[Samba] samba4 internal dns Server ddns for the reverse lookup Zone
steve
steve at steve-ss.com
Sat Aug 16 08:00:05 MDT 2014
On Sat, 2014-08-16 at 15:46 +0200, Markus Roth wrote:
> Hi Steve,
>
> update. I think nobody can say that i'm not creative :-) I've tried now
> ./samba-tool domain exportkeytab /etc/krb5.keytab without the --principal
> and change my sssd.conf back to:
>
> [sssd]
> services = nss, pam
> config_file_version = 2
> domains = winnet.local
> [nss]
> [pam]
> [domain/winnet.local]
> id_provider = ad
> access_provider = ad
>
> Now i get also the denied messages, but the logs now seems to be different:
Very close now. This should do it:
http://linuxcostablanca.blogspot.com.es/2013/09/samba4-bind9dlz-stale-dns-records-with.html
>
> Aug 16 15:40:03 server1 named[14419]: samba_dlz: starting transaction on
> zone winnet.local
> Aug 16 15:40:03 server1 named[14419]: samba_dlz: allowing update of
> signer=SERVER1\$\@WINNET.LOCAL name=server1.winnet.local
> tcpaddr=192.168.178.130 type=A key=2171273687.sig-server1.winnet.local/160/0
> Aug 16 15:40:03 server1 named[14419]: client 192.168.178.130#49475/key
> SERVER1\$\@WINNET.LOCAL: updating zone 'winnet.local/NONE': deleting rrset
> at 'server1.winnet.local' A
> Aug 16 15:40:03 server1 named[14419]: samba_dlz: subtracted rdataset
> server1.winnet.local 'server1.winnet.local. 3600 IN A
> 192.168.178.130'
> Aug 16 15:40:03 server1 named[14419]: samba_dlz: subtracted rdataset
> winnet.local 'winnet.local. 3600 IN SOA
> server1.winnet.local. hostmaster.winnet.local. 4 900 600 86400 0'
> Aug 16 15:40:03 server1 named[14419]: samba_dlz: added rdataset winnet.local
> 'winnet.local. 3600 IN SOA server1.winnet.local.
> hostmaster.winnet.local. 5 900 600 86400 0'
> Aug 16 15:40:03 server1 named[14419]: samba_dlz: committed transaction on
> zone winnet.local
> Aug 16 15:40:03 server1 named[14419]: samba_dlz: starting transaction on
> zone winnet.local
> Aug 16 15:40:03 server1 named[14419]: samba_dlz: allowing update of
> signer=SERVER1\$\@WINNET.LOCAL name=server1.winnet.local
> tcpaddr=192.168.178.130 type=AAAA
> key=1458088344.sig-server1.winnet.local/160/0
> Aug 16 15:40:03 server1 named[14419]: client 192.168.178.130#60843/key
> SERVER1\$\@WINNET.LOCAL: updating zone 'winnet.local/NONE': deleting rrset
> at 'server1.winnet.local' AAAA
> Aug 16 15:40:03 server1 named[14419]: samba_dlz: committed transaction on
> zone winnet.local
> Aug 16 15:40:03 server1 named[14419]: samba_dlz: starting transaction on
> zone winnet.local
> Aug 16 15:40:03 server1 named[14419]: samba_dlz: allowing update of
> signer=SERVER1\$\@WINNET.LOCAL name=server1.winnet.local
> tcpaddr=192.168.178.130 type=A key=2571247347.sig-server1.winnet.local/160/0
> Aug 16 15:40:03 server1 named[14419]: client 192.168.178.130#60497/key
> SERVER1\$\@WINNET.LOCAL: updating zone 'winnet.local/NONE': adding an RR at
> 'server1.winnet.local' A
> Aug 16 15:40:03 server1 named[14419]: samba_dlz: added rdataset
> server1.winnet.local 'server1.winnet.local. 3600 IN A
> 192.168.178.130'
> Aug 16 15:40:03 server1 named[14419]: samba_dlz: subtracted rdataset
> winnet.local 'winnet.local. 3600 IN SOA
> server1.winnet.local. hostmaster.winnet.local. 5 900 600 86400 0'
> Aug 16 15:40:03 server1 named[14419]: samba_dlz: added rdataset winnet.local
> 'winnet.local. 3600 IN SOA server1.winnet.local.
> hostmaster.winnet.local. 6 900 600 86400 0'
> Aug 16 15:40:03 server1 named[14419]: samba_dlz: committed transaction on
> zone winnet.local
> Aug 16 15:40:03 server1 named[14419]: samba_dlz: starting transaction on
> zone 178.168.192.in-addr.arpa
> Aug 16 15:40:03 server1 named[14419]: samba_dlz: allowing update of
> signer=SERVER1\$\@WINNET.LOCAL name=130.178.168.192.in-addr.arpa
> tcpaddr=192.168.178.130 type=PTR
> key=1615781577.sig-server1.winnet.local/160/0
> Aug 16 15:40:03 server1 named[14419]: samba_dlz: allowing update of
> signer=SERVER1\$\@WINNET.LOCAL name=130.178.168.192.in-addr.arpa
> tcpaddr=192.168.178.130 type=PTR
> key=1615781577.sig-server1.winnet.local/160/0
> Aug 16 15:40:03 server1 named[14419]: client 192.168.178.130#56401/key
> SERVER1\$\@WINNET.LOCAL: updating zone '178.168.192.in-addr.arpa/NONE':
> deleting rrset at '130.178.168.192.in-addr.arpa' PTR
> Aug 16 15:40:03 server1 named[14419]: samba_dlz: subtracted rdataset
> 130.178.168.192.in-addr.arpa '130.178.168.192.in-addr.arpa. 3600 IN
> PTR server1.winnet.local.'
> Aug 16 15:40:03 server1 named[14419]: client 192.168.178.130#56401/key
> SERVER1\$\@WINNET.LOCAL: updating zone '178.168.192.in-addr.arpa/NONE':
> adding an RR at '130.178.168.192.in-addr.arpa' PTR
> Aug 16 15:40:03 server1 named[14419]: samba_dlz: added rdataset
> 130.178.168.192.in-addr.arpa '130.178.168.192.in-addr.arpa. 3600 IN
> PTR server1.winnet.local.'
> Aug 16 15:40:03 server1 named[14419]: samba_dlz: committed transaction on
> zone 178.168.192.in-addr.arpa
> Aug 16 15:40:19 server1 chronyd[831]: NTP packet received from unauthorised
> host 192.168.178.200 port 123
> Aug 16 15:40:20 server1 named[14419]: samba_dlz: starting transaction on
> zone winnet.local
> Aug 16 15:40:20 server1 named[14419]: client 192.168.178.200#53494: update
> 'winnet.local/IN' denied
> Aug 16 15:40:20 server1 named[14419]: samba_dlz: cancelling transaction on
> zone winnet.local
> Aug 16 15:40:20 server1 named[14419]: samba_dlz: starting transaction on
> zone winnet.local
> Aug 16 15:40:20 server1 named[14419]: samba_dlz: allowing update of
> signer=client1\$\@WINNET.LOCAL name=client1.winnet.local tcpaddr= type=AAAA
> key=1084-ms-7.1-6f73.dd303850-254a-11e4-439a-000c29a4b410/160/0
> Aug 16 15:40:20 server1 named[14419]: samba_dlz: allowing update of
> signer=client1\$\@WINNET.LOCAL name=client1.winnet.local tcpaddr= type=A
> key=1084-ms-7.1-6f73.dd303850-254a-11e4-439a-000c29a4b410/160/0
> Aug 16 15:40:20 server1 named[14419]: samba_dlz: allowing update of
> signer=client1\$\@WINNET.LOCAL name=client1.winnet.local tcpaddr= type=A
> key=1084-ms-7.1-6f73.dd303850-254a-11e4-439a-000c29a4b410/160/0
> Aug 16 15:40:20 server1 named[14419]: client 192.168.178.200#59384/key
> client1\$\@WINNET.LOCAL: updating zone 'winnet.local/NONE': deleting rrset
> at 'client1.winnet.local' AAAA
> Aug 16 15:40:20 server1 named[14419]: client 192.168.178.200#59384/key
> client1\$\@WINNET.LOCAL: updating zone 'winnet.local/NONE': deleting rrset
> at 'client1.winnet.local' A
> Aug 16 15:40:20 server1 named[14419]: samba_dlz: subtracted rdataset
> client1.winnet.local 'client1.winnet.local. 1200 IN A
> 192.168.178.200'
> Aug 16 15:40:20 server1 named[14419]: client 192.168.178.200#59384/key
> client1\$\@WINNET.LOCAL: updating zone 'winnet.local/NONE': adding an RR at
> 'client1.winnet.local' A
> Aug 16 15:40:20 server1 named[14419]: samba_dlz: added rdataset
> client1.winnet.local 'client1.winnet.local. 1200 IN A
> 192.168.178.200'
> Aug 16 15:40:20 server1 named[14419]: samba_dlz: committed transaction on
> zone winnet.local
> Aug 16 15:40:20 server1 named[14419]: samba_dlz: starting transaction on
> zone 178.168.192.in-addr.arpa
> Aug 16 15:40:20 server1 named[14419]: client 192.168.178.200#61402: update
> '178.168.192.in-addr.arpa/IN' denied
> Aug 16 15:40:20 server1 named[14419]: samba_dlz: cancelling transaction on
> zone 178.168.192.in-addr.arpa
> Aug 16 15:40:20 server1 named[14419]: samba_dlz: starting transaction on
> zone 178.168.192.in-addr.arpa
> Aug 16 15:40:20 server1 named[14419]: samba_dlz: allowing update of
> signer=client1\$\@WINNET.LOCAL name=200.178.168.192.in-addr.arpa tcpaddr=
> type=PTR key=1084-ms-7.1-6f73.dd303850-254a-11e4-439a-000c29a4b410/160/0
> Aug 16 15:40:20 server1 named[14419]: samba_dlz: allowing update of
> signer=client1\$\@WINNET.LOCAL name=200.178.168.192.in-addr.arpa tcpaddr=
> type=PTR key=1084-ms-7.1-6f73.dd303850-254a-11e4-439a-000c29a4b410/160/0
> Aug 16 15:40:20 server1 named[14419]: client 192.168.178.200#54396/key
> client1\$\@WINNET.LOCAL: updating zone '178.168.192.in-addr.arpa/NONE':
> deleting rrset at '200.178.168.192.in-addr.arpa' PTR
> Aug 16 15:40:20 server1 named[14419]: samba_dlz: subtracted rdataset
> 200.178.168.192.in-addr.arpa '200.178.168.192.in-addr.arpa. 1200 IN
> PTR client1.winnet.local.'
> Aug 16 15:40:20 server1 named[14419]: client 192.168.178.200#54396/key
> client1\$\@WINNET.LOCAL: updating zone '178.168.192.in-addr.arpa/NONE':
> adding an RR at '200.178.168.192.in-addr.arpa' PTR
> Aug 16 15:40:20 server1 named[14419]: samba_dlz: added rdataset
> 200.178.168.192.in-addr.arpa '200.178.168.192.in-addr.arpa. 1200 IN
> PTR client1.winnet.local.'
> Aug 16 15:40:20 server1 named[14419]: samba_dlz: committed transaction on
> zone 178.168.192.in-addr.arpa
>
> -----Ursprüngliche Nachricht-----
> Von: Markus Roth [mailto:markusroth1983 at gmx.net]
> Gesendet: Samstag, 16. August 2014 15:13
> An: 'steve'
> Cc: 'samba at lists.samba.org'
> Betreff: AW: [Samba] samba4 internal dns Server ddns for the reverse lookup
> Zone
>
> Hi Steve,
>
> I've tried the below domain exportkeytab, but when i do samba-tool domain
> exportkeytab /etc/krb5.keytab --principal=WINNET$ the log says:
>
> ./samba-tool domain exportkeytab /etc/krb5.keytab --principal=WINNET$
> ERROR(runtime): uncaught exception - Key table entry not found
> File
> "/usr/local/samba/lib64/python2.7/site-packages/samba/netcmd/__init__.py",
> line 175, in _run
> return self.run(*args, **kwargs)
> File
> "/usr/local/samba/lib64/python2.7/site-packages/samba/netcmd/domain.py",
> line 103, in run
> net.export_keytab(keytab=keytab, principal=principal)
>
> When i do the same with --principal=server1$ it does an export, but i get
> also the beginning denied messages. I also tried winnet$ or winnet.local$
> but it gets the same erros above.
>
>
> >Hi
> >This is not using the sssd ad backend at all. It will not do ddns updates,
> neither will it pull the correct id info from AD.
>
> >You were nearly there. Did you see my other post?
>
> >Just issue:
> >samba-tool domain exportkeytab /etc/krb5.keytab --principal=WINNET$ and try
> with your original ad sssd config.
>
> >--
> >To unsubscribe from this list go to the following URL and read the
> >Instructions: https://lists.samba.org/mailman/options/samba
>
More information about the samba
mailing list