Web lists-archives.com

Re: [Samba] Upgrading BIND DNS Backend

Hello Marc,

Upgrade DNS worked properly as you can see below.


samba_upgradedns --dns-backend=BIND9_DLZ
Reading domain information
DNS accounts already exist
No zone file /usr/local/samba/private/dns/EXZA.LOCAL.zone # is this the culprit?
DNS records will be automatically created
DNS partitions already exist
dns-dc account already exists
See /usr/local/samba/private/named.conf for an example configuration include file for BIND and /usr/local/samba/private/named.txt for further documentation required for secure DNS updates


My /etc/resolv.conf reads as below.

domain exza.local

ping exza.local timesout, nslookup also times out. Whereas ping dc.exza.local responds properly and points to

smb.conf is shown below.


# Global parameters
        netbios name = DC
        realm = EXZA.LOCAL
        workgroup = EXZA
        # dns forwarder =
        server role = active directory domain controller
        idmap_ldb:use rfc2307 = yes
        server services = -dns

    path = /usr/local/samba/var/locks/sysvol/exza.local/scripts
        read only = No

        path = /usr/local/samba/var/locks/sysvol
        read only = No



Thanks & Regards,

Anantha Raghava

eXzaTech Consulting And Services Pvt. Ltd.

Ph: +91-9538849179, E-mail: raghav@xxxxxxxxxxxxxxxxxxxxxx <mailto:raghav@xxxxxxxxxxxxxxxxxxxxxx>

URL: http://www.exzatechconsulting.com <http://www.exzatechconsulting.com/>

This e-mail communication and any attachments may be privileged and confidential to eXza Technology Consulting & Services, and are intended only for the use of the recipients named above If you are not the addressee you may not copy, forward, disclose or use any part of it. If you have received this message in error, please delete it and all copies from your system and notify the sender immediately by return e-mail. Internet communications cannot be guaranteed to be timely, secure, error or virus-free. The sender does not accept liability for any errors or omissions.

Do not print this e-mail unless required. Save Paper & trees.

On Thursday 11 May 2017 09:25 PM, Marc Muehlfeld wrote:
Hi Anantha,

Am 11.05.2017 um 17:28 schrieb Anantha Raghava via samba:
[root@dc ~]# samba_dnsupdate --verbose --all-names
Failed to get Kerberos credentials, falling back to samba-tool: kinit for DC$@EXZA.LOCAL failed (Cannot contact any KDC for requested realm)
> ...
> How to fix this issue?

Does this Samba DC use an AD DNS server in /etc/resolv.conf to resolve the AD zone? The KDC is located using DNS.

Since your previous problem was SELinux related: Have you tested if DNS updates succeed if you temporarily switch to "permissive" mode?


To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba