samba4 and bind9 - dynamic udpdates not working anymore
Rowland Penny
repenny241155 at gmail.com
Fri Dec 26 04:35:55 MST 2014
On 26/12/14 10:22, Karl Haue wrote:
> Rowland Penny <repenny241155 <at> gmail.com> writes:
>
>> More info please, what version samba, how our you trying to do the
>> updates, etc
>>
>> Rowland
> Hi Rowland,
>
> samba is version 4.1.0 and
> bind is version 9.9.4-P2
>
> It is a Raspberry (raspbian) and I installed samba4 and bind9 with the
> instructions on this link:
>
> http://david.herminghaus.de/de/anleitung/raspberry-pi-active-directory-controller-samba4-bind9
>
> Sorry, it is an german instruction, the backend of DNS is bind and three
> days ago my bind stops every few minutes.
>
> To solve this I copied this two directorys from backup
>
> /usr/local/samba/private/sam.ldb.d/
>
> /usr/local/samba/private/dns/sam.ldb.d/
>
> bind now works again, but I am not able to use the dynamic dns update for my
> windows clients.
>
> This failure I found additionally in log:
>
> ###
> 26-Dec-2014 11:05:58.691 database: info: samba_dlz: starting transaction on
> zone ad.daheim.local
> 26-Dec-2014 11:05:58.700 update-security: error: client 10.10.10.171#50265:
> update 'ad.daheim.local/IN' denied
> 26-Dec-2014 11:05:58.702 database: info: samba_dlz: cancelling transaction
> on zone ad.daheim.local
> 26-Dec-2014 11:05:58.725 queries: info: client 10.10.10.171#44525
> (460-ms-7.3-5557a.0b1e1935-8ce6-11e4-7782-08002708e36: query:
> 460-ms-7.3-5557a.0b1e1935-8ce6-11e4-7782-08002708e368 IN TKEY -T (10.10.10.20)
> 26-Dec-2014 11:06:00.547 queries: info: client 10.10.10.101#62334
> (raspberry01.ad.daheim.local): query: raspberry01.ad.daheim.local IN A +
> (10.10.10.20)
> ###
>
> So access is denied, but why?
>
> Thanks for help in advance.
>
> Karl
>
>
>
>
>
Ok, firstly, it is not an option to have forwarders and you should not
'forward first'.
You need to change this:
options {
// ... andere Optionen ...
forward first;
forwarders {
192.168.1.1; // Lokaler Router
8.8.8.8; // Google oder ein beliebiger anderer
// Beliebige weitere externe DNS-Server.
// Jede Adresse muß mit einem Semikolon enden.
};
notify no;
};
This is what is in mine:
options {
directory "/var/cache/bind";
forwarders { 8.8.8.8; 8.8.4.4; };
dnssec-validation no;
auth-nxdomain no; # conform to RFC1035
listen-on-v6 { any; };
tkey-gssapi-keytab "/var/lib/samba/private/dns.keytab";
};
NOTE: I used bind9 on Debian Wheezy with backports enabled.
Remove the forwarder line from smb.conf
I Have been using Samba4 & Bind9 for 2 yrs now without major incident,
but I also run a DHCP server on the AD DC, this is what works for me.
Rowland
More information about the samba-technical
mailing list