[Samba] Workstations cannot update DNS
durwin at mgtsciences.com
durwin at mgtsciences.com
Tue May 14 20:36:48 UTC 2019
I am trying to get DDNS working, so workstations can update their ip.
The domain is msi.mycompany.com
The DC server works, as well as group policies.
I set rights to these files
> chgrp bind /var/lib/samba/private/
> chmod 750 /var/lib/samba/private/
> chgrp bind /var/lib/samba/private/dns.keytab
> chmod 640 /var/lib/samba/private/dns.keytab
journalctl shows this.
May 14 14:22:32 audit[2117]: AVC apparmor="DENIED" operation="file_lock"
profile="/usr/sbin/named" name="/var/lib/samba/private/dns.keytab"
pid=2117 comm="isc-worker0000" requested_mask="k" denied_mask="k"
fsuid=111 ouid=0
May 14 14:22:32 kernel: audit: type=1400 audit(1557865352.085:35):
apparmor="DENIED" operation="file_lock" profile="/usr/sbin/named"
name="/var/lib/samba/private/dns.keytab" pid=2117 comm="isc-worker0000"
requested_mask="k" denied_mask="k" fsuid=111 ouid=0
When I run.
> named -u bind -f -g 2>&1 | tee /tmp/named.log
I get this.
14-May-2019 14:22:32.085 samba_dlz: starting transaction on zone
msi.mycompany.com
14-May-2019 14:22:32.086 client @0x7febec0c6c50 172.23.93.246#59744:
update 'msi.mycompany.com/IN' denied
14-May-2019 14:22:32.087 samba_dlz: cancelling transaction on zone
msi.mycompany.com
When I run.
> samba_upgradedns --dns-backend=BIND9_DLZ
I get this.
Reading domain information
DNS accounts already exist
No zone file /var/lib/samba/bind-dns/dns/MSI.MYCOMPANY.COM.zone
DNS records will be automatically created
DNS partitions already exist
dns-dc0 account already exists
See /var/lib/samba/bind-dns/named.conf for an example configuration
include file for BIND
and /var/lib/samba/bind-dns/named.txt for further documentation required
for secure DNS updates
Finished upgrading DNS
Any ideas?
Thank you,
Durwin
This email message and any attachments are for the sole use of the
intended recipient(s) and may contain proprietary and/or confidential
information which may be privileged or otherwise protected from
disclosure. Any unauthorized review, use, disclosure or distribution is
prohibited. If you are not the intended recipient(s), please contact the
sender by reply email and destroy the original message and any copies of
the message as well as any attachments to the original message.
More information about the samba
mailing list