Re: [Samba] Samba AD DC + external DHCP + BIND9_DLZ dynamic dns updates doesn't work for domain members.
- Date: Tue, 16 Oct 2018 20:45:04 +0200
- From: "Zuzanna K. Filutowska via samba" <samba@xxxxxxxxxxxxxxx>
- Subject: Re: [Samba] Samba AD DC + external DHCP + BIND9_DLZ dynamic dns updates doesn't work for domain members.
W dniu wto, 16.10.2018 o godzinie 18∶52 +0100, użytkownik Rowland Penny via
> On Tue, 16 Oct 2018 19:37:21 +0200
> "Zuzanna K. Filutowska via samba" <samba@xxxxxxxxxxxxxxx> wrote:
> > W dniu wto, 16.10.2018 o godzinie 18∶25 +0100, użytkownik Rowland
> > Penny via samba napisał:
> > > On Tue, 16 Oct 2018 18:47:30 +0200
> > > "Zuzanna K. Filutowska via samba" <samba@xxxxxxxxxxxxxxx> wrote:
> > >
> > > > Dear All,
> > > >
> > > > I have a setup with samba acting as active directory domain
> > > > controller, DNS updates are done via bind DLZ. I have recompiled
> > > > it to allow spnego. DHCP server is external, no changes in it are
> > > > possible. Domain members try to register in the DNS, KDC is aware
> > > > of them, however no DNS entries for them are created and BIND
> > > > returns errors. Any hints are welcome since I really need it
> > > > working. Thank you in advance.
> > > >
> > > > samba log:
> > > > samba version 4.8.5 started.
> > > > Copyright Andrew Tridgell and the Samba Team 1992-2018
> > > > [2018/10/16 18:29:56.934115,
> > > > 0] ../source4/smbd/server.c:638(binary_smbd_main)
> > > > binary_smbd_main: samba: using 'standard' process model
> > > > [2018/10/16 18:29:57.251109,
> > > > 0] ../lib/util/util_runcmd.c:327(samba_runcmd_io_handler)
> > > > /usr/sbin/krb5kdc:
> > > > krb5kdc: starting...
> > > >
> > >
> > > Is this on a red-hat OS using MIT for Samba ?
> > > If so, I suggest you recompile Samba to use Heimdal instead. There
> > > are numerous limitations with using MIT, because of these, using
> > > MIT is still considered experimental.
> > It is Fedora Server and it uses MIT, these are default packages that
> > come with the system.
> I would suggest you file a bug on Fedora, whilst you can provision an
> AD DC with the Fedora packages, there are several problems that make
> them unsuitable in production (Computer GPO's not applying, for
> instance) and it looks like you may possibly have found another problem.
I am now trying to use SAMBA INTERNAL but dns dynamic updates doesn't work
either. No errors in logs. It was annoying, now is depressing. :->
Do you have any good howto at hand to migrate to heimdal kerberos?
Zuzanna K. Filutowska
Trzeba mieć wytrwałość i wiarę w siebie,
że jest się do czegoś zdolnym. -- Maria Curie-Skłodowska
To unsubscribe from this list go to the following URL and read the