[Samba] client @0x7f6ed800bc20 172.16.5.86#62582: update 'campus.company.intra/IN' denied

Elias Pereira empbilly at gmail.com
Mon Jul 2 17:22:36 UTC 2018 

>
> I repeat, Bind 9.12.x is unsupported at this time, just because it
> worked once is no reason to use it. It may have nothing to do with your
> problem, but using a supported Bind version will rule it out.


Ok. :)

I'll reinstall using supported version 9.11.3-2

OK, your server, but I think you should be aware that I have been using
> Bind9 with Samba since December 2012 and I have never used the rndc.key


Without these entries, the error below always appears in the logs.

Jul  2 12:37:23 dc3 named[20416]: configuring command channel from
'/etc/bind/rndc.key'
Jul  2 12:37:23 dc3 named[20416]: couldn't add command channel ::1#953:
address not available

That is if you are using the MIT kerberos with Samba, instead of the
> default HEIMDAL.


ok. I remove it. I use HEIMDAL.

Client update denied error still remains in the logs.

Does this error interfere with client updates with ADDC or is this
something with bind?


On Mon, Jul 2, 2018 at 12:31 PM Rowland Penny via samba <
samba at lists.samba.org> wrote:

> On Mon, 2 Jul 2018 12:12:07 -0300
> Elias Pereira via samba <samba at lists.samba.org> wrote:
>
> > >
> > > Hmm, bind 9.12.x isn't supported yet.
> >
> >
> > He works with "dlopen
> > /usr/lib/x86_64-linux-gnu/samba/bind9/dlz_bind9_11.so" without
> > problems, at first.
>
> I repeat, Bind 9.12.x is unsupported at this time, just because it
> worked once is no reason to use it. It may have nothing to do with your
> problem, but using a supported Bind version will rule it out.
>
> >
> > include "/etc/bind/rndc.key";
> > > controls {
> > >           inet 127.0.0.1 allow { localhost; } keys { rndc-key;};
> > > };
> > > You do not need the four lines above
> >
> >
> > Ok, but if I leave it, does not have problems either, I believe!?
>
> OK, your server, but I think you should be aware that I have been using
> Bind9 with Samba since December 2012 and I have never used the rndc.key
>
> >
> > You mention '#public IP' twice, are they both the same IP and is it
> > > the DC ipaddress and if so, why are you trying to forward the DC to
> > > itself ?
> >
> >
> > No, two different networks.
> > xxx.xxx.xxx.0/26
> > xxx.xxx.xxx.128/26
> >
> > Sometimes the "samba_dlz: spnego update failed" appears in the log. I
> > found this link talks about the problem.
> > https://bugzilla.redhat.com/show_bug.cgi?id=1528867
> >
> > I added the "KRB5RCACHETYPE="none"" on the /etc/default/bind9, but the
> > error message keeps.
> >
>
> That is if you are using the MIT kerberos with Samba, instead of the
> default HEIMDAL.
>
> Rowland
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
>


-- 
Elias Pereira

More information about the samba mailing list