[Samba] Join AD fails DNS update

L.P.H. van Belle belle at bazuin.nl
Fri Jun 27 07:45:57 MDT 2014 

nsupdate -D -l  ?? 

Are you using bind9_DLZ of bind9_FLATFILE 

above is NOT for DLZ.

 -g is used for kerberos auth. 

and i see: 
>tsig verification successful 
TSIG ?? 

so you problem is probely in you Bind setup, not samba. 
I think you mixing TSIG and GSSTSIG 

start reading here. 

http://wiki.samba.org/index.php/DNS_Backend_BIND 



Louis



>-----Oorspronkelijk bericht-----
>Van: debian at lhanke.de [mailto:samba-bounces at lists.samba.org] 
>Namens Lars Hanke
>Verzonden: donderdag 26 juni 2014 13:27
>Aan: Rowland Penny; samba at lists.samba.org
>Onderwerp: Re: [Samba] Join AD fails DNS update
>
>> Have you tried running the 'nsupdate' command direct, this 
>is what named
>> is doing and it might get you more info.
>
>Didn't even know that tool ...
>
>The update is refused, but I don't see clearly why (see log at 
>the end). 
>Maybe this is an issue to be solved beforehand ...
>
>On the other hand, this will not help to hunt down the prerequisite 
>issue, since it would require me to manually define such, i.e. prereq 
>nxrrset.
>
>Just for my understanding ... I thought that SAMBA_DLZ is an interface 
>for Bind9 to access samba's LDAP. So if samba updates its LDAP, why we 
>still go through the pain of sending update requests?
>
>root at samba:/# nsupdate -D -l
>setup_system()
>Creating key...
>namefromtext
>keycreate
>reset_system()
>user_interaction()
>get_next_command()
> > update add samba4.ad.microsult.de 86400 A 172.16.6.242
>evaluate_update()
>update_addordelete()
>get_next_command()
> > send
>start_update()
>recvsoa()
>About to create rcvmsg
>show_message()
>Reply from SOA query:
>;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id:  59702
>;; flags: qr aa ra; QUESTION: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1
>;; QUESTION SECTION:
>;samba4.ad.microsult.de.                IN      SOA
>
>;; AUTHORITY SECTION:
>ad.microsult.de.        0       IN      SOA     samba.ad.microsult.de. 
>hostmaster.ad.microsult.de. 1 900 600 86400 0
>
>;; TSIG PSEUDOSECTION:
>local-ddns.             0       ANY     TSIG    hmac-sha256. 
>1403781225 
>300 32 vQ9kJvZKQKMBMuDfLhd4qN5fbZ0ekdJX9RJ/QwHWSPQ= 59702 NOERROR 0
>
>Found zone name: ad.microsult.de
>The master is: samba.ad.microsult.de
>send_update()
>Sending update to 127.0.0.1#53
>show_message()
>Outgoing update query:
>;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id:  28777
>;; flags:; ZONE: 1, PREREQ: 0, UPDATE: 1, ADDITIONAL: 1
>;; UPDATE SECTION:
>samba4.ad.microsult.de. 86400   IN      A       172.16.6.242
>
>;; TSIG PSEUDOSECTION:
>local-ddns.             0       ANY     TSIG    hmac-sha256. 
>1403781225 
>300 32 6C64ivAB6zDMqC2OV9EecmOAr8bWw4fBhXOq1WuWPyQ= 28777 NOERROR 0
>
>Out of recvsoa
>update_completed()
>tsig verification successful
>show_message()
>
>Reply from update query:
>;; ->>HEADER<<- opcode: UPDATE, status: REFUSED, id:  28777
>;; flags: qr ra; ZONE: 1, PREREQ: 0, UPDATE: 0, ADDITIONAL: 1
>;; ZONE SECTION:
>;ad.microsult.de.               IN      SOA
>
>;; TSIG PSEUDOSECTION:
>local-ddns.             0       ANY     TSIG    hmac-sha256. 
>1403781225 
>300 32 EauhZfYkovrkF+hocj17kvUs61BLleTa71AJ9PAza5Q= 28777 NOERROR 0
>
>done_update()
>reset_system()
>user_interaction()
>get_next_command()
> > cleanup()
>detach tsigkey x0x7f35351885f8
>Shutting down task manager
>shutdown_program()
>Shutting down request manager
>Destroy DST lib
>Destroying request manager
>Freeing the dispatchers
>Shutting down dispatch manager
>Destroying event
>Shutting down socket manager
>Shutting down timer manager
>Destroying hash context
>Destroying name state
>Removing log context
>Destroying memory context
>root at samba:/#
>
>Kind regards,
>  - lars.
>
>-- 
>To unsubscribe from this list go to the following URL and read the
>instructions:  https://lists.samba.org/mailman/options/samba
>
>

More information about the samba mailing list