[Samba] ipconfig /registerdns & PTR Records

Dirk Laurenz samba at laurenz.ws
Fri Mar 8 19:30:04 UTC 2019 

Hello,

the first mistake was, that only secure updates was configured on the client - I changed via GPO to unsecure followed by secure.
Now this works for both; but The A record is now updated, but not the PTR.



-----Ursprüngliche Nachricht-----
Von: samba <samba-bounces at lists.samba.org> Im Auftrag von Rowland Penny via samba
Gesendet: Freitag, 8. März 2019 19:57
An: samba at lists.samba.org
Betreff: Re: [Samba] ipconfig /registerdns & PTR Records

On Fri, 8 Mar 2019 19:14:32 +0100
Dirk Laurenz via samba <samba at lists.samba.org> wrote:

> Hello $LIST,
> 
>  
> 
> i setup a new clean domain to examine the feature of updating/creating 
> PTR records. When i call ipconfig /registerdns on the client i get 
> this entry in the windows eventlog (sorry german)
> 
>  
> 
> Fehler beim Registrieren der Hostressourceneinträge (A oder AAAA) für 
> den Netzwerkadapter
> 
>  mit den folgenden Einstellungen:
> 
>  
> 
>    Adaptername: {2A467E48-624B-4CCF-9B7D-9BA5629D8117}
> 
>    Hostname: w7test
> 
>    Primäres Domänensuffix: samba.laurenz.ws
> 
>    DNS-Serverliste: 
> 
>                192.168.2.231, 192.168.2.232
> 
>    Server, an den das Update gesendet wurde: 192.168.2.231:53
> 
>    IP-Adresse(n):
> 
>      192.168.2.107
> 
>  
> 
> Die Ressourceneinträge konnten aufgrund eines Systemproblems nicht 
> während der Updateanforderung registriert werden. Sie können die 
> DNS-Registrierung des Netzwerkadapters und der dazugehörigen 
> Einstellungen manuell ausführen, indem Sie an der Eingabeaufforderung 
> "ipconfig /registerdns" eingeben. Wenden Sie sich an den DNS-Server- 
> oder Netzwerksystemadministrator, wenn das Problem weiterhin besteht.
> Genauere Fehlercodeinformationen finden Sie in den Ereignisdetails.
> 
>  
> 
> On the DC i see this:
> 
>  
> 
> root at dc01:/var/lib/samba/private# systemctl status bind9
> 
> ● bind9.service - BIND Domain Name Server
> 
>    Loaded: loaded (/lib/systemd/system/bind9.service; enabled; vendor
> preset: enabled)
> 
>    Active: active (running) since Fri 2019-03-08 16:07:35 CET; 4min 7s 
> ago
> 
>      Docs: man:named(8)
> 
>   Process: 30090 ExecStop=/usr/sbin/rndc stop (code=exited,
> status=0/SUCCESS)
> 
> Main PID: 30095 (named)
> 
>    CGroup: /system.slice/bind9.service
> 
>            └─30095 /usr/sbin/named -f -u bind
> 
>  
> 
> Mar 08 16:07:46 dc01 named[30095]: samba_dlz: added rdataset 
> _ldap._tcp.Zuahause._sites.ForestDnsZones.samba.laurenz.ws
> '_ldap._tcp.Zuahause._sites.ForestDnsZones.samba.laurenz.ws.
> 900        IN        SRV        0 100 389 dc01.sa
> 
> Mar 08 16:07:46 dc01 named[30095]: samba_dlz: subtracted rdataset
> samba.laurenz.ws 'samba.laurenz.ws.        3600        IN
> SOA        dc01.samba.laurenz.ws. hostmaster.samba.laurenz.ws. 7 900
> 600 86400 3600'
> 
> Mar 08 16:07:46 dc01 named[30095]: samba_dlz: added rdataset
> samba.laurenz.ws 'samba.laurenz.ws.        3600        IN
> SOA        dc01.samba.laurenz.ws. hostmaster.samba.laurenz.ws. 8 900
> 600 86400 3600'
> 
> Mar 08 16:07:46 dc01 named[30095]: samba_dlz: committed transaction on 
> zone samba.laurenz.ws
> 
> Mar 08 16:08:13 dc01 named[30095]: samba_dlz: starting transaction on 
> zone samba.laurenz.ws
> 
> Mar 08 16:08:13 dc01 named[30095]: client 192.168.2.107#55757: update 
> 'samba.laurenz.ws/IN' denied
> 
> Mar 08 16:08:13 dc01 named[30095]: samba_dlz: cancelling transaction 
> on zone samba.laurenz.ws
> 
> Mar 08 16:11:23 dc01 named[30095]: samba_dlz: starting transaction on 
> zone samba.laurenz.ws
> 
> Mar 08 16:11:23 dc01 named[30095]: client 192.168.2.107#51224: update 
> 'samba.laurenz.ws/IN' denied
> 
> Mar 08 16:11:23 dc01 named[30095]: samba_dlz: cancelling transaction 
> on zone samba.laurenz.ws
> 
>  
> 
> No entry in log.samba at that timestap, the rndc error was before (no 
> read access to dns.keytab)
> 
>  
> 
> root at dc01:/var/lib/samba/private# tail /var/log/samba/log.samba
> 
> [2019/03/08 16:03:16.913274,
> 0] ../lib/util/util_runcmd.c:327(samba_runcmd_io_handler)
> 
>   /usr/sbin/samba_dnsupdate: dns_tkey_negotiategss: TKEY is 
> unacceptable
> 
> [2019/03/08 16:03:17.234968,
> 0] ../lib/util/util_runcmd.c:327(samba_runcmd_io_handler)
> 
>   /usr/sbin/samba_dnsupdate: dns_tkey_negotiategss: TKEY is 
> unacceptable
> 
> [2019/03/08 16:03:17.321152,
> 0] ../source4/dsdb/dns/dns_update.c:330(dnsupdate_nameupdate_done)
> 
>   ../source4/dsdb/dns/dns_update.c:330: Failed DNS update - with error 
> code 8
> 
> [2019/03/08 16:04:23.222079,
> 0] ../lib/util/util_runcmd.c:327(samba_runcmd_io_handler)
> 
>   /usr/sbin/rndc: rndc: 'reload' failed: file not found
> 
> [2019/03/08 16:04:23.239566,
> 0] ../source4/dsdb/dns/dns_update.c:91(dnsupdate_rndc_done)
> 
>   ../source4/dsdb/dns/dns_update.c:91: Failed rndc update - 
> NT_STATUS_ACCESS_DENIED
> 
>  
> 
> In DNS Manager secure & unsecured updates are allowed…
> 
>  
> 
> I’m not sure, why bind is denying….

Try adding this to smb.conf on the Samba DC:

dns update command = /usr/sbin/samba_dnsupdate --use-samba-tool

Restart the DC and see what happens.

Rowland


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

More information about the samba mailing list