[Samba] dnsupdate failed with TKEY is unaceptable
Rommel Rodriguez Toirac
rommelrt at nauta.cu
Wed Nov 18 20:10:46 UTC 2020
El 18 de noviembre de 2020 14:41:57 GMT-05:00, Rowland penny via samba <samba at lists.samba.org> escribió:
>On 18/11/2020 19:34, Rommel Rodriguez Toirac via samba wrote:
>> Rommel Rodriguez Toiracrommelrt at nauta.cu
>> On 18/11/2020 17:34, Rommel Rodriguez Toirac via samba wrote:> > In
>my network I have a samba 4.11.4 as Active Directory Domain Controller
>installed in CentOS 7 (gtmad.gtm.onat.gob.cu - 192.168.41.17). I have
>recently installed samba 4.13.2 in CentOS 8 (gtmad1.gtm.onat.gob.cu -
>192.168.41.18) and following the wiki.samba.org guide I have joined it
>as a domain controller to my network.Have you compiled Samba yourself
>?> When I check the local DNS service I get the following:> # host
>-t A gtm.onat.gob.cu localhost> Using domain server:> Name: localhost>
>Address: 127.0.0.1#53> Aliases:> gtm.onat.gob.cu has address
>192.168.41.17> (It only solves the IP of the samba 4.11.4 AD-DC not
>his as well, do not know if this is a problem)> > > When I
>check the status of the named.service service it seems that everything
>is fine:> # systemctl status named.service -l>> └─18541
>/usr/sbin/named -u named -c /etc/named.conf> nov 18 12:02:
>02 gtmad1
>.gtm.onat.gob.cu named[18541]: configuring command channel from
>'/etc/rndc.key'> nov 18 12:02:02 gtmad1.gtm.onat.gob.cu named[18541]:
>command channel listening on 127.0.0.1#953> nov 18 12:02:02
>gtmad1.gtm.onat.gob.cu named[18541]: configuring command channel from
>'/etc/rndc.key'> nov 18 12:02:02 gtmad1.gtm.onat.gob.cu named[18541]:
>command channel listening on ::1#953> nov 18 12:02:02
>gtmad1.gtm.onat.gob.cu named[18541]: managed-keys-zone: loaded serial
>0> nov 18 12:02:02 gtmad1.gtm.onat.gob.cu named[18541]: zone
>0.0.127.in-addr.arpa/IN: loaded serial 2013050101> nov 18 12:02:02
>gtmad1.gtm.onat.gob.cu named[18541]: zone localhost/IN: loaded serial
>2013050101> nov 18 12:02:02 gtmad1.gtm.onat.gob.cu named[18541]: all
>zones loaded> nov 18 12:02:02 gtmad1.gtm.onat.gob.cu named[18541]:
>running> nov 18 12:02:02 gtmad1.gtm.onat.gob.cu systemd[1]: Started
>Berkeley Internet Name Domain (DNS).It doesn't look like bind can find
>the DNS zones in AD, so can you post your named.conf and
>smb.confR
>owland Hello;thanks for write back; It is /etc/named.conf and
>/etc/samba/smb.conf# cat /etc/named.conf # Global
>Configuration Options options { auth-nxdomain yes; version
>"Parametro no soportado"; directory "/var/named"; notify no;
> empty-zones-enable no; dnssec-validation no; dnssec-enable no;
> dnssec-lookaside no; listen-on-v6 { none; }; listen-on port 53
>{ 192.168.41.18; 127.0.0.1; }; # IP addresses and network ranges
>allowed to query the DNS server: allow-query { 127.0.0.1;
> 192.168.41.0/24; }; allow-query-cache { 127.0.0.1;
> 192.168.41.0/24; }; # IP addresses and network ranges
>allowed to run recursive queries: # (Zones not served by this DNS
>server) allow-recursion { 127.0.0.1; 192.168.41.0/24;
> }; # Forward queries that can no
>t be answ
>ered from own zones # to these DNS servers: forwarders {
> 10.10.8.2; }; # Disable zone transfers allow-transfer
>{ none; }; tkey-gssapi-keytab
>"/usr/local/samba/private/dns.keytab"; minimal-responses yes; }; #
>Root Servers # (Required for recursive DNS queries) #zone "." { #
> type hint; # file "named.root"; #}; # localhost zone zone
>"localhost" { type master; file "master/localhost.zone"; }; #
>127.0.0. zone. zone "0.0.127.in-addr.arpa" { type master; file
>"master/0.0.127.zone"; }; include
>"/usr/local/samba/bind-dns/named.conf";
>> # cat /etc/samba/smb.conf # Global parameters [global]
> netbios name = GTMAD1 realm = GTM.ONAT.GOB.CU
> server role = active directory domain controller server
>services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc, drepl, winbindd,
>ntp_signd, kcc, dnsupdate workgroup = ATGTM00
> idmap_ldb:use rfc2307 = yes [sysvol] path =
>/usr/local/samba/var/locks/sysvol read only = No [netlogon]
> path = /usr/local/samba/var/locks/sysvol/gtm.onat.gob.cu/scripts
> read only = No-- Rommel Rodriguez Toirac rommelrt at nauta.cu
>
>No, sorry but I refuse to try and decipher the mess above, can you
>please post again, but this time in plain text and readable format.
>
>Rowland
Sorry, I change the email client, I hope now is clear.
Hello;
thanks for write back;
It is /etc/named.conf and /etc/samba/smb.conf
# cat /etc/named.conf
# Global Configuration Options
options {
auth-nxdomain yes;
version "Parametro no soportado";
directory "/var/named";
notify no;
empty-zones-enable no;
dnssec-validation no;
dnssec-enable no;
dnssec-lookaside no;
listen-on-v6 { none; };
listen-on port 53 { 192.168.41.18; 127.0.0.1; };
# IP addresses and network ranges allowed to query the DNS server:
allow-query {
127.0.0.1;
192.168.41.0/24;
};
allow-query-cache {
127.0.0.1;
192.168.41.0/24;
};
# IP addresses and network ranges allowed to run recursive queries:
# (Zones not served by this DNS server)
allow-recursion {
127.0.0.1;
192.168.41.0/24;
};
# Forward queries that can not be answered from own zones
# to these DNS servers:
forwarders {
10.10.8.2;
};
# Disable zone transfers
allow-transfer {
none;
};
tkey-gssapi-keytab "/usr/local/samba/private/dns.keytab";
minimal-responses yes;
};
# Root Servers
# (Required for recursive DNS queries)
#zone "." {
# type hint;
# file "named.root";
#};
# localhost zone
zone "localhost" {
type master;
file "master/localhost.zone";
};
# 127.0.0. zone.
zone "0.0.127.in-addr.arpa" {
type master;
file "master/0.0.127.zone";
};
include "/usr/local/samba/bind-dns/named.conf";
# cat /etc/samba/smb.conf
# Global parameters
[global]
netbios name = GTMAD1
realm = GTM.ONAT.GOB.CU
server role = active directory domain controller
server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc, drepl, winbindd, ntp_signd, kcc, dnsupdate
workgroup = ATGTM00
idmap_ldb:use rfc2307 = yes
[sysvol]
path = /usr/local/samba/var/locks/sysvol
read only = No
[netlogon]
path = /usr/local/samba/var/locks/sysvol/gtm.onat.gob.cu/scripts
read only = No
--
Rommel Rodriguez Toirac
rommelrt at nauta.cu
More information about the samba
mailing list