[Samba] DDNS Error
Christian Naumer
cn at brain-biotech.de
Wed May 16 10:57:31 UTC 2018
The DDNS setup from the wiki uses the keytab of the seperate
"Unprivileged user for TSIG-GSSAPI DNS updates via ISC DHCP server"
you have to Check this one not the one which BIND uses.
Regards
Am 16.05.2018 um 12:45 schrieb Rowland Penny via samba:
> On Wed, 16 May 2018 12:32:52 +0200 Stefan Kania via samba
> <samba at lists.samba.org> wrote:
>
>> It's me again :-) Now we have DDNS with DHCP running but we have
>> a problem on one of our two DCs. Btw we used the setup and the
>> script from wiki. Doing a "dhclient" on a host we are getting the
>> following messages: ------------- Mai 16 12:13:28 samba41
>> dhcpd[3961]: Commit: IP: 192.168.0.249 DHCID: 1:50:5b:5d:1c:ab:aa
>> Name: horst Mai 16 12:13:28 samba41 dhcpd[3961]:
>> execute_statement argv[0] = /etc/dhcp/bin/dhcp-dyndns.sh Mai 16
>> 12:13:28 samba41 dhcpd[3961]: execute_statement argv[1] = add Mai
>> 16 12:13:28 samba41 dhcpd[3961]: execute_statement argv[2] =
>> 192.168.0.249 Mai 16 12:13:28 samba41 dhcpd[3961]:
>> execute_statement argv[3] = 1:50:5b:5d:1c:ab:aa Mai 16 12:13:28
>> samba41 dhcpd[3961]: execute_statement argv[4] = horst Mai 16
>> 12:13:28 samba41 root[7505]: DHCP-DNS Update failed: 11 Mai 16
>> 12:13:28 samba41 dhcpd[3961]: execute:
>> /etc/dhcp/bin/dhcp-dyndns.sh exit status 2816 -------------
>>
>> We then tried to create the entry with the script:
>> ---------------- /etc/dhcp/bin/dhcp-dyndns.sh "add"
>> 192.168.225.60 1:50:5b:5d:1c:ab:aa horst . . .
>> 3160958102.sig-samba41.example.net. 0 ANY TKEY gss-tsig. 0 0 3
>> BADKEY 0 0
>>
>> dns_tkey_negotiategss: TKEY is unacceptable ----------------
>>
>> Then we checked with: ----------- samba_dnsupdate --verbose
>> ----------- Everything is fine, no error about the unacceptable
>> TKEY
>>
>> We did everything from:
>> https://wiki.samba.org/index.php/Dns_tkey_negotiategss:_TKEY_is_unacceptable
>>
>>
>>
- deleted the dns.keytab
>> - deleted the dns-samba41 user - run "samba_upgradedns
>> --dns-backend=BIND9_DLZ"
>>
>> We checked the permissions of all files. We checked the bind9
>> config for the TKEY line. Everything is ok. The update works on
>> the second DC without any error about the key. It's only one ADDC
>> that makes the problem. The only differences we found was that
>> the username on the working ADDC is in capital letters
>> (CN=dns-SAMBA42) and on the non working ADDC in small letter
>> (CN=dns-samba41). But on both systems it's the same inside the
>> dns.keytab. (small =non working | capital = working).
>>
>> Any help?
>>
>> Stefan
>>
>
> Have you set up 'failover' ? The records belong to whoever creates
> them, so if one DC creates them, then the other cannot.
>
> Rowland
>
--
Dr. Christian Naumer
Research Scientist
Plattform-Koordinator Bioprozesstechnik
B.R.A.I.N Aktiengesellschaft
Darmstaedter Str. 34-36, D-64673 Zwingenberg
e-mail cn at brain-biotech.de, homepage www.brain-biotech.de
fon +49-6251-9331-30 / fax +49-6251-9331-11
Sitz der Gesellschaft: Zwingenberg/Bergstrasse
Registergericht AG Darmstadt, HRB 24758
Vorstand: Dr. Juergen Eck (Vorsitzender), Frank Goebel
Aufsichtsratsvorsitzender: Dr. Ludger Mueller
More information about the samba
mailing list