[Samba] Reverse zones fail with secure updates

Wed Dec 7 16:23:29 UTC 2016

Just check, yes all my pc's ( dhcp and static ) are owner of the DNS records. 

NTDOM\COMPUTERNAME$ is set on the record and every pc its own record. 

! one thing, i do use Bind9_dlz with samba and not internal DNS. 
I forgot if i mentioned it before or not. 

Greetz, 

Louis

> -----Oorspronkelijk bericht-----
> Van: samba [mailto:samba-bounces at lists.samba.org] Namens lingpanda101 via
> samba
> Verzonden: woensdag 7 december 2016 17:06
> Aan: samba at lists.samba.org
> Onderwerp: Re: [Samba] Reverse zones fail with secure updates
> 
> On 12/7/2016 10:57 AM, L.P.H. van Belle via samba wrote:
> > Hai James,
> >
> >> On a side not even if I manually create a A RR and select "create
> >> associated pointer (PTR) record" in the Micorsoft DNS snap in. A PTR
> >> record does not get created.
> > Thats correct, you need to do that manualy if you use windows tools.
> >
> >> I can see in a
> >> wireshark capture the XP client request a PTR update. A Windows 7
> client
> >> does not. Not even clients with static IP's. I'll chalk this up to
> >> strictly a windows issue.
> > Hmm still looks to settings in windows.
> > And your sure you have this one enable on the computers.
> > "Use this connection's DNS suffix in DNS registration" is selected in
> adapter properties.
> >
> > I dont register any pc, just join them, reboot 2 x and everything is in
> the dns.
> >
> > Im running out of options.  :-(
> >
> > Login, as user and run type : rsop.msc
> > Check if you een any ! which are errors.
> >
> > Greetz,
> >
> > Louis
> >
> >
> >
> >> -----Oorspronkelijk bericht-----
> >> Van: samba [mailto:samba-bounces at lists.samba.org] Namens lingpanda101
> via
> >> samba
> >> Verzonden: woensdag 7 december 2016 16:33
> >> Aan: samba at lists.samba.org
> >> Onderwerp: Re: [Samba] Reverse zones fail with secure updates
> >>
> >> On 11/28/2016 10:40 AM, L.P.H. van Belle via samba wrote:
> >>> Hai James,
> >>>
> >>> So a windows xp works but Win7/10 not, at least is good hint.
> >>>
> >>> So, i did have a look in my setup again.
> >>> And i'm thinking, i have disabled ipv6 for my windows 7 and win 10
> pc's.
> >>> That may be an option..
> >>>
> >>> A thing you can try, have a look here :
> >>> http://www.bvanleeuwen.nl/faq/?p=1142
> >>> ipv6 Admx to simple disable ipv6.
> >>>
> >>> I've set : Disable all IPv6 components.
> >>>
> >>> I also checked my dhcp options.
> >>> Im sending these options
> >>> 003 route
> >>> 004 time
> >>> 006 dns servers
> >>> 015 DNS Domain Name 	( your_primary.domain.tld )
> >>> 042 NTP
> >>> 046 WINS Node type : (0x8)
> >>>
> >>> And last thing what can be different.
> >>> I have made my own CA root and client certs, im not using the
> generated
> >> certs from samba.
> >>> And the CA root is also published to all my win7/10 computers.
> >>>
> >>> I suggest give it a try, and report back.
> >>>
> >>> Greetz,
> >>>
> >>> Louis
> >>>
> >>>> -----Oorspronkelijk bericht-----
> >>>> Van: lingpanda101 [mailto:lingpanda101 at gmail.com]
> >>>> Verzonden: maandag 28 november 2016 15:40
> >>>> Aan: L.P.H. van Belle; samba at lists.samba.org
> >>> ...
> >>>> Louis,
> >>>>
> >>>>        I have been unsuccessful with getting this to work. However I
> do
> >>>> have a caveat to this. I have a legacy Windows XP device on my domain
> >>>> that did register it's PTR record. My Windows 7 and 10 devices do
> not.
> >>>> I'll investigate a bit further but I believe Samba is working
> >> correctly.
> >>>> Thanks for the help.
> >>>>
> >>>> --
> >>>> - James
> >>>
> >>>
> >>>
> >>>
> >> I've tried every solution posted and then some and no matter what my
> >> Windows 7 clients will not request a PTR update. I can see in a
> >> wireshark capture the XP client request a PTR update. A Windows 7
> client
> >> does not. Not even clients with static IP's. I'll chalk this up to
> >> strictly a windows issue.
> >>
> >> On a side not even if I manually create a A RR and select "create
> >> associated pointer (PTR) record" in the Micorsoft DNS snap in. A PTR
> >> record does not get created.
> >>
> >> --
> >> - James
> >>
> >>
> >> --
> >> To unsubscribe from this list go to the following URL and read the
> >> instructions:  https://lists.samba.org/mailman/options/samba
> >
> 
> No errors. I even went into the registry to manually change the settings
> that would normally be added by using Windows GUI. No luck. Can you
> confirm who the owner is on one of your PTR records? It should be the
> workstation requesting the update.
> 
> --
> - James
> 
> 
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba