[Samba] Join AD fails DNS update
Lars Hanke
debian at lhanke.de
Thu Jun 26 04:43:36 MDT 2014
>> It does mean that some RRset is required to exist, but it does not!
>> (see RFC2136). Unfortunately, the message doesn't state which set
>> fails. Since prerequisites are optional, I assume that SAMBA_DLZ
>> explicitly sets these fields. Any idea why or what it requires?
>
> What have you got in the systems main logfile (syslog on debian)
This is what named produces during the join.
Jun 24 15:24:44 samba named[7248]: samba_dlz: starting transaction on
zone ad.microsult.de
Jun 24 15:24:44 samba named[7248]: client 172.16.6.242#38702: updating
zone 'ad.microsult.de/NONE': update unsuccessful:
samba4.ad.microsult.de/A: 'RRset exists (value dependent)' prerequisite
not satisfied (NXRRSET)
Jun 24 15:24:44 samba named[7248]: samba_dlz: cancelling transaction on
zone ad.microsult.de
Jun 24 15:24:44 samba named[7248]: samba_dlz: starting transaction on
zone ad.microsult.de
Jun 24 15:24:44 samba named[7248]: samba_dlz: spnego update failed
Jun 24 15:24:44 samba named[7248]: client 172.16.6.242#38702: updating
zone 'ad.microsult.de/NONE': update failed: rejected by secure update
(REFUSED)
Jun 24 15:24:44 samba named[7248]: samba_dlz: cancelling transaction on
zone ad.microsult.de
However, temp_check(), which produces the error, only returns
DNS_R_NXRRSET without further context. So FAILNT in update_action()
cannot log any details, i.e. which RRset exactly was expected and found
missing is not conveyed in the error message.
So, if someone knows how or where the update message is built, we might
find what we actually require.
Regards,
- lars.
More information about the samba
mailing list