[Samba] Custom SAMBA4/OpenChage ZEG applicance

John Russell jb.fresh at gmail.com
Sat Oct 6 20:30:21 MDT 2012 

Or could be reverse lookup is not working...

root at sogo:~# nslookup sogo
Server:         172.16.1.7
Address:        172.16.1.7#53

Name:   sogo.example.com
Address: 172.16.1.7

root at sogo:~# nslookup 172.16.1.7
Server:         172.16.1.7
Address:        172.16.1.7#53

** server can't find 7.1.16.172.in-addr.arpa: SERVFAIL


On Sat, Oct 6, 2012 at 10:22 PM, John Russell <jb.fresh at gmail.com> wrote:

> Finally got DNS partially working, the following tests were successful:
> host -t SRV _ldap._tcp.example.com.
> host -t SRV _kerberos._udp.example.com.
> host -t A sogo.example.com.
>
> Still can not join any windows clients (XP or 7) to the EXAMPLE.COMdomain. Tried provisioning SAMBA with both --dns-backend=BIND9_DLZ and then
> --dns-backend=SAMBA_INTERNAL but both return "update failed: REFUSED"
>
> So DNS now seems to be having permission problems?
>
> Attached are outputs from "samba_dnsupdate --verbose --all-names" and the
> subsequent "tail /var/log/syslog". Any ideas?
>
>
> On Fri, Sep 21, 2012 at 4:30 AM, John Russell <jb.fresh at gmail.com> wrote:
>
>> Thought for sure this was a real bug, but you are correct Mr. Bartlett,
>> thats just how the SMB protocol works. I verified this with another
>> wireshark capture from the same XP machine and a working SAMBA4 appliance
>> from Sernet. This second capture also reveals that bind9 is still having
>> issues on the SOGo appliance. The host machine registers itself into the
>> DNS zone, but will not add client machines when they try to join the
>> domain. How do I use the internal DNS service with SAMBA4?
>>
>>
>> On Fri, Sep 21, 2012 at 2:24 AM, Andrew Bartlett <abartlet at samba.org>wrote:
>>
>>> On Sat, 2012-09-15 at 11:02 -0400, John Russell wrote:
>>> > Ran wireshark on the XP client while joining the domain and saw SAM
>>> LOGON
>>> > request from client and SAM Active Directory Response - user unknown.
>>> >
>>> > I noticed on the request and the response packets the user name field
>>> in
>>> > the packet is blank (yes, I am typing the user name and password into
>>> the
>>> > prompt from the XP machine!).
>>> >
>>> > Any ideas on what causes this?
>>>
>>> While an odd feature of the protocol, this is actually a normal
>>> successful response to the expected packet.  (Essentially, this is a
>>> historical oddity from a time when asking if a server knew about a user
>>> over an un-authenticated UDP packet wasn't considered a
>>> security/confidentially issue).
>>>
>>> --
>>> Andrew Bartlett
>>> http://samba.org/~abartlet/
>>> Authentication Developer, Samba Team           http://samba.org
>>>
>>>
>>>
>>
>>
>> --
>> "It's better to be boldly decisive and risk being wrong than to agonize
>> at length and be right too late."
>> Marilyn Moats Kennedy
>>
>
>
>
> --
> "It's better to be boldly decisive and risk being wrong than to agonize at
> length and be right too late."
> Marilyn Moats Kennedy
>



-- 
"It's better to be boldly decisive and risk being wrong than to agonize at
length and be right too late."
Marilyn Moats Kennedy

More information about the samba mailing list