[Samba] question about zone and tsig verify failure
Rowland Penny
rowlandpenny at googlemail.com
Thu Dec 19 07:57:23 MST 2013
On 19/12/13 14:51, L.P.H. van Belle wrote:
> Ok thank you for that info.
>
> I just got met new xen server and im testing a bit around.
> other question.
> when you run :
> samba_dnsupdate --verbose --all-name
> do you have any errors.
None what so ever
Rowland
>
> Greetz,
>
> Louis
>
>
>
>> -----Oorspronkelijk bericht-----
>> Van: Rowland Penny [mailto:rowlandpenny at googlemail.com]
>> Verzonden: donderdag 19 december 2013 15:30
>> Aan: L.P.H. van Belle; samba at lists.samba.org
>> Onderwerp: Re: [Samba] question about zone and tsig verify failure
>>
>> On 19/12/13 14:16, L.P.H. van Belle wrote:
>>> Hai
>>>
>>> Im running: debian wheezy, sernet samba 4.1.3 , DC, in
>> windows 2008 AD domain.
>>>
>>> Im reading the wiki and i stumbled on this.
>>>
>>> https://wiki.samba.org/index.php/Dns-backend_bind
>>>
>>> semanage fcontext -a -t named_var_run_t
>> /usr/local/samba/private/dns/${MYREALM}.zone
>>> semanage fcontext -a -t named_var_run_t
>> /usr/local/samba/private/dns/${MYREALM}.zone.jnl
>>> the strange thing is, and this is also my question,
>>>
>>> Should there be the zone files, if you using bind9.
>>> Since im not seeing these. the server ( samba 4.1.3) has
>> joined a windows domain as DC, no problems,
>>> only the samba_dnsupdate --verbose --all-name give ; TSIG
>> error with server: tsig verify failure
>>> all other tests are ok as far i can see.
>>> if tested bind9 ( debian wheezy stable ) 9.8.4
>>> and i backported bind from sid,
>>> BIND 9.9.3-rpz2+rl.13214.22-P2-Debian-1:9.9.3.dfsg.P2-4
>>>
>>> Both do not create these zone files.
>>>
>>>
>>>
>>> dlopen is loaded:
>>> Dec 19 14:50:58 ws005-s4dc-001 named[301]: generating
>> session key for dynamic DNS
>>> Dec 19 14:50:58 ws005-s4dc-001 named[301]: sizing zone task
>> pool based on 5 zones
>>> Dec 19 14:50:58 ws005-s4dc-001 named[301]: Loading 'AD DNS
>> Zone' using driver dlopen
>>>
>>> when i run : samba_upgradedns --dns-backend=BIND9_DLZ it
>> looks ok but no zone file.
>>> Reading domain information
>>> DNS accounts already exist
>>> No zone file /var/lib/samba/private/dns/subdomain.domain.tld.zone
>>> DNS records will be automatically created
>>> DNS partitions already exist
>>> dns-WS005-S4DC-001 account already exists
>>> See /var/lib/samba/private/named.conf for an example
>> configuration include file for BIND
>>> and /var/lib/samba/private/named.txt for further
>> documentation required for secure DNS updates
>>> Finished upgrading DNS
>>>
>>> i also noticed that the output of these 2 are different.
>>> ls -lai /var/lib/samba/private/sam.ldb.d/
>>> ls -lai /var/lib/samba/private/dns/sam.ldb.d/
>>>
>>>
>>> after restarting bind, i noticed that
>>> samba_upgradedns --dns-backend=BIND9_DLZ
>>>
>>> didnt seem my bind9 upgrade, and bind is not starting
>> anymore, manually fixing
>>> /var/lib/samba/private/named.conf changing bind9.8 to 9.9
>> dlopen fixed it.
>>> bug ? shouldnt samba follow the installed bind version?
>>>
>>>
>>>
>>> After reading a lot about the tsig message, i've read there is a fix,
>>>
>>> if the fix already applied, or do i have an other problem.
>>>
>>>
>>>
>>>
>>>
>>> best regards,
>>>
>>>
>>>
>>> Louis
>>>
>>>
>>>
>>>
>>>
>> Hi Louis, I am running Samba 4.1.0 with Bind 9.9.4 ( both self
>> compiled)
>> and DHCP, everthing works ok for me and I also do not have the
>> two zone
>> files. I think that you only get them if you are running an earlier
>> version of Bind with flat files.
>>
>> Rowland
>>
>>
More information about the samba
mailing list