[Samba] Join AD fails DNS update

Lars Hanke debian at lhanke.de
Thu Jun 26 05:26:33 MDT 2014 

> Have you tried running the 'nsupdate' command direct, this is what named
> is doing and it might get you more info.

Didn't even know that tool ...

The update is refused, but I don't see clearly why (see log at the end). 
Maybe this is an issue to be solved beforehand ...

On the other hand, this will not help to hunt down the prerequisite 
issue, since it would require me to manually define such, i.e. prereq 
nxrrset.

Just for my understanding ... I thought that SAMBA_DLZ is an interface 
for Bind9 to access samba's LDAP. So if samba updates its LDAP, why we 
still go through the pain of sending update requests?

root at samba:/# nsupdate -D -l
setup_system()
Creating key...
namefromtext
keycreate
reset_system()
user_interaction()
get_next_command()
 > update add samba4.ad.microsult.de 86400 A 172.16.6.242
evaluate_update()
update_addordelete()
get_next_command()
 > send
start_update()
recvsoa()
About to create rcvmsg
show_message()
Reply from SOA query:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id:  59702
;; flags: qr aa ra; QUESTION: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1
;; QUESTION SECTION:
;samba4.ad.microsult.de.                IN      SOA

;; AUTHORITY SECTION:
ad.microsult.de.        0       IN      SOA     samba.ad.microsult.de. 
hostmaster.ad.microsult.de. 1 900 600 86400 0

;; TSIG PSEUDOSECTION:
local-ddns.             0       ANY     TSIG    hmac-sha256. 1403781225 
300 32 vQ9kJvZKQKMBMuDfLhd4qN5fbZ0ekdJX9RJ/QwHWSPQ= 59702 NOERROR 0

Found zone name: ad.microsult.de
The master is: samba.ad.microsult.de
send_update()
Sending update to 127.0.0.1#53
show_message()
Outgoing update query:
;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id:  28777
;; flags:; ZONE: 1, PREREQ: 0, UPDATE: 1, ADDITIONAL: 1
;; UPDATE SECTION:
samba4.ad.microsult.de. 86400   IN      A       172.16.6.242

;; TSIG PSEUDOSECTION:
local-ddns.             0       ANY     TSIG    hmac-sha256. 1403781225 
300 32 6C64ivAB6zDMqC2OV9EecmOAr8bWw4fBhXOq1WuWPyQ= 28777 NOERROR 0

Out of recvsoa
update_completed()
tsig verification successful
show_message()

Reply from update query:
;; ->>HEADER<<- opcode: UPDATE, status: REFUSED, id:  28777
;; flags: qr ra; ZONE: 1, PREREQ: 0, UPDATE: 0, ADDITIONAL: 1
;; ZONE SECTION:
;ad.microsult.de.               IN      SOA

;; TSIG PSEUDOSECTION:
local-ddns.             0       ANY     TSIG    hmac-sha256. 1403781225 
300 32 EauhZfYkovrkF+hocj17kvUs61BLleTa71AJ9PAza5Q= 28777 NOERROR 0

done_update()
reset_system()
user_interaction()
get_next_command()
 > cleanup()
detach tsigkey x0x7f35351885f8
Shutting down task manager
shutdown_program()
Shutting down request manager
Destroy DST lib
Destroying request manager
Freeing the dispatchers
Shutting down dispatch manager
Destroying event
Shutting down socket manager
Shutting down timer manager
Destroying hash context
Destroying name state
Removing log context
Destroying memory context
root at samba:/#

Kind regards,
  - lars.

More information about the samba mailing list