -------- root at client01:~# cat /etc/hosts 127.0.0.1 localhost 192.168.56.33 client01.example.net client01 # The following lines are desirable for IPv6 capable hosts ::1 localhost ip6-localhost ip6-loopback ff02::1 ip6-allnodes ff02::2 ip6-allrouters -------- root at client01:~# hostname -f client01.example.net that look good to me -- Stefan Kania Landweg 13 25693 St. Michaelisdonn