[Samba] question about zone and tsig verify failure
L.P.H. van Belle
belle at bazuin.nl
Thu Dec 19 07:16:23 MST 2013
Hai
Im running: debian wheezy, sernet samba 4.1.3 , DC, in windows 2008 AD domain.
Im reading the wiki and i stumbled on this.
https://wiki.samba.org/index.php/Dns-backend_bind
semanage fcontext -a -t named_var_run_t /usr/local/samba/private/dns/${MYREALM}.zone
semanage fcontext -a -t named_var_run_t /usr/local/samba/private/dns/${MYREALM}.zone.jnl
the strange thing is, and this is also my question,
Should there be the zone files, if you using bind9.
Since im not seeing these. the server ( samba 4.1.3) has joined a windows domain as DC, no problems,
only the samba_dnsupdate --verbose --all-name give ; TSIG error with server: tsig verify failure
all other tests are ok as far i can see.
if tested bind9 ( debian wheezy stable ) 9.8.4
and i backported bind from sid,
BIND 9.9.3-rpz2+rl.13214.22-P2-Debian-1:9.9.3.dfsg.P2-4
Both do not create these zone files.
dlopen is loaded:
Dec 19 14:50:58 ws005-s4dc-001 named[301]: generating session key for dynamic DNS
Dec 19 14:50:58 ws005-s4dc-001 named[301]: sizing zone task pool based on 5 zones
Dec 19 14:50:58 ws005-s4dc-001 named[301]: Loading 'AD DNS Zone' using driver dlopen
when i run : samba_upgradedns --dns-backend=BIND9_DLZ it looks ok but no zone file.
Reading domain information
DNS accounts already exist
No zone file /var/lib/samba/private/dns/subdomain.domain.tld.zone
DNS records will be automatically created
DNS partitions already exist
dns-WS005-S4DC-001 account already exists
See /var/lib/samba/private/named.conf for an example configuration include file for BIND
and /var/lib/samba/private/named.txt for further documentation required for secure DNS updates
Finished upgrading DNS
i also noticed that the output of these 2 are different.
ls -lai /var/lib/samba/private/sam.ldb.d/
ls -lai /var/lib/samba/private/dns/sam.ldb.d/
after restarting bind, i noticed that
samba_upgradedns --dns-backend=BIND9_DLZ
didnt seem my bind9 upgrade, and bind is not starting anymore, manually fixing
/var/lib/samba/private/named.conf changing bind9.8 to 9.9 dlopen fixed it.
bug ? shouldnt samba follow the installed bind version?
After reading a lot about the tsig message, i've read there is a fix,
if the fix already applied, or do i have an other problem.
best regards,
Louis
More information about the samba
mailing list