[Samba] Dynamic DNS updates not working with BIND DLZ
Stephen Jones
lloydsystems at fastmail.com.au
Wed Apr 10 20:22:55 MDT 2013
Hi,
A while ago I setup Samba4 on CentOS 6. Samba version was 4.0.0 using
the RPM from SOGo. I used the DLZ BIND backend with BIND 9.8.
I tested with a Windows 7 VM client. When I joined the client to the
domain it was automatically added to the AD DNS and appeared in the
Windows DNS Manager. The VM had a static IP, but if I changed the IP
address that change was automatically reflected in the DNS entry.
I am now adding new real clients to the domain and find that they are
not added to the AD domain DNS. The client has a dynamic IP, but I have
tried changing to a fixed IP address and it makes no difference.
The only changes I can recall between the initial setup and now are:
1. Samba upgrade to 4.0.1. After upgrading I followed the procedure and
ran
samba-tool dbcheck --cross-ncs --fix
samba-tool ntacl sysvolreset
The upgrade changed the permissions of /var/lib/samba4/private back to
root:root 700, which is no good, so I changed back to root:named 750.
I also added "server services = -dns" to smb.conf as per the
instructions because internal DNS is now default.
2. Tested OpenChange. But, prior to doing anything I backed up entire
/var/lib/samba4 directory. When I removed OpenChange (as it is just not
stable yet) I removed /var/lib/samba4 and replaced it with the backup.
So this should not have any effect.
I have checked everything against my notes made when installing Samba4
and can't find anything wrong. In terms of DNS, /etc/named.conf
contains
include "/var/lib/samba4/private/named.conf";
which loads the DLZ module for BIND 9.8.
The /etc/named.conf also has in the options
tkey-gssapi-keytab "/var/lib/samba4/private/dns.keytab";
Permissions of files:
/var/lib/samba4/private/named.conf root:named 640
/var/lib/samba4/private/dns.keytab root:named 640
/var/lib/samba4/private/dns/ root:named 770
It all seems OK (I think), but no dynamic DNS updates. There is nothing
in the samba.log file to suggest a problem. The system log has messages
client <IP address>: update 'example.local/IN' denied
samba_dlz: cancelling transaction on zone example.local
Is there something I need to set in smb.conf? I see there are new
options like "allow dns updates" and "dns update command", which I do
not have specifically set, but I don't know if these only apply to Samba
internal DNS. There is still really no documentation about smb.conf for
Samba4.
Can someone please explain what might be wrong or what I should look
for.
Regards,
Stephen Jones
--
Stephen Jones
lloydsystems at fastmail.com.au
More information about the samba
mailing list