[Samba] question about zone and tsig verify failure

L.P.H. van Belle belle at bazuin.nl
Thu Dec 19 08:01:58 MST 2013 

Ok

really, not even 1 tsig verify failure ? 

im trying to find where the tsig verify failure is comming from.  
Im installing from source now so i can compair. 
any other hints i can use? 

btw. your using also a windows server als dns+dhcp server?

and thanx for the quick reply. 

greetz, 

Louis

>-----Oorspronkelijk bericht-----
>Van: Rowland Penny [mailto:rowlandpenny at googlemail.com] 
>Verzonden: donderdag 19 december 2013 15:57
>Aan: L.P.H. van Belle; samba at lists.samba.org
>Onderwerp: Re: [Samba] question about zone and tsig verify failure
>
>On 19/12/13 14:51, L.P.H. van Belle wrote:
>> Ok thank you for that info.
>>
>> I just got met new xen server and im testing a bit around.
>> other question.
>> when you run :
>> samba_dnsupdate --verbose --all-name
>> do you have any errors.
>None what so ever
>
>Rowland
>>
>> Greetz,
>>
>> Louis
>>
>>   
>>
>>> -----Oorspronkelijk bericht-----
>>> Van: Rowland Penny [mailto:rowlandpenny at googlemail.com]
>>> Verzonden: donderdag 19 december 2013 15:30
>>> Aan: L.P.H. van Belle; samba at lists.samba.org
>>> Onderwerp: Re: [Samba] question about zone and tsig verify failure
>>>
>>> On 19/12/13 14:16, L.P.H. van Belle wrote:
>>>> Hai
>>>>    
>>>> Im running: debian wheezy, sernet samba 4.1.3 , DC, in
>>> windows 2008 AD domain.
>>>>    
>>>> Im reading the wiki and i stumbled on this.
>>>>
>>>> https://wiki.samba.org/index.php/Dns-backend_bind
>>>>
>>>> semanage fcontext -a -t named_var_run_t
>>> /usr/local/samba/private/dns/${MYREALM}.zone
>>>> semanage fcontext -a -t named_var_run_t
>>> /usr/local/samba/private/dns/${MYREALM}.zone.jnl
>>>> the strange thing is, and this is also my question,
>>>>
>>>> Should there be the zone files, if you using bind9.
>>>> Since im not seeing these. the server ( samba 4.1.3) has
>>> joined a windows domain as DC, no problems,
>>>> only the samba_dnsupdate --verbose --all-name give ; TSIG
>>> error with server: tsig verify failure
>>>> all other tests are ok as far i can see.
>>>> if tested bind9 ( debian wheezy stable ) 9.8.4
>>>> and i backported bind from sid,
>>>> BIND 9.9.3-rpz2+rl.13214.22-P2-Debian-1:9.9.3.dfsg.P2-4
>>>>
>>>> Both do not create these zone files.
>>>>
>>>>
>>>>
>>>> dlopen is loaded:
>>>> Dec 19 14:50:58 ws005-s4dc-001 named[301]: generating
>>> session key for dynamic DNS
>>>> Dec 19 14:50:58 ws005-s4dc-001 named[301]: sizing zone task
>>> pool based on 5 zones
>>>> Dec 19 14:50:58 ws005-s4dc-001 named[301]: Loading 'AD DNS
>>> Zone' using driver dlopen
>>>>
>>>> when i run : samba_upgradedns --dns-backend=BIND9_DLZ it
>>> looks ok but no zone file.
>>>> Reading domain information
>>>> DNS accounts already exist
>>>> No zone file /var/lib/samba/private/dns/subdomain.domain.tld.zone
>>>> DNS records will be automatically created
>>>> DNS partitions already exist
>>>> dns-WS005-S4DC-001 account already exists
>>>> See /var/lib/samba/private/named.conf for an example
>>> configuration include file for BIND
>>>> and /var/lib/samba/private/named.txt for further
>>> documentation required for secure DNS updates
>>>> Finished upgrading DNS
>>>>
>>>> i also noticed that the output of these 2 are different.
>>>> ls -lai /var/lib/samba/private/sam.ldb.d/
>>>> ls -lai /var/lib/samba/private/dns/sam.ldb.d/
>>>>
>>>>
>>>> after restarting bind, i noticed that
>>>> samba_upgradedns --dns-backend=BIND9_DLZ
>>>>
>>>> didnt seem my bind9 upgrade, and bind is not starting
>>> anymore, manually fixing
>>>> /var/lib/samba/private/named.conf changing bind9.8 to 9.9
>>> dlopen fixed it.
>>>> bug ? shouldnt samba follow the installed bind version?
>>>>
>>>>    
>>>>
>>>> After reading a lot about the tsig message, i've read 
>there is a fix,
>>>>
>>>> if the fix already applied, or do i have an other problem.
>>>>
>>>>    
>>>>
>>>>    
>>>>
>>>> best regards,
>>>>
>>>>    
>>>>
>>>> Louis
>>>>
>>>>
>>>>
>>>>    
>>>>
>>> Hi Louis, I am running Samba 4.1.0 with Bind 9.9.4 ( both self
>>> compiled)
>>> and DHCP, everthing works ok for me and I also do not have the
>>> two zone
>>> files. I think that you only get them if you are running an earlier
>>> version of Bind with flat files.
>>>
>>> Rowland
>>>
>>>
>
>

More information about the samba mailing list