Internal dns server changed between RC2 & 4.1.0pre1-GIT-2c3a808
Rowland Penny
repenny at f2s.com
Mon Oct 15 16:02:03 MDT 2012
On 15/10/12 22:46, Rowland Penny wrote:
> On 15/10/12 20:56, Kai Blin wrote:
>> On 2012-10-15 21:48, Rowland Penny wrote:
>>> On 15/10/12 20:19, Kai Blin wrote:
>>>> On 2012-10-15 19:21, Rowland Penny wrote:
>>>>
>>>>> It is one I found on the internet and altered to fit my needs, as
>>>>> I said
>>>>> it works on RC2 but now will not work on pre1.
>>>>> basically the script is run by dhcp from dhcpd.conf, it checks a
>>>>> kerberos keytab then runs nsupdate to first delete the pc's
>>>>> nameserver
>>>>> record (if there is one) then adds it into to the required zone. The
>>>>> script then checks to see if the record now exists.
>>>> Hm, I think we got rid of the DNS special user for RC1, but I seem to
>>>> remember Jelmer added back the code that adds it to some of the
>>>> upgrade
>>>> scripts. Did you run any?
>>> No I didn't, I just provisioned as normal, but there is a user at
>>> CN=dns-adserver,CN=Users,DC=home,DC=lan. Should I remover this user or
>>> can I just ignore it?
>> Ah, it's a new provision. That's relevant information. Try removing that
>> user. It's been causing trouble for me in the past.
>
> dns user removed
>
>>
>>> All the dns tests from the howto work as written. I added the reverse
>>> zone via samba-tool:
>>> samba-tool dns zonecreate 192.168.0.10 0.168.192.in-addr.arpa -U
>>> Administrator
>> Ah, did you restart samba after that? Currently the dnsserver (the RPC
>> part that samba-tool dns talks to) doesn't thell the dns server that the
>> zone list has changed, but the list is read at startup.
>
> No, I didn't, but I have now, the script is now failing on both trying
> to add to forward zone & to the reverse zone, I just get:
> dns_tkey_negotiategss: TKEY is unacceptable
>
> I come back to my original question, why is the TKEY acceptable to RC2
> but not to 4.1.0pre1-GIT-2c3a808
>
> I have tried to use wireshark to get the info required, but cannot
> seem to find the right filter and if I don't use a filter, there
> doesn't seem to be anything in the capture about dhcp, my script,
> nsupdate or the name server.
>>> I then added the reverse record for the server:
>> Cheers,
>> Kai
>>
>
> Thanks again
>
> Rowland
>
OK, I tried adding the records with samba-tool and this works, so how
does samba-tool do it, what TKEY does it use??
Rowland
--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
More information about the samba-technical
mailing list