[Samba] A and/or PTR record deleted after pc wake-up

Rowland Penny rowlandpenny at googlemail.com
Thu Mar 6 03:29:46 MST 2014 

On 06/03/14 10:13, L.P.H. van Belle wrote:
> Hai,
>
> Thank you for your responce.
> yes, i see the denied, but ive tested everything is all my checks are ok.
I think that it is probably the client trying to update itself and not 
being allowed, don't you have to put something into smb.conf to allow 
insecure updates???
>
> The only thing i can try now is upgrading bind9 (  9.8.4 ) to 9.9.5.
> All the checks with krb5 are ok, so im a bit in the dark here.
>
> iv removed my samba install, and i do it again.
> but now with bind9 (9.9.5)
Last time I checked 9.9.5 was an RC, probably better with 9.9.4

Rowland
>
> i'll report back.
>
> thanks for your responce sofar
>
>
> Louis
>
>
>> -----Oorspronkelijk bericht-----
>> Van: Peter Serbe [mailto:peter at serbe.ch]
>> Verzonden: donderdag 6 maart 2014 10:31
>> Aan: L.P.H. van Belle; samba at lists.samba.org
>> Onderwerp: Re: [Samba] A and/or PTR record deleted after pc wake-up
>>
>> Hi Louis,
>>
>>> So its normal that after a pc woke up my A and PTR records
>> gets deleted ??
>>
>> It doesn't look like the records were deleted...
>> The very first lines of Your log seem to indicate that the
>> authentication of the
>> bind doesn't work. I'd fix this first.
>>
>>> Mar  5 15:43:13 rtd-dc1 named[3717]: samba_dlz: starting
>> transaction on zone INTERNAL.DOMAIN.TLD
>>> Mar  5 15:43:13 rtd-dc1 named[3717]: client
>> 10.249.250.64#49271: update 'INTERNAL.DOMAIN.TLD/IN' denied
>>> Mar  5 15:43:13 rtd-dc1 named[3717]: samba_dlz: cancelling
>> transaction on zone INTERNAL.DOMAIN.TLD
>>
>> After I had fixed my installation (both bind9.9.5 and
>> samba4.1.5 compiled from sources,
>> caveat: the necessary configure switches for bind), my log
>> files of the starting bind
>> looks like this (nothing snipped in between, after it folloing
>> about 100 lines telling
>> about automatically created zones):
>>
>> Mar  6 09:22:58 ulysses named[2218]: reading built-in trusted
>> keys from file '/etc/bind/bind.keys'
>> Mar  6 09:22:58 ulysses named[2218]: using default UDP/IPv4
>> port range: [1024, 65535]
>> Mar  6 09:22:58 ulysses named[2218]: using default UDP/IPv6
>> port range: [1024, 65535]
>> Mar  6 09:22:58 ulysses named[2218]: listening on IPv6
>> interfaces, port 53
>> Mar  6 09:22:58 ulysses named[2218]: listening on IPv4
>> interface lo, 127.0.0.1#53
>> Mar  6 09:22:58 ulysses named[2218]: listening on IPv4
>> interface eth0, 192.168.41.10#53
>> Mar  6 09:22:58 ulysses named[2218]: generating session key
>> for dynamic DNS
>> Mar  6 09:22:58 ulysses named[2218]: sizing zone task pool
>> based on 8 zones
>> Mar  6 09:22:58 ulysses named[2218]: Loading 'AD DNS Zone'
>> using driver dlopen
>> Mar  6 09:22:59 ulysses samba[1998]: [2014/03/06
>> 09:22:59.551610,  0] ../source4/smbd/server.c:370(binary_smbd_main)
>> Mar  6 09:22:59 ulysses samba[1998]:   samba version 4.1.5 started.
>> Mar  6 09:22:59 ulysses samba[1998]:   Copyright Andrew
>> Tridgell and the Samba Team 1992-2013
>> Mar  6 09:23:00 ulysses ntpd[2293]: Listen normally on 5 eth0
>> fe80::beae:c5ff:fe76:903e UDP 123
>> Mar  6 09:23:00 ulysses ntpd[2293]: peers refreshed
>> Mar  6 09:23:02 ulysses named[2218]: samba_dlz: started for DN
>> DC=serbe,DC=local
>> Mar  6 09:23:02 ulysses named[2218]: samba_dlz: starting configure
>> Mar  6 09:23:02 ulysses named[2218]: samba_dlz: configured
>> writeable zone 'serbe.local'
>> Mar  6 09:23:02 ulysses named[2218]: samba_dlz: configured
>> writeable zone '_msdcs.serbe.local'
>> Mar  6 09:23:02 ulysses named[2218]: set up managed keys zone
>> for view _default, file 'managed-keys.bind'
>> Mar  6 09:23:02 ulysses named[2218]: automatic empty zone:
>> 10.IN-ADDR.ARPA
>>
>> Before fixing it my installation did halfway work. But now it
>> runs much smoother,
>> only one annoying entry in daemon.log*).
>>
>> I'd also check the principals in the keytab used for
>> authentication of bind.
>>
>> Best regards
>> Peter
>>
>>
>>
>> *) something weired is going on during startup with the
>> netlogon service.
>> I googled around, but found no really fitting information
>> Mar  6 09:23:05 ulysses samba[2502]: [2014/03/06
>> 09:23:05.069996,  0]
>> ../source4/librpc/rpc/dcerpc_util.c:681(dcerpc_pipe_auth_recv)
>> Mar  6 09:23:05 ulysses samba[2502]:   Failed to bind to uuid
>> 12345678-1234-abcd-ef00-01234567cffb for
>> 12345678-1234-abcd-ef00-01234567cffb at ncalrpc:192.168.41.10[DEFA
>> ULT,sign,seal] NT_STATUS_ACCESS_DENIED
>>
>>

More information about the samba mailing list