[Samba] DNS frustration
scott at mimicsimulation.com
Wed Oct 9 13:15:10 MDT 2013
Thanks for the advice Steve. I had actually tried this before, and it did
work temporarily, but after a few hours, the updates starting failing again.
This is so weird! Why is this happening? I have nothing but respect for
the samba team and all their hard work, but egads, I just can't figure out
why such a critical issue is still running rampant. (Ok, so it's not
critical in the sense that all your clients are down, and they can't work.
But heck, every time a pc gets a new dhcp lease, I have to change it by
hand, and that becomes a maintenance nightmare).
I'm being completely serious when I say this: how do larger companies that
have rolled out samba4 cope with this issue? Is there some workaround I'm
not aware of?
Mimic Technologies, Inc
811 First Avenue, Suite 408 | Seattle, WA 98104
phone: 1.800.918.1670 | direct: 206.456.9180
fax: 206.623.3491 | cell: 206.355.7767
On Tue, Oct 8, 2013 at 11:56 PM, steve <steve at steve-ss.com> wrote:
> On Tue, 2013-10-08 at 22:59 -0700, Scott Goodwin wrote:
> > * Samba4 with BIND_DLZ (with windows clients updating AD via kerberos)
> > Dammit this is so close! But Windows client dns updates do not work.
> > Actually, they worked at first, then they stopped working. Errors like
> > this:
> > Oct 8 21:38:16 earl named: samba_dlz: starting transaction on zone
> > mydomain.com
> > Oct 8 21:38:16 earl named: client 10.2.2.227#52980: update '
> > mydomain.com/IN' denied
> > Oct 8 21:38:16 earl named: samba_dlz: cancelling transaction on
> > mydomain.com
> > This is a decidedly ubiquitous problem out there, and one can google on
> > this for hours, with no solid fixes or answers. Per this guy's
> > advice<
> > downloaded and compiled bind 9.8, and also 9.9 (just for good measure)
> > using the proper flags ( --with-dlopen=yes,
> > --with-gssapi=/usr/include/gssapi, and WITHOUT the flag
> > --disable-isc-spnego). After I did this, it actually worked for a few
> > hours! Then all of a sudden, stopped working with the above errors
> > littering my named.log again.
> Do you have CNAME's? If not, then it's just because you've tried
> different Samba versions but with the same dns records. Try deleting the
> old machine record so that a new one corresponding to your new install
> will recreate it at the next update request. I don't know your domain
> names and finding the DN for the machine took some working out, but I've
> an example here:
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
More information about the samba