Samba 4.12 rc3: bind DNS say "named: client update denied"
Dario Lesca
d.lesca at solinos.it
Sat Mar 14 15:23:45 UTC 2020
Il giorno sab, 14/03/2020 alle 14.15 +0000, Rowland penny via samba-
technical ha scritto:
Thanks Rowland, forgive me if I can't understand, but...
> the Computers A record should be added the first time Samba is
> run.
The A record is added into DNS zone only "first time Samba is run"
or also whenever when I join a Computer to domain ?
> Starting Samba should cause samba_dnsupdate to run, this uses a
> file called dns_update_list and right at the top of that is this:
>
> # this is a list of DNS entries which will be put into DNS using
> # dynamic DNS update. It is processed by the samba_dnsupdate script
> A ${HOSTNAME} $IP
> AAAA ${HOSTNAME} $IP
>
> From my reading, it is this that should add the record if it is
> missing.
I have restart Samba many times but none of the missing Computer name
present into Samba Computer list are been added into DNS zone
and then, how does it traslate Computer list into DNS, if the IP of
computer in Computer list does not exist?
This is my situation:
[root at addc1 ~]# samba-tool computer list
WIN10B$
ADDC1$
centos8$
WIN10A$
[root at addc1 ~]# samba-tool dns query \
> addc1.fedora.loc fedora.loc @ ALL -Uadministrator
Name=, Records=3, Children=0
SOA: serial=7, refresh=900, retry=600, expire=86400, minttl=3600,
ns=addc1.fedora.loc., email=hostmaster.fedora.loc. (flags=600000f0,
serial=7, ttl=3600)
NS: addc1.fedora.loc. (flags=600000f0, serial=4, ttl=900)
A: 192.168.122.100 (flags=600000f0, serial=4, ttl=900)
Name=_msdcs, Records=0, Children=0
Name=_sites, Records=0, Children=1
Name=_tcp, Records=0, Children=4
Name=_udp, Records=0, Children=2
Name=addc1, Records=1, Children=0
A: 192.168.122.100 (flags=f0, serial=1, ttl=900)
Name=centos8, Records=1, Children=0
A: 192.168.122.11 (flags=f0, serial=2, ttl=900)
Name=DomainDnsZones, Records=0, Children=2
Name=ForestDnsZones, Records=0, Children=2
Name=test, Records=1, Children=0
A: 192.168.122.33 (flags=f0, serial=5, ttl=3600)
Like you say, win10a and win10b are not present into DNS zone
This is my smb.conf:
[root at addc1 ~]# cat /etc/samba/smb.conf
# Global parameters
[global]
netbios name = ADDC1
realm = FEDORA.LOC
server role = active directory domain controller
server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc,
drepl, winbindd, ntp_signd, kcc, dnsupdate
workgroup = FEDORA
idmap_ldb:use rfc2307 = yes
#
template shell = /bin/bash
template homedir = /home/%U
[sysvol]
path = /var/lib/samba/sysvol
read only = No
[netlogon]
path = /var/lib/samba/sysvol/fedora.loc/scripts
read only = No
This is my named.conf:
[root at addc1 ~]# cat /etc/named.conf
acl acl-local-lan {
127.0.0.1;
192.168.0.0/16;
172.16.0.0/12;
10.0.0.0/8;
};
options {
//listen-on port 53 { 0.0.0.0; };
listen-on port 53 { 127.0.0.1; 192.168.122.100; };
//listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
secroots-file "/var/named/data/named.secroots";
recursing-file "/var/named/data/named.recursing";
//allow-query { localhost; };
allow-query { acl-local-lan; };
allow-transfer { acl-local-lan; };
allow-recursion { acl-local-lan; };
recursion yes;
dnssec-enable no;
dnssec-validation no;
managed-keys-directory "/var/named/dynamic";
pid-file "/run/named/named.pid";
//session-keyfile "/run/named/session.key";
/* https://fedoraproject.org/wiki/Changes/CryptoPolicy */
include "/etc/crypto-policies/back-ends/bind.config";
send-cookie no;
tkey-gssapi-keytab "/var/lib/samba/bind-dns/dns.keytab";
};
logging {
channel default_debug {
null;
};
};
zone "." IN {
type hint;
file "named.ca";
};
include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";
include "/var/lib/samba/bind-dns/named.conf";
What am I doing wrong
Many thanks for you patient.
--
Dario Lesca
(inviato dal mio Linux Fedora 31 Workstation)
More information about the samba-technical
mailing list