DNS TSIG updates need to check ACLs
Andriy Syrovenko
andriys at gmail.com
Thu Sep 6 04:41:53 MDT 2012
Well, resending the 4th time...
The following patch (tested against Samba 3.6.5 - 3.6.7) fixes the very
same issue for me. I.e. without this patch DDNS updates against S4 (tested
with a14, a20 and several betas) always fail, while Windows clients (XP,
Vista, 7 both x32 and x64) do update their DNS records without problem.
diff -urN samba-3.6.5/lib/addns/dnsgss.c
samba-3.6.5.fixed/lib/addns/dnsgss.c
--- samba-3.6.5/lib/addns/dnsgss.c 2012-04-27 21:25:33.000000000 +0300
+++ samba-3.6.5.fixed/lib/addns/dnsgss.c 2012-05-12 23:47:50.000000000
+0300
@@ -175,7 +175,7 @@
* TODO: Compare id and keyname
*/
- if ((resp->num_additionals != 1) ||
+ if (/*(resp->num_additionals != 1) ||*/
(resp->num_answers == 0) ||
(resp->answers[0]->type != QTYPE_TKEY)) {
err = ERROR_DNS_INVALID_MESSAGE;
2012/9/6 Rowland Penny <repenny at f2s.com>
> On 06/09/12 09:59, Kai Blin wrote:
>
>> On 2012-09-06 10:44, Rowland Penny wrote:
>>
>>> On 06/09/12 03:13, Andrew Bartlett wrote:
>>>
>>>> Fortunately DNS updates are still denied by default,
>>>>
>>> Hi, is this why you get the following message whenever you join a client
>>> to a samba4 server? and if so, how do you turn on DNS updates?
>>>
>>> DNS Update for server1.home.lan failed: ERROR_DNS_INVALID_MESSAGE
>>> DNS update failed: NT_STATUS_UNSUCCESSFUL
>>>
>> From this error message I gather you are joining the client via net ads
>> join. How did you provision on the server side? Did you specify
>> --dns-backend?
>>
>> Cheers,
>> Kai
>>
>> Hi Kai,
> Yes I am using 'net ads join' and no, I provisioned as per the samba 4
> howto
>
> /usr/local/samba/sbin/**provision \
> --realm=samdom.example.com --domain=SAMDOM \
> --adminpass=SOMEPASSWORD --server-role=dc
>
>
>
> Should I be specifying the DNS backend? there is no mention of it in the
> howto, or if there is I missed it.
>
>
> Rowland
>
>
>
>
> --
> This message has been scanned for viruses and
> dangerous content by MailScanner, and is
> believed to be clean.
>
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: samba-3.6.x-addns.patch
Type: application/octet-stream
Size: 502 bytes
Desc: not available
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20120906/e840e99c/attachment.obj>
More information about the samba-technical
mailing list