[Samba] Samba, AD, 'short' name resolving...

Marco Gaiarin gaio at sv.lnf.it
Fri Jun 15 08:56:37 UTC 2018 

Mandi! L.P.H. van Belle via samba
  In chel di` si favelave...

> > I don't understand it either, the rndc.key is absolutely not used by
> > Samba or Bind9 in an AD domain.
> Then great to hear im not alone.  :-/ 
> But by adding that part, my TSIG error message was gone from my logs. 

Added, but catched that:

 Jun 15 05:48:40 vdcsv2 named[6494]: samba_dlz: starting transaction on zone ad.fvg.lnf.it
 Jun 15 05:48:40 vdcsv2 named[6494]: client 10.5.2.64#50403: update 'ad.fvg.lnf.it/IN' denied
 Jun 15 05:48:40 vdcsv2 named[6494]: samba_dlz: cancelling transaction on zone ad.fvg.lnf.it
 Jun 15 05:48:40 vdcsv2 named[6494]: samba_dlz: starting transaction on zone ad.fvg.lnf.it
 Jun 15 05:48:40 vdcsv2 named[6494]: samba_dlz: allowing update of signer=ALBERT\$\@AD.FVG.LNF.IT name=ALBERT.ad.fvg.lnf.it tcpaddr= type=AAAA key=1628-ms-7.213-4064bc3.c1816194-6fb1-11e8-5eb7-3464a91c1e49/160/0
 Jun 15 05:48:40 vdcsv2 named[6494]: samba_dlz: allowing update of signer=ALBERT\$\@AD.FVG.LNF.IT name=ALBERT.ad.fvg.lnf.it tcpaddr= type=A key=1628-ms-7.213-4064bc3.c1816194-6fb1-11e8-5eb7-3464a91c1e49/160/0
 Jun 15 05:48:40 vdcsv2 named[6494]: samba_dlz: allowing update of signer=ALBERT\$\@AD.FVG.LNF.IT name=ALBERT.ad.fvg.lnf.it tcpaddr= type=A key=1628-ms-7.213-4064bc3.c1816194-6fb1-11e8-5eb7-3464a91c1e49/160/0
 Jun 15 05:48:40 vdcsv2 named[6494]: client 10.5.2.64#61734/key ALBERT\$\@AD.FVG.LNF.IT: updating zone 'ad.fvg.lnf.it/NONE': deleting rrset at 'ALBERT.ad.fvg.lnf.it' AAAA
 Jun 15 05:48:40 vdcsv2 named[6494]: client 10.5.2.64#61734/key ALBERT\$\@AD.FVG.LNF.IT: updating zone 'ad.fvg.lnf.it/NONE': deleting rrset at 'ALBERT.ad.fvg.lnf.it' A
 Jun 15 05:48:40 vdcsv2 named[6494]: samba_dlz: subtracted rdataset ALBERT.ad.fvg.lnf.it 'ALBERT.ad.fvg.lnf.it.#0111200#011IN#011A#01110.5.2.64'
 Jun 15 05:48:40 vdcsv2 named[6494]: client 10.5.2.64#61734/key ALBERT\$\@AD.FVG.LNF.IT: updating zone 'ad.fvg.lnf.it/NONE': adding an RR at 'ALBERT.ad.fvg.lnf.it' A
 Jun 15 05:48:40 vdcsv2 named[6494]: samba_dlz: added rdataset ALBERT.ad.fvg.lnf.it 'ALBERT.ad.fvg.lnf.it.#0111200#011IN#011A#01110.5.2.64'
 Jun 15 05:48:40 vdcsv2 named[6494]: samba_dlz: committed transaction on zone ad.fvg.lnf.it
 Jun 15 05:48:40 vdcsv2 named[6494]: samba_dlz: starting transaction on zone ad.fvg.lnf.it
 Jun 15 05:48:40 vdcsv2 named[6494]: client 10.5.2.64#57791: update 'ad.fvg.lnf.it/IN' denied
 Jun 15 05:48:40 vdcsv2 named[6494]: samba_dlz: cancelling transaction on zone ad.fvg.lnf.it
 Jun 15 05:48:40 vdcsv2 named[6494]: samba_dlz: starting transaction on zone ad.fvg.lnf.it
 Jun 15 05:48:40 vdcsv2 named[6494]: samba_dlz: allowing update of signer=ALBERT\$\@AD.FVG.LNF.IT name=ALBERT.ad.fvg.lnf.it tcpaddr= type=AAAA key=1628-ms-7.213-4064bc3.c1816194-6fb1-11e8-5eb7-3464a91c1e49/160/0
 Jun 15 05:48:40 vdcsv2 named[6494]: samba_dlz: allowing update of signer=ALBERT\$\@AD.FVG.LNF.IT name=ALBERT.ad.fvg.lnf.it tcpaddr= type=A key=1628-ms-7.213-4064bc3.c1816194-6fb1-11e8-5eb7-3464a91c1e49/160/0
 Jun 15 05:48:40 vdcsv2 named[6494]: samba_dlz: allowing update of signer=ALBERT\$\@AD.FVG.LNF.IT name=ALBERT.ad.fvg.lnf.it tcpaddr= type=A key=1628-ms-7.213-4064bc3.c1816194-6fb1-11e8-5eb7-3464a91c1e49/160/0
 Jun 15 05:48:40 vdcsv2 named[6494]: client 10.5.2.64#50303/key ALBERT\$\@AD.FVG.LNF.IT: updating zone 'ad.fvg.lnf.it/NONE': deleting rrset at 'ALBERT.ad.fvg.lnf.it' AAAA
 Jun 15 05:48:40 vdcsv2 named[6494]: client 10.5.2.64#50303/key ALBERT\$\@AD.FVG.LNF.IT: updating zone 'ad.fvg.lnf.it/NONE': deleting rrset at 'ALBERT.ad.fvg.lnf.it' A
 Jun 15 05:48:40 vdcsv2 named[6494]: samba_dlz: subtracted rdataset ALBERT.ad.fvg.lnf.it 'ALBERT.ad.fvg.lnf.it.#0111200#011IN#011A#01110.5.2.64'
 Jun 15 05:48:40 vdcsv2 named[6494]: client 10.5.2.64#50303/key ALBERT\$\@AD.FVG.LNF.IT: updating zone 'ad.fvg.lnf.it/NONE': adding an RR at 'ALBERT.ad.fvg.lnf.it' A
 Jun 15 05:48:40 vdcsv2 named[6494]: samba_dlz: added rdataset ALBERT.ad.fvg.lnf.it 'ALBERT.ad.fvg.lnf.it.#0111200#011IN#011A#01110.5.2.64'
 Jun 15 05:48:40 vdcsv2 named[6494]: samba_dlz: committed transaction on zone ad.fvg.lnf.it
 Jun 15 05:48:45 vdcsv2 named[6494]: client 10.5.2.64#50303: request has invalid signature: TSIG 1628-ms-7.213-4064bc3.c1816194-6fb1-11e8-5eb7-3464a91c1e49 (ALBERT\$\@AD.FVG.LNF.IT): tsig verify failure (BADSIG)


Looking at:

	https://wiki.debian.org/Bind9#File_.2Fetc.2Fbind.2Fnamed.conf

the note:

	// Configure the communication channel for Administrative BIND9 with rndc
	// By default, they key is in the rndc.key file and is used by rndc and bind9 
	// on the localhost

seems to me that inclusion of rndc.conf and access on localhost is the
default, and so it is not needed.

-- 
dott. Marco Gaiarin				        GNUPG Key ID: 240A3D66
  Associazione ``La Nostra Famiglia''          http://www.lanostrafamiglia.it/
  Polo FVG   -   Via della Bontà, 7 - 33078   -   San Vito al Tagliamento (PN)
  marco.gaiarin(at)lanostrafamiglia.it   t +39-0434-842711   f +39-0434-842797

		Dona il 5 PER MILLE a LA NOSTRA FAMIGLIA!
      http://www.lanostrafamiglia.it/index.php/it/sostienici/5x1000
	(cf 00307430132, categoria ONLUS oppure RICERCA SANITARIA)

More information about the samba mailing list