[Samba] No DNS UPdate possible Fedora 34 samba 4.14

Robert Marcano robert at marcanoonline.com
Wed May 12 14:04:24 UTC 2021


On 5/12/21 9:49 AM, Mueller via samba wrote:
> Dear all,
> 
> I set up a test os , fedora 34 with bind 9.16.
> I installed the  packages from fedora repo: samba-dc abd samba-bind-dlz.
> I provisioned  with bind9_dlz. All with no errors.
> 
> samba-tool domain provision --dns-backend=BIND9_DLZ --realm=EXAMPLE.COM
> --domain=EXAMPLE --server-role=dc     --adminpass=Password
> I Set in my /etc/named.conf :
> 
>   tkey-gssapi-keytab "/var/lib/samba/private/dns.keytab";
> include "/var/lib/samba/bind-dns/named.conf";
> my /etc/krb5.conf is named readable
> 
> A normal lookup was working on the fly, but if tried to join a new windows
> client to my domain bind keeps me telling
> 
> client @0x7f44ec000cc8 XXX.XXX.XXX.XXX#62786: update 'plk.loc/IN' denied
> samba_dlz: cancelling transaction on zone plk.loc
> 
> What i recognised is, file named.conf.update was  not created on
> provisioning!?
> Do I need the file anymore!?

Fedora build Samba AD with the experimental MIT backend. IIRC Windows 
clients use GSS for DNS updates. Fedora provided packages have many 
issues still, because of the experimental nature.

If you can try with a package build with the embedded Heimdal Kerberos 
for Fedora, see if the problem persist, and report the issue so the 
people that works on the experimental backend know about the issue.

> 
> Greetings
> Daniel
> 
> 
> 
> 
> 




More information about the samba mailing list