I have Bookworm installed with Samba Version 4.17.12-Debian configured as a domain controller with internal dns.
Windows 11 clients can join and log on to the domain, netlogon and sysvol shares are available, group policy is working fine, kinit is successful, I can verify kerberos tickets in klist, and samba_dnsupdate is successful without errors.
Clients are assigned IP addresses via DHCP from the firewall and A records for the clients are created in the samba internal DNS forward zone, but PTR records are not created in the reverse zone.
As I dig a little deeper, event viewer is showing errors 8019 & 8020 claiming a "security problem" creating A or AAAA records, but the A records are created successfully. AAAA record is not attempted from the samba log. Samba logs show no attempt to create a PTR record. ipconfig /registerdns just creates 8019 or 8020 event errors (Seems to be somewhat random which one I get). The reverse zone was created using samba-tool and is configured for secure updates. The Samba config is configured to allow secure updates. If I manually create the PTR record, it does not update. If I configure the A record to automatically update the PTR record, it does not. Group policy for the DNS client is configured for secure dynamic updates and PTR record creation. Anyone have any ideas as to why the A record creation is failing in the event viewer (But it ins't) and PTR records won't even attempt to be created?
Any help is appreciated.
Thank you!
Windows 11 clients can join and log on to the domain, netlogon and sysvol shares are available, group policy is working fine, kinit is successful, I can verify kerberos tickets in klist, and samba_dnsupdate is successful without errors.
Clients are assigned IP addresses via DHCP from the firewall and A records for the clients are created in the samba internal DNS forward zone, but PTR records are not created in the reverse zone.
As I dig a little deeper, event viewer is showing errors 8019 & 8020 claiming a "security problem" creating A or AAAA records, but the A records are created successfully. AAAA record is not attempted from the samba log. Samba logs show no attempt to create a PTR record. ipconfig /registerdns just creates 8019 or 8020 event errors (Seems to be somewhat random which one I get). The reverse zone was created using samba-tool and is configured for secure updates. The Samba config is configured to allow secure updates. If I manually create the PTR record, it does not update. If I configure the A record to automatically update the PTR record, it does not. Group policy for the DNS client is configured for secure dynamic updates and PTR record creation. Anyone have any ideas as to why the A record creation is failing in the event viewer (But it ins't) and PTR records won't even attempt to be created?
Any help is appreciated.
Thank you!
Statistics: Posted by keebs — 2025-01-02 21:16 — Replies 0 — Views 42