samba4 and bind9 - dynamic udpdates not working anymore

Rowland Penny repenny241155 at gmail.com
Fri Dec 26 04:35:55 MST 2014


On 26/12/14 10:22, Karl Haue wrote:
> Rowland Penny <repenny241155 <at> gmail.com> writes:
>   
>> More info please, what version samba, how our you trying to do the
>> updates, etc
>>
>> Rowland
> Hi Rowland,
>
> samba is version 4.1.0 and
> bind is version 9.9.4-P2
>
> It is a Raspberry (raspbian) and I installed samba4 and bind9 with the
> instructions on this link:
>
> http://david.herminghaus.de/de/anleitung/raspberry-pi-active-directory-controller-samba4-bind9
>
> Sorry, it is an german instruction, the backend of DNS is bind and three
> days ago my bind stops every few minutes.
>
> To solve this I copied this two directorys from backup
>
> /usr/local/samba/private/sam.ldb.d/
>
> /usr/local/samba/private/dns/sam.ldb.d/
>
> bind now works again, but I am not able to use the dynamic dns update for my
> windows clients.
>
> This failure I found additionally in log:
>
> ###
> 26-Dec-2014 11:05:58.691 database: info: samba_dlz: starting transaction on
> zone ad.daheim.local
> 26-Dec-2014 11:05:58.700 update-security: error: client 10.10.10.171#50265:
> update 'ad.daheim.local/IN' denied
> 26-Dec-2014 11:05:58.702 database: info: samba_dlz: cancelling transaction
> on zone ad.daheim.local
> 26-Dec-2014 11:05:58.725 queries: info: client 10.10.10.171#44525
> (460-ms-7.3-5557a.0b1e1935-8ce6-11e4-7782-08002708e36: query:
> 460-ms-7.3-5557a.0b1e1935-8ce6-11e4-7782-08002708e368 IN TKEY -T (10.10.10.20)
> 26-Dec-2014 11:06:00.547 queries: info: client 10.10.10.101#62334
> (raspberry01.ad.daheim.local): query: raspberry01.ad.daheim.local IN A +
> (10.10.10.20)
> ###
>
> So access is denied, but why?
>
> Thanks for help in advance.
>
> Karl
>
>
>
>
>

Ok, firstly, it is not an option to have forwarders and you should not 
'forward first'.

You need to change this:

      options {
             // ... andere Optionen ...
             forward first;
             forwarders {
                     192.168.1.1; // Lokaler Router
                     8.8.8.8; // Google oder ein beliebiger anderer
                     // Beliebige weitere externe DNS-Server.
                     // Jede Adresse muß mit einem Semikolon enden.
             };
             notify no;
     };

This is what is in mine:

options {
         directory "/var/cache/bind";
         forwarders { 8.8.8.8; 8.8.4.4; };
         dnssec-validation no;

         auth-nxdomain no;    # conform to RFC1035
         listen-on-v6 { any; };
         tkey-gssapi-keytab "/var/lib/samba/private/dns.keytab";
};

NOTE: I used bind9 on Debian Wheezy with backports enabled.

Remove the forwarder line from smb.conf

I Have been using Samba4 & Bind9 for 2 yrs now without major incident, 
but I also run a DHCP server on the AD DC, this is what works for me.

Rowland


More information about the samba-technical mailing list