Sites and DNS

Kai Blin kai at samba.org
Tue Mar 27 03:42:40 MDT 2012


On 2012-03-27 11:04, Kev Latimer wrote:

Hi Kev,

> Okay, reprovisioned, debug level set to 2 in smb.conf, made sure it's
> all working okay, renamed default site, stopped Samba, cleared log.samba
> to remove any guff (mainly my XP test machine trying so desperately to
> find it's AV update source!), started up again and manually ran
> samba_dnsupdate.  Resulting log file for the few seconds it took to give
> the FORMERR again is nearly 800k, which is over the pastbin max so I've
> gzipped and uploaded it to my personal webspace here:
> http://www.kevnet.org.uk/samba4/log.samba.gz (probably not strictly good
> netiquette but hope that's okay).

Great, got it. So what's happening is this:

samba_dnsupdate tries to negotiate a TKEY exchange for a
cryptographically signed update, but the internal server doesn't
understand that record type yet (in master, working on this stuff right
now). Because the server thinks the record type is invalid, it returns
FORMERR. This should hopefully be fixed soon, but in the meantime, try
the following workaround:

In smb.conf, set

nsupdate command = nsupdate
allow dns updates = True

That will allow unsigned dns updates to you zone, so it's not the most
secure option, but it should work.

Cheers,
Kai

-- 
Kai Blin
Worldforge developer http://www.worldforge.org/
Wine developer http://wiki.winehq.org/KaiBlin
Samba team member http://www.samba.org/samba/team/

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 262 bytes
Desc: OpenPGP digital signature
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20120327/6b99ec91/attachment.pgp>


More information about the samba-technical mailing list