[Samba] BIND-DLZ refuses to update
Andrew Bartlett
abartlet at samba.org
Fri Sep 28 21:21:21 MDT 2012
On Sat, 2012-09-29 at 04:10 +0400, Dmitry Khromov wrote:
> Hello.
>
> We have a couple of questions regarding Samba 4.1.0pre1-GIT-aad669b running on Gentoo GNU/Linux
> 2) We have a problem with Samba refusing to update DNS records with Gentoo's BIND 9.9.1_p3 (GSSAPI, DLZ)
> BIND log says:
> ...
> named[12365]: samba_dlz: configured writeable zone 'klin.kifato-mk.com'
> named[12365]: samba_dlz: configured writeable zone '172.in-addr.arpa'
> ...
> named[12365]: samba b9_putrr: unhandled record type 65281
> named[12365]: samba_dlz: starting transaction on zone klin.kifato-mk.com
> named[12365]: client 192.168.1.32#1039: view realdns: update 'klin.kifato-mk.com/IN' denied
> named[12365]: samba_dlz: cancelling transaction on zone klin.kifato-mk.com
> log.samba says:
> ../lib/util/util_runcmd.c:334(samba_runcmd_io_handler)
> /usr/local/samba/sbin/samba_dnsupdate: dns_tkey_negotiategss: TKEY is unacceptable
>
> Related parts of named.conf:
> options {
> ...
> tkey-gssapi-keytab "/usr/local/samba/private/dns.keytab";
> ...
> };
> view realdns {
> ...
> dlz "AD DNS Zones" {
> database "dlopen /usr/local/samba/lib/bind9/dlz_bind9_9.so";
> };
> ...
> };
>
The only suggestion I have here is to try turning up the debug level in
the smb.conf, in the dope that we can get more detail on:
named[12365]: client 192.168.1.32#1039: view realdns: update
'klin.kifato-mk.com/IN' denied
Sorry,
Andrew Bartlett
--
Andrew Bartlett http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
More information about the samba
mailing list