Samba 4.0 DNS configuration
Trever L. Adams
trever.adams at gmail.com
Wed Jul 6 15:38:36 MDT 2011
On 06/11/2011 08:42 PM, Andrew Bartlett wrote:
>
> This isn't an issue with Samba 3.6, but with BIND and the Samba4 zone
> you have loaded.
>
> The most reliable way to fix this is to upgrade to Bind 9.8 and change
> the gssapi settings in the name.conf to only:
>
> tkey-gssapi-keytab /path/to/dns.keytab
>
> This should then work much more reliably. Your DNS zone is also showing
> a bug we had for ages, where the first line contained only the realm
> where it should be your server's full hostname. (see the following line
> in the new zone template).
>
> @ IN SOA hostname.realm hostmaster (
>
> I suspect your provision is old, so perhaps upgrade to a current Samba4
> git checkout and reprovision (if possible). If you can't reprovision,
> ensure that the servicePrinciaplNames attribute on the 'cn=dns' user has
> a value of DNS/hostname.realm
>
> Andrew Barltett
I have been able to do an upgradeprovision --full for the first time in
a long time on this server. I now have the proper dns.keytab. However,
any attempt at nsupdate -g (including
/usr/local/samba/sbin/samba_dnsupdate --verbose) yields "tkey query
failed: GSSAPI error: Major = Unspecified GSS failure. Minor code may
provide more information, Minor = Server not found in Kerberos database."
I have checked permissions and cannot figure this out.
Any ideas?
The other two provisions I have work just fine now.
Trever
--
"He that demands mercy, and shows none, ruins the bridge over which he
himself is to pass." -- Thomas Adams, 1612-1653
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 261 bytes
Desc: OpenPGP digital signature
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20110706/a648ab4d/attachment.pgp>
More information about the samba-technical
mailing list