Re: [Samba] [samba] DNS update failed!

[k.maksimov]

Alexander R. Fahrutdinov wrote:

В сообщении от 29 июля 2010 09:08:29 автор Alexander R. Fahrutdinov написал:
  
В сообщении от 28 июля 2010 18:10:29 автор k.maksimov написал:
    
Alexander R. Fahrutdinov wrote:
      
В сообщении от 28 июля 2010 10:15:25 автор k.maksimov написал:
        
Anton wrote:
          
On 28 July 2010 01:45, k.maksimov <k.maksi...@butb.by> wrote:
            
I have two networks: 192.168.1.0 with netmask 255.255.255.0 and
172.16.0.0 with netmask 255.255.254.0, when I join in domain in
first network hostname registered successfully, but in second
network:
sudo net ads join -U admin
Enter admin's password:
Using short domain name -- BUTB
Joined 'TH-2-011' to realm 'butb.by'
DNS update failed!
              
As far as I can tell (I'm not entirely certain though)  this is an
Active Directory / Windows Server configuration issue around
loosening permissions enough for the DHCP service to update the DNS
records.

I don't know exactly what settings need to be configured though, as I
didn't manage to get it working either. In the end I decided to keep
the standard security and just use static IPs and DNS records for
winbind machines.
            
I'm use static IP and I haven't DHCP. and this problem not an AD:
Windows machines successfully update DNS.

also I have ~200 machines and I can't add every DNS record manually.
          
It seems, secure DNS update has broken in samba. I tried to use different
versions of samba (3.2.4, 3.4.4, 3.5.4, etc), but always got an error
during DNS update, in spite of "wbinfo -t" and "net ads info" commands
output was OK.

Secure DNS update via nss-update script has sucssefully completed, but it
requires a domain admin creditionals.
Guys from http://rc.quest.com/topics/ddns/old.php create a patch for nss-
update and GSSAPI library to use machine account instead admin one, but I
don't try this.

So, I don't promise to disable the secure DNS update, because it decrease
AD security.

Perghaps, somebody tell us, what we doing wrong?
    

Earlier I tested DNS update on samba package included in Debian Etch, Lenny 
and testing Debian branch.

Now I download CentOS distribution and try to update DNS via "net ads dns 
register -P" command. I'm surprised when command reports "Successfully 
registered hostname with DNS" with samba 3.0.33 and 3.5.4 versions. 

So, it isn't samba problem, but problem of specific distribution. 

And what's your distribution?
  
I'm use Linux Mint 9 (based on Ubuntu 10.4), samba is 3.4.7, and in network 192.168.1.0/24 dns updated successfully via "net ads dns 
register -P". So, it's samba problem:)


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba