[Samba] ipconfig /registerdns & PTR Records
Dirk Laurenz
samba at laurenz.ws
Fri Mar 8 19:30:04 UTC 2019
Hello,
the first mistake was, that only secure updates was configured on the client - I changed via GPO to unsecure followed by secure.
Now this works for both; but The A record is now updated, but not the PTR.
-----Ursprüngliche Nachricht-----
Von: samba <samba-bounces at lists.samba.org> Im Auftrag von Rowland Penny via samba
Gesendet: Freitag, 8. März 2019 19:57
An: samba at lists.samba.org
Betreff: Re: [Samba] ipconfig /registerdns & PTR Records
On Fri, 8 Mar 2019 19:14:32 +0100
Dirk Laurenz via samba <samba at lists.samba.org> wrote:
> Hello $LIST,
>
>
>
> i setup a new clean domain to examine the feature of updating/creating
> PTR records. When i call ipconfig /registerdns on the client i get
> this entry in the windows eventlog (sorry german)
>
>
>
> Fehler beim Registrieren der Hostressourceneinträge (A oder AAAA) für
> den Netzwerkadapter
>
> mit den folgenden Einstellungen:
>
>
>
> Adaptername: {2A467E48-624B-4CCF-9B7D-9BA5629D8117}
>
> Hostname: w7test
>
> Primäres Domänensuffix: samba.laurenz.ws
>
> DNS-Serverliste:
>
> 192.168.2.231, 192.168.2.232
>
> Server, an den das Update gesendet wurde: 192.168.2.231:53
>
> IP-Adresse(n):
>
> 192.168.2.107
>
>
>
> Die Ressourceneinträge konnten aufgrund eines Systemproblems nicht
> während der Updateanforderung registriert werden. Sie können die
> DNS-Registrierung des Netzwerkadapters und der dazugehörigen
> Einstellungen manuell ausführen, indem Sie an der Eingabeaufforderung
> "ipconfig /registerdns" eingeben. Wenden Sie sich an den DNS-Server-
> oder Netzwerksystemadministrator, wenn das Problem weiterhin besteht.
> Genauere Fehlercodeinformationen finden Sie in den Ereignisdetails.
>
>
>
> On the DC i see this:
>
>
>
> root at dc01:/var/lib/samba/private# systemctl status bind9
>
> ● bind9.service - BIND Domain Name Server
>
> Loaded: loaded (/lib/systemd/system/bind9.service; enabled; vendor
> preset: enabled)
>
> Active: active (running) since Fri 2019-03-08 16:07:35 CET; 4min 7s
> ago
>
> Docs: man:named(8)
>
> Process: 30090 ExecStop=/usr/sbin/rndc stop (code=exited,
> status=0/SUCCESS)
>
> Main PID: 30095 (named)
>
> CGroup: /system.slice/bind9.service
>
> └─30095 /usr/sbin/named -f -u bind
>
>
>
> Mar 08 16:07:46 dc01 named[30095]: samba_dlz: added rdataset
> _ldap._tcp.Zuahause._sites.ForestDnsZones.samba.laurenz.ws
> '_ldap._tcp.Zuahause._sites.ForestDnsZones.samba.laurenz.ws.
> 900 IN SRV 0 100 389 dc01.sa
>
> Mar 08 16:07:46 dc01 named[30095]: samba_dlz: subtracted rdataset
> samba.laurenz.ws 'samba.laurenz.ws. 3600 IN
> SOA dc01.samba.laurenz.ws. hostmaster.samba.laurenz.ws. 7 900
> 600 86400 3600'
>
> Mar 08 16:07:46 dc01 named[30095]: samba_dlz: added rdataset
> samba.laurenz.ws 'samba.laurenz.ws. 3600 IN
> SOA dc01.samba.laurenz.ws. hostmaster.samba.laurenz.ws. 8 900
> 600 86400 3600'
>
> Mar 08 16:07:46 dc01 named[30095]: samba_dlz: committed transaction on
> zone samba.laurenz.ws
>
> Mar 08 16:08:13 dc01 named[30095]: samba_dlz: starting transaction on
> zone samba.laurenz.ws
>
> Mar 08 16:08:13 dc01 named[30095]: client 192.168.2.107#55757: update
> 'samba.laurenz.ws/IN' denied
>
> Mar 08 16:08:13 dc01 named[30095]: samba_dlz: cancelling transaction
> on zone samba.laurenz.ws
>
> Mar 08 16:11:23 dc01 named[30095]: samba_dlz: starting transaction on
> zone samba.laurenz.ws
>
> Mar 08 16:11:23 dc01 named[30095]: client 192.168.2.107#51224: update
> 'samba.laurenz.ws/IN' denied
>
> Mar 08 16:11:23 dc01 named[30095]: samba_dlz: cancelling transaction
> on zone samba.laurenz.ws
>
>
>
> No entry in log.samba at that timestap, the rndc error was before (no
> read access to dns.keytab)
>
>
>
> root at dc01:/var/lib/samba/private# tail /var/log/samba/log.samba
>
> [2019/03/08 16:03:16.913274,
> 0] ../lib/util/util_runcmd.c:327(samba_runcmd_io_handler)
>
> /usr/sbin/samba_dnsupdate: dns_tkey_negotiategss: TKEY is
> unacceptable
>
> [2019/03/08 16:03:17.234968,
> 0] ../lib/util/util_runcmd.c:327(samba_runcmd_io_handler)
>
> /usr/sbin/samba_dnsupdate: dns_tkey_negotiategss: TKEY is
> unacceptable
>
> [2019/03/08 16:03:17.321152,
> 0] ../source4/dsdb/dns/dns_update.c:330(dnsupdate_nameupdate_done)
>
> ../source4/dsdb/dns/dns_update.c:330: Failed DNS update - with error
> code 8
>
> [2019/03/08 16:04:23.222079,
> 0] ../lib/util/util_runcmd.c:327(samba_runcmd_io_handler)
>
> /usr/sbin/rndc: rndc: 'reload' failed: file not found
>
> [2019/03/08 16:04:23.239566,
> 0] ../source4/dsdb/dns/dns_update.c:91(dnsupdate_rndc_done)
>
> ../source4/dsdb/dns/dns_update.c:91: Failed rndc update -
> NT_STATUS_ACCESS_DENIED
>
>
>
> In DNS Manager secure & unsecured updates are allowed…
>
>
>
> I’m not sure, why bind is denying….
Try adding this to smb.conf on the Samba DC:
dns update command = /usr/sbin/samba_dnsupdate --use-samba-tool
Restart the DC and see what happens.
Rowland
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
More information about the samba
mailing list