Re: [Samba] AD RODC not being used because of missing DNS entries?
- Date: Fri, 19 Oct 2018 22:03:10 +0100
- From: Rowland Penny via samba <samba@xxxxxxxxxxxxxxx>
- Subject: Re: [Samba] AD RODC not being used because of missing DNS entries?
On Fri, 19 Oct 2018 22:09:27 +0200 (CEST)
tomict via samba <samba@xxxxxxxxxxxxxxx> wrote:
> Hi All,
> Is it correct that my RODC domain controller (DC2.ad.example.nl) has
> only one entry in the (internal) DNS on domain controller DC1? It
> seems to me that because of missing dns entries it is not used by
> clients in the ad domain
> I recently installed a second Domain Controller (DC2) along the
> smooth running first domain controller DC1. Samba version 4.8.5,
> Centos 7 Linux, further config files below.
> The command used to join the DC2 as RODC:
> # samba-tool domain join ad.example.nl RODC -U
> "ad.example.nl\Administrator" (see
> https://wiki.samba.org/index.php/Join_a_domain_as_a_RODC) This seemed
> to run OK, DC2 was joined to the domain.
> Before I restarted the samba-ad service, I set the uidNumber of DC2
> because I use idmap backend = ad on the other domain members.
> Machine and user accounts are replicated to DC2.
> The A record entry for DC2.ad.example was added to the dns on DC1,
> but nothing more.
> I see no entries voor ldap, kerberos etc. For example:
> # host -t SRV _ldap._tcp.dc._msdcs.ad.example.nl
> _ldap._tcp.dc._msdcs.ad.example.nl has SRV record 0 100 389
> # host ad.example.nl
> ad.example.nl has address 192.168.223.100
> which is the address of DC1. I thought it should also return a second
> ip address for DC2.
> in the /var/log/samba/log.samba I see truckloads of this:
> [2018/10/19 21:51:05.039345,
> 0] ../source4/dsdb/dns/dns_update.c:330(dnsupdate_nameupdate_done) ../source4/dsdb/dns/dns_update.c:330:
> Failed DNS update - with error code 4
> Should I add the records manually? Should they have been added when I
> joined the RODC to the domain? Or am I wrong about something else
> (very likely)?
Never ran an RODC (yet), but this all sounds like the problems that
used to occur when joining a second DC, try reading this:
You could try restarting Samba, there is a script 'samba_dnsupdate',
which uses a file 'dns_update list' to create missing dns entries. The
script is run at start up.
To unsubscribe from this list go to the following URL and read the