[Samba] Samba4 bind DNS

Stefan Schäfer ml at fsproductions.de
Fri Dec 6 03:06:20 MST 2013 

Here are the logfile entries from what happend during joining the domain:

Dec  6 11:01:22 s4ad named[3913]: samba_dlz: starting transaction on 
zone xxx.local
Dec  6 11:01:22 s4ad named[3913]: client 192.168.1.121#50528: update 
'xxx.local/IN' denied
Dec  6 11:01:22 s4ad named[3913]: samba_dlz: cancelling transaction on 
zone xxx.local
Dec  6 11:01:23 s4ad named[3913]: samba_dlz: starting transaction on 
zone xxx.local
Dec  6 11:01:23 s4ad named[3913]: samba_dlz: disallowing update of 
signer=s4client\$\@XXX.LOCAL name=S4CLIENT.xxx.local type=AAAA 
error=insufficient access rights
Dec  6 11:01:23 s4ad named[3913]: client 192.168.1.121#64904/key 
s4client\$\@XXX.LOCAL: updating zone 'baettenhausen.local/NONE': update 
failed: rejected by secure update (RE
FUSED)
Dec  6 11:01:23 s4ad named[3913]: samba_dlz: cancelling transaction on 
zone xxx.local


Am 06.12.2013 10:40, schrieb Stefan Schäfer:
> Hello,
>
> one of my S4 ADs shows a strange behavior. The Server is a stand-alone
> ad controller with bind (bind_dlz) as dns-server. The Samba Version is
> 4.1.2 running on SLES11 SP3.
>
> If i add a new A-record with the DNS-Tool from the Microsoft
> remote-server-tools an check the box "verknüpften PTR-Eintrag
> erstellen", it creates the A-Record, but not the pointer-record.
>
> If i join the domain with a new computer now DNS-Record is created.
>
> The only hint i found are the aipServerAddrs and aipListenAddrs Values
> showed by:
>
> samba-tool dns serverinfo
>
> ...
>   aipServerAddrs              : ['127.0.0.2 (53)', '127.0.0.2 (53)',
> '127.0.0.2 (53)']
>   aipListenAddrs              : ['127.0.0.2 (53)', '127.0.0.2 (53)',
> '127.0.0.2 (53)']
> ...
>
> The same is shown by the DNS-Tool from the Microsoft
> remote-server-tools The server has no interface with the shown
> IP-address, and there is relating entry in /etc/hosts.
>
> It seems that there is no possibility to change these entries to the
> real ip-address of the server. Am i wrong?
>
> Could these wrong entries be the reason for the described behavior?
>
> Regards
>
> Stefan
>

More information about the samba mailing list