[Samba] DNS frustration
Rowland Penny
rowlandpenny at googlemail.com
Wed Oct 9 14:36:19 MDT 2013
On 09/10/13 20:15, Scott Goodwin wrote:
> Thanks for the advice Steve. I had actually tried this before, and it did
> work temporarily, but after a few hours, the updates starting failing again.
> This is so weird! Why is this happening? I have nothing but respect for
> the samba team and all their hard work, but egads, I just can't figure out
> why such a critical issue is still running rampant. (Ok, so it's not
> critical in the sense that all your clients are down, and they can't work.
> But heck, every time a pc gets a new dhcp lease, I have to change it by
> hand, and that becomes a maintenance nightmare).
> I'm being completely serious when I say this: how do larger companies that
> have rolled out samba4 cope with this issue? Is there some workaround I'm
> not aware of?
>
>
> *Scott Goodwin*
> IT Lead
> Mimic Technologies, Inc
> 811 First Avenue, Suite 408 | Seattle, WA 98104
> phone: 1.800.918.1670 | direct: 206.456.9180
> fax: 206.623.3491 | cell: 206.355.7767
>
>
>
> On Tue, Oct 8, 2013 at 11:56 PM, steve <steve at steve-ss.com> wrote:
>
>> On Tue, 2013-10-08 at 22:59 -0700, Scott Goodwin wrote:
>>
>>> * Samba4 with BIND_DLZ (with windows clients updating AD via kerberos)
>>> Dammit this is so close! But Windows client dns updates do not work.
>>> Actually, they worked at first, then they stopped working. Errors like
>>> this:
>>> Oct 8 21:38:16 earl named[7695]: samba_dlz: starting transaction on zone
>>> mydomain.com
>>> Oct 8 21:38:16 earl named[7695]: client 10.2.2.227#52980: update '
>>> mydomain.com/IN' denied
>>> Oct 8 21:38:16 earl named[7695]: samba_dlz: cancelling transaction on
>> zone
>>> mydomain.com
>>> This is a decidedly ubiquitous problem out there, and one can google on
>>> this for hours, with no solid fixes or answers. Per this guy's
>>> advice<
>> http://article.gmane.org/gmane.network.samba.general/131081/match=>I
>>> downloaded and compiled bind 9.8, and also 9.9 (just for good measure)
>>> using the proper flags ( --with-dlopen=yes,
>>> --with-gssapi=/usr/include/gssapi, and WITHOUT the flag
>>> --disable-isc-spnego). After I did this, it actually worked for a few
>>> hours! Then all of a sudden, stopped working with the above errors
>>> littering my named.log again.
>> Hi
>> Do you have CNAME's? If not, then it's just because you've tried
>> different Samba versions but with the same dns records. Try deleting the
>> old machine record so that a new one corresponding to your new install
>> will recreate it at the next update request. I don't know your domain
>> names and finding the DN for the machine took some working out, but I've
>> an example here:
>>
>> http://linuxcostablanca.blogspot.com.es/2013/09/samba4-bind9dlz-stale-dns-records-with.html
>> HTH
>> Steve
>>
>>
>> --
>> To unsubscribe from this list go to the following URL and read the
>> instructions: https://lists.samba.org/mailman/options/samba
>>
Hi, try starting here:
http://blog.michael.kuron-germany.de/2011/02/isc-dhcpd-dynamic-dns-updates-against-secure-microsoft-dns/
Rowland
More information about the samba
mailing list