[Samba] question about zone and tsig verify failure

L.P.H. van Belle belle at bazuin.nl
Thu Dec 19 07:51:52 MST 2013


Ok thank you for that info. 

I just got met new xen server and im testing a bit around. 
other question. 
when you run : 
samba_dnsupdate --verbose --all-name 
do you have any errors. 

Greetz, 

Louis

 

>-----Oorspronkelijk bericht-----
>Van: Rowland Penny [mailto:rowlandpenny at googlemail.com] 
>Verzonden: donderdag 19 december 2013 15:30
>Aan: L.P.H. van Belle; samba at lists.samba.org
>Onderwerp: Re: [Samba] question about zone and tsig verify failure
>
>On 19/12/13 14:16, L.P.H. van Belle wrote:
>> Hai
>>   
>> Im running: debian wheezy, sernet samba 4.1.3 , DC, in 
>windows 2008 AD domain.
>>   
>> Im reading the wiki and i stumbled on this.
>>
>> https://wiki.samba.org/index.php/Dns-backend_bind
>>
>> semanage fcontext -a -t named_var_run_t 
>/usr/local/samba/private/dns/${MYREALM}.zone
>> semanage fcontext -a -t named_var_run_t 
>/usr/local/samba/private/dns/${MYREALM}.zone.jnl
>>
>> the strange thing is, and this is also my question,
>>
>> Should there be the zone files, if you using bind9.
>> Since im not seeing these. the server ( samba 4.1.3) has 
>joined a windows domain as DC, no problems,
>> only the samba_dnsupdate --verbose --all-name give ; TSIG 
>error with server: tsig verify failure
>>
>> all other tests are ok as far i can see.
>> if tested bind9 ( debian wheezy stable ) 9.8.4
>> and i backported bind from sid,
>> BIND 9.9.3-rpz2+rl.13214.22-P2-Debian-1:9.9.3.dfsg.P2-4
>>
>> Both do not create these zone files.
>>
>>
>>
>> dlopen is loaded:
>> Dec 19 14:50:58 ws005-s4dc-001 named[301]: generating 
>session key for dynamic DNS
>> Dec 19 14:50:58 ws005-s4dc-001 named[301]: sizing zone task 
>pool based on 5 zones
>> Dec 19 14:50:58 ws005-s4dc-001 named[301]: Loading 'AD DNS 
>Zone' using driver dlopen
>>
>>
>> when i run : samba_upgradedns --dns-backend=BIND9_DLZ it 
>looks ok but no zone file.
>> Reading domain information
>> DNS accounts already exist
>> No zone file /var/lib/samba/private/dns/subdomain.domain.tld.zone
>> DNS records will be automatically created
>> DNS partitions already exist
>> dns-WS005-S4DC-001 account already exists
>> See /var/lib/samba/private/named.conf for an example 
>configuration include file for BIND
>> and /var/lib/samba/private/named.txt for further 
>documentation required for secure DNS updates
>> Finished upgrading DNS
>>
>> i also noticed that the output of these 2 are different.
>> ls -lai /var/lib/samba/private/sam.ldb.d/
>> ls -lai /var/lib/samba/private/dns/sam.ldb.d/
>>
>>
>> after restarting bind, i noticed that
>> samba_upgradedns --dns-backend=BIND9_DLZ
>>
>> didnt seem my bind9 upgrade, and bind is not starting 
>anymore, manually fixing
>>
>> /var/lib/samba/private/named.conf changing bind9.8 to 9.9 
>dlopen fixed it.
>>
>> bug ? shouldnt samba follow the installed bind version?
>>
>>   
>>
>> After reading a lot about the tsig message, i've read there is a fix,
>>
>> if the fix already applied, or do i have an other problem.
>>
>>   
>>
>>   
>>
>> best regards,
>>
>>   
>>
>> Louis
>>
>>
>>
>>   
>>
>Hi Louis, I am running Samba 4.1.0 with Bind 9.9.4 ( both self 
>compiled) 
>and DHCP, everthing works ok for me and I also do not have the 
>two zone 
>files. I think that you only get them if you are running an earlier 
>version of Bind with flat files.
>
>Rowland
>
>



More information about the samba mailing list