[Samba] samba 4 dns-update issue
Roland de Lepper
roland.de.lepper at cvis.nl
Thu Aug 12 13:04:51 MDT 2010
Yes I do. Centos 5.5
I do have those two lines in my /etc/sytsconfig/named file.
btw. This evening I've installed a new virtual machine and used your howto
for the installation of samba4 and DNS.
Unfortunatly...I have the same problem again:
Aug 12 20:58:34 localhost named[28804]: client 192.168.122.150#54473:
update 'quinox.nl/IN' denied
This is driving me crazy.I even chmod -R 777 /usr/local/samba/private/dns
but also that didn't help.
I have installed bind-9.6.2-5.
regards,
Roland de Lepper
> You are running on CentOs?
>
> Mine keytab file (for GSS-TSIG)
>
>>> [root at node1 sysconfig]# cat named
>>> # BIND named process options
>>> #
>>> KEYTAB_FILE="/usr/local/samba/private/dns.keytab"
>>> export KEYTAB_FILE
>>> # -- Specify named service keytab file (for GSS-TSIG)
>
> Your:
>
>> tkey-gssapi-credential "DNS/quinox.be";
>> tkey-domain "QUINOX.BE";
>
> -----------------------------------------------
> EDV Daniel Müller
>
> Leitung EDV
> Tropenklinik Paul-Lechler-Krankenhaus
> Paul-Lechler-Str. 24
> 72076 Tübingen
>
> Tel.: 07071/206-463, Fax: 07071/206-499
> eMail: mueller at tropenklinik.de
> Internet: www.tropenklinik.de
> -----------------------------------------------
>
> -----Ursprüngliche Nachricht-----
> Von: Roland de Lepper [mailto:roland.de.lepper at cvis.nl]
> Gesendet: Donnerstag, 12. August 2010 11:16
> An: mueller at tropenklinik.de
> Betreff: Re: AW: AW: AW: [Samba] samba 4 dns-update issue
>
> Is was working with the same denied message in my log, but after the
> changes yesterday, it isn't working anymore:
>
> [root at sambaserver sbin]# ./samba_dnsupdate --verbose
> Looking for DNS entry A quinox.be 192.168.122.100 as quinox.be.
> Traceback (most recent call last):
> File "./samba_dnsupdate", line 275, in ?
> if not check_dns_name(d):
> File "./samba_dnsupdate", line 160, in check_dns_name
> ans = resolver.query(normalised_name, d.type)
> File "/usr/lib/python2.4/site-packages/dns/resolver.py", line 723, in
> query
> return get_default_resolver().query(qname, rdtype, rdclass, tcp,
> source)
> File "/usr/lib/python2.4/site-packages/dns/resolver.py", line 604, in
> query
> timeout = self._compute_timeout(start)
> File "/usr/lib/python2.4/site-packages/dns/resolver.py", line 537, in
> _compute_timeout
> raise Timeout
> dns.exception.Timeout
>
>
>
>> Is this working: samba_dnsupdate --verbose ???
>>
>> -----------------------------------------------
>> EDV Daniel Müller
>>
>> Leitung EDV
>> Tropenklinik Paul-Lechler-Krankenhaus
>> Paul-Lechler-Str. 24
>> 72076 Tübingen
>>
>> Tel.: 07071/206-463, Fax: 07071/206-499
>> eMail: mueller at tropenklinik.de
>> Internet: www.tropenklinik.de
>> -----------------------------------------------
>>
>> -----Ursprüngliche Nachricht-----
>> Von: Roland de Lepper [mailto:roland.de.lepper at cvis.nl]
>> Gesendet: Donnerstag, 12. August 2010 10:09
>> An: mueller at tropenklinik.de
>> Cc: samba at lists.samba.org
>> Betreff: Re: AW: AW: [Samba] samba 4 dns-update issue
>>
>> Yes I did.
>>
>> here is my /etc/named.conf
>>
>> [root at sambaserver ~]# cat /etc/named.conf
>> //
>> // named.conf
>> //
>> // Provided by Red Hat bind package to configure the ISC BIND named(8)
>> DNS
>> // server as a caching only nameserver (as a localhost DNS resolver
>> only).
>> //
>> // See /usr/share/doc/bind*/sample/ for example named configuration
>> files.
>> //
>>
>> options {
>> listen-on port 53 { 127.0.0.1; 192.168.122.100; };
>> ## listen-on-v6 port 53 { ::1; };
>> directory "/var/named";
>> dump-file "/var/named/data/cache_dump.db";
>> statistics-file "/var/named/data/named_stats.txt";
>> memstatistics-file "/var/named/data/named_mem_stats.txt";
>> allow-query { localhost; 192.168.122.0/24; };
>> recursion yes;
>> forwarders { 192.168.122.1; };
>> tkey-gssapi-credential "DNS/quinox.be";
>> tkey-domain "QUINOX.BE";
>> };
>>
>>
>> logging {
>> channel default_debug {
>> file "data/named.run";
>> severity dynamic;
>> };
>> };
>>
>> zone "." IN {
>> type hint;
>> file "named.ca";
>> };
>>
>> include "/etc/named.rfc1912.zones";
>> include "/etc/named-samba.conf";
>>
>>
>>> Did you set a allow query to all your subnets in your named conf??
>>> Here is mine:
>>>
>>>
>>>
>>> options {
>>> listen-on port 53 { 127.0.0.1;192.168.134.27; };<---imortant
>>> put
>>> an
>>> ip
>>> listen-on-v6 port 53 { ::1; };
>>> directory "/var/named";
>>> dump-file "/var/named/data/cache_dump.db";
>>> statistics-file "/var/named/data/named_stats.txt";
>>> memstatistics-file "/var/named/data/named_mem_stats.txt";
>>> allow-query { localhost; 192.168.135.0/24;
>>> 192.168.134.0/24;
>>> };<---all your subnets here
>>> recursion yes;
>>> forwarders { 192.168.134.253; };
>>>
>>>
>>> logging {
>>> channel default_debug {
>>> file "data/named.run";
>>> severity dynamic;
>>> };
>>> };
>>>
>>> zone "." IN {
>>> type hint;
>>> file "named.ca";
>>> };
>>> include "/usr/local/samba/private/named.conf";<--- this named.conf must
>>> be
>>> named:named, and the file at which it is pointing
>>> to:/usr/local/samba/private/named.conf.update
>>> Also the entry dns.keytab file in /etc/sysconfig/named:
>>>
>>>
>>> [root at node1 sysconfig]# cat named
>>> # BIND named process options
>>> #
>>> KEYTAB_FILE="/usr/local/samba/private/dns.keytab"
>>> export KEYTAB_FILE
>>> # -- Specify named service keytab file (for GSS-TSIG)
>>>
>>> Make shure named can read and write to it.
>>>
>>> Try in your smb.conf
>>> Interfaces= ip
>>> Ex mine:
>>>
>>> [globals]
>>> netbios name = NODE1
>>> workgroup = TUEBINGEN
>>> realm = TUEBINGEN.TST.LOC
>>> server role = domain controller
>>> interfaces= 192.168.134.27
>>>
>>> Make a samba_dnsupdate --verbose:
>>> [root at node1 sysconfig]# samba_dnsupdate --verbose
>>> Looking for DNS entry A tuebingen.tst.loc 192.168.134.27 as
>>> tuebingen.tst.loc.
>>> Looking for DNS entry A node1.tuebingen.tst.loc 192.168.134.27 as
>>> node1.tuebingen.tst.loc.
>>> Looking for DNS entry CNAME
>>> 02284f45-de16-4125-a795-3b614f540ef7._msdcs.tuebingen.tst.loc
>>> node1.tuebingen.tst.loc as
>>> 02284f45-de16-4125-a795-3b614f540ef7._msdcs.tuebingen.tst.loc.
>>> Looking for DNS entry SRV
>>> _kerberos._tcp.Default-First-Site-Name._sites.dc._msdcs.tuebingen.tst.loc
>>> node1.tuebingen.tst.loc 88 as
>>>
> _kerberos._tcp.Default-First-Site-Name._sites.dc._msdcs.tuebingen.tst.loc.
>>> Checking 0 100 88 node2.tuebingen.tst.loc. against SRV
>>> _kerberos._tcp.Default-First-Site-Name._sites.dc._msdcs.tuebingen.tst.loc
>>> node1.tuebingen.tst.loc 88
>>> Checking 0 100 88 node1.tuebingen.tst.loc. against SRV
>>> _kerberos._tcp.Default-First-Site-Name._sites.dc._msdcs.tuebingen.tst.loc
>>> node1.tuebingen.tst.loc 88
>>> Looking for DNS entry SRV
>>> _ldap._tcp.Default-First-Site-Name._sites.dc._msdcs.tuebingen.tst.loc
>>> node1.tuebingen.tst.loc 389 as
>>> _ldap._tcp.Default-First-Site-Name._sites.dc._msdcs.tuebingen.tst.loc.
>>> Checking 0 100 389 node1.tuebingen.tst.loc. against SRV
>>> _ldap._tcp.Default-First-Site-Name._sites.dc._msdcs.tuebingen.tst.loc
>>> node1.tuebingen.tst.loc 389
>>> Looking for DNS entry SRV _kerberos._tcp.dc._msdcs.tuebingen.tst.loc
>>> node1.tuebingen.tst.loc 88 as
>>> _kerberos._tcp.dc._msdcs.tuebingen.tst.loc.
>>> Checking 0 100 88 node1.tuebingen.tst.loc. against SRV
>>> _kerberos._tcp.dc._msdcs.tuebingen.tst.loc node1.tuebingen.tst.loc 88
>>> Looking for DNS entry SRV _ldap._tcp.dc._msdcs.tuebingen.tst.loc
>>> node1.tuebingen.tst.loc 389 as _ldap._tcp.dc._msdcs.tuebingen.tst.loc.
>>> Checking 0 100 389 node2.tuebingen.tst.loc. against SRV
>>> _ldap._tcp.dc._msdcs.tuebingen.tst.loc node1.tuebingen.tst.loc 389
>>> Checking 0 100 389 node1.tuebingen.tst.loc. against SRV
>>> _ldap._tcp.dc._msdcs.tuebingen.tst.loc node1.tuebingen.tst.loc 389
>>> Looking for DNS entry SRV
>>>
>>
> _ldap._tcp.3d718df6-359c-4eb4-a0de-5a7aaf5b0d26.domains._msdcs.tuebingen.tst
>>> .loc node1.tuebingen.tst.loc 389 as
>>>
>>
> _ldap._tcp.3d718df6-359c-4eb4-a0de-5a7aaf5b0d26.domains._msdcs.tuebingen.tst
>>> .loc.
>>> Checking 0 100 389 node1.tuebingen.tst.loc. against SRV
>>>
>>
> _ldap._tcp.3d718df6-359c-4eb4-a0de-5a7aaf5b0d26.domains._msdcs.tuebingen.tst
>>> .loc node1.tuebingen.tst.loc 389
>>> Looking for DNS entry SRV
>>> _ldap._tcp.Default-First-Site-Name._sites.gc._msdcs.tuebingen.tst.loc
>>> node1.tuebingen.tst.loc 3268 as
>>> _ldap._tcp.Default-First-Site-Name._sites.gc._msdcs.tuebingen.tst.loc.
>>> Checking 0 100 3268 node1.tuebingen.tst.loc. against SRV
>>> _ldap._tcp.Default-First-Site-Name._sites.gc._msdcs.tuebingen.tst.loc
>>> node1.tuebingen.tst.loc 3268
>>> Looking for DNS entry SRV _ldap._tcp.gc._msdcs.tuebingen.tst.loc
>>> node1.tuebingen.tst.loc 3268 as _ldap._tcp.gc._msdcs.tuebingen.tst.loc.
>>> Checking 0 100 3268 node1.tuebingen.tst.loc. against SRV
>>> _ldap._tcp.gc._msdcs.tuebingen.tst.loc node1.tuebingen.tst.loc 3268
>>> Looking for DNS entry SRV _ldap._tcp.pdc._msdcs.tuebingen.tst.loc
>>> node1.tuebingen.tst.loc 389 as _ldap._tcp.pdc._msdcs.tuebingen.tst.loc.
>>> Checking 0 100 389 node1.tuebingen.tst.loc. against SRV
>>> _ldap._tcp.pdc._msdcs.tuebingen.tst.loc node1.tuebingen.tst.loc 389
>>> Looking for DNS entry SRV
>>> _gc._tcp.Default-First-Site-Name._sites.tuebingen.tst.loc
>>> node1.tuebingen.tst.loc 3268 as
>>> _gc._tcp.Default-First-Site-Name._sites.tuebingen.tst.loc.
>>> Checking 0 100 3268 node1.tuebingen.tst.loc. against SRV
>>> _gc._tcp.Default-First-Site-Name._sites.tuebingen.tst.loc
>>> node1.tuebingen.tst.loc 3268
>>> Looking for DNS entry SRV
>>> _kerberos._tcp.Default-First-Site-Name._sites.tuebingen.tst.loc
>>> node1.tuebingen.tst.loc 88 as
>>> _kerberos._tcp.Default-First-Site-Name._sites.tuebingen.tst.loc.
>>> Checking 0 100 88 node2.tuebingen.tst.loc. against SRV
>>> _kerberos._tcp.Default-First-Site-Name._sites.tuebingen.tst.loc
>>> node1.tuebingen.tst.loc 88
>>> Checking 0 100 88 node1.tuebingen.tst.loc. against SRV
>>> _kerberos._tcp.Default-First-Site-Name._sites.tuebingen.tst.loc
>>> node1.tuebingen.tst.loc 88
>>> Looking for DNS entry SRV
>>> _ldap._tcp.Default-First-Site-Name._sites.tuebingen.tst.loc
>>> node1.tuebingen.tst.loc 389 as
>>> _ldap._tcp.Default-First-Site-Name._sites.tuebingen.tst.loc.
>>> Checking 0 100 389 node1.tuebingen.tst.loc. against SRV
>>> _ldap._tcp.Default-First-Site-Name._sites.tuebingen.tst.loc
>>> node1.tuebingen.tst.loc 389
>>> Looking for DNS entry SRV _gc._tcp.tuebingen.tst.loc
>>> node1.tuebingen.tst.loc
>>> 3268 as _gc._tcp.tuebingen.tst.loc.
>>> Checking 0 100 3268 node1.tuebingen.tst.loc. against SRV
>>> _gc._tcp.tuebingen.tst.loc node1.tuebingen.tst.loc 3268
>>> Looking for DNS entry SRV _kerberos._tcp.tuebingen.tst.loc
>>> node1.tuebingen.tst.loc 88 as _kerberos._tcp.tuebingen.tst.loc.
>>> Checking 0 100 88 node2.tuebingen.tst.loc. against SRV
>>> _kerberos._tcp.tuebingen.tst.loc node1.tuebingen.tst.loc 88
>>> Checking 0 100 88 node1.tuebingen.tst.loc. against SRV
>>> _kerberos._tcp.tuebingen.tst.loc node1.tuebingen.tst.loc 88
>>> Looking for DNS entry SRV _kpasswd._tcp.tuebingen.tst.loc
>>> node1.tuebingen.tst.loc 464 as _kpasswd._tcp.tuebingen.tst.loc.
>>> Checking 0 100 464 node1.tuebingen.tst.loc. against SRV
>>> _kpasswd._tcp.tuebingen.tst.loc node1.tuebingen.tst.loc 464
>>> Looking for DNS entry SRV _ldap._tcp.tuebingen.tst.loc
>>> node1.tuebingen.tst.loc 389 as _ldap._tcp.tuebingen.tst.loc.
>>> Checking 0 100 389 node2.tuebingen.tst.loc. against SRV
>>> _ldap._tcp.tuebingen.tst.loc node1.tuebingen.tst.loc 389
>>> Checking 0 100 389 node1.tuebingen.tst.loc. against SRV
>>> _ldap._tcp.tuebingen.tst.loc node1.tuebingen.tst.loc 389
>>> Looking for DNS entry SRV _kerberos._udp.tuebingen.tst.loc
>>> node1.tuebingen.tst.loc 88 as _kerberos._udp.tuebingen.tst.loc.
>>> Checking 0 100 88 node2.tuebingen.tst.loc. against SRV
>>> _kerberos._udp.tuebingen.tst.loc node1.tuebingen.tst.loc 88
>>> Checking 0 100 88 node1.tuebingen.tst.loc. against SRV
>>> _kerberos._udp.tuebingen.tst.loc node1.tuebingen.tst.loc 88
>>> Looking for DNS entry SRV _kpasswd._udp.tuebingen.tst.loc
>>> node1.tuebingen.tst.loc 464 as _kpasswd._udp.tuebingen.tst.loc.
>>> Checking 0 100 464 node2.tuebingen.tst.loc. against SRV
>>> _kpasswd._udp.tuebingen.tst.loc node1.tuebingen.tst.loc 464
>>> Checking 0 100 464 node1.tuebingen.tst.loc. against SRV
>>> _kpasswd._udp.tuebingen.tst.loc node1.tuebingen.tst.loc 464
>>> No DNS updates needed
>>>
>>> -----------------------------------------------
>>> EDV Daniel Müller
>>>
>>> Leitung EDV
>>> Tropenklinik Paul-Lechler-Krankenhaus
>>> Paul-Lechler-Str. 24
>>> 72076 Tübingen
>>>
>>> Tel.: 07071/206-463, Fax: 07071/206-499
>>> eMail: mueller at tropenklinik.de
>>> Internet: www.tropenklinik.de
>>> -----------------------------------------------
>>>
>>> -----Ursprüngliche Nachricht-----
>>> Von: Roland de Lepper [mailto:roland.de.lepper at cvis.nl]
>>> Gesendet: Mittwoch, 11. August 2010 13:16
>>> An: mueller at tropenklinik.de
>>> Cc: samba at lists.samba.org
>>> Betreff: Re: AW: [Samba] samba 4 dns-update issue
>>>
>>> I,ve looked at your howto, and it's exactly what I've did too. I also
>>> compiled bind after I created the user'named' and added to the group
>>> 'named'. I've set the permissions on the files as in your howto, but
>>> still
>>> no luck.
>>>
>>> Selinux and the firewall are disabled on the samba-server and the
>>> firewall
>>> is disabled on the win7 client machine.
>>>
>>> Kind regards,
>>>
>>> Roland de Lepper
>>>
>>>
>>>
>>>> Look at my thread: HOWTO samba4 centos5.5 named dnsupdate drbd simple
>>>> failover
>>>>
>>>> -----------------------------------------------
>>>> EDV Daniel Müller
>>>>
>>>> Leitung EDV
>>>> Tropenklinik Paul-Lechler-Krankenhaus
>>>> Paul-Lechler-Str. 24
>>>> 72076 Tübingen
>>>>
>>>> Tel.: 07071/206-463, Fax: 07071/206-499
>>>> eMail: mueller at tropenklinik.de
>>>> Internet: www.tropenklinik.de
>>>> -----------------------------------------------
>>>>
>>>> -----Ursprüngliche Nachricht-----
>>>> Von: samba-bounces at lists.samba.org
>>>> [mailto:samba-bounces at lists.samba.org]
>>>> Im
>>>> Auftrag von Roland de Lepper
>>>> Gesendet: Mittwoch, 11. August 2010 09:38
>>>> An: samba at lists.samba.org
>>>> Betreff: [Samba] samba 4 dns-update issue
>>>>
>>>> Hi all,
>>>>
>>>> I've setup samba4 according to the samba4 wiki on centOS 5.4 in KVM.
>>>> This went without any problems. I only had to install a higher version
>>>> of
>>>> bind to 9.6.x because Centos bind in repo will install version 9.3.x.
>>>> I've used the Fedora12 source rpms for this to build bind 9.6.x on
>>>> Centos
>>>> 5.4.
>>>>
>>>> Then I configured bind according to the samba wiki
>>>> (http://wiki.samba.org/index.php/Samba4/DNS)
>>>>
>>>> I did all the check in the wiki to see if bind is working. All tests
>>>> passed.
>>>> But in my logs a got the messages "The working directory is not
>>>> writable".
>>>> I changed the owner on /var/named to the group named, which solved
>>>> that
>>>> problem.
>>>>
>>>> Then i installed Win7 virtual in KVM and joined the domain. I can
>>>> login,
>>>> create users via dsa.msc tool on windows and see them in wbinfo -u on
>>>> the
>>>> samba4 domain controller. All looks right, except for my ddns. The
>>>> zone
>>>> could not be updated with the new win7 machine. The win7 machine has a
>>>> fixed ip-address.
>>>>
>>>> I checked all the howto again and again, but couldn't find a thing
>>>> which
>>>> could cause this. The error I see in my log is:
>>>>
>>>> Aug 11 09:34:46 sambaserver named[2281]: client 192.168.122.150#60058:
>>>> query 'roland.quinox.be/SOA/IN' denied
>>>>
>>>> Is this a permission problem? I check and the group 'named' has write
>>>> access to my zone file. (the user 'named' is member of the group
>>>> 'named')
>>>>
>>>> This is the only issue I have with my samba4 installation and I really
>>>> want to solve this issue.
>>>>
>>>> If you need more information or configurations, i can post them.
>>>>
>>>> Kind regards,
>>>>
>>>> Roland
>>>>
>>>>
>>>>
>>>> --
>>>> To unsubscribe from this list go to the following URL and read the
>>>> instructions: https://lists.samba.org/mailman/options/samba
>>>>
>>>>
>>>>
>>>
>>>
>>>
>>>
>>>
>>
>>
>>
>>
>>
>
>
>
>
>
More information about the samba
mailing list