[Samba] dnsupdate failed with TKEY is unaceptable
Rommel Rodriguez Toirac
rommelrt at nauta.cu
Thu Nov 19 19:14:36 UTC 2020
Hello all;
any other ideas or tests to do to determine what is the cause of why dnsupdate does not work on the newly installed domain controller samba 4.13.2?
Rommel Rodriguez Toirac
El 18 de noviembre de 2020 15:16:09 GMT-05:00, Rowland penny via samba <samba at lists.samba.org> escribió:
>On 18/11/2020 19:27, Rommel Rodriguez Toirac wrote:
>>
>> It is /etc/named.conf and /etc/samba/smb.conf
>>
>>
>> # cat /etc/named.conf
>>
>>
>> tkey-gssapi-keytab "/usr/local/samba/private/dns.keytab";
>>
>>
>> include "/usr/local/samba/bind-dns/named.conf";
>>
>OK, does the /usr/local/samba/bind-dns directory exist ?
>
>if it does, is the 'named.conf. file in there, set up to use your Bind9
>
>version ?
>
>Also the dns.keytab should also exist in the same directory (there is
>bug report about this not happening on newly joined DC's), so if it
>doesn't exist, copy it from '/usr/local/samba/private' keeping the same
>
>permissions. Update the 'tkey-gssapi-keytab' path to reflect the
>change.
>
>Rowland
Yes, the directory asked exist and is pointing to my named version:
[root at gtmad1 ]# ls /usr/local/samba/bind-dns/
dns dns.keytab named.conf named.txt
[root at gtmad1 ]# cat /usr/local/samba/bind-dns/named.conf
# This DNS configuration is for BIND 9.8.0 or later with dlz_dlopen support.
#
# This file should be included in your main BIND configuration file
#
# For example with
# include "/usr/local/samba/bind-dns/named.conf";
#
# This configures dynamically loadable zones (DLZ) from AD schema
# Uncomment only single database line, depending on your BIND version
#
dlz "AD DNS Zone" {
# For BIND 9.8.x
# database "dlopen /usr/local/samba/lib/bind9/dlz_bind9.so";
# For BIND 9.9.x
# database "dlopen /usr/local/samba/lib/bind9/dlz_bind9_9.so";
# For BIND 9.10.x
# database "dlopen /usr/local/samba/lib/bind9/dlz_bind9_10.so";
# For BIND 9.11.x
database "dlopen /usr/local/samba/lib/bind9/dlz_bind9_11.so";
# For BIND 9.12.x
# database "dlopen /usr/local/samba/lib/bind9/dlz_bind9_12.so";
# For BIND 9.14.x
# database "dlopen /usr/local/samba/lib/bind9/dlz_bind9_14.so";
# For BIND 9.16.x
# database "dlopen /usr/local/samba/lib/bind9/dlz_bind9_16.so";
};
[root at gtmad1 ] named -V
BIND 9.11.13-RedHat-9.11.13-6.el8_2.1 (Extended Support Version) <id:ad4df16>
running on Linux x86_64 5.4.34-1-pve #1 SMP PVE 5.4.34-2 (Thu, 07 May 2020 10:02:02 +0200)
built by make with '--build=x86_64-redhat-linux-gnu' '--host=x86_64-redhat-linux-gnu' '--program-prefix=' '--disable-dependency-tracking' '--prefix=/usr' '--exec-prefix=/usr' '--bindir=/usr/bin' '--sbindir=/usr/sbin' '--sysconfdir=/etc'
'--datadir=/usr/share' '--includedir=/usr/include' '--libdir=/usr/lib64' '--libexecdir=/usr/libexec' '--sharedstatedir=/var/lib' '--mandir=/usr/share/man' '--infodir=/usr/share/info' '--with-python=/usr/libexec/platform-python' '--with
-libtool' '--localstatedir=/var' '--enable-threads' '--enable-ipv6' '--enable-filter-aaaa' '--with-pic' '--disable-static' '--includedir=/usr/include/bind9' '--with-tuning=large' '--with-libidn2' '--enable-openssl-hash' '--with-geoip2'
'--enable-native-pkcs11' '--with-pkcs11=/usr/lib64/pkcs11/libsofthsm2.so' '--with-dlopen=yes' '--with-dlz-ldap=yes' '--with-dlz-postgres=yes' '--with-dlz-mysql=yes' '--with-dlz-filesystem=yes' '--with-dlz-bdb=yes' '--with-gssapi=yes' '-
-disable-isc-spnego' '--with-lmdb=no' '--with-cmocka' '--enable-fixed-rrset' '--with-docbook-xsl=/usr/share/sgml/docbook/xsl-stylesheets' '--enable-full-report' 'build_alias=x86_64-redhat-linux-gnu' 'host_alias=x86_64-redhat-linux-gnu'
'CFLAGS= -O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -Wp,-D_GLIBCXX_ASSERTIONS -fexceptions -fstack-protector-strong -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -specs=/usr/lib/rpm/redhat/
redhat-annobin-cc1 -m64 -mtune=generic -fasynchronous-unwind-tables -fstack-clash-protection -fcf-protection' 'LDFLAGS=-Wl,-z,relro -Wl,-z,now -specs=/usr/lib/rpm/redhat/redhat-hardened-ld' 'CPPFLAGS= -DDIG_SIGCHASE' 'PKG_CONFIG_PATH=:/
usr/lib64/pkgconfig:/usr/share/pkgconfig'
compiled by GCC 8.3.1 20191121 (Red Hat 8.3.1-5)
compiled with OpenSSL version: OpenSSL 1.1.1c FIPS 28 May 2019
linked to OpenSSL version: OpenSSL 1.1.1c FIPS 28 May 2019
compiled with libxml2 version: 2.9.7
linked to libxml2 version: 20907
compiled with zlib version: 1.2.11
linked to zlib version: 1.2.11
threads support is enabled
default paths:
named configuration: /etc/named.conf
rndc configuration: /etc/rndc.conf
DNSSEC root key: /etc/bind.keys
nsupdate session key: /var/run/named/session.key
named PID file: /var/run/named/named.pid
named lock file: /var/run/named/named.lock
geoip-directory: /usr/share/GeoIP
--
Rommel Rodriguez Toirac
rommelrt at nauta.cu
More information about the samba
mailing list