[Samba] samba 4 dns-update issue

Roland de Lepper roland.de.lepper at cvis.nl
Thu Aug 12 02:09:01 MDT 2010


Yes I did.

here is my /etc/named.conf

[root at sambaserver ~]# cat /etc/named.conf
//
// named.conf
//
// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
// server as a caching only nameserver (as a localhost DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//

options {
	listen-on port 53 { 127.0.0.1; 192.168.122.100; };
##	listen-on-v6 port 53 { ::1; };
	directory 	"/var/named";
	dump-file 	"/var/named/data/cache_dump.db";
        statistics-file "/var/named/data/named_stats.txt";
        memstatistics-file "/var/named/data/named_mem_stats.txt";
	allow-query     { localhost; 192.168.122.0/24; };
	recursion yes;
	forwarders { 192.168.122.1; };
	tkey-gssapi-credential "DNS/quinox.be";
	tkey-domain "QUINOX.BE";
};


logging {
        channel default_debug {
                file "data/named.run";
                severity dynamic;
        };
};

zone "." IN {
	type hint;
	file "named.ca";
};

include "/etc/named.rfc1912.zones";
include "/etc/named-samba.conf";


> Did you set a allow query to all your subnets in your named conf??
> Here is mine:
>
>
>
> options {
>         listen-on port 53 { 127.0.0.1;192.168.134.27; };<---imortant put
> an
> ip
>         listen-on-v6 port 53 { ::1; };
>         directory       "/var/named";
>         dump-file       "/var/named/data/cache_dump.db";
>         statistics-file "/var/named/data/named_stats.txt";
>         memstatistics-file "/var/named/data/named_mem_stats.txt";
>         allow-query     { localhost; 192.168.135.0/24; 192.168.134.0/24;
> };<---all your subnets here
>         recursion yes;
>         forwarders { 192.168.134.253; };
>
>
> logging {
>         channel default_debug {
>                 file "data/named.run";
>                 severity dynamic;
>         };
> };
>
> zone "." IN {
>         type hint;
>         file "named.ca";
> };
> include "/usr/local/samba/private/named.conf";<--- this named.conf must be
> named:named, and the file at which it is pointing
> to:/usr/local/samba/private/named.conf.update
> Also the entry dns.keytab file in /etc/sysconfig/named:
>
>
> [root at node1 sysconfig]# cat named
> # BIND named process options
> #
> KEYTAB_FILE="/usr/local/samba/private/dns.keytab"
> export KEYTAB_FILE
> #  --  Specify named service keytab file (for GSS-TSIG)
>
> Make shure named can read and write to it.
>
> Try in your smb.conf
> Interfaces= ip
> Ex mine:
>
> [globals]
>         netbios name    = NODE1
>         workgroup       = TUEBINGEN
>         realm           = TUEBINGEN.TST.LOC
>         server role     = domain controller
>         interfaces= 192.168.134.27
>
> Make a samba_dnsupdate --verbose:
> [root at node1 sysconfig]# samba_dnsupdate --verbose
> Looking for DNS entry A tuebingen.tst.loc 192.168.134.27 as
> tuebingen.tst.loc.
> Looking for DNS entry A node1.tuebingen.tst.loc 192.168.134.27 as
> node1.tuebingen.tst.loc.
> Looking for DNS entry CNAME
> 02284f45-de16-4125-a795-3b614f540ef7._msdcs.tuebingen.tst.loc
> node1.tuebingen.tst.loc as
> 02284f45-de16-4125-a795-3b614f540ef7._msdcs.tuebingen.tst.loc.
> Looking for DNS entry SRV
> _kerberos._tcp.Default-First-Site-Name._sites.dc._msdcs.tuebingen.tst.loc
> node1.tuebingen.tst.loc 88 as
> _kerberos._tcp.Default-First-Site-Name._sites.dc._msdcs.tuebingen.tst.loc.
> Checking 0 100 88 node2.tuebingen.tst.loc. against SRV
> _kerberos._tcp.Default-First-Site-Name._sites.dc._msdcs.tuebingen.tst.loc
> node1.tuebingen.tst.loc 88
> Checking 0 100 88 node1.tuebingen.tst.loc. against SRV
> _kerberos._tcp.Default-First-Site-Name._sites.dc._msdcs.tuebingen.tst.loc
> node1.tuebingen.tst.loc 88
> Looking for DNS entry SRV
> _ldap._tcp.Default-First-Site-Name._sites.dc._msdcs.tuebingen.tst.loc
> node1.tuebingen.tst.loc 389 as
> _ldap._tcp.Default-First-Site-Name._sites.dc._msdcs.tuebingen.tst.loc.
> Checking 0 100 389 node1.tuebingen.tst.loc. against SRV
> _ldap._tcp.Default-First-Site-Name._sites.dc._msdcs.tuebingen.tst.loc
> node1.tuebingen.tst.loc 389
> Looking for DNS entry SRV _kerberos._tcp.dc._msdcs.tuebingen.tst.loc
> node1.tuebingen.tst.loc 88 as _kerberos._tcp.dc._msdcs.tuebingen.tst.loc.
> Checking 0 100 88 node1.tuebingen.tst.loc. against SRV
> _kerberos._tcp.dc._msdcs.tuebingen.tst.loc node1.tuebingen.tst.loc 88
> Looking for DNS entry SRV _ldap._tcp.dc._msdcs.tuebingen.tst.loc
> node1.tuebingen.tst.loc 389 as _ldap._tcp.dc._msdcs.tuebingen.tst.loc.
> Checking 0 100 389 node2.tuebingen.tst.loc. against SRV
> _ldap._tcp.dc._msdcs.tuebingen.tst.loc node1.tuebingen.tst.loc 389
> Checking 0 100 389 node1.tuebingen.tst.loc. against SRV
> _ldap._tcp.dc._msdcs.tuebingen.tst.loc node1.tuebingen.tst.loc 389
> Looking for DNS entry SRV
> _ldap._tcp.3d718df6-359c-4eb4-a0de-5a7aaf5b0d26.domains._msdcs.tuebingen.tst
> .loc node1.tuebingen.tst.loc 389 as
> _ldap._tcp.3d718df6-359c-4eb4-a0de-5a7aaf5b0d26.domains._msdcs.tuebingen.tst
> .loc.
> Checking 0 100 389 node1.tuebingen.tst.loc. against SRV
> _ldap._tcp.3d718df6-359c-4eb4-a0de-5a7aaf5b0d26.domains._msdcs.tuebingen.tst
> .loc node1.tuebingen.tst.loc 389
> Looking for DNS entry SRV
> _ldap._tcp.Default-First-Site-Name._sites.gc._msdcs.tuebingen.tst.loc
> node1.tuebingen.tst.loc 3268 as
> _ldap._tcp.Default-First-Site-Name._sites.gc._msdcs.tuebingen.tst.loc.
> Checking 0 100 3268 node1.tuebingen.tst.loc. against SRV
> _ldap._tcp.Default-First-Site-Name._sites.gc._msdcs.tuebingen.tst.loc
> node1.tuebingen.tst.loc 3268
> Looking for DNS entry SRV _ldap._tcp.gc._msdcs.tuebingen.tst.loc
> node1.tuebingen.tst.loc 3268 as _ldap._tcp.gc._msdcs.tuebingen.tst.loc.
> Checking 0 100 3268 node1.tuebingen.tst.loc. against SRV
> _ldap._tcp.gc._msdcs.tuebingen.tst.loc node1.tuebingen.tst.loc 3268
> Looking for DNS entry SRV _ldap._tcp.pdc._msdcs.tuebingen.tst.loc
> node1.tuebingen.tst.loc 389 as _ldap._tcp.pdc._msdcs.tuebingen.tst.loc.
> Checking 0 100 389 node1.tuebingen.tst.loc. against SRV
> _ldap._tcp.pdc._msdcs.tuebingen.tst.loc node1.tuebingen.tst.loc 389
> Looking for DNS entry SRV
> _gc._tcp.Default-First-Site-Name._sites.tuebingen.tst.loc
> node1.tuebingen.tst.loc 3268 as
> _gc._tcp.Default-First-Site-Name._sites.tuebingen.tst.loc.
> Checking 0 100 3268 node1.tuebingen.tst.loc. against SRV
> _gc._tcp.Default-First-Site-Name._sites.tuebingen.tst.loc
> node1.tuebingen.tst.loc 3268
> Looking for DNS entry SRV
> _kerberos._tcp.Default-First-Site-Name._sites.tuebingen.tst.loc
> node1.tuebingen.tst.loc 88 as
> _kerberos._tcp.Default-First-Site-Name._sites.tuebingen.tst.loc.
> Checking 0 100 88 node2.tuebingen.tst.loc. against SRV
> _kerberos._tcp.Default-First-Site-Name._sites.tuebingen.tst.loc
> node1.tuebingen.tst.loc 88
> Checking 0 100 88 node1.tuebingen.tst.loc. against SRV
> _kerberos._tcp.Default-First-Site-Name._sites.tuebingen.tst.loc
> node1.tuebingen.tst.loc 88
> Looking for DNS entry SRV
> _ldap._tcp.Default-First-Site-Name._sites.tuebingen.tst.loc
> node1.tuebingen.tst.loc 389 as
> _ldap._tcp.Default-First-Site-Name._sites.tuebingen.tst.loc.
> Checking 0 100 389 node1.tuebingen.tst.loc. against SRV
> _ldap._tcp.Default-First-Site-Name._sites.tuebingen.tst.loc
> node1.tuebingen.tst.loc 389
> Looking for DNS entry SRV _gc._tcp.tuebingen.tst.loc
> node1.tuebingen.tst.loc
> 3268 as _gc._tcp.tuebingen.tst.loc.
> Checking 0 100 3268 node1.tuebingen.tst.loc. against SRV
> _gc._tcp.tuebingen.tst.loc node1.tuebingen.tst.loc 3268
> Looking for DNS entry SRV _kerberos._tcp.tuebingen.tst.loc
> node1.tuebingen.tst.loc 88 as _kerberos._tcp.tuebingen.tst.loc.
> Checking 0 100 88 node2.tuebingen.tst.loc. against SRV
> _kerberos._tcp.tuebingen.tst.loc node1.tuebingen.tst.loc 88
> Checking 0 100 88 node1.tuebingen.tst.loc. against SRV
> _kerberos._tcp.tuebingen.tst.loc node1.tuebingen.tst.loc 88
> Looking for DNS entry SRV _kpasswd._tcp.tuebingen.tst.loc
> node1.tuebingen.tst.loc 464 as _kpasswd._tcp.tuebingen.tst.loc.
> Checking 0 100 464 node1.tuebingen.tst.loc. against SRV
> _kpasswd._tcp.tuebingen.tst.loc node1.tuebingen.tst.loc 464
> Looking for DNS entry SRV _ldap._tcp.tuebingen.tst.loc
> node1.tuebingen.tst.loc 389 as _ldap._tcp.tuebingen.tst.loc.
> Checking 0 100 389 node2.tuebingen.tst.loc. against SRV
> _ldap._tcp.tuebingen.tst.loc node1.tuebingen.tst.loc 389
> Checking 0 100 389 node1.tuebingen.tst.loc. against SRV
> _ldap._tcp.tuebingen.tst.loc node1.tuebingen.tst.loc 389
> Looking for DNS entry SRV _kerberos._udp.tuebingen.tst.loc
> node1.tuebingen.tst.loc 88 as _kerberos._udp.tuebingen.tst.loc.
> Checking 0 100 88 node2.tuebingen.tst.loc. against SRV
> _kerberos._udp.tuebingen.tst.loc node1.tuebingen.tst.loc 88
> Checking 0 100 88 node1.tuebingen.tst.loc. against SRV
> _kerberos._udp.tuebingen.tst.loc node1.tuebingen.tst.loc 88
> Looking for DNS entry SRV _kpasswd._udp.tuebingen.tst.loc
> node1.tuebingen.tst.loc 464 as _kpasswd._udp.tuebingen.tst.loc.
> Checking 0 100 464 node2.tuebingen.tst.loc. against SRV
> _kpasswd._udp.tuebingen.tst.loc node1.tuebingen.tst.loc 464
> Checking 0 100 464 node1.tuebingen.tst.loc. against SRV
> _kpasswd._udp.tuebingen.tst.loc node1.tuebingen.tst.loc 464
> No DNS updates needed
>
> -----------------------------------------------
> EDV Daniel Müller
>
> Leitung EDV
> Tropenklinik Paul-Lechler-Krankenhaus
> Paul-Lechler-Str. 24
> 72076 Tübingen
>
> Tel.: 07071/206-463, Fax: 07071/206-499
> eMail: mueller at tropenklinik.de
> Internet: www.tropenklinik.de
> -----------------------------------------------
>
> -----Ursprüngliche Nachricht-----
> Von: Roland de Lepper [mailto:roland.de.lepper at cvis.nl]
> Gesendet: Mittwoch, 11. August 2010 13:16
> An: mueller at tropenklinik.de
> Cc: samba at lists.samba.org
> Betreff: Re: AW: [Samba] samba 4 dns-update issue
>
> I,ve looked at your howto, and it's exactly what I've did too. I also
> compiled bind after I created the user'named' and added to the group
> 'named'. I've set the permissions on the files as in your howto, but still
> no luck.
>
> Selinux and the firewall are disabled on the samba-server and the firewall
> is disabled on the win7 client machine.
>
> Kind regards,
>
> Roland de Lepper
>
>
>
>> Look at my thread: HOWTO samba4 centos5.5 named dnsupdate drbd simple
>> failover
>>
>> -----------------------------------------------
>> EDV Daniel Müller
>>
>> Leitung EDV
>> Tropenklinik Paul-Lechler-Krankenhaus
>> Paul-Lechler-Str. 24
>> 72076 Tübingen
>>
>> Tel.: 07071/206-463, Fax: 07071/206-499
>> eMail: mueller at tropenklinik.de
>> Internet: www.tropenklinik.de
>> -----------------------------------------------
>>
>> -----Ursprüngliche Nachricht-----
>> Von: samba-bounces at lists.samba.org
>> [mailto:samba-bounces at lists.samba.org]
>> Im
>> Auftrag von Roland de Lepper
>> Gesendet: Mittwoch, 11. August 2010 09:38
>> An: samba at lists.samba.org
>> Betreff: [Samba] samba 4 dns-update issue
>>
>> Hi all,
>>
>> I've setup samba4 according to the samba4 wiki on centOS 5.4 in KVM.
>> This went without any problems. I only had to install a higher version
>> of
>> bind to 9.6.x because Centos bind in repo will install version 9.3.x.
>> I've used the Fedora12 source rpms for this to build bind 9.6.x on
>> Centos
>> 5.4.
>>
>> Then I configured bind according to the samba wiki
>> (http://wiki.samba.org/index.php/Samba4/DNS)
>>
>> I did all the check in the wiki to see if bind is working. All tests
>> passed.
>> But in my logs a got the messages "The working directory is not
>> writable".
>> I changed the owner on /var/named to the group named, which solved that
>> problem.
>>
>> Then i installed Win7 virtual in KVM and joined the domain. I can login,
>> create users via dsa.msc tool on windows and see them in wbinfo -u on
>> the
>> samba4 domain controller. All looks right, except for my ddns. The zone
>> could not be updated with the new win7 machine. The win7 machine has a
>> fixed ip-address.
>>
>> I checked all the howto again and again, but couldn't find a thing which
>> could cause this. The error I see in my log is:
>>
>> Aug 11 09:34:46 sambaserver named[2281]: client 192.168.122.150#60058:
>> query 'roland.quinox.be/SOA/IN' denied
>>
>> Is this a permission problem? I check and the group 'named' has write
>> access to my zone file. (the user 'named' is member of the group
>> 'named')
>>
>> This is the only issue I have with my samba4 installation and I really
>> want to solve this issue.
>>
>> If you need more information or configurations, i can post them.
>>
>> Kind regards,
>>
>> Roland
>>
>>
>>
>> --
>> To unsubscribe from this list go to the following URL and read the
>> instructions:  https://lists.samba.org/mailman/options/samba
>>
>>
>>
>
>
>
>
>




More information about the samba mailing list