[SAMBA AC DC][DNS ISSUE] secure dns updates problem

Chirana Gheorghita Eugeniu Theodor office at adaptcom.ro
Sun Feb 17 00:37:05 MST 2013 

Hello,
Just finnished configurng the new Samba DC and there are some errors in the
logs related to dns updates:

Got a dns update request.
Update not allowed for unsigned packet.
Kerberos: TGS-REQ managementdc$@OFFICE.AVIAMOTORS.RO from ipv4:
10.124.112.23:49188 for DNS/
cerberus.office.aviamotors.ro at OFFICE.AVIAMOTORS.RO [canonicalize,
renewable, forwardable]
Kerberos: TGS-REQ authtime: 2013-02-17T09:31:51 starttime:
2013-02-17T09:31:57 endtime: 2013-02-17T19:31:51 renew till:
2013-02-24T09:31:51
Terminating connection - 'kdc_tcp_call_loop: tstream_read_pdu_blob_recv() -
NT_STATUS_CONNECTION_DISCONNECTED'
single_terminate: reason[kdc_tcp_call_loop: tstream_read_pdu_blob_recv() -
NT_STATUS_CONNECTION_DISCONNECTED]
Tkey handshake completed
Terminating connection - 'dns_tcp_call_loop: tstream_read_pdu_blob_recv() -
NT_STATUS_CONNECTION_DISCONNECTED'
single_terminate: reason[dns_tcp_call_loop: tstream_read_pdu_blob_recv() -
NT_STATUS_CONNECTION_DISCONNECTED]
Got a dns update request.
update count is 3
Looking at record:
     discard_const(update): struct dns_res_rec
        name                     : 'managementdc.office.aviamotors.ro'
        rr_type                  : DNS_QTYPE_AAAA (0x1C)
        rr_class                 : DNS_QCLASS_ANY (0xFF)
        ttl                      : 0x00000000 (0)
        length                   : 0x0000 (0)
        rdata                    : union dns_rdata(case 0x1C)
        ipv6_record              : (null)
        unexpected               : DATA_BLOB length=0
Looking at record:
     discard_const(update): struct dns_res_rec
        name                     : 'managementdc.office.aviamotors.ro'
        rr_type                  : DNS_QTYPE_A (0x1)
        rr_class                 : DNS_QCLASS_ANY (0xFF)
        ttl                      : 0x00000000 (0)
        length                   : 0x0000 (0)
        rdata                    : union dns_rdata(case 0x1)
        ipv4_record              : (null)
        unexpected               : DATA_BLOB length=0
Looking at record:
     discard_const(update): struct dns_res_rec
        name                     : 'managementdc.office.aviamotors.ro'
        rr_type                  : DNS_QTYPE_A (0x1)
        rr_class                 : DNS_QCLASS_IN (0x1)
        ttl                      : 0x000004b0 (1200)
        length                   : 0x0004 (4)
        rdata                    : union dns_rdata(case 0x1)
        ipv4_record              : 10.124.112.23
        unexpected               : DATA_BLOB length=0
dreplsrv_notify_schedule(5) scheduled for: Sun Feb 17 09:32:04 2013 EET
ldb_wrap open of secrets.ldb
ldb_wrap open of secrets.ldb
Kerberos: AS-REQ MANAGEMENTDC$@OFFICE.AVIAMOTORS.RO from ipv4:
10.124.112.23:50584 for krbtgt/OFFICE.AVIAMOTORS.RO at OFFICE.AVIAMOTORS.RO
Kerberos: Client sent patypes: encrypted-timestamp, 128
Kerberos: Looking for PKINIT pa-data -- MANAGEMENTDC$@OFFICE.AVIAMOTORS.RO


Dns is the internal samba dns server. in samba/private i cannot see the
dns.keytab or other fles related to dns TSIG. Maibe I can generate these
files, because seems that the provision script did not create them.

-- 
________________________________________
Cu stima/Best regards/Mit freundlichen Grüßen,

Chirana-Gheorghita Eugeniu-Theodor
Bucharest, Romania

e-mail : office at adaptcom.ro
mobile: 0743 698721
            0747 447675

More information about the samba-technical mailing list