[Samba] question about zone and tsig verify failure
L.P.H. van Belle
belle at bazuin.nl
Thu Dec 19 07:51:52 MST 2013
Ok thank you for that info.
I just got met new xen server and im testing a bit around.
other question.
when you run :
samba_dnsupdate --verbose --all-name
do you have any errors.
Greetz,
Louis
>-----Oorspronkelijk bericht-----
>Van: Rowland Penny [mailto:rowlandpenny at googlemail.com]
>Verzonden: donderdag 19 december 2013 15:30
>Aan: L.P.H. van Belle; samba at lists.samba.org
>Onderwerp: Re: [Samba] question about zone and tsig verify failure
>
>On 19/12/13 14:16, L.P.H. van Belle wrote:
>> Hai
>>
>> Im running: debian wheezy, sernet samba 4.1.3 , DC, in
>windows 2008 AD domain.
>>
>> Im reading the wiki and i stumbled on this.
>>
>> https://wiki.samba.org/index.php/Dns-backend_bind
>>
>> semanage fcontext -a -t named_var_run_t
>/usr/local/samba/private/dns/${MYREALM}.zone
>> semanage fcontext -a -t named_var_run_t
>/usr/local/samba/private/dns/${MYREALM}.zone.jnl
>>
>> the strange thing is, and this is also my question,
>>
>> Should there be the zone files, if you using bind9.
>> Since im not seeing these. the server ( samba 4.1.3) has
>joined a windows domain as DC, no problems,
>> only the samba_dnsupdate --verbose --all-name give ; TSIG
>error with server: tsig verify failure
>>
>> all other tests are ok as far i can see.
>> if tested bind9 ( debian wheezy stable ) 9.8.4
>> and i backported bind from sid,
>> BIND 9.9.3-rpz2+rl.13214.22-P2-Debian-1:9.9.3.dfsg.P2-4
>>
>> Both do not create these zone files.
>>
>>
>>
>> dlopen is loaded:
>> Dec 19 14:50:58 ws005-s4dc-001 named[301]: generating
>session key for dynamic DNS
>> Dec 19 14:50:58 ws005-s4dc-001 named[301]: sizing zone task
>pool based on 5 zones
>> Dec 19 14:50:58 ws005-s4dc-001 named[301]: Loading 'AD DNS
>Zone' using driver dlopen
>>
>>
>> when i run : samba_upgradedns --dns-backend=BIND9_DLZ it
>looks ok but no zone file.
>> Reading domain information
>> DNS accounts already exist
>> No zone file /var/lib/samba/private/dns/subdomain.domain.tld.zone
>> DNS records will be automatically created
>> DNS partitions already exist
>> dns-WS005-S4DC-001 account already exists
>> See /var/lib/samba/private/named.conf for an example
>configuration include file for BIND
>> and /var/lib/samba/private/named.txt for further
>documentation required for secure DNS updates
>> Finished upgrading DNS
>>
>> i also noticed that the output of these 2 are different.
>> ls -lai /var/lib/samba/private/sam.ldb.d/
>> ls -lai /var/lib/samba/private/dns/sam.ldb.d/
>>
>>
>> after restarting bind, i noticed that
>> samba_upgradedns --dns-backend=BIND9_DLZ
>>
>> didnt seem my bind9 upgrade, and bind is not starting
>anymore, manually fixing
>>
>> /var/lib/samba/private/named.conf changing bind9.8 to 9.9
>dlopen fixed it.
>>
>> bug ? shouldnt samba follow the installed bind version?
>>
>>
>>
>> After reading a lot about the tsig message, i've read there is a fix,
>>
>> if the fix already applied, or do i have an other problem.
>>
>>
>>
>>
>>
>> best regards,
>>
>>
>>
>> Louis
>>
>>
>>
>>
>>
>Hi Louis, I am running Samba 4.1.0 with Bind 9.9.4 ( both self
>compiled)
>and DHCP, everthing works ok for me and I also do not have the
>two zone
>files. I think that you only get them if you are running an earlier
>version of Bind with flat files.
>
>Rowland
>
>
More information about the samba
mailing list