[Samba] Samba 4.7.2 + bind on Fedora 27: samba_dlz: spnego update failed
Dario Lesca
d.lesca at solinos.it
Mon Dec 4 11:56:19 UTC 2017
Il giorno lun, 04/12/2017 alle 11.29 +0000, Rowland Penny via samba ha
scritto:
> Try changing the 'options' of named.conf to this:
Thanks Rowland
Integrated your suggested changes and restart samba and named
Now my named.conf is this[1], but none is change:
[ root at server-addc ~]# samba_dnsupdate --all-names --fail-immediately
update failed: REFUSED
dic 04 12:46:43 server-addc.dogma-to.loc named[8474]: samba_dlz: spnego update failed
dic 04 12:46:43 server-addc.dogma-to.loc named[8474]: client @0x7fc9310a5e80 192.168.41.1#60981/key SERVER-ADDC\$\@DOGMA-TO.LOC: updating zone 'dogma-to.loc/NONE': update failed: rejected by secure update (REFUSED)
I have also try this:
[ root at server-addc ~]# samba_dnsupdate --all-names --use-samba-tool --fail-immediately
ERROR(runtime): uncaught exception - (9711, 'WERR_DNS_ERROR_RECORD_ALREADY_EXISTS')
File "/usr/lib64/python2.7/site-packages/samba/netcmd/__init__.py", line 176, in _run
return self.run(*args, **kwargs)
File "/usr/lib64/python2.7/site-packages/samba/netcmd/dns.py", line 940, in run
raise e
But also fail.
Some other suggest?
Thanks
Dario
[1] /etc/named.conf
options {
listen-on port 53 { 127.0.0.1; 192.168.41.1; };
//listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
allow-query { localhost; 192.168.41.0/24; };
recursion yes;
//dnssec-enable yes;
//dnssec-validation yes;
managed-keys-directory "/var/named/dynamic";
pid-file "/run/named/named.pid";
session-keyfile "/run/named/session.key";
/* https://fedoraproject.org/wiki/Changes/CryptoPolicy */
include "/etc/crypto-policies/back-ends/bind.config";
tkey-gssapi-keytab "/var/lib/samba/bind-dns/dns.keytab";
allow-recursion { 192.168.41.0/24; 127.0.0.1/32; };
notify no;
empty-zones-enable no;
forwarders { 8.8.8.8; 8.8.4.4; };
dnssec-validation no;
dnssec-enable no;
allow-transfer { none; };
};
logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
};
zone "." IN {
type hint;
file "named.ca";
};
include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";
include "/var/lib/samba/bind-dns/named.conf";
--
Dario Lesca
(inviato dal mio Linux Fedora 27 Workstation)
More information about the samba
mailing list