[Samba] Join AD fails DNS update
Rowland Penny
rowlandpenny at googlemail.com
Thu Jun 26 04:52:49 MDT 2014
On 26/06/14 11:43, Lars Hanke wrote:
>>> It does mean that some RRset is required to exist, but it does not!
>>> (see RFC2136). Unfortunately, the message doesn't state which set
>>> fails. Since prerequisites are optional, I assume that SAMBA_DLZ
>>> explicitly sets these fields. Any idea why or what it requires?
>>
>> What have you got in the systems main logfile (syslog on debian)
>
> This is what named produces during the join.
>
> Jun 24 15:24:44 samba named[7248]: samba_dlz: starting transaction on
> zone ad.microsult.de
> Jun 24 15:24:44 samba named[7248]: client 172.16.6.242#38702: updating
> zone 'ad.microsult.de/NONE': update unsuccessful:
> samba4.ad.microsult.de/A: 'RRset exists (value dependent)'
> prerequisite not satisfied (NXRRSET)
> Jun 24 15:24:44 samba named[7248]: samba_dlz: cancelling transaction
> on zone ad.microsult.de
> Jun 24 15:24:44 samba named[7248]: samba_dlz: starting transaction on
> zone ad.microsult.de
> Jun 24 15:24:44 samba named[7248]: samba_dlz: spnego update failed
> Jun 24 15:24:44 samba named[7248]: client 172.16.6.242#38702: updating
> zone 'ad.microsult.de/NONE': update failed: rejected by secure update
> (REFUSED)
> Jun 24 15:24:44 samba named[7248]: samba_dlz: cancelling transaction
> on zone ad.microsult.de
>
> However, temp_check(), which produces the error, only returns
> DNS_R_NXRRSET without further context. So FAILNT in update_action()
> cannot log any details, i.e. which RRset exactly was expected and
> found missing is not conveyed in the error message.
>
> So, if someone knows how or where the update message is built, we
> might find what we actually require.
>
> Regards,
> - lars.
Have you tried running the 'nsupdate' command direct, this is what named
is doing and it might get you more info.
Rowland
More information about the samba
mailing list