[Samba] V4 - New Install - Missing Zone File
Jeremy Davis
jdavis4102 at gmail.com
Wed Feb 22 22:54:20 MST 2012
On 02/22/2012 10:48 PM, Amitay Isaacs wrote:
> On Thu, Feb 23, 2012 at 4:33 PM, Jeremy Davis<jdavis4102 at gmail.com> wrote:
>> Hello Amitay,
>>
>>
>> On 02/22/2012 10:07 PM, Amitay Isaacs wrote:
>>> Hi Jeremy,
>>>
>>> On Thu, Feb 23, 2012 at 3:29 PM, Jeremy Davis<jdavis4102 at gmail.com>
>>> wrote:
>>>> Hello Amitay,
>>>>
>>>> On 02/22/2012 02:34 PM, Amitay Isaacs wrote:
>>>>> Hi Jeremy,
>>>>>
>>>>>
>>>>> That error message needs to be fixed. :)
>>>>>
>>>>> Looks like "nsupdate" command is not in the path. samba_dnsupdate
>>>>> script uses nsupdate to dynamically update DNS entries.
>>>>>
>>>>> Try adding "nsupdate command = /path/to/nsupdate" in smb.conf.
>>>>>
>>>>> Amitay.
>>>>>
>>>> Thank you SO MUCH for getting me this far!! :) That looks like it fixed
>>>> that
>>>> issue but I have now ran into a denied error message for bind. Below you
>>>> can
>>>> find my logs for both samba_dnsupdate and bind. Seems like the dns.keytab
>>>> file is not correct or something. I have tried to put allow-update {
>>>> 192.168.30.1; } in my options section of my named.conf with no luck.
>>>>
>>> I forgot to mention that nsupdate command should also include -g flag to
>>> force
>>> secure (kerberos) updates.
>>>
>>> nsupdate command = /path/to/nsupdate -g
>>>
>>> dlz_bind9 module only allows secure dynamic updates.
>>>
>>> Amitay.
>>>
>> I added the -g to the smb.conf and restarted samba and named but it doesn't
>> seem to do anything. Could this be an issue with kerberos? I am able to
>> authenticate with my Windows machine and via the command line using the
>> tests on the samba4 wiki. Any ideas as to what this could be?
> What happens when you run samba_dnsupdate --verbose?
> What's the output from BIND?
>
> Amitay.
>
Well, the samba_dnsupdate logs are the same but bind is now showing a
little different error.
samba-dnsupdate:
IPs: ['2002:4b46:c8ad:0:a00:27ff:fe14:5491',
'fe80::a00:27ff:fe14:5491%eth0', 'fe80::a00:27ff:fee5:5840%eth1',
'192.168.7.30', '192.168.30.1']
Looking for DNS entry A bob-dc.com 192.168.7.30 as bob-dc.com.
Looking for DNS entry A dc1.bob-dc.com 192.168.7.30 as dc1.bob-dc.com.
Looking for DNS entry AAAA bob-dc.com
2002:4b46:c8ad:0:a00:27ff:fe14:5491 as bob-dc.com.
Failed to find matching DNS entry AAAA bob-dc.com
2002:4b46:c8ad:0:a00:27ff:fe14:5491
Looking for DNS entry AAAA dc1.bob-dc.com
2002:4b46:c8ad:0:a00:27ff:fe14:5491 as dc1.bob-dc.com.
Failed to find matching DNS entry AAAA dc1.bob-dc.com
2002:4b46:c8ad:0:a00:27ff:fe14:5491
Looking for DNS entry A gc._msdcs.bob-dc.com 192.168.7.30 as
gc._msdcs.bob-dc.com.
Looking for DNS entry AAAA gc._msdcs.bob-dc.com
2002:4b46:c8ad:0:a00:27ff:fe14:5491 as gc._msdcs.bob-dc.com.
Failed to find matching DNS entry AAAA gc._msdcs.bob-dc.com
2002:4b46:c8ad:0:a00:27ff:fe14:5491
Looking for DNS entry CNAME
48c0fc0c-dcc1-425d-bcb2-a229d40ab48c._msdcs.bob-dc.com dc1.bob-dc.com as
48c0fc0c-dcc1-425d-bcb2-a229d40ab48c._msdcs.bob-dc.com.
Looking for DNS entry SRV _kpasswd._tcp.bob-dc.com dc1.bob-dc.com 464 as
_kpasswd._tcp.bob-dc.com.
Checking 0 100 464 dc1.bob-dc.com. against SRV _kpasswd._tcp.bob-dc.com
dc1.bob-dc.com 464
Looking for DNS entry SRV _kpasswd._udp.bob-dc.com dc1.bob-dc.com 464 as
_kpasswd._udp.bob-dc.com.
Checking 0 100 464 dc1.bob-dc.com. against SRV _kpasswd._udp.bob-dc.com
dc1.bob-dc.com 464
Looking for DNS entry SRV _kerberos._tcp.bob-dc.com dc1.bob-dc.com 88 as
_kerberos._tcp.bob-dc.com.
Checking 0 100 88 dc1.bob-dc.com. against SRV _kerberos._tcp.bob-dc.com
dc1.bob-dc.com 88
Looking for DNS entry SRV _kerberos._tcp.dc._msdcs.bob-dc.com
dc1.bob-dc.com 88 as _kerberos._tcp.dc._msdcs.bob-dc.com.
Checking 0 100 88 dc1.bob-dc.com. against SRV
_kerberos._tcp.dc._msdcs.bob-dc.com dc1.bob-dc.com 88
Looking for DNS entry SRV
_kerberos._tcp.default-first-site-name._sites.bob-dc.com dc1.bob-dc.com
88 as _kerberos._tcp.default-first-site-name._sites.bob-dc.com.
Checking 0 100 88 dc1.bob-dc.com. against SRV
_kerberos._tcp.default-first-site-name._sites.bob-dc.com dc1.bob-dc.com 88
Looking for DNS entry SRV
_kerberos._tcp.default-first-site-name._sites.dc._msdcs.bob-dc.com
dc1.bob-dc.com 88 as
_kerberos._tcp.default-first-site-name._sites.dc._msdcs.bob-dc.com.
Checking 0 100 88 dc1.bob-dc.com. against SRV
_kerberos._tcp.default-first-site-name._sites.dc._msdcs.bob-dc.com
dc1.bob-dc.com 88
Looking for DNS entry SRV _kerberos._udp.bob-dc.com dc1.bob-dc.com 88 as
_kerberos._udp.bob-dc.com.
Checking 0 100 88 dc1.bob-dc.com. against SRV _kerberos._udp.bob-dc.com
dc1.bob-dc.com 88
Looking for DNS entry SRV _ldap._tcp.bob-dc.com dc1.bob-dc.com 389 as
_ldap._tcp.bob-dc.com.
Checking 0 100 389 dc1.bob-dc.com. against SRV _ldap._tcp.bob-dc.com
dc1.bob-dc.com 389
Looking for DNS entry SRV _ldap._tcp.dc._msdcs.bob-dc.com dc1.bob-dc.com
389 as _ldap._tcp.dc._msdcs.bob-dc.com.
Checking 0 100 389 dc1.bob-dc.com. against SRV
_ldap._tcp.dc._msdcs.bob-dc.com dc1.bob-dc.com 389
Looking for DNS entry SRV _ldap._tcp.gc._msdcs.bob-dc.com dc1.bob-dc.com
3268 as _ldap._tcp.gc._msdcs.bob-dc.com.
Checking 0 100 3268 dc1.bob-dc.com. against SRV
_ldap._tcp.gc._msdcs.bob-dc.com dc1.bob-dc.com 3268
Looking for DNS entry SRV _ldap._tcp.pdc._msdcs.bob-dc.com
dc1.bob-dc.com 389 as _ldap._tcp.pdc._msdcs.bob-dc.com.
Checking 0 100 389 dc1.bob-dc.com. against SRV
_ldap._tcp.pdc._msdcs.bob-dc.com dc1.bob-dc.com 389
Looking for DNS entry SRV
_ldap._tcp.default-first-site-name._sites.bob-dc.com dc1.bob-dc.com 389
as _ldap._tcp.default-first-site-name._sites.bob-dc.com.
Checking 0 100 389 dc1.bob-dc.com. against SRV
_ldap._tcp.default-first-site-name._sites.bob-dc.com dc1.bob-dc.com 389
Looking for DNS entry SRV
_ldap._tcp.default-first-site-name._sites.dc._msdcs.bob-dc.com
dc1.bob-dc.com 389 as
_ldap._tcp.default-first-site-name._sites.dc._msdcs.bob-dc.com.
Checking 0 100 389 dc1.bob-dc.com. against SRV
_ldap._tcp.default-first-site-name._sites.dc._msdcs.bob-dc.com
dc1.bob-dc.com 389
Looking for DNS entry SRV
_ldap._tcp.default-first-site-name._sites.gc._msdcs.bob-dc.com
dc1.bob-dc.com 3268 as
_ldap._tcp.default-first-site-name._sites.gc._msdcs.bob-dc.com.
Checking 0 100 3268 dc1.bob-dc.com. against SRV
_ldap._tcp.default-first-site-name._sites.gc._msdcs.bob-dc.com
dc1.bob-dc.com 3268
Looking for DNS entry SRV
_ldap._tcp.2d1290ec-d837-4f59-8730-9deb5078c8f0.domains._msdcs.bob-dc.com dc1.bob-dc.com
389 as
_ldap._tcp.2d1290ec-d837-4f59-8730-9deb5078c8f0.domains._msdcs.bob-dc.com.
Checking 0 100 389 dc1.bob-dc.com. against SRV
_ldap._tcp.2d1290ec-d837-4f59-8730-9deb5078c8f0.domains._msdcs.bob-dc.com dc1.bob-dc.com
389
Looking for DNS entry SRV _gc._tcp.bob-dc.com dc1.bob-dc.com 3268 as
_gc._tcp.bob-dc.com.
Checking 0 100 3268 dc1.bob-dc.com. against SRV _gc._tcp.bob-dc.com
dc1.bob-dc.com 3268
Looking for DNS entry SRV
_gc._tcp.default-first-site-name._sites.bob-dc.com dc1.bob-dc.com 3268
as _gc._tcp.default-first-site-name._sites.bob-dc.com.
Checking 0 100 3268 dc1.bob-dc.com. against SRV
_gc._tcp.default-first-site-name._sites.bob-dc.com dc1.bob-dc.com 3268
Looking for DNS entry A bob-dc.com 192.168.30.1 as bob-dc.com.
Failed to find matching DNS entry A bob-dc.com 192.168.30.1
Looking for DNS entry A dc1.bob-dc.com 192.168.30.1 as dc1.bob-dc.com.
Failed to find matching DNS entry A dc1.bob-dc.com 192.168.30.1
Looking for DNS entry A gc._msdcs.bob-dc.com 192.168.30.1 as
gc._msdcs.bob-dc.com.
Failed to find matching DNS entry A gc._msdcs.bob-dc.com 192.168.30.1
Calling nsupdate for AAAA bob-dc.com 2002:4b46:c8ad:0:a00:27ff:fe14:5491
Outgoing update query:
;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id: 0
;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0
;; UPDATE SECTION:
bob-dc.com. 900 IN AAAA 2002:4b46:c8ad:0:a00:27ff:fe14:5491
update failed: REFUSED
Failed nsupdate: 2
Calling nsupdate for AAAA dc1.bob-dc.com 2002:4b46:c8ad:0:a00:27ff:fe14:5491
Outgoing update query:
;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id: 0
;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0
;; UPDATE SECTION:
dc1.bob-dc.com. 900 IN AAAA 2002:4b46:c8ad:0:a00:27ff:fe14:5491
update failed: REFUSED
Failed nsupdate: 2
Calling nsupdate for AAAA gc._msdcs.bob-dc.com
2002:4b46:c8ad:0:a00:27ff:fe14:5491
Outgoing update query:
;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id: 0
;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0
;; UPDATE SECTION:
gc._msdcs.bob-dc.com. 900 IN AAAA
2002:4b46:c8ad:0:a00:27ff:fe14:5491
update failed: REFUSED
Failed nsupdate: 2
Calling nsupdate for A bob-dc.com 192.168.30.1
Outgoing update query:
;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id: 0
;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0
;; UPDATE SECTION:
bob-dc.com. 900 IN A 192.168.30.1
update failed: REFUSED
Failed nsupdate: 2
Calling nsupdate for A dc1.bob-dc.com 192.168.30.1
Outgoing update query:
;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id: 0
;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0
;; UPDATE SECTION:
dc1.bob-dc.com. 900 IN A 192.168.30.1
update failed: REFUSED
Failed nsupdate: 2
Calling nsupdate for A gc._msdcs.bob-dc.com 192.168.30.1
Outgoing update query:
;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id: 0
;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0
;; UPDATE SECTION:
gc._msdcs.bob-dc.com. 900 IN A 192.168.30.1
update failed: REFUSED
Failed nsupdate: 2
Failed update of 6 entries
bind logs:
Feb 22 22:51:43 dc1 named[2498]: samba_dlz: starting transaction on zone
bob-dc.com
Feb 22 22:51:43 dc1 named[2498]: samba_dlz: spnego update failed
Feb 22 22:51:43 dc1 named[2498]: client 192.168.30.1#43717: updating
zone 'bob-dc.com/NONE': update failed: rejected by secure update (REFUSED)
Feb 22 22:51:43 dc1 named[2498]: samba_dlz: cancelling transaction on
zone bob-dc.com
Feb 22 22:51:43 dc1 named[2498]: samba_dlz: starting transaction on zone
bob-dc.com
Feb 22 22:51:43 dc1 named[2498]: samba_dlz: spnego update failed
Feb 22 22:51:43 dc1 named[2498]: client 192.168.30.1#33042: updating
zone 'bob-dc.com/NONE': update failed: rejected by secure update (REFUSED)
Feb 22 22:51:43 dc1 named[2498]: samba_dlz: cancelling transaction on
zone bob-dc.com
Feb 22 22:51:43 dc1 named[2498]: samba_dlz: starting transaction on zone
_msdcs.bob-dc.com
Feb 22 22:51:43 dc1 named[2498]: samba_dlz: spnego update failed
Feb 22 22:51:43 dc1 named[2498]: client 192.168.30.1#40855: updating
zone '_msdcs.bob-dc.com/NONE': update failed: rejected by secure update
(REFUSED)
Feb 22 22:51:43 dc1 named[2498]: samba_dlz: cancelling transaction on
zone _msdcs.bob-dc.com
Feb 22 22:51:43 dc1 named[2498]: samba_dlz: starting transaction on zone
bob-dc.com
Feb 22 22:51:43 dc1 named[2498]: samba_dlz: spnego update failed
Feb 22 22:51:43 dc1 named[2498]: client 192.168.30.1#38049: updating
zone 'bob-dc.com/NONE': update failed: rejected by secure update (REFUSED)
Feb 22 22:51:43 dc1 named[2498]: samba_dlz: cancelling transaction on
zone bob-dc.com
Feb 22 22:51:44 dc1 named[2498]: samba_dlz: starting transaction on zone
bob-dc.com
Feb 22 22:51:44 dc1 named[2498]: samba_dlz: spnego update failed
Feb 22 22:51:44 dc1 named[2498]: client 192.168.30.1#34189: updating
zone 'bob-dc.com/NONE': update failed: rejected by secure update (REFUSED)
Feb 22 22:51:44 dc1 named[2498]: samba_dlz: cancelling transaction on
zone bob-dc.com
Feb 22 22:51:44 dc1 named[2498]: samba_dlz: starting transaction on zone
_msdcs.bob-dc.com
Feb 22 22:51:44 dc1 named[2498]: samba_dlz: spnego update failed
Feb 22 22:51:44 dc1 named[2498]: client 192.168.30.1#41075: updating
zone '_msdcs.bob-dc.com/NONE': update failed: rejected by secure update
(REFUSED)
Feb 22 22:51:44 dc1 named[2498]: samba_dlz: cancelling transaction on
zone _msdcs.bob-dc.com
More information about the samba-technical
mailing list