[Samba] samab-4.10 nsupdate

James B. Byrne byrnejb at harte-lyne.ca
Thu Jul 2 14:30:52 UTC 2020

Thank you for your patience.

On Tue, June 30, 2020 16:48, Rowland penny wrote:
>  From 'man smb.conf':
> nsupdate command (G)
>         This option sets the path to the nsupdate command which is used for
> GSS-TSIG dynamic DNS updates.
>         Default: nsupdate command = /usr/bin/nsupdate -g
> dns update command (G)
>         This option sets the command that is called when there are DNS
> updates. It should update the local machines DNS names using TSIG-GSS.
>         Default: dns update command = ${prefix}/sbin/samba_dnsupdate
>         Example: dns update command = /usr/local/sbin/dnsupdate
> You probably need both.
> Rowland

If I use the -g option to nsupdate then I see this:

update(nsupdate): A ForestDnsZones.brockley.harte-lyne.ca
Calling nsupdate for A ForestDnsZones.brockley.harte-lyne.ca (add)
Successfully obtained Kerberos ticket to DNS/SMB4-1.brockley.harte-lyne.ca as
/usr/local/bin/nsupdate: cannot specify -g or -o, program not linked with GSS
API Library
Failed nsupdate: 1

When I remove the -g option then I get this:

[root at smb4-1 ~ (master)]# grep nsupdate /usr/local/etc/smb4.conf

  dns update command = /usr/local/bin/nsupdate
  nsupdate command = /usr/local/bin/nsupdate

And the error changes to this:

update failed: REFUSED
Failed nsupdate: 2
update(nsupdate): SRV
SMB4-1.brockley.harte-lyne.ca 389
Calling nsupdate for SRV
SMB4-1.brockley.harte-lyne.ca 389 (add)
Successfully obtained Kerberos ticket to DNS/SMB4-1.brockley.harte-lyne.ca as
Outgoing update query:
;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id:      0
;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0
900 IN	SRV 0 100 389 SMB4-1.brockley.harte-lyne.ca.

update failed: REFUSED
Failed nsupdate: 2
Failed update of 29 entries

I have checked that resolv.conf is properly set for this host:

[root at smb4-1 ~ (master)]# cat /etc/resolv.conf
search brockley.harte-lyne.ca hamilton.harte-lyne.ca harte-lyne.ca
options edns0 timeout:5 attempts:3

and that /etc/hosts is likewise set up to use the jail's assigned lo0 address:

[root at smb4-1 ~ (master)]#  grep 'local\|smb4' /etc/hosts		localhost localhost.brockley.harte-lyne.ca          smb4-1.brockley.harte-lyne.ca smb4-1          smb4-2.brockley.harte-lyne.ca smb4-2

We are getting closer to the answer I think.

***          e-Mail is NOT a SECURE channel          ***
        Do NOT transmit sensitive data via e-Mail
 Do NOT open attachments nor follow links sent by e-Mail

James B. Byrne                mailto:ByrneJB at Harte-Lyne.ca
Harte & Lyne Limited          http://www.harte-lyne.ca
9 Brockley Drive              vox: +1 905 561 1241
Hamilton, Ontario             fax: +1 905 561 0757
Canada  L8E 3C3

More information about the samba mailing list