[Samba] dnsupdate failed with TKEY is unaceptable
Rowland penny
rpenny at samba.org
Wed Nov 18 19:41:57 UTC 2020
On 18/11/2020 19:34, Rommel Rodriguez Toirac via samba wrote:
> Rommel Rodriguez Toiracrommelrt at nauta.cu
> On 18/11/2020 17:34, Rommel Rodriguez Toirac via samba wrote:> > In my network I have a samba 4.11.4 as Active Directory Domain Controller installed in CentOS 7 (gtmad.gtm.onat.gob.cu - 192.168.41.17). I have recently installed samba 4.13.2 in CentOS 8 (gtmad1.gtm.onat.gob.cu - 192.168.41.18) and following the wiki.samba.org guide I have joined it as a domain controller to my network.Have you compiled Samba yourself ?> When I check the local DNS service I get the following:> # host -t A gtm.onat.gob.cu localhost> Using domain server:> Name: localhost> Address: 127.0.0.1#53> Aliases:> gtm.onat.gob.cu has address 192.168.41.17> (It only solves the IP of the samba 4.11.4 AD-DC not his as well, do not know if this is a problem)> > > When I check the status of the named.service service it seems that everything is fine:> # systemctl status named.service -l>> └─18541 /usr/sbin/named -u named -c /etc/named.conf> nov 18 12:02:02 gtmad1.gtm.onat.gob.cu named[18541]: configuring command channel from '/etc/rndc.key'> nov 18 12:02:02 gtmad1.gtm.onat.gob.cu named[18541]: command channel listening on 127.0.0.1#953> nov 18 12:02:02 gtmad1.gtm.onat.gob.cu named[18541]: configuring command channel from '/etc/rndc.key'> nov 18 12:02:02 gtmad1.gtm.onat.gob.cu named[18541]: command channel listening on ::1#953> nov 18 12:02:02 gtmad1.gtm.onat.gob.cu named[18541]: managed-keys-zone: loaded serial 0> nov 18 12:02:02 gtmad1.gtm.onat.gob.cu named[18541]: zone 0.0.127.in-addr.arpa/IN: loaded serial 2013050101> nov 18 12:02:02 gtmad1.gtm.onat.gob.cu named[18541]: zone localhost/IN: loaded serial 2013050101> nov 18 12:02:02 gtmad1.gtm.onat.gob.cu named[18541]: all zones loaded> nov 18 12:02:02 gtmad1.gtm.onat.gob.cu named[18541]: running> nov 18 12:02:02 gtmad1.gtm.onat.gob.cu systemd[1]: Started Berkeley Internet Name Domain (DNS).It doesn't look like bind can find the DNS zones in AD, so can you post your named.conf and smb.confRowland Hello;thanks for write back; It is /etc/named.conf and /etc/samba/smb.conf# cat /etc/named.conf # Global Configuration Options options { auth-nxdomain yes; version "Parametro no soportado"; directory "/var/named"; notify no; empty-zones-enable no; dnssec-validation no; dnssec-enable no; dnssec-lookaside no; listen-on-v6 { none; }; listen-on port 53 { 192.168.41.18; 127.0.0.1; }; # IP addresses and network ranges allowed to query the DNS server: allow-query { 127.0.0.1; 192.168.41.0/24; }; allow-query-cache { 127.0.0.1; 192.168.41.0/24; }; # IP addresses and network ranges allowed to run recursive queries: # (Zones not served by this DNS server) allow-recursion { 127.0.0.1; 192.168.41.0/24; }; # Forward queries that can not be answered from own zones # to these DNS servers: forwarders { 10.10.8.2; }; # Disable zone transfers allow-transfer { none; }; tkey-gssapi-keytab "/usr/local/samba/private/dns.keytab"; minimal-responses yes; }; # Root Servers # (Required for recursive DNS queries) #zone "." { # type hint; # file "named.root"; #}; # localhost zone zone "localhost" { type master; file "master/localhost.zone"; }; # 127.0.0. zone. zone "0.0.127.in-addr.arpa" { type master; file "master/0.0.127.zone"; }; include "/usr/local/samba/bind-dns/named.conf";
> # cat /etc/samba/smb.conf # Global parameters [global] netbios name = GTMAD1 realm = GTM.ONAT.GOB.CU server role = active directory domain controller server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc, drepl, winbindd, ntp_signd, kcc, dnsupdate workgroup = ATGTM00 idmap_ldb:use rfc2307 = yes [sysvol] path = /usr/local/samba/var/locks/sysvol read only = No [netlogon] path = /usr/local/samba/var/locks/sysvol/gtm.onat.gob.cu/scripts read only = No-- Rommel Rodriguez Toirac rommelrt at nauta.cu
No, sorry but I refuse to try and decipher the mess above, can you
please post again, but this time in plain text and readable format.
Rowland
More information about the samba
mailing list