[Samba] question about zone and tsig verify failure

Rowland Penny rowlandpenny at googlemail.com
Thu Dec 19 08:26:35 MST 2013 

On 19/12/13 15:01, L.P.H. van Belle wrote:
> Ok
>
> really, not even 1 tsig verify failure ?
Not even one.

>
> im trying to find where the tsig verify failure is comming from.
> Im installing from source now so i can compair.
> any other hints i can use?
>
> btw. your using also a windows server als dns+dhcp server?
Not windows

OS: Linux Mint 13
Samba: Version 4.1.0
DNS: Bind 9.9.4
DHCP: isc-dhcpd-4.1-ESV-R4

>
> and thanx for the quick reply.
>
> greetz,
>
> Louis
>
>> -----Oorspronkelijk bericht-----
>> Van: Rowland Penny [mailto:rowlandpenny at googlemail.com]
>> Verzonden: donderdag 19 december 2013 15:57
>> Aan: L.P.H. van Belle; samba at lists.samba.org
>> Onderwerp: Re: [Samba] question about zone and tsig verify failure
>>
>> On 19/12/13 14:51, L.P.H. van Belle wrote:
>>> Ok thank you for that info.
>>>
>>> I just got met new xen server and im testing a bit around.
>>> other question.
>>> when you run :
>>> samba_dnsupdate --verbose --all-name
>>> do you have any errors.
>> None what so ever
>>
>> Rowland
>>> Greetz,
>>>
>>> Louis
>>>
>>>    
>>>
>>>> -----Oorspronkelijk bericht-----
>>>> Van: Rowland Penny [mailto:rowlandpenny at googlemail.com]
>>>> Verzonden: donderdag 19 december 2013 15:30
>>>> Aan: L.P.H. van Belle; samba at lists.samba.org
>>>> Onderwerp: Re: [Samba] question about zone and tsig verify failure
>>>>
>>>> On 19/12/13 14:16, L.P.H. van Belle wrote:
>>>>> Hai
>>>>>     
>>>>> Im running: debian wheezy, sernet samba 4.1.3 , DC, in
>>>> windows 2008 AD domain.
>>>>>     
>>>>> Im reading the wiki and i stumbled on this.
>>>>>
>>>>> https://wiki.samba.org/index.php/Dns-backend_bind
>>>>>
>>>>> semanage fcontext -a -t named_var_run_t
>>>> /usr/local/samba/private/dns/${MYREALM}.zone
>>>>> semanage fcontext -a -t named_var_run_t
>>>> /usr/local/samba/private/dns/${MYREALM}.zone.jnl
>>>>> the strange thing is, and this is also my question,
>>>>>
>>>>> Should there be the zone files, if you using bind9.
>>>>> Since im not seeing these. the server ( samba 4.1.3) has
>>>> joined a windows domain as DC, no problems,
>>>>> only the samba_dnsupdate --verbose --all-name give ; TSIG
>>>> error with server: tsig verify failure
>>>>> all other tests are ok as far i can see.
>>>>> if tested bind9 ( debian wheezy stable ) 9.8.4
>>>>> and i backported bind from sid,
>>>>> BIND 9.9.3-rpz2+rl.13214.22-P2-Debian-1:9.9.3.dfsg.P2-4
>>>>>
>>>>> Both do not create these zone files.
>>>>>
>>>>>
>>>>>
>>>>> dlopen is loaded:
>>>>> Dec 19 14:50:58 ws005-s4dc-001 named[301]: generating
>>>> session key for dynamic DNS
>>>>> Dec 19 14:50:58 ws005-s4dc-001 named[301]: sizing zone task
>>>> pool based on 5 zones
>>>>> Dec 19 14:50:58 ws005-s4dc-001 named[301]: Loading 'AD DNS
>>>> Zone' using driver dlopen
>>>>> when i run : samba_upgradedns --dns-backend=BIND9_DLZ it
>>>> looks ok but no zone file.
>>>>> Reading domain information
>>>>> DNS accounts already exist
>>>>> No zone file /var/lib/samba/private/dns/subdomain.domain.tld.zone
>>>>> DNS records will be automatically created
>>>>> DNS partitions already exist
>>>>> dns-WS005-S4DC-001 account already exists
>>>>> See /var/lib/samba/private/named.conf for an example
>>>> configuration include file for BIND
>>>>> and /var/lib/samba/private/named.txt for further
>>>> documentation required for secure DNS updates
>>>>> Finished upgrading DNS
>>>>>
>>>>> i also noticed that the output of these 2 are different.
>>>>> ls -lai /var/lib/samba/private/sam.ldb.d/
>>>>> ls -lai /var/lib/samba/private/dns/sam.ldb.d/
>>>>>
>>>>>
>>>>> after restarting bind, i noticed that
>>>>> samba_upgradedns --dns-backend=BIND9_DLZ
>>>>>
>>>>> didnt seem my bind9 upgrade, and bind is not starting
>>>> anymore, manually fixing
>>>>> /var/lib/samba/private/named.conf changing bind9.8 to 9.9
>>>> dlopen fixed it.
>>>>> bug ? shouldnt samba follow the installed bind version?
>>>>>
>>>>>     
>>>>>
>>>>> After reading a lot about the tsig message, i've read
>> there is a fix,
>>>>> if the fix already applied, or do i have an other problem.
>>>>>
>>>>>     
>>>>>
>>>>>     
>>>>>
>>>>> best regards,
>>>>>
>>>>>     
>>>>>
>>>>> Louis
>>>>>
>>>>>
>>>>>
>>>>>     
>>>>>
>>>> Hi Louis, I am running Samba 4.1.0 with Bind 9.9.4 ( both self
>>>> compiled)
>>>> and DHCP, everthing works ok for me and I also do not have the
>>>> two zone
>>>> files. I think that you only get them if you are running an earlier
>>>> version of Bind with flat files.
>>>>
>>>> Rowland
>>>>
>>>>
>>

More information about the samba mailing list