[Samba] V4 - New Install - Missing Zone File
Amitay Isaacs
amitay at gmail.com
Tue Feb 28 18:27:46 MST 2012
On Wed, Feb 29, 2012 at 12:09 PM, Jeremy Davis <JDFire at cox.net> wrote:
> Hello Amitay,
>
>
> On 02/27/2012 11:37 PM, Amitay Isaacs wrote:
>>
>> How was this samba4 instance provisioned? Did you use it upgradedns
>> script to upgrade the DNS provision? Or was it provisioned using
>> DLZ_BIND9 backend?
>>
>> Can you try running dynamic update manually as follows and monitor named
>> log?
>>
>> $ kinitadministrator at bob-dc.com
>> $ nsupdate -g
>> > server dc1.bob-dc.com
>> > update add foo.bob-dc.com 3600 A 1.2.3.4
>> > show
>> > send
>
> Sorry for the delay in my reply.
>
> I am not sure what your asking on the provisioning questions. I provisioned
> using DLZ_BIND9 I think. I don't think I ever ran a upgradedns script.
>
> Below you will find the output to all the commands requested.
>
> [root at dc1 ~]# kinit administrator at BOB-DC.COM
> Password for administrator at BOB-DC.COM:
> Warning: Your password will expire in 35 days on Wed Apr 4 00:14:53 2012
> [root at dc1 ~]# nsupdate -g
>
>> server dc1.bob-dc.com
>> update add foo.bob-dc.com 3600 A 1.2.3.4
>> show
> Outgoing update query:
> ;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id: 0
> ;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0
> ;; UPDATE SECTION:
> foo.bob-dc.com. 3600 IN A 1.2.3.4
>
>> send
> update failed: REFUSED
>>
>
>
> Feb 28 18:03:34 dc1 named[1335]: samba_dlz: starting transaction on zone
> bob-dc.com
> Feb 28 18:03:34 dc1 named[1335]: samba_dlz: spnego update failed
> Feb 28 18:03:34 dc1 named[1335]: client 192.168.30.1#41987: updating zone
> 'bob-dc.com/NONE': update failed: rejected by secure update (REFUSED)
> Feb 28 18:03:34 dc1 named[1335]: samba_dlz: cancelling transaction on zone
> bob-dc.com
Have you set up the tkey-gssapi-keytab option in named.conf? And is it pointing
to the correct keytab file?
Amitay.
More information about the samba-technical
mailing list