[Samba] samba 4 dns-update issue
Roland de Lepper
roland.de.lepper at cvis.nl
Fri Aug 13 01:03:44 MDT 2010
First of all, I really appriciate your help. thanks.
> First of all. If you have a single samba4 server system:
>
> Important did you install:
> download.fedora.redhat.com/pub/fedora/epel/5/i386/python-dns-1.7.1-1.el5.noa
> rch.rpm
Yes I did.
[root at sambadc private]# rpm -qa | grep python-dns
python-dns-1.7.1-1.el5
> Test all your dns conf:
> host -t SRV _ldap._tcp.your.domain.com
> EX:
> [root at node1 ~]# host -t SRV _ldap._tcp.tuebingen.tst.loc #<--- your doman
> here
> _ldap._tcp.tuebingen.tst.loc has SRV record 0 100 389
> node1.tuebingen.tst.loc.#<---must give you
>
> host -t SRV _kerberos._udp.your.domain.com
>
> EX:
> [root at node1 ~]# host -t SRV _kerberos._udp.tuebingen.tst.loc
> _kerberos._udp.tuebingen.tst.loc has SRV record 0 100 88
> node1.tuebingen.tst.loc.
>
>
> host -t A nameofteserver.your.domain.com
>
> EX:
> [root at node1 ~]# host -t A node1.tuebingen.tst.loc
> node1.tuebingen.tst.loc has address 192.168.134.27
[root at sambadc private]# host -t SRV _ldap._tcp.quinox.nl
_ldap._tcp.quinox.nl has SRV record 0 100 389 sambadc.quinox.nl.
[root at sambadc private]# host -t SRV _kerberos._udp.quinox.nl
_kerberos._udp.quinox.nl has SRV record 0 100 88 sambadc.quinox.nl.
[root at sambadc private]# host -t A sambadc.quinox.nl
sambadc.quinox.nl has address 192.168.122.200
> This must work. If not you have a mistake somewhere.
>
> Look at you /usr/local/samba/private/named.conf.update. It should look
> like
> this:
>
> [root at node1 private]# cat named.conf.update
> /* this file is auto-generated - do not edit */
> update-policy {
> grant TUEBINGEN.TST.LOC ms-self * A AAAA;
> grant administrator at TUEBINGEN.TST.LOC wildcard * A AAAA SRV CNAME
> TXT;
> grant NODE1$@TUEBINGEN.TST.LOC wildcard * A AAAA SRV CNAME;
>
> };
Here is mine:
[root at sambadc private]# cat named.conf.update
/* this file is auto-generated - do not edit */
update-policy {
grant QUINOX.NL ms-self * A AAAA;
grant administrator at QUINOX.NL wildcard * A AAAA SRV CNAME TXT;
grant SAMBADC$@QUINOX.NL wildcard * A AAAA SRV CNAME;
};
> Then at last samba_dnsupdate --verbose must succed with no errors.
[root at sambadc private]# samba_dnsupdate --verbose
Looking for DNS entry A quinox.nl 192.168.122.200 as quinox.nl.
Looking for DNS entry A sambadc.quinox.nl 192.168.122.200 as
sambadc.quinox.nl.
Looking for DNS entry CNAME
be631f11-f50c-48e2-bf76-024a8994fcf8._msdcs.quinox.nl sambadc.quinox.nl as
be631f11-f50c-48e2-bf76-024a8994fcf8._msdcs.quinox.nl.
Looking for DNS entry SRV
_kerberos._tcp.Default-First-Site-Name._sites.dc._msdcs.quinox.nl
sambadc.quinox.nl 88 as
_kerberos._tcp.Default-First-Site-Name._sites.dc._msdcs.quinox.nl.
Checking 0 100 88 sambadc.quinox.nl. against SRV
_kerberos._tcp.Default-First-Site-Name._sites.dc._msdcs.quinox.nl
sambadc.quinox.nl 88
Looking for DNS entry SRV
_ldap._tcp.Default-First-Site-Name._sites.dc._msdcs.quinox.nl
sambadc.quinox.nl 389 as
_ldap._tcp.Default-First-Site-Name._sites.dc._msdcs.quinox.nl.
Checking 0 100 389 sambadc.quinox.nl. against SRV
_ldap._tcp.Default-First-Site-Name._sites.dc._msdcs.quinox.nl
sambadc.quinox.nl 389
Looking for DNS entry SRV _kerberos._tcp.dc._msdcs.quinox.nl
sambadc.quinox.nl 88 as _kerberos._tcp.dc._msdcs.quinox.nl.
Checking 0 100 88 sambadc.quinox.nl. against SRV
_kerberos._tcp.dc._msdcs.quinox.nl sambadc.quinox.nl 88
Looking for DNS entry SRV _ldap._tcp.dc._msdcs.quinox.nl sambadc.quinox.nl
389 as _ldap._tcp.dc._msdcs.quinox.nl.
Checking 0 100 389 sambadc.quinox.nl. against SRV
_ldap._tcp.dc._msdcs.quinox.nl sambadc.quinox.nl 389
Looking for DNS entry SRV
_ldap._tcp.32b23a16-212e-446b-ab89-fd0206a1e9fe.domains._msdcs.quinox.nl
sambadc.quinox.nl 389 as
_ldap._tcp.32b23a16-212e-446b-ab89-fd0206a1e9fe.domains._msdcs.quinox.nl.
Checking 0 100 389 sambadc.quinox.nl. against SRV
_ldap._tcp.32b23a16-212e-446b-ab89-fd0206a1e9fe.domains._msdcs.quinox.nl
sambadc.quinox.nl 389
Looking for DNS entry SRV
_ldap._tcp.Default-First-Site-Name._sites.gc._msdcs.quinox.nl
sambadc.quinox.nl 3268 as
_ldap._tcp.Default-First-Site-Name._sites.gc._msdcs.quinox.nl.
Checking 0 100 3268 sambadc.quinox.nl. against SRV
_ldap._tcp.Default-First-Site-Name._sites.gc._msdcs.quinox.nl
sambadc.quinox.nl 3268
Looking for DNS entry SRV _ldap._tcp.gc._msdcs.quinox.nl sambadc.quinox.nl
3268 as _ldap._tcp.gc._msdcs.quinox.nl.
Checking 0 100 3268 sambadc.quinox.nl. against SRV
_ldap._tcp.gc._msdcs.quinox.nl sambadc.quinox.nl 3268
Looking for DNS entry SRV _ldap._tcp.pdc._msdcs.quinox.nl
sambadc.quinox.nl 389 as _ldap._tcp.pdc._msdcs.quinox.nl.
Checking 0 100 389 sambadc.quinox.nl. against SRV
_ldap._tcp.pdc._msdcs.quinox.nl sambadc.quinox.nl 389
Looking for DNS entry SRV
_gc._tcp.Default-First-Site-Name._sites.quinox.nl sambadc.quinox.nl 3268
as _gc._tcp.Default-First-Site-Name._sites.quinox.nl.
Checking 0 100 3268 sambadc.quinox.nl. against SRV
_gc._tcp.Default-First-Site-Name._sites.quinox.nl sambadc.quinox.nl 3268
Looking for DNS entry SRV
_kerberos._tcp.Default-First-Site-Name._sites.quinox.nl sambadc.quinox.nl
88 as _kerberos._tcp.Default-First-Site-Name._sites.quinox.nl.
Checking 0 100 88 sambadc.quinox.nl. against SRV
_kerberos._tcp.Default-First-Site-Name._sites.quinox.nl sambadc.quinox.nl
88
Looking for DNS entry SRV
_ldap._tcp.Default-First-Site-Name._sites.quinox.nl sambadc.quinox.nl 389
as _ldap._tcp.Default-First-Site-Name._sites.quinox.nl.
Checking 0 100 389 sambadc.quinox.nl. against SRV
_ldap._tcp.Default-First-Site-Name._sites.quinox.nl sambadc.quinox.nl 389
Looking for DNS entry SRV _gc._tcp.quinox.nl sambadc.quinox.nl 3268 as
_gc._tcp.quinox.nl.
Checking 0 100 3268 sambadc.quinox.nl. against SRV _gc._tcp.quinox.nl
sambadc.quinox.nl 3268
Looking for DNS entry SRV _kerberos._tcp.quinox.nl sambadc.quinox.nl 88 as
_kerberos._tcp.quinox.nl.
Checking 0 100 88 sambadc.quinox.nl. against SRV _kerberos._tcp.quinox.nl
sambadc.quinox.nl 88
Looking for DNS entry SRV _kpasswd._tcp.quinox.nl sambadc.quinox.nl 464 as
_kpasswd._tcp.quinox.nl.
Checking 0 100 464 sambadc.quinox.nl. against SRV _kpasswd._tcp.quinox.nl
sambadc.quinox.nl 464
Looking for DNS entry SRV _ldap._tcp.quinox.nl sambadc.quinox.nl 389 as
_ldap._tcp.quinox.nl.
Checking 0 100 389 sambadc.quinox.nl. against SRV _ldap._tcp.quinox.nl
sambadc.quinox.nl 389
Looking for DNS entry SRV _kerberos._udp.quinox.nl sambadc.quinox.nl 88 as
_kerberos._udp.quinox.nl.
Checking 0 100 88 sambadc.quinox.nl. against SRV _kerberos._udp.quinox.nl
sambadc.quinox.nl 88
Looking for DNS entry SRV _kpasswd._udp.quinox.nl sambadc.quinox.nl 464 as
_kpasswd._udp.quinox.nl.
Checking 0 100 464 sambadc.quinox.nl. against SRV _kpasswd._udp.quinox.nl
sambadc.quinox.nl 464
No DNS updates needed
> If you have 2 samba4 server dc-forest. All of the commands are only
> running
> on the first-master-dc.
I only have 1 dc.
> Please post the answer of above commands here, and your named.conf, your
> /etc/sysconfig/named, your samba4-zone-file (in ../private/dns)
named.conf in /usr/local/samba/private:
[root at sambadc private]# cat named.conf
# This file should be included in your main BIND configuration file
#
# For example with
# include "/usr/local/samba/private/named.conf";
zone "quinox.nl." IN {
type master;
file "/usr/local/samba/private/dns/quinox.nl.zone";
/*
* the list of principals and what they can change is created
* dynamically by Samba, based on the membership of the domain controllers
* group. The provision just creates this file as an empty file.
*/
include "/usr/local/samba/private/named.conf.update";
/* we need to use check-names ignore so _msdcs A records can be created */
check-names ignore;
};
# The reverse zone configuration is optional. The following example
assumes a
# subnet of 192.168.123.0/24:
/*
zone "123.168.192.in-addr.arpa" in {
type master;
file "123.168.192.in-addr.arpa.zone";
update-policy {
grant *.NL wildcard *.123.168.192.in-addr.arpa. PTR;
};
};
*/
# Note that the reverse zone file is not created during the provision
process.
# The most recent BIND versions (9.5.0a5 or later) support secure GSS-TSIG
# updates. If you are running an earlier version of BIND, or if you do
not wish
# to use secure GSS-TSIG updates, you may remove the update-policy
sections in
# both examples above.
named.conf in /etc:
[root at sambadc private]# cat /etc/named.conf
//
// named.conf
//
// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
// server as a caching only nameserver (as a localhost DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//
options {
listen-on port 53 { 127.0.0.1; 192.168.122.200; };
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
allow-query { localhost; 192.168.122.0/24; };
forwarders { 192.168.122.1; };
recursion yes;
tkey-gssapi-credential "DNS/quinox.nl";
tkey-domain "QUINOX.NL";
// dnssec-enable yes;
// dnssec-validation yes;
// dnssec-lookaside . trust-anchor dlv.isc.org.;
};
logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
};
zone "." IN {
type hint;
file "named.ca";
};
include "/etc/named.rfc1912.zones";
include "/usr/local/samba/private/named.conf";
//include "/etc/pki/dnssec-keys//named.dnssec.keys";
//include "/etc/pki/dnssec-keys//dlv/dlv.isc.org.conf";
/etc/sysconfig/named:
# KEYTAB_FILE="/dir/file" -- Specify named service keytab file (for
GSS-TSIG)
KEYTAB_FILE="/usr/local/samba/private/dns.keytab"
export KEYTAB_FILE
quinox.nl.zone file:
[root at sambadc dns]# cat quinox.nl.zone
; -*- zone -*-
; generated by provision.pl
$ORIGIN quinox.nl.
$TTL 1W
@ IN SOA quinox.nl. root.quinox.nl. (
2010081219 ; serial
2D ; refresh
4H ; retry
6W ; expiry
1W ) ; minimum
IN NS sambadc
IN A 192.168.122.200
;
sambadc IN A 192.168.122.200
gc._msdcs IN A 192.168.122.200
be631f11-f50c-48e2-bf76-024a8994fcf8._msdcs IN CNAME sambadc
;
; global catalog servers
_gc._tcp IN SRV 0 100 3268 sambadc
_gc._tcp.Default-First-Site-Name._sites IN SRV 0 100 3268 sambadc
_ldap._tcp.gc._msdcs IN SRV 0 100 3268 sambadc
_ldap._tcp.Default-First-Site-Name._sites.gc._msdcs IN SRV 0 100 3268 sambadc
;
; ldap servers
_ldap._tcp IN SRV 0 100 389 sambadc
_ldap._tcp.dc._msdcs IN SRV 0 100 389 sambadc
_ldap._tcp.pdc._msdcs IN SRV 0 100 389 sambadc
_ldap._tcp.32b23a16-212e-446b-ab89-fd0206a1e9fe.domains._msdcs IN SRV 0
100 389 sambadc
_ldap._tcp.Default-First-Site-Name._sites IN SRV 0 100 389 sambadc
_ldap._tcp.Default-First-Site-Name._sites.dc._msdcs IN SRV 0 100 389 sambadc
;
; krb5 servers
_kerberos._tcp IN SRV 0 100 88 sambadc
_kerberos._tcp.dc._msdcs IN SRV 0 100 88 sambadc
_kerberos._tcp.Default-First-Site-Name._sites IN SRV 0 100 88 sambadc
_kerberos._tcp.Default-First-Site-Name._sites.dc._msdcs IN SRV 0 100 88
sambadc
_kerberos._udp IN SRV 0 100 88 sambadc
; MIT kpasswd likes to lookup this name on password change
_kerberos-master._tcp IN SRV 0 100 88 sambadc
_kerberos-master._udp IN SRV 0 100 88 sambadc
;
; kpasswd
_kpasswd._tcp IN SRV 0 100 464 sambadc
_kpasswd._udp IN SRV 0 100 464 sambadc
;
; heimdal 'find realm for host' hack
_kerberos IN TXT QUINOX.NL
Kind regards,
Roland de Lepper
>
> -----------------------------------------------
> EDV Daniel Müller
>
> Leitung EDV
> Tropenklinik Paul-Lechler-Krankenhaus
> Paul-Lechler-Str. 24
> 72076 Tübingen
>
> Tel.: 07071/206-463, Fax: 07071/206-499
> eMail: mueller at tropenklinik.de
> Internet: www.tropenklinik.de
> -----------------------------------------------
> -----Ursprüngliche Nachricht-----
> Von: Roland de Lepper [mailto:roland.de.lepper at cvis.nl]
> Gesendet: Donnerstag, 12. August 2010 21:05
> An: mueller at tropenklinik.de
> Cc: samba at lists.samba.org
> Betreff: Re: AW: AW: AW: AW: [Samba] samba 4 dns-update issue
>
> Yes I do. Centos 5.5
>
> I do have those two lines in my /etc/sytsconfig/named file.
>
> btw. This evening I've installed a new virtual machine and used your howto
> for the installation of samba4 and DNS.
>
> Unfortunatly...I have the same problem again:
> Aug 12 20:58:34 localhost named[28804]: client 192.168.122.150#54473:
> update 'quinox.nl/IN' denied
>
> This is driving me crazy.I even chmod -R 777 /usr/local/samba/private/dns
> but also that didn't help.
>
> I have installed bind-9.6.2-5.
>
> regards,
>
> Roland de Lepper
>
>> You are running on CentOs?
>>
>> Mine keytab file (for GSS-TSIG)
>>
>>>> [root at node1 sysconfig]# cat named
>>>> # BIND named process options
>>>> #
>>>> KEYTAB_FILE="/usr/local/samba/private/dns.keytab"
>>>> export KEYTAB_FILE
>>>> # -- Specify named service keytab file (for GSS-TSIG)
>>
>> Your:
>>
>>> tkey-gssapi-credential "DNS/quinox.be";
>>> tkey-domain "QUINOX.BE";
>>
>> -----------------------------------------------
>> EDV Daniel Müller
>>
>> Leitung EDV
>> Tropenklinik Paul-Lechler-Krankenhaus
>> Paul-Lechler-Str. 24
>> 72076 Tübingen
>>
>> Tel.: 07071/206-463, Fax: 07071/206-499
>> eMail: mueller at tropenklinik.de
>> Internet: www.tropenklinik.de
>> -----------------------------------------------
>>
>> -----Ursprüngliche Nachricht-----
>> Von: Roland de Lepper [mailto:roland.de.lepper at cvis.nl]
>> Gesendet: Donnerstag, 12. August 2010 11:16
>> An: mueller at tropenklinik.de
>> Betreff: Re: AW: AW: AW: [Samba] samba 4 dns-update issue
>>
>> Is was working with the same denied message in my log, but after the
>> changes yesterday, it isn't working anymore:
>>
>> [root at sambaserver sbin]# ./samba_dnsupdate --verbose
>> Looking for DNS entry A quinox.be 192.168.122.100 as quinox.be.
>> Traceback (most recent call last):
>> File "./samba_dnsupdate", line 275, in ?
>> if not check_dns_name(d):
>> File "./samba_dnsupdate", line 160, in check_dns_name
>> ans = resolver.query(normalised_name, d.type)
>> File "/usr/lib/python2.4/site-packages/dns/resolver.py", line 723, in
>> query
>> return get_default_resolver().query(qname, rdtype, rdclass, tcp,
>> source)
>> File "/usr/lib/python2.4/site-packages/dns/resolver.py", line 604, in
>> query
>> timeout = self._compute_timeout(start)
>> File "/usr/lib/python2.4/site-packages/dns/resolver.py", line 537, in
>> _compute_timeout
>> raise Timeout
>> dns.exception.Timeout
>>
>>
>>
>>> Is this working: samba_dnsupdate --verbose ???
>>>
>>> -----------------------------------------------
>>> EDV Daniel Müller
>>>
>>> Leitung EDV
>>> Tropenklinik Paul-Lechler-Krankenhaus
>>> Paul-Lechler-Str. 24
>>> 72076 Tübingen
>>>
>>> Tel.: 07071/206-463, Fax: 07071/206-499
>>> eMail: mueller at tropenklinik.de
>>> Internet: www.tropenklinik.de
>>> -----------------------------------------------
>>>
>>> -----Ursprüngliche Nachricht-----
>>> Von: Roland de Lepper [mailto:roland.de.lepper at cvis.nl]
>>> Gesendet: Donnerstag, 12. August 2010 10:09
>>> An: mueller at tropenklinik.de
>>> Cc: samba at lists.samba.org
>>> Betreff: Re: AW: AW: [Samba] samba 4 dns-update issue
>>>
>>> Yes I did.
>>>
>>> here is my /etc/named.conf
>>>
>>> [root at sambaserver ~]# cat /etc/named.conf
>>> //
>>> // named.conf
>>> //
>>> // Provided by Red Hat bind package to configure the ISC BIND named(8)
>>> DNS
>>> // server as a caching only nameserver (as a localhost DNS resolver
>>> only).
>>> //
>>> // See /usr/share/doc/bind*/sample/ for example named configuration
>>> files.
>>> //
>>>
>>> options {
>>> listen-on port 53 { 127.0.0.1; 192.168.122.100; };
>>> ## listen-on-v6 port 53 { ::1; };
>>> directory "/var/named";
>>> dump-file "/var/named/data/cache_dump.db";
>>> statistics-file "/var/named/data/named_stats.txt";
>>> memstatistics-file "/var/named/data/named_mem_stats.txt";
>>> allow-query { localhost; 192.168.122.0/24; };
>>> recursion yes;
>>> forwarders { 192.168.122.1; };
>>> tkey-gssapi-credential "DNS/quinox.be";
>>> tkey-domain "QUINOX.BE";
>>> };
>>>
>>>
>>> logging {
>>> channel default_debug {
>>> file "data/named.run";
>>> severity dynamic;
>>> };
>>> };
>>>
>>> zone "." IN {
>>> type hint;
>>> file "named.ca";
>>> };
>>>
>>> include "/etc/named.rfc1912.zones";
>>> include "/etc/named-samba.conf";
>>>
>>>
>>>> Did you set a allow query to all your subnets in your named conf??
>>>> Here is mine:
>>>>
>>>>
>>>>
>>>> options {
>>>> listen-on port 53 { 127.0.0.1;192.168.134.27; };<---imortant
>>>> put
>>>> an
>>>> ip
>>>> listen-on-v6 port 53 { ::1; };
>>>> directory "/var/named";
>>>> dump-file "/var/named/data/cache_dump.db";
>>>> statistics-file "/var/named/data/named_stats.txt";
>>>> memstatistics-file "/var/named/data/named_mem_stats.txt";
>>>> allow-query { localhost; 192.168.135.0/24;
>>>> 192.168.134.0/24;
>>>> };<---all your subnets here
>>>> recursion yes;
>>>> forwarders { 192.168.134.253; };
>>>>
>>>>
>>>> logging {
>>>> channel default_debug {
>>>> file "data/named.run";
>>>> severity dynamic;
>>>> };
>>>> };
>>>>
>>>> zone "." IN {
>>>> type hint;
>>>> file "named.ca";
>>>> };
>>>> include "/usr/local/samba/private/named.conf";<--- this named.conf
>>>> must
>>>> be
>>>> named:named, and the file at which it is pointing
>>>> to:/usr/local/samba/private/named.conf.update
>>>> Also the entry dns.keytab file in /etc/sysconfig/named:
>>>>
>>>>
>>>> [root at node1 sysconfig]# cat named
>>>> # BIND named process options
>>>> #
>>>> KEYTAB_FILE="/usr/local/samba/private/dns.keytab"
>>>> export KEYTAB_FILE
>>>> # -- Specify named service keytab file (for GSS-TSIG)
>>>>
>>>> Make shure named can read and write to it.
>>>>
>>>> Try in your smb.conf
>>>> Interfaces= ip
>>>> Ex mine:
>>>>
>>>> [globals]
>>>> netbios name = NODE1
>>>> workgroup = TUEBINGEN
>>>> realm = TUEBINGEN.TST.LOC
>>>> server role = domain controller
>>>> interfaces= 192.168.134.27
>>>>
>>>> Make a samba_dnsupdate --verbose:
>>>> [root at node1 sysconfig]# samba_dnsupdate --verbose
>>>> Looking for DNS entry A tuebingen.tst.loc 192.168.134.27 as
>>>> tuebingen.tst.loc.
>>>> Looking for DNS entry A node1.tuebingen.tst.loc 192.168.134.27 as
>>>> node1.tuebingen.tst.loc.
>>>> Looking for DNS entry CNAME
>>>> 02284f45-de16-4125-a795-3b614f540ef7._msdcs.tuebingen.tst.loc
>>>> node1.tuebingen.tst.loc as
>>>> 02284f45-de16-4125-a795-3b614f540ef7._msdcs.tuebingen.tst.loc.
>>>> Looking for DNS entry SRV
>>>>
> _kerberos._tcp.Default-First-Site-Name._sites.dc._msdcs.tuebingen.tst.loc
>>>> node1.tuebingen.tst.loc 88 as
>>>>
>> _kerberos._tcp.Default-First-Site-Name._sites.dc._msdcs.tuebingen.tst.loc.
>>>> Checking 0 100 88 node2.tuebingen.tst.loc. against SRV
>>>>
> _kerberos._tcp.Default-First-Site-Name._sites.dc._msdcs.tuebingen.tst.loc
>>>> node1.tuebingen.tst.loc 88
>>>> Checking 0 100 88 node1.tuebingen.tst.loc. against SRV
>>>>
> _kerberos._tcp.Default-First-Site-Name._sites.dc._msdcs.tuebingen.tst.loc
>>>> node1.tuebingen.tst.loc 88
>>>> Looking for DNS entry SRV
>>>> _ldap._tcp.Default-First-Site-Name._sites.dc._msdcs.tuebingen.tst.loc
>>>> node1.tuebingen.tst.loc 389 as
>>>> _ldap._tcp.Default-First-Site-Name._sites.dc._msdcs.tuebingen.tst.loc.
>>>> Checking 0 100 389 node1.tuebingen.tst.loc. against SRV
>>>> _ldap._tcp.Default-First-Site-Name._sites.dc._msdcs.tuebingen.tst.loc
>>>> node1.tuebingen.tst.loc 389
>>>> Looking for DNS entry SRV _kerberos._tcp.dc._msdcs.tuebingen.tst.loc
>>>> node1.tuebingen.tst.loc 88 as
>>>> _kerberos._tcp.dc._msdcs.tuebingen.tst.loc.
>>>> Checking 0 100 88 node1.tuebingen.tst.loc. against SRV
>>>> _kerberos._tcp.dc._msdcs.tuebingen.tst.loc node1.tuebingen.tst.loc 88
>>>> Looking for DNS entry SRV _ldap._tcp.dc._msdcs.tuebingen.tst.loc
>>>> node1.tuebingen.tst.loc 389 as _ldap._tcp.dc._msdcs.tuebingen.tst.loc.
>>>> Checking 0 100 389 node2.tuebingen.tst.loc. against SRV
>>>> _ldap._tcp.dc._msdcs.tuebingen.tst.loc node1.tuebingen.tst.loc 389
>>>> Checking 0 100 389 node1.tuebingen.tst.loc. against SRV
>>>> _ldap._tcp.dc._msdcs.tuebingen.tst.loc node1.tuebingen.tst.loc 389
>>>> Looking for DNS entry SRV
>>>>
>>>
>>
> _ldap._tcp.3d718df6-359c-4eb4-a0de-5a7aaf5b0d26.domains._msdcs.tuebingen.tst
>>>> .loc node1.tuebingen.tst.loc 389 as
>>>>
>>>
>>
> _ldap._tcp.3d718df6-359c-4eb4-a0de-5a7aaf5b0d26.domains._msdcs.tuebingen.tst
>>>> .loc.
>>>> Checking 0 100 389 node1.tuebingen.tst.loc. against SRV
>>>>
>>>
>>
> _ldap._tcp.3d718df6-359c-4eb4-a0de-5a7aaf5b0d26.domains._msdcs.tuebingen.tst
>>>> .loc node1.tuebingen.tst.loc 389
>>>> Looking for DNS entry SRV
>>>> _ldap._tcp.Default-First-Site-Name._sites.gc._msdcs.tuebingen.tst.loc
>>>> node1.tuebingen.tst.loc 3268 as
>>>> _ldap._tcp.Default-First-Site-Name._sites.gc._msdcs.tuebingen.tst.loc.
>>>> Checking 0 100 3268 node1.tuebingen.tst.loc. against SRV
>>>> _ldap._tcp.Default-First-Site-Name._sites.gc._msdcs.tuebingen.tst.loc
>>>> node1.tuebingen.tst.loc 3268
>>>> Looking for DNS entry SRV _ldap._tcp.gc._msdcs.tuebingen.tst.loc
>>>> node1.tuebingen.tst.loc 3268 as
>>>> _ldap._tcp.gc._msdcs.tuebingen.tst.loc.
>>>> Checking 0 100 3268 node1.tuebingen.tst.loc. against SRV
>>>> _ldap._tcp.gc._msdcs.tuebingen.tst.loc node1.tuebingen.tst.loc 3268
>>>> Looking for DNS entry SRV _ldap._tcp.pdc._msdcs.tuebingen.tst.loc
>>>> node1.tuebingen.tst.loc 389 as
>>>> _ldap._tcp.pdc._msdcs.tuebingen.tst.loc.
>>>> Checking 0 100 389 node1.tuebingen.tst.loc. against SRV
>>>> _ldap._tcp.pdc._msdcs.tuebingen.tst.loc node1.tuebingen.tst.loc 389
>>>> Looking for DNS entry SRV
>>>> _gc._tcp.Default-First-Site-Name._sites.tuebingen.tst.loc
>>>> node1.tuebingen.tst.loc 3268 as
>>>> _gc._tcp.Default-First-Site-Name._sites.tuebingen.tst.loc.
>>>> Checking 0 100 3268 node1.tuebingen.tst.loc. against SRV
>>>> _gc._tcp.Default-First-Site-Name._sites.tuebingen.tst.loc
>>>> node1.tuebingen.tst.loc 3268
>>>> Looking for DNS entry SRV
>>>> _kerberos._tcp.Default-First-Site-Name._sites.tuebingen.tst.loc
>>>> node1.tuebingen.tst.loc 88 as
>>>> _kerberos._tcp.Default-First-Site-Name._sites.tuebingen.tst.loc.
>>>> Checking 0 100 88 node2.tuebingen.tst.loc. against SRV
>>>> _kerberos._tcp.Default-First-Site-Name._sites.tuebingen.tst.loc
>>>> node1.tuebingen.tst.loc 88
>>>> Checking 0 100 88 node1.tuebingen.tst.loc. against SRV
>>>> _kerberos._tcp.Default-First-Site-Name._sites.tuebingen.tst.loc
>>>> node1.tuebingen.tst.loc 88
>>>> Looking for DNS entry SRV
>>>> _ldap._tcp.Default-First-Site-Name._sites.tuebingen.tst.loc
>>>> node1.tuebingen.tst.loc 389 as
>>>> _ldap._tcp.Default-First-Site-Name._sites.tuebingen.tst.loc.
>>>> Checking 0 100 389 node1.tuebingen.tst.loc. against SRV
>>>> _ldap._tcp.Default-First-Site-Name._sites.tuebingen.tst.loc
>>>> node1.tuebingen.tst.loc 389
>>>> Looking for DNS entry SRV _gc._tcp.tuebingen.tst.loc
>>>> node1.tuebingen.tst.loc
>>>> 3268 as _gc._tcp.tuebingen.tst.loc.
>>>> Checking 0 100 3268 node1.tuebingen.tst.loc. against SRV
>>>> _gc._tcp.tuebingen.tst.loc node1.tuebingen.tst.loc 3268
>>>> Looking for DNS entry SRV _kerberos._tcp.tuebingen.tst.loc
>>>> node1.tuebingen.tst.loc 88 as _kerberos._tcp.tuebingen.tst.loc.
>>>> Checking 0 100 88 node2.tuebingen.tst.loc. against SRV
>>>> _kerberos._tcp.tuebingen.tst.loc node1.tuebingen.tst.loc 88
>>>> Checking 0 100 88 node1.tuebingen.tst.loc. against SRV
>>>> _kerberos._tcp.tuebingen.tst.loc node1.tuebingen.tst.loc 88
>>>> Looking for DNS entry SRV _kpasswd._tcp.tuebingen.tst.loc
>>>> node1.tuebingen.tst.loc 464 as _kpasswd._tcp.tuebingen.tst.loc.
>>>> Checking 0 100 464 node1.tuebingen.tst.loc. against SRV
>>>> _kpasswd._tcp.tuebingen.tst.loc node1.tuebingen.tst.loc 464
>>>> Looking for DNS entry SRV _ldap._tcp.tuebingen.tst.loc
>>>> node1.tuebingen.tst.loc 389 as _ldap._tcp.tuebingen.tst.loc.
>>>> Checking 0 100 389 node2.tuebingen.tst.loc. against SRV
>>>> _ldap._tcp.tuebingen.tst.loc node1.tuebingen.tst.loc 389
>>>> Checking 0 100 389 node1.tuebingen.tst.loc. against SRV
>>>> _ldap._tcp.tuebingen.tst.loc node1.tuebingen.tst.loc 389
>>>> Looking for DNS entry SRV _kerberos._udp.tuebingen.tst.loc
>>>> node1.tuebingen.tst.loc 88 as _kerberos._udp.tuebingen.tst.loc.
>>>> Checking 0 100 88 node2.tuebingen.tst.loc. against SRV
>>>> _kerberos._udp.tuebingen.tst.loc node1.tuebingen.tst.loc 88
>>>> Checking 0 100 88 node1.tuebingen.tst.loc. against SRV
>>>> _kerberos._udp.tuebingen.tst.loc node1.tuebingen.tst.loc 88
>>>> Looking for DNS entry SRV _kpasswd._udp.tuebingen.tst.loc
>>>> node1.tuebingen.tst.loc 464 as _kpasswd._udp.tuebingen.tst.loc.
>>>> Checking 0 100 464 node2.tuebingen.tst.loc. against SRV
>>>> _kpasswd._udp.tuebingen.tst.loc node1.tuebingen.tst.loc 464
>>>> Checking 0 100 464 node1.tuebingen.tst.loc. against SRV
>>>> _kpasswd._udp.tuebingen.tst.loc node1.tuebingen.tst.loc 464
>>>> No DNS updates needed
>>>>
>>>> -----------------------------------------------
>>>> EDV Daniel Müller
>>>>
>>>> Leitung EDV
>>>> Tropenklinik Paul-Lechler-Krankenhaus
>>>> Paul-Lechler-Str. 24
>>>> 72076 Tübingen
>>>>
>>>> Tel.: 07071/206-463, Fax: 07071/206-499
>>>> eMail: mueller at tropenklinik.de
>>>> Internet: www.tropenklinik.de
>>>> -----------------------------------------------
>>>>
>>>> -----Ursprüngliche Nachricht-----
>>>> Von: Roland de Lepper [mailto:roland.de.lepper at cvis.nl]
>>>> Gesendet: Mittwoch, 11. August 2010 13:16
>>>> An: mueller at tropenklinik.de
>>>> Cc: samba at lists.samba.org
>>>> Betreff: Re: AW: [Samba] samba 4 dns-update issue
>>>>
>>>> I,ve looked at your howto, and it's exactly what I've did too. I also
>>>> compiled bind after I created the user'named' and added to the group
>>>> 'named'. I've set the permissions on the files as in your howto, but
>>>> still
>>>> no luck.
>>>>
>>>> Selinux and the firewall are disabled on the samba-server and the
>>>> firewall
>>>> is disabled on the win7 client machine.
>>>>
>>>> Kind regards,
>>>>
>>>> Roland de Lepper
>>>>
>>>>
>>>>
>>>>> Look at my thread: HOWTO samba4 centos5.5 named dnsupdate drbd simple
>>>>> failover
>>>>>
>>>>> -----------------------------------------------
>>>>> EDV Daniel Müller
>>>>>
>>>>> Leitung EDV
>>>>> Tropenklinik Paul-Lechler-Krankenhaus
>>>>> Paul-Lechler-Str. 24
>>>>> 72076 Tübingen
>>>>>
>>>>> Tel.: 07071/206-463, Fax: 07071/206-499
>>>>> eMail: mueller at tropenklinik.de
>>>>> Internet: www.tropenklinik.de
>>>>> -----------------------------------------------
>>>>>
>>>>> -----Ursprüngliche Nachricht-----
>>>>> Von: samba-bounces at lists.samba.org
>>>>> [mailto:samba-bounces at lists.samba.org]
>>>>> Im
>>>>> Auftrag von Roland de Lepper
>>>>> Gesendet: Mittwoch, 11. August 2010 09:38
>>>>> An: samba at lists.samba.org
>>>>> Betreff: [Samba] samba 4 dns-update issue
>>>>>
>>>>> Hi all,
>>>>>
>>>>> I've setup samba4 according to the samba4 wiki on centOS 5.4 in KVM.
>>>>> This went without any problems. I only had to install a higher
>>>>> version
>>>>> of
>>>>> bind to 9.6.x because Centos bind in repo will install version 9.3.x.
>>>>> I've used the Fedora12 source rpms for this to build bind 9.6.x on
>>>>> Centos
>>>>> 5.4.
>>>>>
>>>>> Then I configured bind according to the samba wiki
>>>>> (http://wiki.samba.org/index.php/Samba4/DNS)
>>>>>
>>>>> I did all the check in the wiki to see if bind is working. All tests
>>>>> passed.
>>>>> But in my logs a got the messages "The working directory is not
>>>>> writable".
>>>>> I changed the owner on /var/named to the group named, which solved
>>>>> that
>>>>> problem.
>>>>>
>>>>> Then i installed Win7 virtual in KVM and joined the domain. I can
>>>>> login,
>>>>> create users via dsa.msc tool on windows and see them in wbinfo -u on
>>>>> the
>>>>> samba4 domain controller. All looks right, except for my ddns. The
>>>>> zone
>>>>> could not be updated with the new win7 machine. The win7 machine has
>>>>> a
>>>>> fixed ip-address.
>>>>>
>>>>> I checked all the howto again and again, but couldn't find a thing
>>>>> which
>>>>> could cause this. The error I see in my log is:
>>>>>
>>>>> Aug 11 09:34:46 sambaserver named[2281]: client
>>>>> 192.168.122.150#60058:
>>>>> query 'roland.quinox.be/SOA/IN' denied
>>>>>
>>>>> Is this a permission problem? I check and the group 'named' has write
>>>>> access to my zone file. (the user 'named' is member of the group
>>>>> 'named')
>>>>>
>>>>> This is the only issue I have with my samba4 installation and I
>>>>> really
>>>>> want to solve this issue.
>>>>>
>>>>> If you need more information or configurations, i can post them.
>>>>>
>>>>> Kind regards,
>>>>>
>>>>> Roland
>>>>>
>>>>>
>>>>>
>>>>> --
>>>>> To unsubscribe from this list go to the following URL and read the
>>>>> instructions: https://lists.samba.org/mailman/options/samba
>>>>>
>>>>>
>>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>
>>>
>>>
>>>
>>>
>>
>>
>>
>>
>>
>
>
>
>
>
More information about the samba
mailing list