[Samba] samba Digest, Vol 172, Issue 2
Karl Heinz Wichmann
wichmann-karl at web.de
Sun Apr 2 17:39:22 UTC 2017
Hallo Rowland
If this parameter not for the internal dns?
Ok. I changed the parameter. The same problem.
The test with the internal dns. It looks good.
service sernet-samba-ad stop
service bind9 stop
change
server services = -dns
to
# server services = -dns
samba_upgradedns --dns-backend=SAMBA_INTERNAL
service sernet-samba-ad start
netstat -tulpen | grep 53 (dns in running)
I think i found the error.
bind9 at debian 8.7 was default not compiled with "--with-dlopen=yes"
only with '--with-gssapi=/usr'
named -V
--------
BIND 9.9.5-9+deb8u10-Debian (Extended Support Version) <id:f9b8a50e>
built by make with '--prefix=/usr' '--mandir=/usr/share/man'
'--infodir=/usr/share/info'
'--sysconfdir=/etc/bind' '--localstatedir=/var' '--enable-threads'
'--enable-largefile' '--with-libtool' '--enable-shared' '--enable-static'
'--with-openssl=/usr' '--with-gssapi=/usr' '--with-gnu-ld'
'--with-geoip=/usr' '--with-atf=no' '--enable-ipv6' '--enable-rrl'
'--enable-filter-aaaa'
'CFLAGS=-fno-strict-aliasing -fno-delete-null-pointer-checks
-DDIG_SIGCHASE -O2'
compiled by GCC 4.9.2
using OpenSSL version: OpenSSL 1.0.1t 3 May 2016
using libxml2 version: 2.9.1
Regards,
Karl Heinz
Am 02.04.2017 um 19:21 schrieb Rowland Penny:
> On Sun, 2 Apr 2017 19:02:35 +0200
> Karl Heinz Wichmann via samba <samba at lists.samba.org> wrote:
>
>> Hallo Marc
>>
>> I change the loglevel to 10
>>
>>
>> database
>> "dlopen /usr/lib/x86_64-linux-gnu/samba/bind9/dlz_bind9_9.so -d 10";
>>
>> and i get following errors:
>>
>> 02-Apr-2017 18:47:44.389 samba_dlz: ldb: ldb_asprintf/set_errstring:
>> No such Base DN:
>> DC=client008.my.domain.de,CN=MicrosoftDNS,DC=ForestDnsZones,DC=my,DC=domain,DC=de
>> 02-Apr-2017 18:47:44.389 samba_dlz: ldb: ldb_trace_response: DONE
>> 02-Apr-2017 18:47:44.389 samba_dlz: error: 32
>> 02-Apr-2017 18:47:44.389 samba_dlz: msg: No such Base DN:
>> DC=client008.my.domain.de,CN=MicrosoftDNS,DC=ForestDnsZones,DC=my,DC=domain,DC=de
>> 02-Apr-2017 18:47:44.389 samba_dlz:
>> 02-Apr-2017 18:47:44.389 samba_dlz: ldb: ldb_trace_request: SEARCH
>> 02-Apr-2017 18:47:44.389 samba_dlz: dn:
>> DC=client008.my.domain.de,CN=MicrosoftDNS,CN=System,DC=my,DC=domain,DC=de
>> 02-Apr-2017 18:47:44.389 samba_dlz: scope: base
>> 02-Apr-2017 18:47:44.389 samba_dlz: expr: (objectClass=dnsZone)
>> 02-Apr-2017 18:47:44.389 samba_dlz: control: <NONE>
>>
>> and
>>
>> 02-Apr-2017 18:47:41.373 samba_dlz: Starting GENSEC mechanism spnego
>> 02-Apr-2017 18:47:41.373 samba_dlz: Starting GENSEC submechanism
>> gssapi_krb5 02-Apr-2017 18:47:41.373 samba_dlz: spnego update failed
>> 02-Apr-2017 18:47:41.374 client 192.168.99.6#58125/key
>> CLIENT\$\@my.domain.de: updating zone 'my.domain.de/NONE': update
>> failed: rejected by secure update (REFUSED)
>> 02-Apr-2017 18:47:41.374 samba_dlz: ldb: cancel ldb transaction
>> (nesting: 0)
>>
>>
>
> Try adding 'allow dns updates = nonsecure' to smb.conf
>
> Rowland
>
More information about the samba
mailing list