[Samba] Bind9_DLZ DNS updating
Ray Klassen
ray.klassen at icloud.com
Fri Nov 3 16:36:31 UTC 2023
Correction: the WIP list is at the bottom of the related bugzilla
report:
https://bugzilla.samba.org/show_bug.cgi?id=14356
On Fri, 2023-11-03 at 08:51 -0700, Ray Klassen via samba wrote:
> Still pursuing my strange problem with windows clients randomly (2 or
> 3
> a day on a network of about 200 pc's) not allowing logins until
> reboot.
>
> Nailing down some best practises in an attempt to fix. My best guess
> is
> that it's a Kerberos issue --sensitive to time sync and DNS.
>
> -- Installed chrony instead of ntpsec (seems to perform as
> advertised)
>
> -- (Today) moved to BIND9_DLZ instead of SAMBA_INTERNAL for dns
> services. (long ago I switched to SAMBA _INTERNAL from BIND9_DLZ
> because the Debian version of named did not include dlopen and had to
> be recompiled every time)
> So now the windows eventlog complains that it can't update RR's
> because of a system error instead of a security problem (PROGRESS!?).
> The DC shows variations on the following in the log
>
> "ERROR: auth_data_only pad length mismatch. Client sent a longer BIND
> packet than expected by 44 bytes (pkt_trailer->length=2084 -
> auth_length=2040) = 44 auth_pad_length=0"
>
> I notice that there's lots of mention of this from 2020 on and one of
> the emails points to WIP list with the latest post as of October 9 of
> this year. Is there any further action on this? Do I switch to
> nonsecure updates? Is it likely improve the original problem with
> windows 10 clients needing reboot to login?
>
>
>
More information about the samba
mailing list