Problems setting up samba bind9_dlz on Ubuntu 18.04

**b-david** · November 22nd, 2019

I followed the following guides to setup samba as an additional active directory server to my windows server with bind9 dns:

https://www.tecmint.com/join-additio...r-replication/
https://wiki.samba.org/index.php/BIN...roubleshooting

The active directory replication works, but the dns replication does not work. When I'm running "samba_dnsupdate --all-names" I get the following output:
; TSIG error with server: tsig verify failure
; TSIG error with server: tsig verify failure
update failed: REFUSED
; TSIG error with server: tsig verify failure
update failed: REFUSED
; TSIG error with server: tsig verify failure
; TSIG error with server: tsig verify failure
; TSIG error with server: tsig verify failure
; TSIG error with server: tsig verify failure
; TSIG error with server: tsig verify failure
; TSIG error with server: tsig verify failure
; TSIG error with server: tsig verify failure
; TSIG error with server: tsig verify failure
; TSIG error with server: tsig verify failure
; TSIG error with server: tsig verify failure
; TSIG error with server: tsig verify failure
; TSIG error with server: tsig verify failure
; TSIG error with server: tsig verify failure
; TSIG error with server: tsig verify failure
; TSIG error with server: tsig verify failure
; TSIG error with server: tsig verify failure
Failed update of 19 entries

Here is a list of versions:
Ubuntu: 18.04
Samba: 4.7.6-Ubuntu
bind9: 9.11.3-1ubuntu1.11-UbuntuAnd this is my smb.conf:

[global]
netbios name = DC01
realm = DOMAIN.COM
server role = active directory domain controller
workgroup = DOMAIN.COM
dns forwarder = 172.17.1.1
idmap_ldb:use rfc2307 = yes

template shell = /bin/bash
winbind use default domain = true
winbind offline logon = false
winbind nss info = rfc2307
winbind enum users = yes
winbind enum groups = yes
server services = -dns

[netlogon]
path = /var/lib/samba/sysvol/domain.com/scripts
read only = No

[sysvol]
path = /var/lib/samba/sysvol
read only = No

I'm not really sure if samba is even using bind9. I've enabled the logging of bind9, but I cannot see any logs when running the dns update. Did I miss a step to activate the bind9 module?

**rsteinmetz70112** · November 23rd, 2019

I'd suggest contacting the Samba mailing lists.
They are usually quite willing to help and many of the Samba developers post there.
Many of the online guides for Samba are quite out of date.

**SeijiSensei** · November 23rd, 2019

server services = -dns

Doesn't that tell Samba not to provide DNS?

https://www.samba.org/samba/docs/cur...mb.conf.5.html

**b-david** · November 23rd, 2019

As far as I understand this only disables the samba integrated dns server. I found this in the following guide:

https://wiki.samba.org/index.php/Cha..._a_Samba_AD_DC

**SeijiSensei** · November 24th, 2019

What if you use that rather than BIND?

**b-david** · November 24th, 2019

I've just tried that, but I'm getting the exact same errors with the internal service.

**b-david** · November 24th, 2019

I was now able to solve the problem with some hints from the samba mailing list. Here is the link to the discussion:

https://lists.samba.org/archive/samb...er/227160.html