DNS updates dlz
Aaron E.
ssureshot at gmail.com
Fri Jan 20 07:03:34 MST 2012
I'm having issues with dns updates, I've provisioned a new instance and
did a git pull yesterday to grab the latest... make and make install.
Samba provision.. ./source4/setup/provision --realm=astro.local
--domain=ASTRO --adminpass=xxx --server-role='domain controller'
Bind was compiled as so.. Version 9.8.1-P1
./configure --prefix=/usr/local/bind9.1
--with-gssapi=/usr/include/gssapi --with-dlopen=yes
I recieve the following error when I try to updatedns from a windows
2008 server R1..
20-Jan-2012 08:49:24.056 database: info: samba_dlz: starting transaction
on zone astro.local
20-Jan-2012 08:49:24.058 update-security: error: client
10.60.2.221#59911: update 'astro.local/IN' denied
20-Jan-2012 08:49:24.058 database: info: samba_dlz: cancelling
transaction on zone astro.local
20-Jan-2012 08:49:24.138 database: info: samba_dlz: starting transaction
on zone astro.local
20-Jan-2012 08:49:24.145 database: info: samba_dlz: disallowing update
of signer=astro5\$\@ASTRO.LOCAL name=ASTRO5.astro.local type=AAAA
error=insufficient access rights
20-Jan-2012 08:49:24.145 update: info: client 10.60.2.221#63213:
updating zone 'astro.local/NONE': update failed: rejected by secure
update (REFUSED)
20-Jan-2012 08:49:24.145 database: info: samba_dlz: cancelling
transaction on zone astro.local
named.conf -------------------------
options {
version "get lost";
allow-transfer {"none";};
//directory "/usr/local/bind9/etc/zones";
allow-query { any; };
allow-recursion { any; };
auth-nxdomain no;
forwarders { 8.8.8.8; };
tkey-gssapi-keytab "/usr/local/samba4/private/dns.keytab";
};
logging{
channel bind9.log {
file "/usr/local/bind9/etc/log/bind9.log" versions 3
size 2m;
severity info;
print-severity yes;
print-time yes;
print-category yes;
};
category dnssec {
bind9.log;
};
category default {
bind9.log;
};
category update {
bind9.log;
};
};
include "/usr/local/samba4/private/named.conf";
zone "localhost" in{
type master;
file "db.local";
allow-update{none;};
};
zone "0.0.127.in-addr.arpa" in{
type master;
file "db.127";
allow-update{none;};
};
Directory Permissions..
drwxr-xr-x 7 root root 4096 2012-01-20 08:54 .
drwxr-xr-x 11 root root 4096 2012-01-18 15:10 ..
drwxrwx--- 3 named named 4096 2012-01-18 15:13 dns
-rw-r----- 1 named named 767 2012-01-18 15:14 dns.keytab
-rw-r--r-- 1 root named 2270 2012-01-18 15:14 dns_update_list
-rw------- 1 root root 1286144 2012-01-18 15:23 hkcr.ldb
-rw------- 1 root root 1286144 2012-01-18 15:23 hkcu.ldb
-rw------- 1 root root 1286144 2012-01-18 15:12 hklm.ldb
-rw------- 1 root root 1286144 2012-01-18 15:23 hku.ldb
-rw------- 1 root root 1286144 2012-01-18 15:23 idmap.ldb
-rw-r--r-- 1 root root 92 2012-01-18 15:14 krb5.conf
srwxrwxrwx 1 root root 0 2012-01-19 16:20 ldapi
drwxr-x--- 2 root root 4096 2012-01-19 16:20 ldap_priv
-rw-r--r-- 1 named named 381 2012-01-18 15:13 named.conf
-r--r--r-- 1 root named 224 2012-01-18 15:09 named.conf.update
-rw-r--r-- 1 root root 3156 2012-01-18 15:13 named.txt
-rw-r--r-- 1 root root 640 2012-01-18 15:14 phpldapadmin-config.php
-rw------- 1 root root 1286144 2012-01-18 15:12 privilege.ldb
-rw------- 1 root root 696 2012-01-18 15:18 randseed.tdb
-rw------- 1 root root 4251648 2012-01-18 15:18 sam.ldb
drwxr-x--- 2 root named 4096 2012-01-18 15:13 sam.ldb.d
-rw------- 1 root root 24576 2012-01-20 07:41 schannel_store.tdb
-rw------- 1 root root 1117 2012-01-18 15:14 secrets.keytab
-rw------- 1 root root 1286144 2012-01-18 15:14 secrets.ldb
-rw------- 1 root root 1286144 2012-01-18 15:12 share.ldb
drwxr-xr-x 3 root root 4096 2012-01-19 16:21 smbd.tmp
-rw-r--r-- 1 root root 955 2012-01-18 15:14 spn_update_list
drwxr-xr-x 2 root root 4096 2012-01-18 15:18 tls
root at FILESRV1--/usr/local/samba4/private/dns\>> ls -la
total 4164
drwxrwx--- 3 named named 4096 2012-01-18 15:13 .
drwxr-xr-x 7 root root 4096 2012-01-20 08:55 ..
-rw-rw---- 1 named named 4251648 2012-01-18 15:17 sam.ldb
drwxrwx--- 2 named named 4096 2012-01-18 15:13 sam.ldb.d
More information about the samba-technical
mailing list