Web lists-archives.com

Re: [Samba] Order of Dcs resolv.conf




On Tue, 10 Apr 2018 10:13:05 -0300
Carlos via samba <samba@xxxxxxxxxxxxxxx> wrote:

> Hi!
> I have a question about order in dcs is /etc/resolv.conf , my
> configuration:
> 
> DC01:
> /etc/resolv.conf
> 
> IP DC02
> IP DC01
> 
> DC02
> /etc/resolv.conf
> 
> IP DC01
> IP DC02
> 
> https://wiki.samba.org/index.php/Joining_a_Samba_DC_to_an_Existing_Active_Directory#DNS_Configuration_on_Domain_Controllers
> 
> ---
> 
> 
> However this setting causes the error:
> 
> 
> samba_dnsupdate --verbose --all-names
> 
> dns_tkey_negotiategss: TKEY is unacceptable
> Failed nsupdate: 1
> Failed update of 28 entries

If the first IP in /etc/resolv.conf isn't the DCs own, samba_dnsupdate
will connect to the other DC and use its kerberos key and,
surprise,surprise, it doesn't work. The wiki page was written to
prevent 'islanding', the only problem with that is, you don't get
'islanding' on an AD DC.   

> 
> If you change to
> DC01
> IP DC01
> IP DC02
> 
> DC02
> IP DC02
> IP DC01
> 
> Problem does not exist.
> 

And there is the proof ;-)

> What would be the correct one?

The second one, I will amend the wiki page.

Rowland
 


-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba