Samba4 DNS dynamic updates denied

[Mike Howard]

On 25/06/2011 14:32, Mike Howard wrote:
> Hi All,
>
> I currently use Bind9 and ISC dhcp servers on debian with dynamic 
> updates working fine.
>
> I've just started running with Samba4, which looks great, but I'm 
> having trouble getting DNS dynamic updates woring. In fact, I've been 
> pulling my hair out!
>
> First I built and installed a newer version of bind9 (bind-9.8.0-P2), 
> this works well and updates to my zones work without problem. I then 
> built, installed and provisioned samba4 (samba-4.0.0alpha15) using the 
> Samba4/HOWTO at wiki.samba.org. This went well, configuring and 
> testing  DNS and Kerberos all succeeded as per the HOWTO.
>
> However, DNS dynamic updates to the samba4 zone do not work. The 
> following error is reported;
>
> 25-Jun-2011 13:55:49.801 error: client 192.168.3.100#56429: update 
> 'skmdom.mydom.co.uk/IN' denied
>
> I've seen various reports of this but no solutions. I've tried various 
> combinations of provisioning but never have any success. On some 
> occasions, even worse than the above error is no error at all.
>
> Anyway, in this incarnation I provisioned with;
>
> ./source4/setup/provision --realm=skmdom.mydom.co.uk --domain=SKMDOM 
> --adminpass='password' --server-role='domain controller'  
> --host-ip=192.168.3.2
>
> I've added;  tkey-gssapi-keytab "/usr/local/samba/private/dns.keytab"; 
> to my named.conf.options file and symlinked to /etc/krb5.keytab. I've 
> played with permissions giving user bind everything but still no joy.
>
> I suspect that it is a 'key' issue but have no evidence to support that.
>
> Anybody got any ideas?
>
Apologies for the noise above, I've obviously got too many balls in the 
air at the mo. It was simply a time synchronisation issue (I'm using 
VMs) and once I'd corrected the clock on the client all was well.

Cheers,
Mike.

-- 
Michael Howard        mike at dewberryfields dot co dot uk
Lancashire
England