[Samba] DNS frustration
steve
steve at steve-ss.com
Wed Oct 9 00:56:23 MDT 2013
On Tue, 2013-10-08 at 22:59 -0700, Scott Goodwin wrote:
>
> * Samba4 with BIND_DLZ (with windows clients updating AD via kerberos)
> Dammit this is so close! But Windows client dns updates do not work.
> Actually, they worked at first, then they stopped working. Errors like
> this:
> Oct 8 21:38:16 earl named[7695]: samba_dlz: starting transaction on zone
> mydomain.com
> Oct 8 21:38:16 earl named[7695]: client 10.2.2.227#52980: update '
> mydomain.com/IN' denied
> Oct 8 21:38:16 earl named[7695]: samba_dlz: cancelling transaction on zone
> mydomain.com
> This is a decidedly ubiquitous problem out there, and one can google on
> this for hours, with no solid fixes or answers. Per this guy's
> advice<http://article.gmane.org/gmane.network.samba.general/131081/match=>I
> downloaded and compiled bind 9.8, and also 9.9 (just for good measure)
> using the proper flags ( --with-dlopen=yes,
> --with-gssapi=/usr/include/gssapi, and WITHOUT the flag
> --disable-isc-spnego). After I did this, it actually worked for a few
> hours! Then all of a sudden, stopped working with the above errors
> littering my named.log again.
Hi
Do you have CNAME's? If not, then it's just because you've tried
different Samba versions but with the same dns records. Try deleting the
old machine record so that a new one corresponding to your new install
will recreate it at the next update request. I don't know your domain
names and finding the DN for the machine took some working out, but I've
an example here:
http://linuxcostablanca.blogspot.com.es/2013/09/samba4-bind9dlz-stale-dns-records-with.html
HTH
Steve
More information about the samba
mailing list