Web lists-archives.com

Re: [Samba] Switching from Internal DNS to Bind9_DLZ




On 1/2/2018 2:23 PM, Rowland Penny wrote:
On Tue, 2 Jan 2018 14:15:11 -0500
lingpanda101 <lingpanda101@xxxxxxxxx> wrote:

On 1/2/2018 1:51 PM, Rowland Penny wrote:
On Tue, 2 Jan 2018 13:38:52 -0500
lingpanda101 via samba <samba@xxxxxxxxxxxxxxx> wrote:


A few other observations while attempting to switch.

    * I do not have a dns.keytab file. Should I or is created after
      attempting to switch?
See my earlier post about samba_dnsupgrade.

    * running 'named-checkconf' throws an error.
It would, it cannot find the zones files that are now in AD.

Rowland
Rowland,

      I think I'm on the home stretch :). However I am running into a
issue after switching the backend. The switch command completes
successfully. Bind starts but I get errors when attempting to run
this command after reboot.

samba_dnsupdate --verbose --all-names

I get this error for all updates.

TSIG error with server: tsig indicates error
update failed: NOTAUTH(BADSIG)
Failed nsupdate: 2
update(nsupdate): A gc._msdcs.domain.local 172.16.22.27
Calling nsupdate for A gc._msdcs.domain.local 172.16.22.27 (add)
Successfully obtained Kerberos ticket to DNS/DDC1.domain.local as
DDC2$ Outgoing update query:
;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id:      0
;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0
;; UPDATE SECTION:
gc._msdcs.domain.local.   900     IN      A       172.16.22.27


I can connect to the server via. Windows DNS Manager and browse.


Try adding '--use-samba-tool' to the 'samba_dnsupdate' command

Rowland

Rowland,

    All kinds of errors now with that command;

20 DNS updates and 0 DNS deletes needed
Successfully obtained Kerberos ticket to DNS/DDC1.domain.local as DDC2$
update (samba-tool): A domain.local 172.16.22.27
Calling samba-tool dns for A domain.local 172.16.22.27 (add)
Calling samba-tool dns add -k no -P ['172.16.22.27', 'domain.local', '@', 'A', '172.16.22.27'] ERROR(runtime): uncaught exception - (9711, 'WERR_DNS_ERROR_RECORD_ALREADY_EXISTS')   File "/usr/local/samba/lib/python2.7/site-packages/samba/netcmd/__init__.py", line 176, in _run
    return self.run(*args, **kwargs)
  File "/usr/local/samba/lib/python2.7/site-packages/samba/netcmd/dns.py", line 940, in run
    raise e
Failed 'samba-tool dns' based update of A domain.local 172.16.22.27

--
--
James


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba