[Samba] WERR_DNS_ERROR_RCODE_REFUSED
Rowland penny
rpenny at samba.org
Tue Jun 28 21:25:06 UTC 2016
On 28/06/16 21:37, Carlos A. P. Cunha wrote:
> Hello!
> I have Samba 4.3.3 with Windows Server 2008 R2 SP1, I cm problems in
> DNS, which in windows can not create dns entries:
>
>
> Windows = 192.168.200.66
> Samba = 192.168.200.90
>
> Error trying to create samba-tool:
>
> samba-tool dns add 192.168.200.66 _msdcs.local.domain
> 9e0c71b8-36e0-4269-a69e-1a03bdab4841 CNAME WIN2008.local.domain
> -Uadministrator
> Password is [LOCAL \ administrator]
> ERROR (runtime): uncaught exception - (9005,
> 'WERR_DNS_ERROR_RCODE_REFUSED')
It looks like the windows DC flatly refused the update
> File
> "/opt/samba/lib/python2.7/site-packages/samba/netcmd/__init__.py",
> line 175, in _run
> self.run return (* args, ** kwargs)
> File "/opt/samba/lib/python2.7/site-packages/samba/netcmd/dns.py",
> line 1073, in run
> 0, server, zone, name, add_rec_buf, None)
> root @ samba: /opt/samba_src/samba-4.3.3#
>
>
>
> Samba 4 logs:
>
> Jun 28 17:28:40 samba named [8988]: samba_dlz: starting transaction on
> zone local.domain
> Jun 28 17:28:40 samba named [8988]: client 192.168.200.66 # 59830:
> update 'local.domain / IN' denied
> Jun 28 17:28:40 samba named [8988]: samba_dlz: canceling transaction
> on zone local.domain
> Jun 28 17:28:40 samba named [8988]: samba_dlz: starting transaction on
> zone local.domain
> Jun 28 17:28:40 samba named [8988]: samba_dlz: Allowing update of
> signer = Win2008 \ $ \ @ LOCAL.DOMAIN name = WIN2008.local.domain
> tcpaddr = type = AAAA key = 996-ms-7.3-37764d.
> e5b44e60-3d6e-11e6-02b3-080027f8e516 / 160/0
> Jun 28 17:28:40 samba named [8988]: samba_dlz: Allowing update of
> signer = Win2008 \ $ \ @ LOCAL.DOMAIN name = WIN2008.local.domain
> tcpaddr = type = A key = 996-ms-7.3-37764d.
> e5b44e60-3d6e-11e6-02b3-080027f8e516 / 160/0
> Jun 28 17:28:40 samba named [8988]: samba_dlz: Allowing update of
> signer = Win2008 \ $ \ @ LOCAL.DOMAIN name = WIN2008.local.domain
> tcpaddr = type = A key = 996-ms-7.3-37764d.
> e5b44e60-3d6e-11e6-02b3-080027f8e516 / 160/0
> Jun 28 17:28:40 samba named [8988]: client 192.168.200.66 # 50239 /
> key Win2008 \ $ \ @ LOCAL.DOMAIN: updating zone 'local.domain / NONE':
> deleting RRset at 'WIN2008.local.domain' YYYY
> Jun 28 17:28:40 samba named [8988]: client 192.168.200.66 # 50239 /
> key Win2008 \ $ \ @ LOCAL.DOMAIN: updating zone 'local.domain / NONE':
> deleting RRset at 'WIN2008.local.domain' THE
> Jun 28 17:28:40 samba named [8988]: samba_dlz: subtracted rdataset
> WIN2008.local.domain '. WIN2008.local.domain # 011900 # 011IN # 011A #
> 011192.168.200.66'
> Jun 28 17:28:40 samba named [8988]: client 192.168.200.66 # 50239 /
> key Win2008 \ $ \ @ LOCAL.DOMAIN: updating zone 'local.domain / NONE':
> adding an RR at 'WIN2008.local.domain 'The 192.168.200.66
> Jun 28 17:28:40 samba named [8988]: samba_dlz: added rdataset
> WIN2008.local.domain 'WIN2008.local.domain # 0111200 # 011IN # 011A #
> 011192.168.200.66.'
> Jun 28 17:28:40 samba named [8988]: samba_dlz:. Subtracted
> local.domain rdataset 'local.domain # 0113600 # # 011SOA 011IN #
> 011samba.local.domain. hostmaster.local.domain. 5900600 86400 3600 '
> Jun 28 17:28:40 samba named [8988]: samba_dlz: added rdataset
> local.domain 'local.domain # 0113600 # # 011SOA 011IN #
> 011samba.local.domain.. hostmaster.local.domain. 6900600 86400 3600 '
> Jun 28 17:28:40 samba named [8988]: samba_dlz: committed transaction
> on zone local.domain
>
This log fragment is only showing the DC updating its own record on a
Samba DC, you will need to look in the logs on the windows DC.
I take it that the windows DC is running a DNS server, I think you said
in an earlier post that this is Bind DNS server, if this is the case
*where does Bind store the zone info ? *
Rowland
> Any idea ?
>
> Thank you
>
More information about the samba
mailing list