[Samba] WERR_DNS_ERROR_RCODE_REFUSED
mathias dufresne
infractory at gmail.com
Fri Jul 1 09:52:43 UTC 2016
To debug DNS updates: edit samba_dnsupdate and comment line (411 here)
"os.unlink(tmpfile)".
This edition will make next run of command 'samba_dnsupdate' will not
remove temporary files in /tmp.
Then you use one of these files to push update using nsupdate:
nsupdate -g /tmp/<some samba_dnsupdate tmp file>
-g means "use kerberos auth". For that works you must first perform a kinit
to get a valid ticket. Start with a kinit administrator as it the one with
the greater power facing AD. With that account if the update is not
successful it should be because the account as not sufficient permissions.
The you could try using dns-<your dc> account and dns.keytab in private
directory to retry with the user used by your Bind to authenticate against
AD.
If this works, DNS updates are working. And for now I have no idea from
your could come.
cheers,
m.
2016-06-30 19:44 GMT+02:00 Carlos A. P. Cunha <carlos.hollow at gmail.com>:
> Hello!
>
> something else?
>
>
> Thanks
>
>
>
>
> Em 29-06-2016 21:28, Carlos A. P. Cunha escreveu:
>
>>
>> Event View
>>
>>
>> The DNS server has encountered a critical error from the Active
>> Directory. Check that the Active Directory is functioning properly. The
>> extended error debug information (which may be empty) is "". The event data
>> contains the error.
>>
>> But my dns is Ok,
>>
>>
>> My test is other linux(not samba)
>>
>> Windows -> 192.168.200.66
>>
>>
>> host local.domain 192.168.200.66
>> Using domain server:
>> Name: 192.168.200.66
>> Address: 192.168.200.66#53
>> Aliases:
>>
>> local.domain has address 192.168.200.90
>> local.domain has address 192.168.200.66
>>
>>
>> Thanks
>>
>>
>> Em 29-06-2016 18:52, Carlos A. P. Cunha escreveu:
>>
>>>
>>> Is running, so that request DNS request to Windos server it answers, it
>>> can delete DNS entries and it Windows, receives new coming Samba (Master
>>> FSMO)
>>>
>>>
>>> Thanks
>>>
>>>
>>> Em 29-06-2016 17:24, Rowland penny escreveu:
>>>
>>>> On 29/06/16 21:01, Carlos A. P. Cunha wrote:
>>>>
>>>>> I'm running DNS on Windows too, as it receives the update, and delete
>>>>> it it it also erases the Samba, Windows so I could see are not leaving this
>>>>> I create new entries.
>>>>> Entries in samba via command or RSAT are working.
>>>>>
>>>>>
>>>>>
>>>> If you are referring to this that you posted:
>>>>
>>>> Samba 4 logs:
>>>>
>>>> Jun 28 17:28:40 samba named [8988]: samba_dlz: starting transaction on
>>>> zone local.domain
>>>> Jun 28 17:28:40 samba named [8988]: client 192.168.200.66 # 59830:
>>>> update 'local.domain / IN' denied
>>>> Jun 28 17:28:40 samba named [8988]: samba_dlz: canceling transaction on
>>>> zone local.domain
>>>> Jun 28 17:28:40 samba named [8988]: samba_dlz: starting transaction on
>>>> zone local.domain
>>>> Jun 28 17:28:40 samba named [8988]: samba_dlz: Allowing update of
>>>> signer = Win2008 \ $ \ @ LOCAL.DOMAIN name = WIN2008.local.domain tcpaddr =
>>>> type = AAAA key = 996-ms-7.3-37764d. e5b44e60-3d6e-11e6-02b3-080027f8e516 /
>>>> 160/0
>>>> Jun 28 17:28:40 samba named [8988]: samba_dlz: Allowing update of
>>>> signer = Win2008 \ $ \ @ LOCAL.DOMAIN name = WIN2008.local.domain tcpaddr =
>>>> type = A key = 996-ms-7.3-37764d. e5b44e60-3d6e-11e6-02b3-080027f8e516 /
>>>> 160/0
>>>> Jun 28 17:28:40 samba named [8988]: samba_dlz: Allowing update of
>>>> signer = Win2008 \ $ \ @ LOCAL.DOMAIN name = WIN2008.local.domain tcpaddr =
>>>> type = A key = 996-ms-7.3-37764d. e5b44e60-3d6e-11e6-02b3-080027f8e516 /
>>>> 160/0
>>>> Jun 28 17:28:40 samba named [8988]: client 192.168.200.66 # 50239 / key
>>>> Win2008 \ $ \ @ LOCAL.DOMAIN: updating zone 'local.domain / NONE': deleting
>>>> RRset at 'WIN2008.local.domain' YYYY
>>>> Jun 28 17:28:40 samba named [8988]: client 192.168.200.66 # 50239 / key
>>>> Win2008 \ $ \ @ LOCAL.DOMAIN: updating zone 'local.domain / NONE': deleting
>>>> RRset at 'WIN2008.local.domain' THE
>>>> Jun 28 17:28:40 samba named [8988]: samba_dlz: subtracted rdataset
>>>> WIN2008.local.domain '. WIN2008.local.domain # 011900 # 011IN # 011A #
>>>> 011192.168.200.66'
>>>> Jun 28 17:28:40 samba named [8988]: client 192.168.200.66 # 50239 / key
>>>> Win2008 \ $ \ @ LOCAL.DOMAIN: updating zone 'local.domain / NONE': adding
>>>> an RR at 'WIN2008.local.domain 'The 192.168.200.66
>>>> Jun 28 17:28:40 samba named [8988]: samba_dlz: added rdataset
>>>> WIN2008.local.domain 'WIN2008.local.domain # 0111200 # 011IN # 011A #
>>>> 011192.168.200.66.'
>>>> Jun 28 17:28:40 samba named [8988]: samba_dlz:. Subtracted local.domain
>>>> rdataset 'local.domain # 0113600 # # 011SOA 011IN # 011samba.local.domain.
>>>> hostmaster.local.domain. 5900600 86400 3600 '
>>>> Jun 28 17:28:40 samba named [8988]: samba_dlz: added rdataset
>>>> local.domain 'local.domain # 0113600 # # 011SOA 011IN #
>>>> 011samba.local.domain.. hostmaster.local.domain. 6900600 86400 3600 '
>>>> Jun 28 17:28:40 samba named [8988]: samba_dlz: committed transaction on
>>>> zone local.domain
>>>>
>>>> This is not your windows server dns being updated, it appears to be
>>>> your windows server record being updated on a Samba AD DC running Bind9.
>>>>
>>>> So, I ask again, WHAT DNS SERVER IS RUNNING ON THE WINDOWS DC!
>>>>
>>>> Note: the above is not shouting, it is for emphasis.
>>>>
>>>> Rowland
>>>>
>>>>
>>>>
>>>
>>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
>
More information about the samba
mailing list