samba 4 dns-update issue
in [Samba]
|
Prev: [Samba] HOWTO close session(s) to a specific share from samba server side?
Next: [Samba] Samba idmap against ad
From: Roland de Lepper on 12 Aug 2010 15:10 Yes I do. Centos 5.5 I do have those two lines in my /etc/sytsconfig/named file. btw. This evening I've installed a new virtual machine and used your howto for the installation of samba4 and DNS. Unfortunatly...I have the same problem again: Aug 12 20:58:34 localhost named[28804]: client 192.168.122.150#54473: update 'quinox.nl/IN' denied This is driving me crazy.I even chmod -R 777 /usr/local/samba/private/dns but also that didn't help. I have installed bind-9.6.2-5. regards, Roland de Lepper > You are running on CentOs? > > Mine keytab file (for GSS-TSIG) > >>> [root(a)node1 sysconfig]# cat named >>> # BIND named process options >>> # >>> KEYTAB_FILE="/usr/local/samba/private/dns.keytab" >>> export KEYTAB_FILE >>> # -- Specify named service keytab file (for GSS-TSIG) > > Your: > >> tkey-gssapi-credential "DNS/quinox.be"; >> tkey-domain "QUINOX.BE"; > > ----------------------------------------------- > EDV Daniel Müller > > Leitung EDV > Tropenklinik Paul-Lechler-Krankenhaus > Paul-Lechler-Str. 24 > 72076 Tübingen > > Tel.: 07071/206-463, Fax: 07071/206-499 > eMail: mueller(a)tropenklinik.de > Internet: www.tropenklinik.de > ----------------------------------------------- > > -----Ursprüngliche Nachricht----- > Von: Roland de Lepper [mailto:roland.de.lepper(a)cvis.nl] > Gesendet: Donnerstag, 12. August 2010 11:16 > An: mueller(a)tropenklinik.de > Betreff: Re: AW: AW: AW: [Samba] samba 4 dns-update issue > > Is was working with the same denied message in my log, but after the > changes yesterday, it isn't working anymore: > > [root(a)sambaserver sbin]# ./samba_dnsupdate --verbose > Looking for DNS entry A quinox.be 192.168.122.100 as quinox.be. > Traceback (most recent call last): > File "./samba_dnsupdate", line 275, in ? > if not check_dns_name(d): > File "./samba_dnsupdate", line 160, in check_dns_name > ans = resolver.query(normalised_name, d.type) > File "/usr/lib/python2.4/site-packages/dns/resolver.py", line 723, in > query > return get_default_resolver().query(qname, rdtype, rdclass, tcp, > source) > File "/usr/lib/python2.4/site-packages/dns/resolver.py", line 604, in > query > timeout = self._compute_timeout(start) > File "/usr/lib/python2.4/site-packages/dns/resolver.py", line 537, in > _compute_timeout > raise Timeout > dns.exception.Timeout > > > >> Is this working: samba_dnsupdate --verbose ??? >> >> ----------------------------------------------- >> EDV Daniel Müller >> >> Leitung EDV >> Tropenklinik Paul-Lechler-Krankenhaus >> Paul-Lechler-Str. 24 >> 72076 Tübingen >> >> Tel.: 07071/206-463, Fax: 07071/206-499 >> eMail: mueller(a)tropenklinik.de >> Internet: www.tropenklinik.de >> ----------------------------------------------- >> >> -----Ursprüngliche Nachricht----- >> Von: Roland de Lepper [mailto:roland.de.lepper(a)cvis.nl] >> Gesendet: Donnerstag, 12. August 2010 10:09 >> An: mueller(a)tropenklinik.de >> Cc: samba(a)lists.samba.org >> Betreff: Re: AW: AW: [Samba] samba 4 dns-update issue >> >> Yes I did. >> >> here is my /etc/named.conf >> >> [root(a)sambaserver ~]# cat /etc/named.conf >> // >> // named.conf >> // >> // Provided by Red Hat bind package to configure the ISC BIND named(8) >> DNS >> // server as a caching only nameserver (as a localhost DNS resolver >> only). >> // >> // See /usr/share/doc/bind*/sample/ for example named configuration >> files. >> // >> >> options { >> listen-on port 53 { 127.0.0.1; 192.168.122.100; }; >> ## listen-on-v6 port 53 { ::1; }; >> directory "/var/named"; >> dump-file "/var/named/data/cache_dump.db"; >> statistics-file "/var/named/data/named_stats.txt"; >> memstatistics-file "/var/named/data/named_mem_stats.txt"; >> allow-query { localhost; 192.168.122.0/24; }; >> recursion yes; >> forwarders { 192.168.122.1; }; >> tkey-gssapi-credential "DNS/quinox.be"; >> tkey-domain "QUINOX.BE"; >> }; >> >> >> logging { >> channel default_debug { >> file "data/named.run"; >> severity dynamic; >> }; >> }; >> >> zone "." IN { >> type hint; >> file "named.ca"; >> }; >> >> include "/etc/named.rfc1912.zones"; >> include "/etc/named-samba.conf"; >> >> >>> Did you set a allow query to all your subnets in your named conf?? >>> Here is mine: >>> >>> >>> >>> options { >>> listen-on port 53 { 127.0.0.1;192.168.134.27; };<---imortant >>> put >>> an >>> ip >>> listen-on-v6 port 53 { ::1; }; >>> directory "/var/named"; >>> dump-file "/var/named/data/cache_dump.db"; >>> statistics-file "/var/named/data/named_stats.txt"; >>> memstatistics-file "/var/named/data/named_mem_stats.txt"; >>> allow-query { localhost; 192.168.135.0/24; >>> 192.168.134.0/24; >>> };<---all your subnets here >>> recursion yes; >>> forwarders { 192.168.134.253; }; >>> >>> >>> logging { >>> channel default_debug { >>> file "data/named.run"; >>> severity dynamic; >>> }; >>> }; >>> >>> zone "." IN { >>> type hint; >>> file "named.ca"; >>> }; >>> include "/usr/local/samba/private/named.conf";<--- this named.conf must >>> be >>> named:named, and the file at which it is pointing >>> to:/usr/local/samba/private/named.conf.update >>> Also the entry dns.keytab file in /etc/sysconfig/named: >>> >>> >>> [root(a)node1 sysconfig]# cat named >>> # BIND named process options >>> # >>> KEYTAB_FILE="/usr/local/samba/private/dns.keytab" >>> export KEYTAB_FILE >>> # -- Specify named service keytab file (for GSS-TSIG) >>> >>> Make shure named can read and write to it. >>> >>> Try in your smb.conf >>> Interfaces= ip >>> Ex mine: >>> >>> [globals] >>> netbios name = NODE1 >>> workgroup = TUEBINGEN >>> realm = TUEBINGEN.TST.LOC >>> server role = domain controller >>> interfaces= 192.168.134.27 >>> >>> Make a samba_dnsupdate --verbose: >>> [root(a)node1 sysconfig]# samba_dnsupdate --verbose >>> Looking for DNS entry A tuebingen.tst.loc 192.168.134.27 as >>> tuebingen.tst.loc. >>> Looking for DNS entry A node1.tuebingen.tst.loc 192.168.134.27 as >>> node1.tuebingen.tst.loc. >>> Looking for DNS entry CNAME >>> 02284f45-de16-4125-a795-3b614f540ef7._msdcs.tuebingen.tst.loc >>> node1.tuebingen.tst.loc as >>> 02284f45-de16-4125-a795-3b614f540ef7._msdcs.tuebingen.tst.loc. >>> Looking for DNS entry SRV >>> _kerberos._tcp.Default-First-Site-Name._sites.dc._msdcs.tuebingen.tst.loc >>> node1.tuebingen.tst.loc 88 as >>> > _kerberos._tcp.Default-First-Site-Name._sites.dc._msdcs.tuebingen.tst.loc. >>> Checking 0 100 88 node2.tuebingen.tst.loc. against SRV >>> _kerberos._tcp.Default-First-Site-Name._sites.dc._msdcs.tuebingen.tst.loc >>> node1.tuebingen.tst.loc 88 >>> Checking 0 100 88 node1.tuebingen.tst.loc. against SRV >>> _kerberos._tcp.Default-First-Site-Name._sites.dc._msdcs.tuebingen.tst.loc >>> node1.tuebingen.tst.loc 88 >>> Looking for DNS entry SRV >>> _ldap._tcp.Default-First-Site-Name._sites.dc._msdcs.tuebingen.tst.loc >>> node1.tuebingen.tst.loc 389 as >>> _ldap._tcp.Default-First-Site-Name._sites.dc._msdcs.tuebingen.tst.loc. >>> Checking 0 100 389 node1.tuebingen.tst.loc. against SRV >>> _ldap._tcp.Default-First-Site-Name._sites.dc._msdcs.tuebingen.tst.loc >>> node1.tuebingen.tst.loc 389 >>> Looking for DNS entry SRV _kerberos._tcp.dc._msdcs.tuebingen.tst.loc >>> node1.tuebingen.tst.loc 88 as >>> _kerberos._tcp.dc._msdcs.tuebingen.tst.loc. >>> Checking 0 100 88 node1.tuebingen.tst.loc. against SRV >>> _kerberos._tcp.dc._msdcs.tuebingen.tst.loc node1.tuebingen.tst.loc 88 >>> Looking for DNS entry SRV _ldap._tcp.dc._msdcs.tuebingen.tst.loc >>> node1.tuebingen.tst.loc 389 as _ldap._tcp.dc._msdcs.tuebingen.tst.loc. >>> Checking 0 100 389 node2.tuebingen.tst.loc. against SRV >>> _ldap._tcp.dc._msdcs.tuebingen.tst.loc node1.tuebingen.tst.loc 389 >>> Checking 0 100 389 node1.tuebingen.tst.loc. against SRV >>> _ldap._tcp.dc._msdcs.tuebingen.tst.loc node1.tuebingen.tst.loc 389 >>> Looking for DNS entry SRV >>> >> > _ldap._tcp.3d718df6-359c-4eb4-a0de-5a7aaf5b0d26.domains._msdcs.tuebingen.tst >>> .loc node1.tuebingen.tst.loc 389 as >>> >> > _ldap._tcp.3d718df6-359c-4eb4-a0de-5a7aaf5b0d26.domains._msdcs.tuebingen.tst >>> .loc. >>> Checking 0 100 389 node1.tuebingen.tst.loc. against SRV >>> >> > _ldap._tcp.3d718df6-359c-4eb4-a0de-5a7aaf5b0d26.domains._msdcs.tuebingen.tst >>> .loc node1.tuebingen.tst.loc 389 >>> Looking for DNS entry SRV >>> _ldap._tcp.Default-First-Site-Name._sites.gc._msdcs.tuebingen.tst.loc >>> node1.tuebingen.tst.loc 3268 as >>> _ldap._tcp.Default-First-Site-Name._sites.gc._msdcs.tuebingen.tst.loc. >>> Checking 0 100 3268 node1.tuebingen.tst.loc. against SRV >>> _ldap._tcp.Default-First-Site-Name._sites.gc._msdcs.tuebingen.tst.loc >>> node1.tuebingen.tst.loc 3268 >>> Looking for DNS entry SRV _ldap._tcp.gc._msdcs.tuebingen.tst.loc >>> node1.tuebingen.tst.loc 3268 as _ldap._tcp.gc._msdcs.tuebingen.tst.loc. >>> Checking 0 100 3268 node1.tuebingen.tst.loc. against SRV >>> _ldap._tcp.gc._msdcs.tuebingen.tst.loc node1.tuebingen.tst.loc 3268 >>> Looking for DNS entry SRV _ldap._tcp.pdc._msdcs.tuebingen.tst.loc >>> node1.tuebingen.tst.loc 389 as _ldap._tcp.pdc._msdcs.tuebingen.tst.loc. >>> Checking 0 100 389 node1.tuebingen.tst.loc. against SRV >>> _ldap._tcp.pdc._msdcs.tuebingen.tst.loc node1.tuebingen.tst.loc 389 >>> Looking for DNS entry SRV >>> _gc._tcp.Default-First-Site-Name._sites.tuebingen.tst.loc >>> node1.tuebingen.tst.loc 3268 as >>> _gc._tcp.Default-First-Site-Name._sites.tuebingen.tst.loc. >>> Checking 0 100 3268 node1.tuebingen.tst.loc. against SRV >>> _gc._tcp.Default-First-Site-Name._sites.tuebingen.tst.loc >>> node1.tuebingen.tst.loc 3268 >>> Looking for DNS entry SRV >>> _kerberos._tcp.Default-First-Site-Name._sites.tuebingen.tst.loc >>> node1.tuebingen.tst.loc 88 as >>> _kerberos._tcp.Default-First-Site-Name._sites.tuebingen.tst.loc. >>> Checking 0 100 88 node2.tuebingen.tst.loc. against SRV >>> _kerberos._tcp.Default-First-Site-Name._sites.tuebingen.tst.loc >>> node1.tuebingen.tst.loc 88 >>> Checking 0 100 88 node1.tuebingen.tst.loc. against SRV >>> _kerberos._tcp.Default-First-Site-Name._sites.tuebingen.tst.loc >>> node1.tuebingen.tst.loc 88 >>> Looking for DNS entry SRV >>> _ldap._tcp.Default-First-Site-Name._sites.tuebingen.tst.loc >>> node1.tuebingen.tst.loc 389 as >>> _ldap._tcp.Default-First-Site-Name._sites.tuebingen.tst.loc. >>> Checking 0 100 389 node1.tuebingen.tst.loc. against SRV >>> _ldap._tcp.Default-First-Site-Name._sites.tuebingen.tst.loc >>> node1.tuebingen.tst.loc 389 >>> Looking for DNS entry SRV _gc._tcp.tuebingen.tst.loc >>> node1.tuebingen.tst.loc >>> 3268 as _gc._tcp.tuebingen.tst.loc. >>> Checking 0 100 3268 node1.tuebingen.tst.loc. against SRV >>> _gc._tcp.tuebingen.tst.loc node1.tuebingen.tst.loc 3268 >>> Looking for DNS entry SRV _kerberos._tcp.tuebingen.tst.loc >>> node1.tuebingen.tst.loc 88 as _kerberos._tcp.tuebingen.tst.loc. >>> Checking 0 100 88 node2.tuebingen.tst.loc. against SRV >>> _kerberos._tcp.tuebingen.tst.loc node1.tuebingen.tst.loc 88 >>> Checking 0 100 88 node1.tuebingen.tst.loc. against SRV >>> _kerberos._tcp.tuebingen.tst.loc node1.tuebingen.tst.loc 88 >>> Looking for DNS entry SRV _kpasswd._tcp.tuebingen.tst.loc >>> node1.tuebingen.tst.loc 464 as _kpasswd._tcp.tuebingen.tst.loc. >>> Checking 0 100 464 node1.tuebingen.tst.loc. against SRV >>> _kpasswd._tcp.tuebingen.tst.loc node1.tuebingen.tst.loc 464 >>> Looking for DNS entry SRV _ldap._tcp.tuebingen.tst.loc >>> node1.tuebingen.tst.loc 389 as _ldap._tcp.tuebingen.tst.loc. >>> Checking 0 100 389 node2.tuebingen.tst.loc. against SRV >>> _ldap._tcp.tuebingen.tst.loc node1.tuebingen.tst.loc 389 >>> Checking 0 100 389 node1.tuebingen.tst.loc. against SRV >>> _ldap._tcp.tuebingen.tst.loc node1.tuebingen.tst.loc 389 >>> Looking for DNS entry SRV _kerberos._udp.tuebingen.tst.loc >>> node1.tuebingen.tst.loc 88 as _kerberos._udp.tuebingen.tst.loc. >>> Checking 0 100 88 node2.tuebingen.tst.loc. against SRV >>> _kerberos._udp.tuebingen.tst.loc node1.tuebingen.tst.loc 88 >>> Checking 0 100 88 node1.tuebingen.tst.loc. against SRV >>> _kerberos._udp.tuebingen.tst.loc node1.tuebingen.tst.loc 88 >>> Looking for DNS entry SRV _kpasswd._udp.tuebingen.tst.loc >>> node1.tuebingen.tst.loc 464 as _kpasswd._udp.tuebingen.tst.loc. >>> Checking 0 100 464 node2.tuebingen.tst.loc. against SRV >>> _kpasswd._udp.tuebingen.tst.loc node1.tuebingen.tst.loc 464 >>> Checking 0 100 464 node1.tuebingen.tst.loc. against SRV >>> _kpasswd._udp.tuebingen.tst.loc node1.tuebingen.tst.loc 464 >>> No DNS updates needed >>> >>> ----------------------------------------------- >>> EDV Daniel Müller >>> >>> Leitung EDV >>> Tropenklinik Paul-Lechler-Krankenhaus >>> Paul-Lechler-Str. 24 >>> 72076 Tübingen >>> >>> Tel.: 07071/206-463, Fax: 07071/206-499 >>> eMail: mueller(a)tropenklinik.de >>> Internet: www.tropenklinik.de >>> ----------------------------------------------- >>> >>> -----Ursprüngliche Nachricht----- >>> Von: Roland de Lepper [mailto:roland.de.lepper(a)cvis.nl] >>> Gesendet: Mittwoch, 11. August 2010 13:16 >>> An: mueller(a)tropenklinik.de >>> Cc: samba(a)lists.samba.org >>> Betreff: Re: AW: [Samba] samba 4 dns-update issue >>> >>> I,ve looked at your howto, and it's exactly what I've did too. I also >>> compiled bind after I created the user'named' and added to the group >>> 'named'. I've set the permissions on the files as in your howto, but >>> still >>> no luck. >>> >>> Selinux and the firewall are disabled on the samba-server and the >>> firewall >>> is disabled on the win7 client machine. >>> >>> Kind regards, >>> >>> Roland de Lepper >>> >>> >>> >>>> Look at my thread: HOWTO samba4 centos5.5 named dnsupdate drbd simple >>>> failover >>>> >>>> ----------------------------------------------- >>>> EDV Daniel Müller >>>> >>>> Leitung EDV >>>> Tropenklinik Paul-Lechler-Krankenhaus >>>> Paul-Lechler-Str. 24 >>>> 72076 Tübingen >>>> >>>> Tel.: 07071/206-463, Fax: 07071/206-499 >>>> eMail: mueller(a)tropenklinik.de >>>> Internet: www.tropenklinik.de >>>> ----------------------------------------------- >>>> >>>> -----Ursprüngliche Nachricht----- >>>> Von: samba-bounces(a)lists.samba.org >>>> [mailto:samba-bounces(a)lists.samba.org] >>>> Im >>>> Auftrag von Roland de Lepper >>>> Gesendet: Mittwoch, 11. August 2010 09:38 >>>> An: samba(a)lists.samba.org >>>> Betreff: [Samba] samba 4 dns-update issue >>>> >>>> Hi all, >>>> >>>> I've setup samba4 according to the samba4 wiki on centOS 5.4 in KVM. >>>> This went without any problems. I only had to install a higher version >>>> of >>>> bind to 9.6.x because Centos bind in repo will install version 9.3.x. >>>> I've used the Fedora12 source rpms for this to build bind 9.6.x on >>>> Centos >>>> 5.4. >>>> >>>> Then I configured bind according to the samba wiki >>>> (http://wiki.samba.org/index.php/Samba4/DNS) >>>> >>>> I did all the check in the wiki to see if bind is working. All tests >>>> passed. >>>> But in my logs a got the messages "The working directory is not >>>> writable". >>>> I changed the owner on /var/named to the group named, which solved >>>> that >>>> problem. >>>> >>>> Then i installed Win7 virtual in KVM and joined the domain. I can >>>> login, >>>> create users via dsa.msc tool on windows and see them in wbinfo -u on >>>> the >>>> samba4 domain controller. All looks right, except for my ddns. The >>>> zone >>>> could not be updated with the new win7 machine. The win7 machine has a >>>> fixed ip-address. >>>> >>>> I checked all the howto again and again, but couldn't find a thing >>>> which >>>> could cause this. The error I see in my log is: >>>> >>>> Aug 11 09:34:46 sambaserver named[2281]: client 192.168.122.150#60058: >>>> query 'roland.quinox.be/SOA/IN' denied >>>> >>>> Is this a permission problem? I check and the group 'named' has write >>>> access to my zone file. (the user 'named' is member of the group >>>> 'named') >>>> >>>> This is the only issue I have with my samba4 installation and I really >>>> want to solve this issue. >>>> >>>> If you need more information or configurations, i can post them. >>>> >>>> Kind regards, >>>> >>>> Roland >>>> >>>> >>>> >>>> -- >>>> To unsubscribe from this list go to the following URL and read the >>>> instructions: https://lists.samba.org/mailman/options/samba >>>> >>>> >>>> >>> >>> >>> >>> >>> >> >> >> >> >> > > > > > -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
From: Daniel Müller on 13 Aug 2010 02:40 First of all. If you have a single samba4 server system: Important did you install: download.fedora.redhat.com/pub/fedora/epel/5/i386/python-dns-1.7.1-1.el5.noa rch.rpm Test all your dns conf: host -t SRV _ldap._tcp.your.domain.com EX: [root(a)node1 ~]# host -t SRV _ldap._tcp.tuebingen.tst.loc #<--- your doman here _ldap._tcp.tuebingen.tst.loc has SRV record 0 100 389 node1.tuebingen.tst.loc.#<---must give you host -t SRV _kerberos._udp.your.domain.com EX: [root(a)node1 ~]# host -t SRV _kerberos._udp.tuebingen.tst.loc _kerberos._udp.tuebingen.tst.loc has SRV record 0 100 88 node1.tuebingen.tst.loc. host -t A nameofteserver.your.domain.com EX: [root(a)node1 ~]# host -t A node1.tuebingen.tst.loc node1.tuebingen.tst.loc has address 192.168.134.27 This must work. If not you have a mistake somewhere. Look at you /usr/local/samba/private/named.conf.update. It should look like this: [root(a)node1 private]# cat named.conf.update /* this file is auto-generated - do not edit */ update-policy { grant TUEBINGEN.TST.LOC ms-self * A AAAA; grant administrator(a)TUEBINGEN.TST.LOC wildcard * A AAAA SRV CNAME TXT; grant NODE1$@TUEBINGEN.TST.LOC wildcard * A AAAA SRV CNAME; }; Then at last samba_dnsupdate --verbose must succed with no errors. If you have 2 samba4 server dc-forest. All of the commands are only running on the first-master-dc. Please post the answer of above commands here, and your named.conf, your /etc/sysconfig/named, your samba4-zone-file (in ../private/dns) ----------------------------------------------- EDV Daniel Müller Leitung EDV Tropenklinik Paul-Lechler-Krankenhaus Paul-Lechler-Str. 24 72076 Tübingen Tel.: 07071/206-463, Fax: 07071/206-499 eMail: mueller(a)tropenklinik.de Internet: www.tropenklinik.de ----------------------------------------------- -----Ursprüngliche Nachricht----- Von: Roland de Lepper [mailto:roland.de.lepper(a)cvis.nl] Gesendet: Donnerstag, 12. August 2010 21:05 An: mueller(a)tropenklinik.de Cc: samba(a)lists.samba.org Betreff: Re: AW: AW: AW: AW: [Samba] samba 4 dns-update issue Yes I do. Centos 5.5 I do have those two lines in my /etc/sytsconfig/named file. btw. This evening I've installed a new virtual machine and used your howto for the installation of samba4 and DNS. Unfortunatly...I have the same problem again: Aug 12 20:58:34 localhost named[28804]: client 192.168.122.150#54473: update 'quinox.nl/IN' denied This is driving me crazy.I even chmod -R 777 /usr/local/samba/private/dns but also that didn't help. I have installed bind-9.6.2-5. regards, Roland de Lepper > You are running on CentOs? > > Mine keytab file (for GSS-TSIG) > >>> [root(a)node1 sysconfig]# cat named >>> # BIND named process options >>> # >>> KEYTAB_FILE="/usr/local/samba/private/dns.keytab" >>> export KEYTAB_FILE >>> # -- Specify named service keytab file (for GSS-TSIG) > > Your: > >> tkey-gssapi-credential "DNS/quinox.be"; >> tkey-domain "QUINOX.BE"; > > ----------------------------------------------- > EDV Daniel Müller > > Leitung EDV > Tropenklinik Paul-Lechler-Krankenhaus > Paul-Lechler-Str. 24 > 72076 Tübingen > > Tel.: 07071/206-463, Fax: 07071/206-499 > eMail: mueller(a)tropenklinik.de > Internet: www.tropenklinik.de > ----------------------------------------------- > > -----Ursprüngliche Nachricht----- > Von: Roland de Lepper [mailto:roland.de.lepper(a)cvis.nl] > Gesendet: Donnerstag, 12. August 2010 11:16 > An: mueller(a)tropenklinik.de > Betreff: Re: AW: AW: AW: [Samba] samba 4 dns-update issue > > Is was working with the same denied message in my log, but after the > changes yesterday, it isn't working anymore: > > [root(a)sambaserver sbin]# ./samba_dnsupdate --verbose > Looking for DNS entry A quinox.be 192.168.122.100 as quinox.be. > Traceback (most recent call last): > File "./samba_dnsupdate", line 275, in ? > if not check_dns_name(d): > File "./samba_dnsupdate", line 160, in check_dns_name > ans = resolver.query(normalised_name, d.type) > File "/usr/lib/python2.4/site-packages/dns/resolver.py", line 723, in > query > return get_default_resolver().query(qname, rdtype, rdclass, tcp, > source) > File "/usr/lib/python2.4/site-packages/dns/resolver.py", line 604, in > query > timeout = self._compute_timeout(start) > File "/usr/lib/python2.4/site-packages/dns/resolver.py", line 537, in > _compute_timeout > raise Timeout > dns.exception.Timeout > > > >> Is this working: samba_dnsupdate --verbose ??? >> >> ----------------------------------------------- >> EDV Daniel Müller >> >> Leitung EDV >> Tropenklinik Paul-Lechler-Krankenhaus >> Paul-Lechler-Str. 24 >> 72076 Tübingen >> >> Tel.: 07071/206-463, Fax: 07071/206-499 >> eMail: mueller(a)tropenklinik.de >> Internet: www.tropenklinik.de >> ----------------------------------------------- >> >> -----Ursprüngliche Nachricht----- >> Von: Roland de Lepper [mailto:roland.de.lepper(a)cvis.nl] >> Gesendet: Donnerstag, 12. August 2010 10:09 >> An: mueller(a)tropenklinik.de >> Cc: samba(a)lists.samba.org >> Betreff: Re: AW: AW: [Samba] samba 4 dns-update issue >> >> Yes I did. >> >> here is my /etc/named.conf >> >> [root(a)sambaserver ~]# cat /etc/named.conf >> // >> // named.conf >> // >> // Provided by Red Hat bind package to configure the ISC BIND named(8) >> DNS >> // server as a caching only nameserver (as a localhost DNS resolver >> only). >> // >> // See /usr/share/doc/bind*/sample/ for example named configuration >> files. >> // >> >> options { >> listen-on port 53 { 127.0.0.1; 192.168.122.100; }; >> ## listen-on-v6 port 53 { ::1; }; >> directory "/var/named"; >> dump-file "/var/named/data/cache_dump.db"; >> statistics-file "/var/named/data/named_stats.txt"; >> memstatistics-file "/var/named/data/named_mem_stats.txt"; >> allow-query { localhost; 192.168.122.0/24; }; >> recursion yes; >> forwarders { 192.168.122.1; }; >> tkey-gssapi-credential "DNS/quinox.be"; >> tkey-domain "QUINOX.BE"; >> }; >> >> >> logging { >> channel default_debug { >> file "data/named.run"; >> severity dynamic; >> }; >> }; >> >> zone "." IN { >> type hint; >> file "named.ca"; >> }; >> >> include "/etc/named.rfc1912.zones"; >> include "/etc/named-samba.conf"; >> >> >>> Did you set a allow query to all your subnets in your named conf?? >>> Here is mine: >>> >>> >>> >>> options { >>> listen-on port 53 { 127.0.0.1;192.168.134.27; };<---imortant >>> put >>> an >>> ip >>> listen-on-v6 port 53 { ::1; }; >>> directory "/var/named"; >>> dump-file "/var/named/data/cache_dump.db"; >>> statistics-file "/var/named/data/named_stats.txt"; >>> memstatistics-file "/var/named/data/named_mem_stats.txt"; >>> allow-query { localhost; 192.168.135.0/24; >>> 192.168.134.0/24; >>> };<---all your subnets here >>> recursion yes; >>> forwarders { 192.168.134.253; }; >>> >>> >>> logging { >>> channel default_debug { >>> file "data/named.run"; >>> severity dynamic; >>> }; >>> }; >>> >>> zone "." IN { >>> type hint; >>> file "named.ca"; >>> }; >>> include "/usr/local/samba/private/named.conf";<--- this named.conf must >>> be >>> named:named, and the file at which it is pointing >>> to:/usr/local/samba/private/named.conf.update >>> Also the entry dns.keytab file in /etc/sysconfig/named: >>> >>> >>> [root(a)node1 sysconfig]# cat named >>> # BIND named process options >>> # >>> KEYTAB_FILE="/usr/local/samba/private/dns.keytab" >>> export KEYTAB_FILE >>> # -- Specify named service keytab file (for GSS-TSIG) >>> >>> Make shure named can read and write to it. >>> >>> Try in your smb.conf >>> Interfaces= ip >>> Ex mine: >>> >>> [globals] >>> netbios name = NODE1 >>> workgroup = TUEBINGEN >>> realm = TUEBINGEN.TST.LOC >>> server role = domain controller >>> interfaces= 192.168.134.27 >>> >>> Make a samba_dnsupdate --verbose: >>> [root(a)node1 sysconfig]# samba_dnsupdate --verbose >>> Looking for DNS entry A tuebingen.tst.loc 192.168.134.27 as >>> tuebingen.tst.loc. >>> Looking for DNS entry A node1.tuebingen.tst.loc 192.168.134.27 as >>> node1.tuebingen.tst.loc. >>> Looking for DNS entry CNAME >>> 02284f45-de16-4125-a795-3b614f540ef7._msdcs.tuebingen.tst.loc >>> node1.tuebingen.tst.loc as >>> 02284f45-de16-4125-a795-3b614f540ef7._msdcs.tuebingen.tst.loc. >>> Looking for DNS entry SRV >>> _kerberos._tcp.Default-First-Site-Name._sites.dc._msdcs.tuebingen.tst.loc >>> node1.tuebingen.tst.loc 88 as >>> > _kerberos._tcp.Default-First-Site-Name._sites.dc._msdcs.tuebingen.tst.loc. >>> Checking 0 100 88 node2.tuebingen.tst.loc. against SRV >>> _kerberos._tcp.Default-First-Site-Name._sites.dc._msdcs.tuebingen.tst.loc >>> node1.tuebingen.tst.loc 88 >>> Checking 0 100 88 node1.tuebingen.tst.loc. against SRV >>> _kerberos._tcp.Default-First-Site-Name._sites.dc._msdcs.tuebingen.tst.loc >>> node1.tuebingen.tst.loc 88 >>> Looking for DNS entry SRV >>> _ldap._tcp.Default-First-Site-Name._sites.dc._msdcs.tuebingen.tst.loc >>> node1.tuebingen.tst.loc 389 as >>> _ldap._tcp.Default-First-Site-Name._sites.dc._msdcs.tuebingen.tst.loc. >>> Checking 0 100 389 node1.tuebingen.tst.loc. against SRV >>> _ldap._tcp.Default-First-Site-Name._sites.dc._msdcs.tuebingen.tst.loc >>> node1.tuebingen.tst.loc 389 >>> Looking for DNS entry SRV _kerberos._tcp.dc._msdcs.tuebingen.tst.loc >>> node1.tuebingen.tst.loc 88 as >>> _kerberos._tcp.dc._msdcs.tuebingen.tst.loc. >>> Checking 0 100 88 node1.tuebingen.tst.loc. against SRV >>> _kerberos._tcp.dc._msdcs.tuebingen.tst.loc node1.tuebingen.tst.loc 88 >>> Looking for DNS entry SRV _ldap._tcp.dc._msdcs.tuebingen.tst.loc >>> node1.tuebingen.tst.loc 389 as _ldap._tcp.dc._msdcs.tuebingen.tst.loc. >>> Checking 0 100 389 node2.tuebingen.tst.loc. against SRV >>> _ldap._tcp.dc._msdcs.tuebingen.tst.loc node1.tuebingen.tst.loc 389 >>> Checking 0 100 389 node1.tuebingen.tst.loc. against SRV >>> _ldap._tcp.dc._msdcs.tuebingen.tst.loc node1.tuebingen.tst.loc 389 >>> Looking for DNS entry SRV >>> >> > _ldap._tcp.3d718df6-359c-4eb4-a0de-5a7aaf5b0d26.domains._msdcs.tuebingen.tst >>> .loc node1.tuebingen.tst.loc 389 as >>> >> > _ldap._tcp.3d718df6-359c-4eb4-a0de-5a7aaf5b0d26.domains._msdcs.tuebingen.tst >>> .loc. >>> Checking 0 100 389 node1.tuebingen.tst.loc. against SRV >>> >> > _ldap._tcp.3d718df6-359c-4eb4-a0de-5a7aaf5b0d26.domains._msdcs.tuebingen.tst >>> .loc node1.tuebingen.tst.loc 389 >>> Looking for DNS entry SRV >>> _ldap._tcp.Default-First-Site-Name._sites.gc._msdcs.tuebingen.tst.loc >>> node1.tuebingen.tst.loc 3268 as >>> _ldap._tcp.Default-First-Site-Name._sites.gc._msdcs.tuebingen.tst.loc. >>> Checking 0 100 3268 node1.tuebingen.tst.loc. against SRV >>> _ldap._tcp.Default-First-Site-Name._sites.gc._msdcs.tuebingen.tst.loc >>> node1.tuebingen.tst.loc 3268 >>> Looking for DNS entry SRV _ldap._tcp.gc._msdcs.tuebingen.tst.loc >>> node1.tuebingen.tst.loc 3268 as _ldap._tcp.gc._msdcs.tuebingen.tst.loc. >>> Checking 0 100 3268 node1.tuebingen.tst.loc. against SRV >>> _ldap._tcp.gc._msdcs.tuebingen.tst.loc node1.tuebingen.tst.loc 3268 >>> Looking for DNS entry SRV _ldap._tcp.pdc._msdcs.tuebingen.tst.loc >>> node1.tuebingen.tst.loc 389 as _ldap._tcp.pdc._msdcs.tuebingen.tst.loc. >>> Checking 0 100 389 node1.tuebingen.tst.loc. against SRV >>> _ldap._tcp.pdc._msdcs.tuebingen.tst.loc node1.tuebingen.tst.loc 389 >>> Looking for DNS entry SRV >>> _gc._tcp.Default-First-Site-Name._sites.tuebingen.tst.loc >>> node1.tuebingen.tst.loc 3268 as >>> _gc._tcp.Default-First-Site-Name._sites.tuebingen.tst.loc. >>> Checking 0 100 3268 node1.tuebingen.tst.loc. against SRV >>> _gc._tcp.Default-First-Site-Name._sites.tuebingen.tst.loc >>> node1.tuebingen.tst.loc 3268 >>> Looking for DNS entry SRV >>> _kerberos._tcp.Default-First-Site-Name._sites.tuebingen.tst.loc >>> node1.tuebingen.tst.loc 88 as >>> _kerberos._tcp.Default-First-Site-Name._sites.tuebingen.tst.loc. >>> Checking 0 100 88 node2.tuebingen.tst.loc. against SRV >>> _kerberos._tcp.Default-First-Site-Name._sites.tuebingen.tst.loc >>> node1.tuebingen.tst.loc 88 >>> Checking 0 100 88 node1.tuebingen.tst.loc. against SRV >>> _kerberos._tcp.Default-First-Site-Name._sites.tuebingen.tst.loc >>> node1.tuebingen.tst.loc 88 >>> Looking for DNS entry SRV >>> _ldap._tcp.Default-First-Site-Name._sites.tuebingen.tst.loc >>> node1.tuebingen.tst.loc 389 as >>> _ldap._tcp.Default-First-Site-Name._sites.tuebingen.tst.loc. >>> Checking 0 100 389 node1.tuebingen.tst.loc. against SRV >>> _ldap._tcp.Default-First-Site-Name._sites.tuebingen.tst.loc >>> node1.tuebingen.tst.loc 389 >>> Looking for DNS entry SRV _gc._tcp.tuebingen.tst.loc >>> node1.tuebingen.tst.loc >>> 3268 as _gc._tcp.tuebingen.tst.loc. >>> Checking 0 100 3268 node1.tuebingen.tst.loc. against SRV >>> _gc._tcp.tuebingen.tst.loc node1.tuebingen.tst.loc 3268 >>> Looking for DNS entry SRV _kerberos._tcp.tuebingen.tst.loc >>> node1.tuebingen.tst.loc 88 as _kerberos._tcp.tuebingen.tst.loc. >>> Checking 0 100 88 node2.tuebingen.tst.loc. against SRV >>> _kerberos._tcp.tuebingen.tst.loc node1.tuebingen.tst.loc 88 >>> Checking 0 100 88 node1.tuebingen.tst.loc. against SRV >>> _kerberos._tcp.tuebingen.tst.loc node1.tuebingen.tst.loc 88 >>> Looking for DNS entry SRV _kpasswd._tcp.tuebingen.tst.loc >>> node1.tuebingen.tst.loc 464 as _kpasswd._tcp.tuebingen.tst.loc. >>> Checking 0 100 464 node1.tuebingen.tst.loc. against SRV >>> _kpasswd._tcp.tuebingen.tst.loc node1.tuebingen.tst.loc 464 >>> Looking for DNS entry SRV _ldap._tcp.tuebingen.tst.loc >>> node1.tuebingen.tst.loc 389 as _ldap._tcp.tuebingen.tst.loc. >>> Checking 0 100 389 node2.tuebingen.tst.loc. against SRV >>> _ldap._tcp.tuebingen.tst.loc node1.tuebingen.tst.loc 389 >>> Checking 0 100 389 node1.tuebingen.tst.loc. against SRV >>> _ldap._tcp.tuebingen.tst.loc node1.tuebingen.tst.loc 389 >>> Looking for DNS entry SRV _kerberos._udp.tuebingen.tst.loc >>> node1.tuebingen.tst.loc 88 as _kerberos._udp.tuebingen.tst.loc. >>> Checking 0 100 88 node2.tuebingen.tst.loc. against SRV >>> _kerberos._udp.tuebingen.tst.loc node1.tuebingen.tst.loc 88 >>> Checking 0 100 88 node1.tuebingen.tst.loc. against SRV >>> _kerberos._udp.tuebingen.tst.loc node1.tuebingen.tst.loc 88 >>> Looking for DNS entry SRV _kpasswd._udp.tuebingen.tst.loc >>> node1.tuebingen.tst.loc 464 as _kpasswd._udp.tuebingen.tst.loc. >>> Checking 0 100 464 node2.tuebingen.tst.loc. against SRV >>> _kpasswd._udp.tuebingen.tst.loc node1.tuebingen.tst.loc 464 >>> Checking 0 100 464 node1.tuebingen.tst.loc. against SRV >>> _kpasswd._udp.tuebingen.tst.loc node1.tuebingen.tst.loc 464 >>> No DNS updates needed >>> >>> ----------------------------------------------- >>> EDV Daniel Müller >>> >>> Leitung EDV >>> Tropenklinik Paul-Lechler-Krankenhaus >>> Paul-Lechler-Str. 24 >>> 72076 Tübingen >>> >>> Tel.: 07071/206-463, Fax: 07071/206-499 >>> eMail: mueller(a)tropenklinik.de >>> Internet: www.tropenklinik.de >>> ----------------------------------------------- >>> >>> -----Ursprüngliche Nachricht----- >>> Von: Roland de Lepper [mailto:roland.de.lepper(a)cvis.nl] >>> Gesendet: Mittwoch, 11. August 2010 13:16 >>> An: mueller(a)tropenklinik.de >>> Cc: samba(a)lists.samba.org >>> Betreff: Re: AW: [Samba] samba 4 dns-update issue >>> >>> I,ve looked at your howto, and it's exactly what I've did too. I also >>> compiled bind after I created the user'named' and added to the group >>> 'named'. I've set the permissions on the files as in your howto, but >>> still >>> no luck. >>> >>> Selinux and the firewall are disabled on the samba-server and the >>> firewall >>> is disabled on the win7 client machine. >>> >>> Kind regards, >>> >>> Roland de Lepper >>> >>> >>> >>>> Look at my thread: HOWTO samba4 centos5.5 named dnsupdate drbd simple >>>> failover >>>> >>>> ----------------------------------------------- >>>> EDV Daniel Müller >>>> >>>> Leitung EDV >>>> Tropenklinik Paul-Lechler-Krankenhaus >>>> Paul-Lechler-Str. 24 >>>> 72076 Tübingen >>>> >>>> Tel.: 07071/206-463, Fax: 07071/206-499 >>>> eMail: mueller(a)tropenklinik.de >>>> Internet: www.tropenklinik.de >>>> ----------------------------------------------- >>>> >>>> -----Ursprüngliche Nachricht----- >>>> Von: samba-bounces(a)lists.samba.org >>>> [mailto:samba-bounces(a)lists.samba.org] >>>> Im >>>> Auftrag von Roland de Lepper >>>> Gesendet: Mittwoch, 11. August 2010 09:38 >>>> An: samba(a)lists.samba.org >>>> Betreff: [Samba] samba 4 dns-update issue >>>> >>>> Hi all, >>>> >>>> I've setup samba4 according to the samba4 wiki on centOS 5.4 in KVM. >>>> This went without any problems. I only had to install a higher version >>>> of >>>> bind to 9.6.x because Centos bind in repo will install version 9.3.x. >>>> I've used the Fedora12 source rpms for this to build bind 9.6.x on >>>> Centos >>>> 5.4. >>>> >>>> Then I configured bind according to the samba wiki >>>> (http://wiki.samba.org/index.php/Samba4/DNS) >>>> >>>> I did all the check in the wiki to see if bind is working. All tests >>>> passed. >>>> But in my logs a got the messages "The working directory is not >>>> writable". >>>> I changed the owner on /var/named to the group named, which solved >>>> that >>>> problem. >>>> >>>> Then i installed Win7 virtual in KVM and joined the domain. I can >>>> login, >>>> create users via dsa.msc tool on windows and see them in wbinfo -u on >>>> the >>>> samba4 domain controller. All looks right, except for my ddns. The >>>> zone >>>> could not be updated with the new win7 machine. The win7 machine has a >>>> fixed ip-address. >>>> >>>> I checked all the howto again and again, but couldn't find a thing >>>> which >>>> could cause this. The error I see in my log is: >>>> >>>> Aug 11 09:34:46 sambaserver named[2281]: client 192.168.122.150#60058: >>>> query 'roland.quinox.be/SOA/IN' denied >>>> >>>> Is this a permission problem? I check and the group 'named' has write >>>> access to my zone file. (the user 'named' is member of the group >>>> 'named') >>>> >>>> This is the only issue I have with my samba4 installation and I really >>>> want to solve this issue. >>>> >>>> If you need more information or configurations, i can post them. >>>> >>>> Kind regards, >>>> >>>> Roland >>>> >>>> >>>> >>>> -- >>>> To unsubscribe from this list go to the following URL and read the >>>> instructions: https://lists.samba.org/mailman/options/samba >>>> >>>> >>>> >>> >>> >>> >>> >>> >> >> >> >> >> > > > > > -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
From: Roland de Lepper on 13 Aug 2010 03:10
First of all, I really appriciate your help. thanks. > First of all. If you have a single samba4 server system: > > Important did you install: > download.fedora.redhat.com/pub/fedora/epel/5/i386/python-dns-1.7.1-1.el5.noa > rch.rpm Yes I did. [root(a)sambadc private]# rpm -qa | grep python-dns python-dns-1.7.1-1.el5 > Test all your dns conf: > host -t SRV _ldap._tcp.your.domain.com > EX: > [root(a)node1 ~]# host -t SRV _ldap._tcp.tuebingen.tst.loc #<--- your doman > here > _ldap._tcp.tuebingen.tst.loc has SRV record 0 100 389 > node1.tuebingen.tst.loc.#<---must give you > > host -t SRV _kerberos._udp.your.domain.com > > EX: > [root(a)node1 ~]# host -t SRV _kerberos._udp.tuebingen.tst.loc > _kerberos._udp.tuebingen.tst.loc has SRV record 0 100 88 > node1.tuebingen.tst.loc. > > > host -t A nameofteserver.your.domain.com > > EX: > [root(a)node1 ~]# host -t A node1.tuebingen.tst.loc > node1.tuebingen.tst.loc has address 192.168.134.27 [root(a)sambadc private]# host -t SRV _ldap._tcp.quinox.nl _ldap._tcp.quinox.nl has SRV record 0 100 389 sambadc.quinox.nl. [root(a)sambadc private]# host -t SRV _kerberos._udp.quinox.nl _kerberos._udp.quinox.nl has SRV record 0 100 88 sambadc.quinox.nl. [root(a)sambadc private]# host -t A sambadc.quinox.nl sambadc.quinox.nl has address 192.168.122.200 > This must work. If not you have a mistake somewhere. > > Look at you /usr/local/samba/private/named.conf.update. It should look > like > this: > > [root(a)node1 private]# cat named.conf.update > /* this file is auto-generated - do not edit */ > update-policy { > grant TUEBINGEN.TST.LOC ms-self * A AAAA; > grant administrator(a)TUEBINGEN.TST.LOC wildcard * A AAAA SRV CNAME > TXT; > grant NODE1$@TUEBINGEN.TST.LOC wildcard * A AAAA SRV CNAME; > > }; Here is mine: [root(a)sambadc private]# cat named.conf.update /* this file is auto-generated - do not edit */ update-policy { grant QUINOX.NL ms-self * A AAAA; grant administrator(a)QUINOX.NL wildcard * A AAAA SRV CNAME TXT; grant SAMBADC$@QUINOX.NL wildcard * A AAAA SRV CNAME; }; > Then at last samba_dnsupdate --verbose must succed with no errors. [root(a)sambadc private]# samba_dnsupdate --verbose Looking for DNS entry A quinox.nl 192.168.122.200 as quinox.nl. Looking for DNS entry A sambadc.quinox.nl 192.168.122.200 as sambadc.quinox.nl. Looking for DNS entry CNAME be631f11-f50c-48e2-bf76-024a8994fcf8._msdcs.quinox.nl sambadc.quinox.nl as be631f11-f50c-48e2-bf76-024a8994fcf8._msdcs.quinox.nl. Looking for DNS entry SRV _kerberos._tcp.Default-First-Site-Name._sites.dc._msdcs.quinox.nl sambadc.quinox.nl 88 as _kerberos._tcp.Default-First-Site-Name._sites.dc._msdcs.quinox.nl. Checking 0 100 88 sambadc.quinox.nl. against SRV _kerberos._tcp.Default-First-Site-Name._sites.dc._msdcs.quinox.nl sambadc.quinox.nl 88 Looking for DNS entry SRV _ldap._tcp.Default-First-Site-Name._sites.dc._msdcs.quinox.nl sambadc.quinox.nl 389 as _ldap._tcp.Default-First-Site-Name._sites.dc._msdcs.quinox.nl. Checking 0 100 389 sambadc.quinox.nl. against SRV _ldap._tcp.Default-First-Site-Name._sites.dc._msdcs.quinox.nl sambadc.quinox.nl 389 Looking for DNS entry SRV _kerberos._tcp.dc._msdcs.quinox.nl sambadc.quinox.nl 88 as _kerberos._tcp.dc._msdcs.quinox.nl. Checking 0 100 88 sambadc.quinox.nl. against SRV _kerberos._tcp.dc._msdcs.quinox.nl sambadc.quinox.nl 88 Looking for DNS entry SRV _ldap._tcp.dc._msdcs.quinox.nl sambadc.quinox.nl 389 as _ldap._tcp.dc._msdcs.quinox.nl. Checking 0 100 389 sambadc.quinox.nl. against SRV _ldap._tcp.dc._msdcs.quinox.nl sambadc.quinox.nl 389 Looking for DNS entry SRV _ldap._tcp.32b23a16-212e-446b-ab89-fd0206a1e9fe.domains._msdcs.quinox.nl sambadc.quinox.nl 389 as _ldap._tcp.32b23a16-212e-446b-ab89-fd0206a1e9fe.domains._msdcs.quinox.nl. Checking 0 100 389 sambadc.quinox.nl. against SRV _ldap._tcp.32b23a16-212e-446b-ab89-fd0206a1e9fe.domains._msdcs.quinox.nl sambadc.quinox.nl 389 Looking for DNS entry SRV _ldap._tcp.Default-First-Site-Name._sites.gc._msdcs.quinox.nl sambadc.quinox.nl 3268 as _ldap._tcp.Default-First-Site-Name._sites.gc._msdcs.quinox.nl. Checking 0 100 3268 sambadc.quinox.nl. against SRV _ldap._tcp.Default-First-Site-Name._sites.gc._msdcs.quinox.nl sambadc.quinox.nl 3268 Looking for DNS entry SRV _ldap._tcp.gc._msdcs.quinox.nl sambadc.quinox.nl 3268 as _ldap._tcp.gc._msdcs.quinox.nl. Checking 0 100 3268 sambadc.quinox.nl. against SRV _ldap._tcp.gc._msdcs.quinox.nl sambadc.quinox.nl 3268 Looking for DNS entry SRV _ldap._tcp.pdc._msdcs.quinox.nl sambadc.quinox.nl 389 as _ldap._tcp.pdc._msdcs.quinox.nl. Checking 0 100 389 sambadc.quinox.nl. against SRV _ldap._tcp.pdc._msdcs.quinox.nl sambadc.quinox.nl 389 Looking for DNS entry SRV _gc._tcp.Default-First-Site-Name._sites.quinox.nl sambadc.quinox.nl 3268 as _gc._tcp.Default-First-Site-Name._sites.quinox.nl. Checking 0 100 3268 sambadc.quinox.nl. against SRV _gc._tcp.Default-First-Site-Name._sites.quinox.nl sambadc.quinox.nl 3268 Looking for DNS entry SRV _kerberos._tcp.Default-First-Site-Name._sites.quinox.nl sambadc.quinox.nl 88 as _kerberos._tcp.Default-First-Site-Name._sites.quinox.nl. Checking 0 100 88 sambadc.quinox.nl. against SRV _kerberos._tcp.Default-First-Site-Name._sites.quinox.nl sambadc.quinox.nl 88 Looking for DNS entry SRV _ldap._tcp.Default-First-Site-Name._sites.quinox.nl sambadc.quinox.nl 389 as _ldap._tcp.Default-First-Site-Name._sites.quinox.nl. Checking 0 100 389 sambadc.quinox.nl. against SRV _ldap._tcp.Default-First-Site-Name._sites.quinox.nl sambadc.quinox.nl 389 Looking for DNS entry SRV _gc._tcp.quinox.nl sambadc.quinox.nl 3268 as _gc._tcp.quinox.nl. Checking 0 100 3268 sambadc.quinox.nl. against SRV _gc._tcp.quinox.nl sambadc.quinox.nl 3268 Looking for DNS entry SRV _kerberos._tcp.quinox.nl sambadc.quinox.nl 88 as _kerberos._tcp.quinox.nl. Checking 0 100 88 sambadc.quinox.nl. against SRV _kerberos._tcp.quinox.nl sambadc.quinox.nl 88 Looking for DNS entry SRV _kpasswd._tcp.quinox.nl sambadc.quinox.nl 464 as _kpasswd._tcp.quinox.nl. Checking 0 100 464 sambadc.quinox.nl. against SRV _kpasswd._tcp.quinox.nl sambadc.quinox.nl 464 Looking for DNS entry SRV _ldap._tcp.quinox.nl sambadc.quinox.nl 389 as _ldap._tcp.quinox.nl. Checking 0 100 389 sambadc.quinox.nl. against SRV _ldap._tcp.quinox.nl sambadc.quinox.nl 389 Looking for DNS entry SRV _kerberos._udp.quinox.nl sambadc.quinox.nl 88 as _kerberos._udp.quinox.nl. Checking 0 100 88 sambadc.quinox.nl. against SRV _kerberos._udp.quinox.nl sambadc.quinox.nl 88 Looking for DNS entry SRV _kpasswd._udp.quinox.nl sambadc.quinox.nl 464 as _kpasswd._udp.quinox.nl. Checking 0 100 464 sambadc.quinox.nl. against SRV _kpasswd._udp.quinox.nl sambadc.quinox.nl 464 No DNS updates needed > If you have 2 samba4 server dc-forest. All of the commands are only > running > on the first-master-dc. I only have 1 dc. > Please post the answer of above commands here, and your named.conf, your > /etc/sysconfig/named, your samba4-zone-file (in ../private/dns) named.conf in /usr/local/samba/private: [root(a)sambadc private]# cat named.conf # This file should be included in your main BIND configuration file # # For example with # include "/usr/local/samba/private/named.conf"; zone "quinox.nl." IN { type master; file "/usr/local/samba/private/dns/quinox.nl.zone"; /* * the list of principals and what they can change is created * dynamically by Samba, based on the membership of the domain controllers * group. The provision just creates this file as an empty file. */ include "/usr/local/samba/private/named.conf.update"; /* we need to use check-names ignore so _msdcs A records can be created */ check-names ignore; }; # The reverse zone configuration is optional. The following example assumes a # subnet of 192.168.123.0/24: /* zone "123.168.192.in-addr.arpa" in { type master; file "123.168.192.in-addr.arpa.zone"; update-policy { grant *.NL wildcard *.123.168.192.in-addr.arpa. PTR; }; }; */ # Note that the reverse zone file is not created during the provision process. # The most recent BIND versions (9.5.0a5 or later) support secure GSS-TSIG # updates. If you are running an earlier version of BIND, or if you do not wish # to use secure GSS-TSIG updates, you may remove the update-policy sections in # both examples above. named.conf in /etc: [root(a)sambadc private]# cat /etc/named.conf // // named.conf // // Provided by Red Hat bind package to configure the ISC BIND named(8) DNS // server as a caching only nameserver (as a localhost DNS resolver only). // // See /usr/share/doc/bind*/sample/ for example named configuration files. // options { listen-on port 53 { 127.0.0.1; 192.168.122.200; }; listen-on-v6 port 53 { ::1; }; directory "/var/named"; dump-file "/var/named/data/cache_dump.db"; statistics-file "/var/named/data/named_stats.txt"; memstatistics-file "/var/named/data/named_mem_stats.txt"; allow-query { localhost; 192.168.122.0/24; }; forwarders { 192.168.122.1; }; recursion yes; tkey-gssapi-credential "DNS/quinox.nl"; tkey-domain "QUINOX.NL"; // dnssec-enable yes; // dnssec-validation yes; // dnssec-lookaside . trust-anchor dlv.isc.org.; }; logging { channel default_debug { file "data/named.run"; severity dynamic; }; }; zone "." IN { type hint; file "named.ca"; }; include "/etc/named.rfc1912.zones"; include "/usr/local/samba/private/named.conf"; //include "/etc/pki/dnssec-keys//named.dnssec.keys"; //include "/etc/pki/dnssec-keys//dlv/dlv.isc.org.conf"; /etc/sysconfig/named: # KEYTAB_FILE="/dir/file" -- Specify named service keytab file (for GSS-TSIG) KEYTAB_FILE="/usr/local/samba/private/dns.keytab" export KEYTAB_FILE quinox.nl.zone file: [root(a)sambadc dns]# cat quinox.nl.zone ; -*- zone -*- ; generated by provision.pl $ORIGIN quinox.nl. $TTL 1W @ IN SOA quinox.nl. root.quinox.nl. ( 2010081219 ; serial 2D ; refresh 4H ; retry 6W ; expiry 1W ) ; minimum IN NS sambadc IN A 192.168.122.200 ; sambadc IN A 192.168.122.200 gc._msdcs IN A 192.168.122.200 be631f11-f50c-48e2-bf76-024a8994fcf8._msdcs IN CNAME sambadc ; ; global catalog servers _gc._tcp IN SRV 0 100 3268 sambadc _gc._tcp.Default-First-Site-Name._sites IN SRV 0 100 3268 sambadc _ldap._tcp.gc._msdcs IN SRV 0 100 3268 sambadc _ldap._tcp.Default-First-Site-Name._sites.gc._msdcs IN SRV 0 100 3268 sambadc ; ; ldap servers _ldap._tcp IN SRV 0 100 389 sambadc _ldap._tcp.dc._msdcs IN SRV 0 100 389 sambadc _ldap._tcp.pdc._msdcs IN SRV 0 100 389 sambadc _ldap._tcp.32b23a16-212e-446b-ab89-fd0206a1e9fe.domains._msdcs IN SRV 0 100 389 sambadc _ldap._tcp.Default-First-Site-Name._sites IN SRV 0 100 389 sambadc _ldap._tcp.Default-First-Site-Name._sites.dc._msdcs IN SRV 0 100 389 sambadc ; ; krb5 servers _kerberos._tcp IN SRV 0 100 88 sambadc _kerberos._tcp.dc._msdcs IN SRV 0 100 88 sambadc _kerberos._tcp.Default-First-Site-Name._sites IN SRV 0 100 88 sambadc _kerberos._tcp.Default-First-Site-Name._sites.dc._msdcs IN SRV 0 100 88 sambadc _kerberos._udp IN SRV 0 100 88 sambadc ; MIT kpasswd likes to lookup this name on password change _kerberos-master._tcp IN SRV 0 100 88 sambadc _kerberos-master._udp IN SRV 0 100 88 sambadc ; ; kpasswd _kpasswd._tcp IN SRV 0 100 464 sambadc _kpasswd._udp IN SRV 0 100 464 sambadc ; ; heimdal 'find realm for host' hack _kerberos IN TXT QUINOX.NL Kind regards, Roland de Lepper > > ----------------------------------------------- > EDV Daniel Müller > > Leitung EDV > Tropenklinik Paul-Lechler-Krankenhaus > Paul-Lechler-Str. 24 > 72076 Tübingen > > Tel.: 07071/206-463, Fax: 07071/206-499 > eMail: mueller(a)tropenklinik.de > Internet: www.tropenklinik.de > ----------------------------------------------- > -----Ursprüngliche Nachricht----- > Von: Roland de Lepper [mailto:roland.de.lepper(a)cvis.nl] > Gesendet: Donnerstag, 12. August 2010 21:05 > An: mueller(a)tropenklinik.de > Cc: samba(a)lists.samba.org > Betreff: Re: AW: AW: AW: AW: [Samba] samba 4 dns-update issue > > Yes I do. Centos 5.5 > > I do have those two lines in my /etc/sytsconfig/named file. > > btw. This evening I've installed a new virtual machine and used your howto > for the installation of samba4 and DNS. > > Unfortunatly...I have the same problem again: > Aug 12 20:58:34 localhost named[28804]: client 192.168.122.150#54473: > update 'quinox.nl/IN' denied > > This is driving me crazy.I even chmod -R 777 /usr/local/samba/private/dns > but also that didn't help. > > I have installed bind-9.6.2-5. > > regards, > > Roland de Lepper > >> You are running on CentOs? >> >> Mine keytab file (for GSS-TSIG) >> >>>> [root(a)node1 sysconfig]# cat named >>>> # BIND named process options >>>> # >>>> KEYTAB_FILE="/usr/local/samba/private/dns.keytab" >>>> export KEYTAB_FILE >>>> # -- Specify named service keytab file (for GSS-TSIG) >> >> Your: >> >>> tkey-gssapi-credential "DNS/quinox.be"; >>> tkey-domain "QUINOX.BE"; >> >> ----------------------------------------------- >> EDV Daniel Müller >> >> Leitung EDV >> Tropenklinik Paul-Lechler-Krankenhaus >> Paul-Lechler-Str. 24 >> 72076 Tübingen >> >> Tel.: 07071/206-463, Fax: 07071/206-499 >> eMail: mueller(a)tropenklinik.de >> Internet: www.tropenklinik.de >> ----------------------------------------------- >> >> -----Ursprüngliche Nachricht----- >> Von: Roland de Lepper [mailto:roland.de.lepper(a)cvis.nl] >> Gesendet: Donnerstag, 12. August 2010 11:16 >> An: mueller(a)tropenklinik.de >> Betreff: Re: AW: AW: AW: [Samba] samba 4 dns-update issue >> >> Is was working with the same denied message in my log, but after the >> changes yesterday, it isn't working anymore: >> >> [root(a)sambaserver sbin]# ./samba_dnsupdate --verbose >> Looking for DNS entry A quinox.be 192.168.122.100 as quinox.be. >> Traceback (most recent call last): >> File "./samba_dnsupdate", line 275, in ? >> if not check_dns_name(d): >> File "./samba_dnsupdate", line 160, in check_dns_name >> ans = resolver.query(normalised_name, d.type) >> File "/usr/lib/python2.4/site-packages/dns/resolver.py", line 723, in >> query >> return get_default_resolver().query(qname, rdtype, rdclass, tcp, >> source) >> File "/usr/lib/python2.4/site-packages/dns/resolver.py", line 604, in >> query >> timeout = self._compute_timeout(start) >> File "/usr/lib/python2.4/site-packages/dns/resolver.py", line 537, in >> _compute_timeout >> raise Timeout >> dns.exception.Timeout >> >> >> >>> Is this working: samba_dnsupdate --verbose ??? >>> >>> ----------------------------------------------- >>> EDV Daniel Müller >>> >>> Leitung EDV >>> Tropenklinik Paul-Lechler-Krankenhaus >>> Paul-Lechler-Str. 24 >>> 72076 Tübingen >>> >>> Tel.: 07071/206-463, Fax: 07071/206-499 >>> eMail: mueller(a)tropenklinik.de >>> Internet: www.tropenklinik.de >>> ----------------------------------------------- >>> >>> -----Ursprüngliche Nachricht----- >>> Von: Roland de Lepper [mailto:roland.de.lepper(a)cvis.nl] >>> Gesendet: Donnerstag, 12. August 2010 10:09 >>> An: mueller(a)tropenklinik.de >>> Cc: samba(a)lists.samba.org >>> Betreff: Re: AW: AW: [Samba] samba 4 dns-update issue >>> >>> Yes I did. >>> >>> here is my /etc/named.conf >>> >>> [root(a)sambaserver ~]# cat /etc/named.conf >>> // >>> // named.conf >>> // >>> // Provided by Red Hat bind package to configure the ISC BIND named(8) >>> DNS >>> // server as a caching only nameserver (as a localhost DNS resolver >>> only). >>> // >>> // See /usr/share/doc/bind*/sample/ for example named configuration >>> files. >>> // >>> >>> options { >>> listen-on port 53 { 127.0.0.1; 192.168.122.100; }; >>> ## listen-on-v6 port 53 { ::1; }; >>> directory "/var/named"; >>> dump-file "/var/named/data/cache_dump.db"; >>> statistics-file "/var/named/data/named_stats.txt"; >>> memstatistics-file "/var/named/data/named_mem_stats.txt"; >>> allow-query { localhost; 192.168.122.0/24; }; >>> recursion yes; >>> forwarders { 192.168.122.1; }; >>> tkey-gssapi-credential "DNS/quinox.be"; >>> tkey-domain "QUINOX.BE"; >>> }; >>> >>> >>> logging { >>> channel default_debug { >>> file "data/named.run"; >>> severity dynamic; >>> }; >>> }; >>> >>> zone "." IN { >>> type hint; >>> file "named.ca"; >>> }; >>> >>> include "/etc/named.rfc1912.zones"; >>> include "/etc/named-samba.conf"; >>> >>> >>>> Did you set a allow query to all your subnets in your named conf?? >>>> Here is mine: >>>> >>>> >>>> >>>> options { >>>> listen-on port 53 { 127.0.0.1;192.168.134.27; };<---imortant >>>> put >>>> an >>>> ip >>>> listen-on-v6 port 53 { ::1; }; >>>> directory "/var/named"; >>>> dump-file "/var/named/data/cache_dump.db"; >>>> statistics-file "/var/named/data/named_stats.txt"; >>>> memstatistics-file "/var/named/data/named_mem_stats.txt"; >>>> allow-query { localhost; 192.168.135.0/24; >>>> 192.168.134.0/24; >>>> };<---all your subnets here >>>> recursion yes; >>>> forwarders { 192.168.134.253; }; >>>> >>>> >>>> logging { >>>> channel default_debug { >>>> file "data/named.run"; >>>> severity dynamic; >>>> }; >>>> }; >>>> >>>> zone "." IN { >>>> type hint; >>>> file "named.ca"; >>>> }; >>>> include "/usr/local/samba/private/named.conf";<--- this named.conf >>>> must >>>> be >>>> named:named, and the file at which it is pointing >>>> to:/usr/local/samba/private/named.conf.update >>>> Also the entry dns.keytab file in /etc/sysconfig/named: >>>> >>>> >>>> [root(a)node1 sysconfig]# cat named >>>> # BIND named process options >>>> # >>>> KEYTAB_FILE="/usr/local/samba/private/dns.keytab" >>>> export KEYTAB_FILE >>>> # -- Specify named service keytab file (for GSS-TSIG) >>>> >>>> Make shure named can read and write to it. >>>> >>>> Try in your smb.conf >>>> Interfaces= ip >>>> Ex mine: >>>> >>>> [globals] >>>> netbios name = NODE1 >>>> workgroup = TUEBINGEN >>>> realm = TUEBINGEN.TST.LOC >>>> server role = domain controller >>>> interfaces= 192.168.134.27 >>>> >>>> Make a samba_dnsupdate --verbose: >>>> [root(a)node1 sysconfig]# samba_dnsupdate --verbose >>>> Looking for DNS entry A tuebingen.tst.loc 192.168.134.27 as >>>> tuebingen.tst.loc. >>>> Looking for DNS entry A node1.tuebingen.tst.loc 192.168.134.27 as >>>> node1.tuebingen.tst.loc. >>>> Looking for DNS entry CNAME >>>> 02284f45-de16-4125-a795-3b614f540ef7._msdcs.tuebingen.tst.loc >>>> node1.tuebingen.tst.loc as >>>> 02284f45-de16-4125-a795-3b614f540ef7._msdcs.tuebingen.tst.loc. >>>> Looking for DNS entry SRV >>>> > _kerberos._tcp.Default-First-Site-Name._sites.dc._msdcs.tuebingen.tst.loc >>>> node1.tuebingen.tst.loc 88 as >>>> >> _kerberos._tcp.Default-First-Site-Name._sites.dc._msdcs.tuebingen.tst.loc. >>>> Checking 0 100 88 node2.tuebingen.tst.loc. against SRV >>>> > _kerberos._tcp.Default-First-Site-Name._sites.dc._msdcs.tuebingen.tst.loc >>>> node1.tuebingen.tst.loc 88 >>>> Checking 0 100 88 node1.tuebingen.tst.loc. against SRV >>>> > _kerberos._tcp.Default-First-Site-Name._sites.dc._msdcs.tuebingen.tst.loc >>>> node1.tuebingen.tst.loc 88 >>>> Looking for DNS entry SRV >>>> _ldap._tcp.Default-First-Site-Name._sites.dc._msdcs.tuebingen.tst.loc >>>> node1.tuebingen.tst.loc 389 as >>>> _ldap._tcp.Default-First-Site-Name._sites.dc._msdcs.tuebingen.tst.loc. >>>> Checking 0 100 389 node1.tuebingen.tst.loc. against SRV >>>> _ldap._tcp.Default-First-Site-Name._sites.dc._msdcs.tuebingen.tst.loc >>>> node1.tuebingen.tst.loc 389 >>>> Looking for DNS entry SRV _kerberos._tcp.dc._msdcs.tuebingen.tst.loc >>>> node1.tuebingen.tst.loc 88 as >>>> _kerberos._tcp.dc._msdcs.tuebingen.tst.loc. >>>> Checking 0 100 88 node1.tuebingen.tst.loc. against SRV >>>> _kerberos._tcp.dc._msdcs.tuebingen.tst.loc node1.tuebingen.tst.loc 88 >>>> Looking for DNS entry SRV _ldap._tcp.dc._msdcs.tuebingen.tst.loc >>>> node1.tuebingen.tst.loc 389 as _ldap._tcp.dc._msdcs.tuebingen.tst.loc. >>>> Checking 0 100 389 node2.tuebingen.tst.loc. against SRV >>>> _ldap._tcp.dc._msdcs.tuebingen.tst.loc node1.tuebingen.tst.loc 389 >>>> Checking 0 100 389 node1.tuebingen.tst.loc. against SRV >>>> _ldap._tcp.dc._msdcs.tuebingen.tst.loc node1.tuebingen.tst.loc 389 >>>> Looking for DNS entry SRV >>>> >>> >> > _ldap._tcp.3d718df6-359c-4eb4-a0de-5a7aaf5b0d26.domains._msdcs.tuebingen.tst >>>> .loc node1.tuebingen.tst.loc 389 as >>>> >>> >> > _ldap._tcp.3d718df6-359c-4eb4-a0de-5a7aaf5b0d26.domains._msdcs.tuebingen.tst >>>> .loc. >>>> Checking 0 100 389 node1.tuebingen.tst.loc. against SRV >>>> >>> >> > _ldap._tcp.3d718df6-359c-4eb4-a0de-5a7aaf5b0d26.domains._msdcs.tuebingen.tst >>>> .loc node1.tuebingen.tst.loc 389 >>>> Looking for DNS entry SRV >>>> _ldap._tcp.Default-First-Site-Name._sites.gc._msdcs.tuebingen.tst.loc >>>> node1.tuebingen.tst.loc 3268 as >>>> _ldap._tcp.Default-First-Site-Name._sites.gc._msdcs.tuebingen.tst.loc. >>>> Checking 0 100 3268 node1.tuebingen.tst.loc. against SRV >>>> _ldap._tcp.Default-First-Site-Name._sites.gc._msdcs.tuebingen.tst.loc >>>> node1.tuebingen.tst.loc 3268 >>>> Looking for DNS entry SRV _ldap._tcp.gc._msdcs.tuebingen.tst.loc >>>> node1.tuebingen.tst.loc 3268 as >>>> _ldap._tcp.gc._msdcs.tuebingen.tst.loc. >>>> Checking 0 100 3268 node1.tuebingen.tst.loc. against SRV >>>> _ldap._tcp.gc._msdcs.tuebingen.tst.loc node1.tuebingen.tst.loc 3268 >>>> Looking for DNS entry SRV _ldap._tcp.pdc._msdcs.tuebingen.tst.loc >>>> node1.tuebingen.tst.loc 389 as >>>> _ldap._tcp.pdc._msdcs.tuebingen.tst.loc. >>>> Checking 0 100 389 node1.tuebingen.tst.loc. against SRV >>>> _ldap._tcp.pdc._msdcs.tuebingen.tst.loc node1.tuebingen.tst.loc 389 >>>> Looking for DNS entry SRV >>>> _gc._tcp.Default-First-Site-Name._sites.tuebingen.tst.loc >>>> node1.tuebingen.tst.loc 3268 as >>>> _gc._tcp.Default-First-Site-Name._sites.tuebingen.tst.loc. >>>> Checking 0 100 3268 node1.tuebingen.tst.loc. against SRV >>>> _gc._tcp.Default-First-Site-Name._sites.tuebingen.tst.loc >>>> node1.tuebingen.tst.loc 3268 >>>> Looking for DNS entry SRV >>>> _kerberos._tcp.Default-First-Site-Name._sites.tuebingen.tst.loc >>>> node1.tuebingen.tst.loc 88 as >>>> _kerberos._tcp.Default-First-Site-Name._sites.tuebingen.tst.loc. >>>> Checking 0 100 88 node2.tuebingen.tst.loc. against SRV >>>> _kerberos._tcp.Default-First-Site-Name._sites.tuebingen.tst.loc >>>> node1.tuebingen.tst.loc 88 >>>> Checking 0 100 88 node1.tuebingen.tst.loc. against SRV >>>> _kerberos._tcp.Default-First-Site-Name._sites.tuebingen.tst.loc >>>> node1.tuebingen.tst.loc 88 >>>> Looking for DNS entry SRV >>>> _ldap._tcp.Default-First-Site-Name._sites.tuebingen.tst.loc >>>> node1.tuebingen.tst.loc 389 as >>>> _ldap._tcp.Default-First-Site-Name._sites.tuebingen.tst.loc. >>>> Checking 0 100 389 node1.tuebingen.tst.loc. against SRV >>>> _ldap._tcp.Default-First-Site-Name._sites.tuebingen.tst.loc >>>> node1.tuebingen.tst.loc 389 >>>> Looking for DNS entry SRV _gc._tcp.tuebingen.tst.loc >>>> node1.tuebingen.tst.loc >>>> 3268 as _gc._tcp.tuebingen.tst.loc. >>>> Checking 0 100 3268 node1.tuebingen.tst.loc. against SRV >>>> _gc._tcp.tuebingen.tst.loc node1.tuebingen.tst.loc 3268 >>>> Looking for DNS entry SRV _kerberos._tcp.tuebingen.tst.loc >>>> node1.tuebingen.tst.loc 88 as _kerberos._tcp.tuebingen.tst.loc. >>>> Checking 0 100 88 node2.tuebingen.tst.loc. against SRV >>>> _kerberos._tcp.tuebingen.tst.loc node1.tuebingen.tst.loc 88 >>>> Checking 0 100 88 node1.tuebingen.tst.loc. against SRV >>>> _kerberos._tcp.tuebingen.tst.loc node1.tuebingen.tst.loc 88 >>>> Looking for DNS entry SRV _kpasswd._tcp.tuebingen.tst.loc >>>> node1.tuebingen.tst.loc 464 as _kpasswd._tcp.tuebingen.tst.loc. >>>> Checking 0 100 464 node1.tuebingen.tst.loc. against SRV >>>> _kpasswd._tcp.tuebingen.tst.loc node1.tuebingen.tst.loc 464 >>>> Looking for DNS entry SRV _ldap._tcp.tuebingen.tst.loc >>>> node1.tuebingen.tst.loc 389 as _ldap._tcp.tuebingen.tst.loc. >>>> Checking 0 100 389 node2.tuebingen.tst.loc. against SRV >>>> _ldap._tcp.tuebingen.tst.loc node1.tuebingen.tst.loc 389 >>>> Checking 0 100 389 node1.tuebingen.tst.loc. against SRV >>>> _ldap._tcp.tuebingen.tst.loc node1.tuebingen.tst.loc 389 >>>> Looking for DNS entry SRV _kerberos._udp.tuebingen.tst.loc >>>> node1.tuebingen.tst.loc 88 as _kerberos._udp.tuebingen.tst.loc. >>>> Checking 0 100 88 node2.tuebingen.tst.loc. against SRV >>>> _kerberos._udp.tuebingen.tst.loc node1.tuebingen.tst.loc 88 >>>> Checking 0 100 88 node1.tuebingen.tst.loc. against SRV >>>> _kerberos._udp.tuebingen.tst.loc node1.tuebingen.tst.loc 88 >>>> Looking for DNS entry SRV _kpasswd._udp.tuebingen.tst.loc >>>> node1.tuebingen.tst.loc 464 as _kpasswd._udp.tuebingen.tst.loc. >>>> Checking 0 100 464 node2.tuebingen.tst.loc. against SRV >>>> _kpasswd._udp.tuebingen.tst.loc node1.tuebingen.tst.loc 464 >>>> Checking 0 100 464 node1.tuebingen.tst.loc. against SRV >>>> _kpasswd._udp.tuebingen.tst.loc node1.tuebingen.tst.loc 464 >>>> No DNS updates needed >>>> >>>> ----------------------------------------------- >>>> EDV Daniel Müller >>>> >>>> Leitung EDV >>>> Tropenklinik Paul-Lechler-Krankenhaus >>>> Paul-Lechler-Str. 24 >>>> 72076 Tübingen >>>> >>>> Tel.: 07071/206-463, Fax: 07071/206-499 >>>> eMail: mueller(a)tropenklinik.de >>>> Internet: www.tropenklinik.de >>>> ----------------------------------------------- >>>> >>>> -----Ursprüngliche Nachricht----- >>>> Von: Roland de Lepper [mailto:roland.de.lepper(a)cvis.nl] >>>> Gesendet: Mittwoch, 11. August 2010 13:16 >>>> An: mueller(a)tropenklinik.de >>>> Cc: samba(a)lists.samba.org >>>> Betreff: Re: AW: [Samba] samba 4 dns-update issue >>>> >>>> I,ve looked at your howto, and it's exactly what I've did too. I also >>>> compiled bind after I created the user'named' and added to the group >>>> 'named'. I've set the permissions on the files as in your howto, but >>>> still >>>> no luck. >>>> >>>> Selinux and the firewall are disabled on the samba-server and the >>>> firewall >>>> is disabled on the win7 client machine. >>>> >>>> Kind regards, >>>> >>>> Roland de Lepper >>>> >>>> >>>> >>>>> Look at my thread: HOWTO samba4 centos5.5 named dnsupdate drbd simple >>>>> failover >>>>> >>>>> ----------------------------------------------- >>>>> EDV Daniel Müller >>>>> >>>>> Leitung EDV >>>>> Tropenklinik Paul-Lechler-Krankenhaus >>>>> Paul-Lechler-Str. 24 >>>>> 72076 Tübingen >>>>> >>>>> Tel.: 07071/206-463, Fax: 07071/206-499 >>>>> eMail: mueller(a)tropenklinik.de >>>>> Internet: www.tropenklinik.de >>>>> ----------------------------------------------- >>>>> >>>>> -----Ursprüngliche Nachricht----- >>>>> Von: samba-bounces(a)lists.samba.org >>>>> [mailto:samba-bounces(a)lists.samba.org] >>>>> Im >>>>> Auftrag von Roland de Lepper >>>>> Gesendet: Mittwoch, 11. August 2010 09:38 >>>>> An: samba(a)lists.samba.org >>>>> Betreff: [Samba] samba 4 dns-update issue >>>>> >>>>> Hi all, >>>>> >>>>> I've setup samba4 according to the samba4 wiki on centOS 5.4 in KVM. >>>>> This went without any problems. I only had to install a higher >>>>> version >>>>> of >>>>> bind to 9.6.x because Centos bind in repo will install version 9.3.x. >>>>> I've used the Fedora12 source rpms for this to build bind 9.6.x on >>>>> Centos >>>>> 5.4. >>>>> >>>>> Then I configured bind according to the samba wiki >>>>> (http://wiki.samba.org/index.php/Samba4/DNS) >>>>> >>>>> I did all the check in the wiki to see if bind is working. All tests >>>>> passed. >>>>> But in my logs a got the messages "The working directory is not >>>>> writable". >>>>> I changed the owner on /var/named to the group named, which solved >>>>> that >>>>> problem. >>>>> >>>>> Then i installed Win7 virtual in KVM and joined the domain. I can >>>>> login, >>>>> create users via dsa.msc tool on windows and see them in wbinfo -u on >>>>> the >>>>> samba4 domain controller. All looks right, except for my ddns. The >>>>> zone >>>>> could not be updated with the new win7 machine. The win7 machine has >>>>> a >>>>> fixed ip-address. >>>>> >>>>> I checked all the howto again and again, but couldn't find a thing >>>>> which >>>>> could cause this. The error I see in my log is: >>>>> >>>>> Aug 11 09:34:46 sambaserver named[2281]: client >>>>> 192.168.122.150#60058: >>>>> query 'roland.quinox.be/SOA/IN' denied >>>>> >>>>> Is this a permission problem? I check and the group 'named' has write >>>>> access to my zone file. (the user 'named' is member of the group >>>>> 'named') >>>>> >>>>> This is the only issue I have with my samba4 installation and I >>>>> really >>>>> want to solve this issue. >>>>> >>>>> If you need more information or configurations, i can post them. >>>>> >>>>> Kind regards, >>>>> >>>>> Roland >>>>> >>>>> >>>>> >>>>> -- >>>>> To unsubscribe from this list go to the following URL and read the >>>>> instructions: https://lists.samba.org/mailman/options/samba >>>>> >>>>> >>>>> >>>> >>>> >>>> >>>> >>>> >>> >>> >>> >>> >>> >> >> >> >> >> > > > > > -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba |