Samba4 DNS Updates - Linux Clients - Is it possible?

Daniele Dario d.dario76 at gmail.com
Thu Jan 19 02:31:21 MST 2012 

Hi Amitay,

On Thu, 2012-01-19 at 11:36 +1100, Amitay Isaacs wrote:
> Hi Daniele,
> 
> 
> On Thu, Jan 19, 2012 at 1:13 AM, Daniele Dario <d.dario76 at gmail.com> wrote:
> > Hi,
> >
> >
> > I'm running samba Version 4.0.0alpha18-GIT-90f06d6 with bind 9.9.0b1
> > from PPA on an ubuntu server 11.04 x86 (on XenServer 5.6 fp1).
> >
> > Looking on named logs I found something similar
> > 18-Jan-2012 14:41:35.027 database: info: samba_dlz: starting transaction
> > on zone saitelitalia.local
> > 18-Jan-2012 14:41:35.029 database: error: samba_dlz: failed to create
> > session info
> > 18-Jan-2012 14:41:35.030 update: info: client 192.168.12.12#53508/key
> > activity\$\@SAITELITALIA.LOCAL: updating zone 'saitelitalia.local/NONE':
> > update failed: rejected by secure update (REFUSED)
> > 18-Jan-2012 14:41:35.030 database: info: samba_dlz: cancelling
> > transaction on zone saitelitalia.local
> >
> > from /usr/local/samba/var/log.samba at same time I have
> > [2012/01/18 14:41:34,
> > 3] ../lib/ldb-samba/ldb_wrap.c:316(ldb_wrap_connect)
> >  ldb_wrap open of secrets.ldb
> > [2012/01/18 14:41:34,
> > 3] ../source4/smb_server/smb/negprot.c:390(reply_nt1)
> >  using SPNEGO
> > [2012/01/18 14:41:34,
> > 3] ../source4/smb_server/smb/negprot.c:519(smbsrv_reply_negprot)
> >  Selected protocol [5][NT LM 0.12]
> > [2012/01/18 14:41:35,
> > 3] ../source4/smbd/service_stream.c:63(stream_terminate_connection)
> >  Terminating connection - 'ldapsrv_call_loop:
> > tstream_read_pdu_blob_recv() - NT_STATUS_CONNECTION_DISCONNECTED'
> > [2012/01/18 14:41:35,
> > 3] ../source4/smbd/process_single.c:104(single_terminate)
> >  single_terminate: reason[ldapsrv_call_loop:
> > tstream_read_pdu_blob_recv() - NT_STATUS_CONNECTION_DISCONNECTED]
> >
> > where activity is a WinXP SP3 x86 machine
> >
> > Running samba-tool dns query kdc01 saitelitalia.local @ A -U
> > administrator I read that activity has no records and no children
> > ...
> > Name=activity, Records=0, Children=0
> > ...
> >
> > could this be the cause of the failure to update?
> >
> > BTW, if I try samba-tool dns delete kdc01 saitelitalia.local activity A
> > '' -U administrator I get ERROR: Record does not exist
> > but trying to add the record it fails saying
> > ERROR(runtime): uncaught exception - (9711,
> > 'WERR_DNS_ERROR_RECORD_ALREADY_EXISTS')
> >  File
> > "/usr/local/samba/lib/python2.7/site-packages/samba/netcmd/__init__.py",
> > line 167, in _run
> >    return self.run(*args, **kwargs)
> >  File
> > "/usr/local/samba/lib/python2.7/site-packages/samba/netcmd/dns.py", line
> > 863, in run
> >    None)
> >
> > nslookup seems to work correctly
> > [root at kdc01:~]# nslookup activity
> > Server:         192.168.12.5
> > Address:        192.168.12.5#53
> >
> > Name:   activity.saitelitalia.local
> > Address: 192.168.12.12
> >
> > [root at kdc01:~]# nslookup 192.168.12.12
> > Server:         192.168.12.5
> > Address:        192.168.12.5#53
> >
> > 12.12.168.192.in-addr.arpa      name = activity.saitelitalia.local.
> >
> > The same happens for another host which is an ubuntu server 10.04
> > running samba 3.4.7 and joined to the domain.
> >
> > How can I remove the dummy records?
> >
> > Thanks, Daniele.
> >
> 
> Since version 4.0.0alpha18-GIT-90f06d6 there has been a patch
> (6a1201a67b36bc1bb3214ee911b130c4affb8dec) that
> fixes the problem in creating session info after changes in the
> authentication layer in samba.
> 
> Can you check if the problem persists with the latest git master?
> 
> Amitay.

Actually samba4 is our AD DC and I'm not happy to make changes on it
because I have no BDCs.

I'm preparing a new server ubuntu 11.04 with the latest samba4 git
master. When ready with it I'll join it to the domain.
After the join, will it be safe to stop the PDC and update it to the
latest git too?
Do I have to run upgrade-provision before to restart the new version or
can I just start it?

BTW, did you made progress on the DNS zones replication between DCs as
said in your last reply to the thread 'Domain join as BDC'?
If yes, what do I have to do when I join the BDC to set it up with
bind_dlz?

Thanks,
Daniele.

More information about the samba-technical mailing list