Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss
[Samba] Samba 4 ADDC. Dynamic DNS updates from Windows clients.
1,621 views
Skip to first unread message
Chris Rowson
May 12, 2013, 7:20:02 AM5/12/13
to
I'm currently testing samba 4, and I've come across a problem which I can't
seem to find an answer for.
I have one samba 4 ADDC running on a Centos 6 container, compiled from the
latest stable source release and setup as per the samba wiki. I'm running
the internal DNS server.
DHCP is provided to the network by an openwrt router. The router is
configured to hand out the DNS server details of the ADDC.
I have joined a windows 8 virtual machine to the domain, it gets an IP
address from the router, but internal DNS running on the ADDC doesn't seem
to add an A record for my windows client.
I've tried running ipconfig /registerdns on the win client but get an
unable to update DNS error.
I'm sure I'm missing something here. Can anybody help?
Thanks in advance,
Chris
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
seem to find an answer for.
I have one samba 4 ADDC running on a Centos 6 container, compiled from the
latest stable source release and setup as per the samba wiki. I'm running
the internal DNS server.
DHCP is provided to the network by an openwrt router. The router is
configured to hand out the DNS server details of the ADDC.
I have joined a windows 8 virtual machine to the domain, it gets an IP
address from the router, but internal DNS running on the ADDC doesn't seem
to add an A record for my windows client.
I've tried running ipconfig /registerdns on the win client but get an
unable to update DNS error.
I'm sure I'm missing something here. Can anybody help?
Thanks in advance,
Chris
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
Chris Rowson
May 12, 2013, 10:50:03 AM5/12/13
to
Figured it out.
It seems that OOTB the security permissions on the Internal DNS server
don't allow domain-joined clients to update records.
As a test I gave a client 'Full Control' access to the forward lookup zone
for my test domain and it was able to update its own record.
I'll now find the appropriate security permissions for doing this.
Cheers,
It seems that OOTB the security permissions on the Internal DNS server
don't allow domain-joined clients to update records.
As a test I gave a client 'Full Control' access to the forward lookup zone
for my test domain and it was able to update its own record.
I'll now find the appropriate security permissions for doing this.
Cheers,
Chris Rowson
May 12, 2013, 1:10:02 PM5/12/13
to
So I gave 'Domain Computers' group the READ and CREATE ALL CHILD OBJECTS
permission on the forward lookup zone.
Doing an ipconfig /renew on Windows 8 does not create an A record. Doing an
ipconfig /registerdns does however create a new record. Hooray. I wonder if
I just need to turn on dynamic updates in Group Policy to force this
behaviour at interface renew/boot etc? Will experiment later after sorting
out the various other problems!
I then attempted to change the IP Address on the Win 8 client and re-ran
ipconfig /registerdns. This time it did not update the DNS A record.
#FacePalm.
The Windows Event logs shows
EventID 8016
The system failed to register host resource records for network adapter
with settings...
The reason the system could not register these RRs was because the DNS
server failed the update request. The most likely cause of this is that the
authoritative DNS server required to process this update request has a lock
in place on the zone, probably because a zone transfer is in progress.
I'm going to have to stop hammering away at this problem for a while
because I've had enough! Hopefully somebody here will be able to give me
some inspiring advice. :-)
Should setting up dynamic DNS updates for Windows clients be this hard?
Have I done something completely wrong?
permission on the forward lookup zone.
Doing an ipconfig /renew on Windows 8 does not create an A record. Doing an
ipconfig /registerdns does however create a new record. Hooray. I wonder if
I just need to turn on dynamic updates in Group Policy to force this
behaviour at interface renew/boot etc? Will experiment later after sorting
out the various other problems!
I then attempted to change the IP Address on the Win 8 client and re-ran
ipconfig /registerdns. This time it did not update the DNS A record.
#FacePalm.
The Windows Event logs shows
EventID 8016
The system failed to register host resource records for network adapter
with settings...
The reason the system could not register these RRs was because the DNS
server failed the update request. The most likely cause of this is that the
authoritative DNS server required to process this update request has a lock
in place on the zone, probably because a zone transfer is in progress.
I'm going to have to stop hammering away at this problem for a while
because I've had enough! Hopefully somebody here will be able to give me
some inspiring advice. :-)
Should setting up dynamic DNS updates for Windows clients be this hard?
Have I done something completely wrong?
Zane Zakraisek
May 12, 2013, 10:10:01 PM5/12/13
to
> I then attempted to change the IP Address on the Win 8 client and re-ran
>
> ipconfig /registerdns. This time it did not update the DNS A record.
>
> #FacePalm.
This looks like bug 9559. Here's the link to the Bugzilla report.
>
> ipconfig /registerdns. This time it did not update the DNS A record.
>
> #FacePalm.
https://bugzilla.samba.org/show_bug.cgi?id=9559
I'm not sure when it'll be addressed, but there's a few people (including
me) that have the same issue. There's a few options available to get around
this, but thats if you don't mind using BIND.
Chris Rowson
May 13, 2013, 3:30:02 AM5/13/13
to
reading has write access to the wiki it might be worth mentioning that
dynamic DNS updates are broken in the internal DNS server at the moment
though :-)
Does installing BIND as per the samba wiki work OK then, or is there
anything else I need to be doing?
Thanks again,
Chris
steve
May 13, 2013, 5:10:02 AM5/13/13
to
On 13/05/13 09:20, Chris Rowson wrote:
>
> Don't mind installing BIND at all. Thanks for clearing that up. If anyone
> reading has write access to the wiki it might be worth mentioning that
> dynamic DNS updates are broken in the internal DNS server at the moment
> though :-)
>
> Does installing BIND as per the samba wiki work OK then, or is there
> anything else I need to be doing?
Hi
>
> Don't mind installing BIND at all. Thanks for clearing that up. If anyone
> reading has write access to the wiki it might be worth mentioning that
> dynamic DNS updates are broken in the internal DNS server at the moment
> though :-)
>
> Does installing BIND as per the samba wiki work OK then, or is there
> anything else I need to be doing?
Ah, this probably explains my nsupdate problem creating tsig errors
against the internal server:
https://lists.samba.org/archive/samba/2013-May/173262.html
and why our Linux clients don't get A records when they join the domain:
https://lists.samba.org/archive/samba/2013-May/173214.html
I can confirm that switching to BIND solves both issues. It's easy to do
so maybe try that and wait until the internal dns gets fixed?
HTH
Cheers,
Steve
0 new messages