Created attachment 13643 [details] samba_dnsupdate log Configuring Samba 4.7.0 as a DC with BIND9_DLZ (Bind 9.9.10) yields an error trying to run samba_dnsupdate. samba_dnsupdate shows refused update (see attached log), named shows "Request is a replay" (see attached log).
Created attachment 13644 [details] BIND 9.9.10 named log
I have solved this problem with this work around: # echo 'KRB5RCACHETYPE="none"' >> /etc/sysconfig/named # systemctl restart named Now the "# samba_dnsupdate --all-names --fail-immediately" and the dhcp client hostname update via script work fine and the "samba_dlz: spnego update failed" is gone Thanks Dario
The bind_dlz module should be removed. It opens too many bugs. We should try to use ldap to for dns updates. Maybe try to get https://pagure.io/bind-dyndb-ldap working.
Ok, no problem to use another zone resolver into bind, instead of BIND9_DLZ. There is some how to configure bind-dyndb-ldap with samba AD-DC? I'm sorry, but I'm not a samba/ldap expert. Please, provide some suggest. Thanks Dario