[Samba] No DNS UPdate possible Fedora 34 samba 4.14
Rowland penny
rpenny at samba.org
Wed May 12 14:05:47 UTC 2021
On 12/05/2021 14:49, Mueller via samba wrote:
> Dear all,
>
> I set up a test os , fedora 34 with bind 9.16.
> I installed the packages from fedora repo: samba-dc abd samba-bind-dlz.
Sorry, but that was a mistake from the start, the Fedora Samba DC
packages use the system kerberos 'MIT' and as such, they are marked as
experimental, there are numerous things that do not work.
> I provisioned with bind9_dlz. All with no errors.
>
> samba-tool domain provision --dns-backend=BIND9_DLZ --realm=EXAMPLE.COM
> --domain=EXAMPLE --server-role=dc --adminpass=Password
> I Set in my /etc/named.conf :
>
> tkey-gssapi-keytab "/var/lib/samba/private/dns.keytab";
> include "/var/lib/samba/bind-dns/named.conf";
> my /etc/krb5.conf is named readable
>
> A normal lookup was working on the fly, but if tried to join a new windows
> client to my domain bind keeps me telling
>
> client @0x7f44ec000cc8 XXX.XXX.XXX.XXX#62786: update 'plk.loc/IN' denied
> samba_dlz: cancelling transaction on zone plk.loc
>
> What i recognised is, file named.conf.update was not created on
> provisioning!?
> Do I need the file anymore!?
Yes, you do, but that is, in my opinion, the least of your worries. I
think you need to find Samba packages for Fedora that have been built to
use Heimdal kerberos (standard for Samba), or you need to build Samba
yourself, or use another distro based on Debian.
Rowland
More information about the samba
mailing list