Samba4 on FC13 vs. FC14

Charles Tryon charles.tryon at
Mon Dec 6 12:25:59 MST 2010

I've spent a fair amount of time building (from git) and experimenting with
Samba4.  My current development environments are running on fairly
straightforward Fedora 13 VM's.  (One in ESXi and one using libvirt on a
Ubuntu host).

One nagging problem I've had is getting dynamic DNS updates to work from
DHCP.  I keep getting access denied messages:
     updating zone '': update failed: rejected by secure
update (REFUSED)

I recently noticed in the /usr/local/samba/private/named.conf.update there
is a comment:
      The most recent BIND versions (9.7.2 or later) support secure
GSS-TSIG updates.

Oddly enough, the most recent version of BIND in Fedora 13
is bind-9.7.1-2.P2.fc13.x86_64.  So I'm only one point off!

My top level question is, would it be easier to just start over again on a
clean Fedora 14 base, and if I do, will it likely work better with the built
in versions of Bind and DHCP in terms of using the generated update policies
in the named.conf.update file?  What are people doing if they still have
Fedora 13 as their underlying system?  I know I can tweak the various
configuration files and get DHCP to DNS updates working using older key
types, but I'd like to keep things as close to the default provisioned
environment as possible.

(BTW - I'm still trying to get to some suggestions which were made here
regarding bulk importing user and machine accounts from a production Samba3
instance to a new Samba4 instance using what used to be the
script, but keep getting yanked off to other priorities. :-(  I'll post
something when I finally get around to trying it.)

    Charles Tryon
      "It's the job that's never started that takes longest to finish."
                                 -- Samwise Gamgee

More information about the samba-technical mailing list