[Samba] client @0x7f6ed800bc20 update 'campus.company.intra/IN' denied

Rowland Penny rpenny at samba.org
Mon Jul 2 15:30:59 UTC 2018

On Mon, 2 Jul 2018 12:12:07 -0300
Elias Pereira via samba <samba at lists.samba.org> wrote:

> >
> > Hmm, bind 9.12.x isn't supported yet.
> He works with "dlopen
> /usr/lib/x86_64-linux-gnu/samba/bind9/dlz_bind9_11.so" without
> problems, at first.

I repeat, Bind 9.12.x is unsupported at this time, just because it
worked once is no reason to use it. It may have nothing to do with your
problem, but using a supported Bind version will rule it out.

> include "/etc/bind/rndc.key";
> > controls {
> >           inet allow { localhost; } keys { rndc-key;};
> > };
> > You do not need the four lines above
> Ok, but if I leave it, does not have problems either, I believe!?

OK, your server, but I think you should be aware that I have been using
Bind9 with Samba since December 2012 and I have never used the rndc.key

> You mention '#public IP' twice, are they both the same IP and is it
> > the DC ipaddress and if so, why are you trying to forward the DC to
> > itself ?
> No, two different networks.
> xxx.xxx.xxx.0/26
> xxx.xxx.xxx.128/26
> Sometimes the "samba_dlz: spnego update failed" appears in the log. I
> found this link talks about the problem.
> https://bugzilla.redhat.com/show_bug.cgi?id=1528867
> I added the "KRB5RCACHETYPE="none"" on the /etc/default/bind9, but the
> error message keeps.

That is if you are using the MIT kerberos with Samba, instead of the
default HEIMDAL.


More information about the samba mailing list