Re: [Samba] win2003 AD migration to SAMBA 4.6 - dnsupdate problem

Hi Tomas,

I want to migrate old 2003 domain to Samba - join SAMBA 4.6(DC2) to win
2003 domain like DC, move sysvol, FSMO, demote old server(DC1), etc.,
etc. -

My problem are DNS Updates, I have kerberos working (added enctypes =
rc4-hmac for compatibility),

May I ask you where did you add that? Where did you read that you had to do that? Could you try to just remove it?

> SAMBA join without errors, I have created
DNS records,

how did you create the records? Could you try the following on your two DCs to force the update without going through the authenticated DNS process
 samba_dnsupdate --use-samba-tool

By the way, is your /etc/resolv.conf pointing to yourself? Is your /etc/krb5.conf and /var/lib/samba/private/krb5.conf identical?


> can move FSMO. But DNS if working only on DC1,  not on DC2,
I have found in logs troubles with dnsupdates. DC1 thinks it is only one
DC in domain.

_ldap._tcp.Default-First-Site._sites.gc._msdcs.test.local. 900 IN SRV 0
100 3268 dc2.test.local.
tkey query failed: GSSAPI error: Major = Unspecified GSS failure.  Minor
code may provide more information, Minor = KDC has no support for
encryption type.
Failed nsupdate: 1
Failed update of 20 entries


