[Samba] WERR_DNS_ERROR_RCODE_REFUSED

Rowland penny rpenny at samba.org
Wed Jun 29 08:00:56 UTC 2016


On 28/06/16 23:42, Carlos A. P. Cunha wrote:
> Hello!
>
> Yes, Windows dns too, my dns in samba is Bind!!!
>
>
> I dont understande -> "where does Bind store the zone info ? *"
>
> :-|
>
>
> Thanks
>
> Em 28-06-2016 18:25, Rowland penny escreveu:
>> On 28/06/16 21:37, Carlos A. P. Cunha wrote:
>>> Hello!
>>> I have Samba 4.3.3 with Windows Server 2008 R2 SP1, I cm problems in 
>>> DNS, which in windows can not create dns entries:
>>>
>>>
>>> Windows = 192.168.200.66
>>> Samba = 192.168.200.90
>>>
>>> Error trying to create samba-tool:
>>>
>>> samba-tool dns add 192.168.200.66 _msdcs.local.domain 
>>> 9e0c71b8-36e0-4269-a69e-1a03bdab4841 CNAME WIN2008.local.domain 
>>> -Uadministrator
>>> Password is [LOCAL \ administrator]
>>> ERROR (runtime): uncaught exception - (9005, 
>>> 'WERR_DNS_ERROR_RCODE_REFUSED')
>>
>> It looks like the windows DC flatly refused the update
>>
>>> File 
>>> "/opt/samba/lib/python2.7/site-packages/samba/netcmd/__init__.py", 
>>> line 175, in _run
>>> self.run return (* args, ** kwargs)
>>> File "/opt/samba/lib/python2.7/site-packages/samba/netcmd/dns.py", 
>>> line 1073, in run
>>> 0, server, zone, name, add_rec_buf, None)
>>> root @ samba: /opt/samba_src/samba-4.3.3#
>>>
>>>
>>>
>>> Samba 4 logs:
>>>
>>> Jun 28 17:28:40 samba named [8988]: samba_dlz: starting transaction 
>>> on zone local.domain
>>> Jun 28 17:28:40 samba named [8988]: client 192.168.200.66 # 59830: 
>>> update 'local.domain / IN' denied
>>> Jun 28 17:28:40 samba named [8988]: samba_dlz: canceling transaction 
>>> on zone local.domain
>>> Jun 28 17:28:40 samba named [8988]: samba_dlz: starting transaction 
>>> on zone local.domain
>>> Jun 28 17:28:40 samba named [8988]: samba_dlz: Allowing update of 
>>> signer = Win2008 \ $ \ @ LOCAL.DOMAIN name = WIN2008.local.domain 
>>> tcpaddr = type = AAAA key = 996-ms-7.3-37764d. 
>>> e5b44e60-3d6e-11e6-02b3-080027f8e516 / 160/0
>>> Jun 28 17:28:40 samba named [8988]: samba_dlz: Allowing update of 
>>> signer = Win2008 \ $ \ @ LOCAL.DOMAIN name = WIN2008.local.domain 
>>> tcpaddr = type = A key = 996-ms-7.3-37764d. 
>>> e5b44e60-3d6e-11e6-02b3-080027f8e516 / 160/0
>>> Jun 28 17:28:40 samba named [8988]: samba_dlz: Allowing update of 
>>> signer = Win2008 \ $ \ @ LOCAL.DOMAIN name = WIN2008.local.domain 
>>> tcpaddr = type = A key = 996-ms-7.3-37764d. 
>>> e5b44e60-3d6e-11e6-02b3-080027f8e516 / 160/0
>>> Jun 28 17:28:40 samba named [8988]: client 192.168.200.66 # 50239 / 
>>> key Win2008 \ $ \ @ LOCAL.DOMAIN: updating zone 'local.domain / 
>>> NONE': deleting RRset at 'WIN2008.local.domain' YYYY
>>> Jun 28 17:28:40 samba named [8988]: client 192.168.200.66 # 50239 / 
>>> key Win2008 \ $ \ @ LOCAL.DOMAIN: updating zone 'local.domain / 
>>> NONE': deleting RRset at 'WIN2008.local.domain' THE
>>> Jun 28 17:28:40 samba named [8988]: samba_dlz: subtracted rdataset 
>>> WIN2008.local.domain '. WIN2008.local.domain # 011900 # 011IN # 011A 
>>> # 011192.168.200.66'
>>> Jun 28 17:28:40 samba named [8988]: client 192.168.200.66 # 50239 / 
>>> key Win2008 \ $ \ @ LOCAL.DOMAIN: updating zone 'local.domain / 
>>> NONE': adding an RR at 'WIN2008.local.domain 'The 192.168.200.66
>>> Jun 28 17:28:40 samba named [8988]: samba_dlz: added rdataset 
>>> WIN2008.local.domain 'WIN2008.local.domain # 0111200 # 011IN # 011A 
>>> # 011192.168.200.66.'
>>> Jun 28 17:28:40 samba named [8988]: samba_dlz:. Subtracted 
>>> local.domain rdataset 'local.domain # 0113600 # # 011SOA 011IN # 
>>> 011samba.local.domain. hostmaster.local.domain. 5900600 86400 3600 '
>>> Jun 28 17:28:40 samba named [8988]: samba_dlz: added rdataset 
>>> local.domain 'local.domain # 0113600 # # 011SOA 011IN # 
>>> 011samba.local.domain.. hostmaster.local.domain. 6900600 86400 3600 '
>>> Jun 28 17:28:40 samba named [8988]: samba_dlz: committed transaction 
>>> on zone local.domain
>>>
>>
>> This log fragment is only showing the DC updating its own record on a 
>> Samba DC, you will need to look in the logs on the windows DC.
>>
>> I take it that the windows DC is running a DNS server, I think you 
>> said in an earlier post that this is Bind DNS server, if this is the 
>> case *where does Bind store the zone info ? *
>>
>> Rowland
>>
>>> Any idea ?
>>>
>>> Thank you
>>>
>>
>>
>
>

OK, please answer these questions:

What DNS server is running on the windows DC ?
Have you looked at the logs on the windows DC ?
If you have looked in the logs on the windows DC, have you found 
anything relevant ?

Does the windows DC have a fixed ipaddress ?

Rowland




More information about the samba mailing list