[SAMBA AC DC][DNS ISSUE] secure dns updates problem
Chirana Gheorghita Eugeniu Theodor
office at adaptcom.ro
Sun Feb 17 00:37:05 MST 2013
Hello,
Just finnished configurng the new Samba DC and there are some errors in the
logs related to dns updates:
Got a dns update request.
Update not allowed for unsigned packet.
Kerberos: TGS-REQ managementdc$@OFFICE.AVIAMOTORS.RO from ipv4:
10.124.112.23:49188 for DNS/
cerberus.office.aviamotors.ro at OFFICE.AVIAMOTORS.RO [canonicalize,
renewable, forwardable]
Kerberos: TGS-REQ authtime: 2013-02-17T09:31:51 starttime:
2013-02-17T09:31:57 endtime: 2013-02-17T19:31:51 renew till:
2013-02-24T09:31:51
Terminating connection - 'kdc_tcp_call_loop: tstream_read_pdu_blob_recv() -
NT_STATUS_CONNECTION_DISCONNECTED'
single_terminate: reason[kdc_tcp_call_loop: tstream_read_pdu_blob_recv() -
NT_STATUS_CONNECTION_DISCONNECTED]
Tkey handshake completed
Terminating connection - 'dns_tcp_call_loop: tstream_read_pdu_blob_recv() -
NT_STATUS_CONNECTION_DISCONNECTED'
single_terminate: reason[dns_tcp_call_loop: tstream_read_pdu_blob_recv() -
NT_STATUS_CONNECTION_DISCONNECTED]
Got a dns update request.
update count is 3
Looking at record:
discard_const(update): struct dns_res_rec
name : 'managementdc.office.aviamotors.ro'
rr_type : DNS_QTYPE_AAAA (0x1C)
rr_class : DNS_QCLASS_ANY (0xFF)
ttl : 0x00000000 (0)
length : 0x0000 (0)
rdata : union dns_rdata(case 0x1C)
ipv6_record : (null)
unexpected : DATA_BLOB length=0
Looking at record:
discard_const(update): struct dns_res_rec
name : 'managementdc.office.aviamotors.ro'
rr_type : DNS_QTYPE_A (0x1)
rr_class : DNS_QCLASS_ANY (0xFF)
ttl : 0x00000000 (0)
length : 0x0000 (0)
rdata : union dns_rdata(case 0x1)
ipv4_record : (null)
unexpected : DATA_BLOB length=0
Looking at record:
discard_const(update): struct dns_res_rec
name : 'managementdc.office.aviamotors.ro'
rr_type : DNS_QTYPE_A (0x1)
rr_class : DNS_QCLASS_IN (0x1)
ttl : 0x000004b0 (1200)
length : 0x0004 (4)
rdata : union dns_rdata(case 0x1)
ipv4_record : 10.124.112.23
unexpected : DATA_BLOB length=0
dreplsrv_notify_schedule(5) scheduled for: Sun Feb 17 09:32:04 2013 EET
ldb_wrap open of secrets.ldb
ldb_wrap open of secrets.ldb
Kerberos: AS-REQ MANAGEMENTDC$@OFFICE.AVIAMOTORS.RO from ipv4:
10.124.112.23:50584 for krbtgt/OFFICE.AVIAMOTORS.RO at OFFICE.AVIAMOTORS.RO
Kerberos: Client sent patypes: encrypted-timestamp, 128
Kerberos: Looking for PKINIT pa-data -- MANAGEMENTDC$@OFFICE.AVIAMOTORS.RO
Dns is the internal samba dns server. in samba/private i cannot see the
dns.keytab or other fles related to dns TSIG. Maibe I can generate these
files, because seems that the provision script did not create them.
--
________________________________________
Cu stima/Best regards/Mit freundlichen Grüßen,
Chirana-Gheorghita Eugeniu-Theodor
Bucharest, Romania
e-mail : office at adaptcom.ro
mobile: 0743 698721
0747 447675
More information about the samba-technical
mailing list