Web lists-archives.com

Re: [Samba] after DCs migration to 4.7, two things




Hi Marc,

Thanks for your reply!

Check if your dynamic DNS works. For details and troubleshooting, see:
https://wiki.samba.org/index.php/Testing_Dynamic_DNS_Updates

I'm not sure about the "--all-names" option, but the regular "samba_dnsupdate --verbose" updated all dns records for all DCs shortly after I joined them.

The problematic dns records here are workstations, trying to add a dynamic dns record.

I took a look with the Microsoft DNS tool, and noticed that the current workstation dns records are listed with timestamp 'static'. As I come from samba 4.5 with internal dns, perhaps this is the way samba adds them..?

So I removed both A/AAAA for the p002507 dns entry, and ran on the windows p002507 workstation: "ipconfig /registerdns" suddenly it worked: A new dns record appeared, now with timestamp "7-11-2017 20:00:00", both A and AAAA records. And they are renewed every hour, I noticed.

As I don't think we require dns of our domain clients, I am now thinking to simply delete all regular workstation "static" dns records, to allow them to be be recreated automatically using bind9_dlz.

This seems kind of drastic... Would doing this have unforeseen side-effects I should take into consideration?

And anyone on my second issue, on
[2017/11/07 18:23:25.114429,  1] ../source4/auth/gensec/gensec_gssapi.c:790(gensec_gssapi_update_internal)
  GSS server Update(krb5)(1) Update failed:  Miscellaneous failure (see text): Failed to find DC4$@SAMBA.COMPANY.COM(kvno 1) in keytab FILE:/var/lib/samba/private/secrets.keytab (arcfour-hmac-md5)
[2017/11/07 18:23:25.114456,  1] ../auth/gensec/spnego.c:411(gensec_spnego_parse_negTokenInit)
SPNEGO(gssapi_krb5) NEG_TOKEN_INIT failed: NT_STATUS_LOGON_FAILURE

That one worries me a bit more than the DNS thing...

Have a nice evening everyone!

MJ

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba