Samba4.11 with bind get ddns update denied
Markus Roth
markusroth1983 at gmx.net
Fri Aug 8 14:13:16 MDT 2014
Hi everybody,
1)
i've successfully installed a samba4 AD with Version 4.1.11 and bind 9.9.4 on centos 7 with bind flatfiles. On the client side i've a windows7 sp1 machine. The only trouble i have is an ddns update denied message in /var/log/messages. But after the denied message is shown, the forward and reverse lookup zone will be aktualized successfully.
Could it be that windows 7 first try to do an unsecure ddns update and if this is not possible it would try a secure update? A Win 8.1 client seems to update only on the system start...
The extract from the message is:
Aug 6 22:25:18 Server1 chronyd[807]: NTP packet received from unauthorised host 192.168.178.120 port 123 Aug 6 22:25:18 Server1 named[11069]: client 192.168.178.120#65377: update 'winnet.local/IN' denied
Aug 6 22:25:18 Server1 named[11069]: client 192.168.178.120#59880/key client1\$\@WINNET.LOCAL: updating zone 'winnet.local/IN': deleting rrset at 'client1.winnet.local' AAAA
Aug 6 22:25:18 Server1 named[11069]: client 192.168.178.120#59880/key client1\$\@WINNET.LOCAL: updating zone 'winnet.local/IN': deleting rrset at 'client1.winnet.local' A
Aug 6 22:25:18 Server1 named[11069]: client 192.168.178.120#59880/key client1\$\@WINNET.LOCAL: updating zone 'winnet.local/IN': adding an RR at 'client1.winnet.local' A
Aug 6 22:25:18 Server1 named[11069]: client 192.168.178.120#53636: update '178.168.192.in-addr.arpa/IN' denied
Aug 6 22:25:18 Server1 named[11069]: client 192.168.178.120#56114/key client1\$\@WINNET.LOCAL: updating zone '178.168.192.in-addr.arpa/IN': deleting rrset at '120.178.168.192.in-addr.arpa' PTR
Aug 6 22:25:18 Server1 named[11069]: client 192.168.178.120#56114/key client1\$\@WINNET.LOCAL: updating zone '178.168.192.in-addr.arpa/IN': adding an RR at '120.178.168.192.in-addr.arpa' PTR
SELinux and the deamon firewalld are deaktivated.
I hope that someone could help me :-( is this a problem or the normal behaviour. If i should post my configuration files thats no problem. I will give you all you need. Please help me...
2)
Could it be that the internal samba dns can only ddns for the forward-lookup zone? In another test environment i tried the internal dns and added a reverse lookup zone with the remote administrative tools on an windows 7 sp1 machine. But neither the samba-server nor the windows 7 client will do their entries in this reverse lookup zone.
Kind regarts
Markus
More information about the samba-technical
mailing list