Samba4 DNS Updates - Linux Clients - Is it possible?
Mike Howard
mike at dewberryfields.co.uk
Wed Jan 18 05:17:17 MST 2012
Hi All,
I've asked on the lists about this before, I've searched the lists and
trawled the net but all without any real answers. I have samba4 setup as
the PDC and bind 9.8.1-P1 built and working. I have windows clients
joining the domain and DNS is updated, an extract from the system log
confirms this;
Jan 15 06:30:04 ns1 named[15752]: samba_dlz: starting transaction on
zone mydomain.co.uk
Jan 15 06:30:04 ns1 named[15752]: samba_dlz: allowing update of
signer=vpc1\$\@mydomain.CO.UK name=vpc1.mydomain.co.uk tcpaddr= type=A
key=1080-ms-7.484-9db71388.b7bfb2e0-2731-11e1-b889-8ef61d81d4c1/160/0
Jan 15 06:30:04 ns1 named[15752]: samba_dlz: allowing update of
signer=vpc1\$\@mydomain.CO.UK name=vpc1.mydomain.co.uk tcpaddr= type=A
key=1080-ms-7.484-9db71388.b7bfb2e0-2731-11e1-b889-8ef61d81d4c1/160/0
Jan 15 06:30:04 ns1 named[15752]: client 192.168.3.50#55501: updating
zone 'mydomain.co.uk/NONE': deleting rrset at 'vpc1.mydomain.co.uk' A
Joining with a linux client DNS update fails (system log extract);
Jan 18 10:23:34 ns1 named[30891]: samba_dlz: starting transaction on
zone mydomain.co.uk
Jan 18 10:23:34 ns1 named[30891]: client 192.168.3.152#51434: updating
zone 'mydomain.co.uk/NONE': update unsuccessful:
wheezy.mydomain.co.uk/A: 'RRset exists (value dependent)' prerequisite
not satisfied (NXRRSET)
Jan 18 10:23:34 ns1 named[30891]: samba_dlz: cancelling transaction on
zone mydomain.co.ukJan 18 10:23:34 ns1 named[30891]: samba_dlz: starting
transaction on zone mydomain.co.uk
Jan 18 10:23:34 ns1 named[30891]: samba_dlz: spnego update failed
Jan 18 10:23:34 ns1 named[30891]: client 192.168.3.152#51434: updating
zone 'mydomain.co.uk/NONE': update failed: rejected by secure update
(REFUSED)
Jan 18 10:23:34 ns1 named[30891]: samba_dlz: cancelling transaction on
zone mydomain.co.uk
Samba log extract;
[2012/01/18 10:48:55, 3]
../source4/auth/kerberos/krb5_init_context.c:69(smb_krb5_debug_wrapper)
Kerberos: TGS-REQ WHEEZY$@mydomain.CO.UK from ipv4:192.168.3.152:46715
for dns/ns1.mydomain.co.uk at mydomain.CO.UK [canonicalize, renewable,
forwardable]
[2012/01/18 10:48:55, 3]
../source4/auth/kerberos/krb5_init_context.c:69(smb_krb5_debug_wrapper)
Kerberos: TGS-REQ authtime: 2012-01-18T10:48:55 starttime:
2012-01-18T10:48:55 endtime: 2012-01-18T20:48:55 renew till:
2012-01-19T10:48:55
[2012/01/18 10:48:55, 3]
../source4/smbd/service_stream.c:63(stream_terminate_connection)
Terminating connection - 'ldapsrv_call_loop:
tstream_read_pdu_blob_recv() - NT_STATUS_CONNECTION_DISCONNECTED'
[2012/01/18 10:48:55, 3]
../source4/smbd/process_single.c:104(single_terminate) single_terminate:
reason[ldapsrv_call_loop: tstream_read_pdu_blob_recv() -
NT_STATUS_CONNECTION_DISCONNECTED]
[2012/01/18 10:49:00, 4]
../source4/dsdb/repl/drepl_notify.c:463(dreplsrv_notify_schedule)
dreplsrv_notify_schedule(5) scheduled for: Wed Jan 18 10:49:05 2012 GMT
[2012/01/18 10:49:05, 4]
../source4/dsdb/repl/drepl_notify.c:463(dreplsrv_notify_schedule)
dreplsrv_notify_schedule(5) scheduled for: Wed Jan 18 10:49:11 2012 GMT
So, before I waste any more time on this, can anybody confirm that it is
actually supposed to work, that it is possible and that they have it
working? If it's not possible, anybody got any suggestions as to an
alternative?
Cheers,
Mike.
--
Any question is easy if you know the answer!
More information about the samba-technical
mailing list