[samba] DNS update failed!

Prev: Multiple Workgroups and Subnets
Next: windows 7 professional Samba share access denied

From: Alexander R. Fahrutdinov on 29 Jul 2010 08:30

---

В сообщении от 29 июля 2010 09:08:29 автор Alexander R. Fahrutdinov написал:
> В сообщении от 28 июля 2010 18:10:29 автор k.maksimov написал:
> > Alexander R. Fahrutdinov wrote:
> > > В сообщении от 28 июля 2010 10:15:25 автор k.maksimov написал:
> > >> Anton wrote:
> > >>> On 28 July 2010 01:45, k.maksimov <k.maksimov(a)butb.by> wrote:
> > >>>> I have two networks: 192.168.1.0 with netmask 255.255.255.0 and
> > >>>> 172.16.0.0 with netmask 255.255.254.0, when I join in domain in
> > >>>> first network hostname registered successfully, but in second
> > >>>> network:
> > >>>>
> > >>>> sudo net ads join -U admin
> > >>>> Enter admin's password:
> > >>>> Using short domain name -- BUTB
> > >>>> Joined 'TH-2-011' to realm 'butb.by'
> > >>>> DNS update failed!
> > >>>
> > >>> As far as I can tell (I'm not entirely certain though) this is an
> > >>> Active Directory / Windows Server configuration issue around
> > >>> loosening permissions enough for the DHCP service to update the DNS
> > >>> records.
> > >>>
> > >>> I don't know exactly what settings need to be configured though, as I
> > >>> didn't manage to get it working either. In the end I decided to keep
> > >>> the standard security and just use static IPs and DNS records for
> > >>> winbind machines.
> > >>
> > >> I'm use static IP and I haven't DHCP. and this problem not an AD:
> > >> Windows machines successfully update DNS.
> > >>
> > >> also I have ~200 machines and I can't add every DNS record manually.
>
> It seems, secure DNS update has broken in samba. I tried to use different
> versions of samba (3.2.4, 3.4.4, 3.5.4, etc), but always got an error
> during DNS update, in spite of "wbinfo -t" and "net ads info" commands
> output was OK.
>
> Secure DNS update via nss-update script has sucssefully completed, but it
> requires a domain admin creditionals.
> Guys from http://rc.quest.com/topics/ddns/old.php create a patch for nss-
> update and GSSAPI library to use machine account instead admin one, but I
> don't try this.
>
> So, I don't promise to disable the secure DNS update, because it decrease
> AD security.
>
> Perghaps, somebody tell us, what we doing wrong?

Earlier I tested DNS update on samba package included in Debian Etch, Lenny
and testing Debian branch.

Now I download CentOS distribution and try to update DNS via "net ads dns
register -P" command. I'm surprised when command reports "Successfully
registered hostname with DNS" with samba 3.0.33 and 3.5.4 versions.

So, it isn't samba problem, but problem of specific distribution.

And what's your distribution?
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba

From: k.maksimov on 29 Jul 2010 09:10

---

Alexander R. Fahrutdinov wrote:

> В сообщении от 29 июля 2010 09:08:29 автор Alexander R. Fahrutdinov написал:
>
>> В сообщении от 28 июля 2010 18:10:29 автор k.maksimov написал:
>>
>>> Alexander R. Fahrutdinov wrote:
>>>
>>>> В сообщении от 28 июля 2010 10:15:25 автор k.maksimov написал:
>>>>
>>>>> Anton wrote:
>>>>>
>>>>>> On 28 July 2010 01:45, k.maksimov <k.maksimov(a)butb.by> wrote:
>>>>>>
>>>>>>> I have two networks: 192.168.1.0 with netmask 255.255.255.0 and
>>>>>>> 172.16.0.0 with netmask 255.255.254.0, when I join in domain in
>>>>>>> first network hostname registered successfully, but in second
>>>>>>> network:
>>>>>>>
>>>>>>> sudo net ads join -U admin
>>>>>>> Enter admin's password:
>>>>>>> Using short domain name -- BUTB
>>>>>>> Joined 'TH-2-011' to realm 'butb.by'
>>>>>>> DNS update failed!
>>>>>>>
>>>>>> As far as I can tell (I'm not entirely certain though) this is an
>>>>>> Active Directory / Windows Server configuration issue around
>>>>>> loosening permissions enough for the DHCP service to update the DNS
>>>>>> records.
>>>>>>
>>>>>> I don't know exactly what settings need to be configured though, as I
>>>>>> didn't manage to get it working either. In the end I decided to keep
>>>>>> the standard security and just use static IPs and DNS records for
>>>>>> winbind machines.
>>>>>>
>>>>> I'm use static IP and I haven't DHCP. and this problem not an AD:
>>>>> Windows machines successfully update DNS.
>>>>>
>>>>> also I have ~200 machines and I can't add every DNS record manually.
>>>>>
>> It seems, secure DNS update has broken in samba. I tried to use different
>> versions of samba (3.2.4, 3.4.4, 3.5.4, etc), but always got an error
>> during DNS update, in spite of "wbinfo -t" and "net ads info" commands
>> output was OK.
>>
>> Secure DNS update via nss-update script has sucssefully completed, but it
>> requires a domain admin creditionals.
>> Guys from http://rc.quest.com/topics/ddns/old.php create a patch for nss-
>> update and GSSAPI library to use machine account instead admin one, but I
>> don't try this.
>>
>> So, I don't promise to disable the secure DNS update, because it decrease
>> AD security.
>>
>> Perghaps, somebody tell us, what we doing wrong?
>>
>
> Earlier I tested DNS update on samba package included in Debian Etch, Lenny
> and testing Debian branch.
>
> Now I download CentOS distribution and try to update DNS via "net ads dns
> register -P" command. I'm surprised when command reports "Successfully
> registered hostname with DNS" with samba 3.0.33 and 3.5.4 versions.
>
> So, it isn't samba problem, but problem of specific distribution.
>
> And what's your distribution?
>
I'm use Linux Mint 9 (based on Ubuntu 10.4), samba is 3.4.7, and in network 192.168.1.0/24 dns updated successfully via "net ads dns
register -P". So, it's samba problem:)


--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba

From: Alexander R. Fahrutdinov on 30 Jul 2010 01:40

---

В сообщении от 29 июля 2010 17:05:53 автор k.maksimov написал:
> Alexander R. Fahrutdinov wrote:
> > В сообщении от 29 июля 2010 09:08:29 автор Alexander R. Fahrutdinov
написал:
> >> В сообщении от 28 июля 2010 18:10:29 автор k.maksimov написал:
> >>> Alexander R. Fahrutdinov wrote:
> >>>> В сообщении от 28 июля 2010 10:15:25 автор k.maksimov написал:
> >>>>> Anton wrote:
> >>>>>> On 28 July 2010 01:45, k.maksimov <k.maksimov(a)butb.by> wrote:
> >>>>>>> I have two networks: 192.168.1.0 with netmask 255.255.255.0 and
> >>>>>>> 172.16.0.0 with netmask 255.255.254.0, when I join in domain in
> >>>>>>> first network hostname registered successfully, but in second
> >>>>>>> network:
> >>>>>>>
> >>>>>>> sudo net ads join -U admin
> >>>>>>> Enter admin's password:
> >>>>>>> Using short domain name -- BUTB
> >>>>>>> Joined 'TH-2-011' to realm 'butb.by'
> >>>>>>> DNS update failed!
> >>>>>>
> >>>>>> As far as I can tell (I'm not entirely certain though) this is an
> >>>>>> Active Directory / Windows Server configuration issue around
> >>>>>> loosening permissions enough for the DHCP service to update the DNS
> >>>>>> records.
> >>>>>>
> >>>>>> I don't know exactly what settings need to be configured though, as
> >>>>>> I didn't manage to get it working either. In the end I decided to
> >>>>>> keep the standard security and just use static IPs and DNS records
> >>>>>> for winbind machines.
> >>>>>
> >>>>> I'm use static IP and I haven't DHCP. and this problem not an AD:
> >>>>> Windows machines successfully update DNS.
> >>>>>
> >>>>> also I have ~200 machines and I can't add every DNS record manually.
> >>
> >> It seems, secure DNS update has broken in samba. I tried to use
> >> different versions of samba (3.2.4, 3.4.4, 3.5.4, etc), but always got
> >> an error during DNS update, in spite of "wbinfo -t" and "net ads info"
> >> commands output was OK.
> >>
> >> Secure DNS update via nss-update script has sucssefully completed, but
> >> it requires a domain admin creditionals.
> >> Guys from http://rc.quest.com/topics/ddns/old.php create a patch for
> >> nss- update and GSSAPI library to use machine account instead admin
> >> one, but I don't try this.
> >>
> >> So, I don't promise to disable the secure DNS update, because it
> >> decrease AD security.
> >>
> >> Perghaps, somebody tell us, what we doing wrong?
> >
> > Earlier I tested DNS update on samba package included in Debian Etch,
> > Lenny and testing Debian branch.
> >
> > Now I download CentOS distribution and try to update DNS via "net ads dns
> > register -P" command. I'm surprised when command reports "Successfully
> > registered hostname with DNS" with samba 3.0.33 and 3.5.4 versions.
> >
> > So, it isn't samba problem, but problem of specific distribution.
> >
> > And what's your distribution?
>
> I'm use Linux Mint 9 (based on Ubuntu 10.4), samba is 3.4.7, and in network
> 192.168.1.0/24 dns updated successfully via "net ads dns register -P". So,
> it's samba problem:)

Now I trying to update DNS from CentOS with two NICs: 192.168.33.131 and
10.0.3.15, and both addresses is being added to DNS sucsessfully.

PS: "net ads dns register -P"
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba

From: Alexander R. Fahrutdinov on 30 Jul 2010 05:40

---

В сообщении от 30 июля 2010 09:39:05 автор Alexander R. Fahrutdinov написал:
> В сообщении от 29 июля 2010 17:05:53 автор k.maksimov написал:
> > Alexander R. Fahrutdinov wrote:
> > > В сообщении от 29 июля 2010 09:08:29 автор Alexander R. Fahrutdinov
>
> написал:
> > >> В сообщении от 28 июля 2010 18:10:29 автор k.maksimov написал:
> > >>> Alexander R. Fahrutdinov wrote:
> > >>>> В сообщении от 28 июля 2010 10:15:25 автор k.maksimov написал:
> > >>>>> Anton wrote:
> > >>>>>> On 28 July 2010 01:45, k.maksimov <k.maksimov(a)butb.by> wrote:
> > >>>>>>> I have two networks: 192.168.1.0 with netmask 255.255.255.0 and
> > >>>>>>> 172.16.0.0 with netmask 255.255.254.0, when I join in domain in
> > >>>>>>> first network hostname registered successfully, but in second
> > >>>>>>> network:
> > >>>>>>>
> > >>>>>>> sudo net ads join -U admin
> > >>>>>>> Enter admin's password:
> > >>>>>>> Using short domain name -- BUTB
> > >>>>>>> Joined 'TH-2-011' to realm 'butb.by'
> > >>>>>>> DNS update failed!
> > >>>>>>
> > >>>>>> As far as I can tell (I'm not entirely certain though) this is an
> > >>>>>> Active Directory / Windows Server configuration issue around
> > >>>>>> loosening permissions enough for the DHCP service to update the
> > >>>>>> DNS records.
> > >>>>>>
> > >>>>>> I don't know exactly what settings need to be configured though,
> > >>>>>> as I didn't manage to get it working either. In the end I decided
> > >>>>>> to keep the standard security and just use static IPs and DNS
> > >>>>>> records for winbind machines.
> > >>>>>
> > >>>>> I'm use static IP and I haven't DHCP. and this problem not an AD:
> > >>>>> Windows machines successfully update DNS.
> > >>>>>
> > >>>>> also I have ~200 machines and I can't add every DNS record
> > >>>>> manually.
> > >>
> > >> It seems, secure DNS update has broken in samba. I tried to use
> > >> different versions of samba (3.2.4, 3.4.4, 3.5.4, etc), but always got
> > >> an error during DNS update, in spite of "wbinfo -t" and "net ads info"
> > >> commands output was OK.
> > >>
> > >> Secure DNS update via nss-update script has sucssefully completed, but
> > >> it requires a domain admin creditionals.
> > >> Guys from http://rc.quest.com/topics/ddns/old.php create a patch for
> > >> nss- update and GSSAPI library to use machine account instead admin
> > >> one, but I don't try this.
> > >>
> > >> So, I don't promise to disable the secure DNS update, because it
> > >> decrease AD security.
> > >>
> > >> Perghaps, somebody tell us, what we doing wrong?
> > >
> > > Earlier I tested DNS update on samba package included in Debian Etch,
> > > Lenny and testing Debian branch.
> > >
> > > Now I download CentOS distribution and try to update DNS via "net ads
> > > dns register -P" command. I'm surprised when command reports
> > > "Successfully registered hostname with DNS" with samba 3.0.33 and
> > > 3.5.4 versions.
> > >
> > > So, it isn't samba problem, but problem of specific distribution.
> > >
> > > And what's your distribution?
> >
> > I'm use Linux Mint 9 (based on Ubuntu 10.4), samba is 3.4.7, and in
> > network 192.168.1.0/24 dns updated successfully via "net ads dns
> > register -P". So, it's samba problem:)
>
> Now I trying to update DNS from CentOS with two NICs: 192.168.33.131 and
> 10.0.3.15, and both addresses is being added to DNS sucsessfully.
>
> PS: "net ads dns register -P"
So, my tests:

Debian Etch:
samba & winbind 3.2.5-4~bpo41+1
libkrb53 1.4.4-7etch6

.>net ads dns register -P
.>Successfully registered hostname with DNS

Debian Lenny:
samba & winbind 3.4.8~dfsg-2~bpo50+1 and 3.2.5-4lenny12 (work with
both)

libkrb53 1.6.dfsg.4~beta1-5lenny4

.>net ads dns register -P
.>Successfully registered hostname with DNS

Debian Sid/Unstable (my case)
samba & winbind 3.4.8~dfsg-2 and 3.5.4~dfsg-1 (not work with both)

libkrb53 1.8.1+dfsg-5

.>net ads dns register -P
.>DNS update failed!
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba

From: k.maksimov on 4 Aug 2010 02:30

---

Alexander R. Fahrutdinov wrote:
> В сообщении от 30 июля 2010 09:39:05 автор Alexander R. Fahrutdinov написал:
>
>> В сообщении от 29 июля 2010 17:05:53 автор k.maksimov написал:
>>
>>> Alexander R. Fahrutdinov wrote:
>>>
>>>> В сообщении от 29 июля 2010 09:08:29 автор Alexander R. Fahrutdinov
>>>>
>> написал:
>>
>>>>> В сообщении от 28 июля 2010 18:10:29 автор k.maksimov написал:
>>>>>
>>>>>> Alexander R. Fahrutdinov wrote:
>>>>>>
>>>>>>> В сообщении от 28 июля 2010 10:15:25 автор k.maksimov написал:
>>>>>>>
>>>>>>>> Anton wrote:
>>>>>>>>
>>>>>>>>> On 28 July 2010 01:45, k.maksimov <k.maksimov(a)butb.by> wrote:
>>>>>>>>>
>>>>>>>>>> I have two networks: 192.168.1.0 with netmask 255.255.255.0 and
>>>>>>>>>> 172.16.0.0 with netmask 255.255.254.0, when I join in domain in
>>>>>>>>>> first network hostname registered successfully, but in second
>>>>>>>>>> network:
>>>>>>>>>>
>>>>>>>>>> sudo net ads join -U admin
>>>>>>>>>> Enter admin's password:
>>>>>>>>>> Using short domain name -- BUTB
>>>>>>>>>> Joined 'TH-2-011' to realm 'butb.by'
>>>>>>>>>> DNS update failed!
>>>>>>>>>>
>>>>>>>>> As far as I can tell (I'm not entirely certain though) this is an
>>>>>>>>> Active Directory / Windows Server configuration issue around
>>>>>>>>> loosening permissions enough for the DHCP service to update the
>>>>>>>>> DNS records.
>>>>>>>>>
>>>>>>>>> I don't know exactly what settings need to be configured though,
>>>>>>>>> as I didn't manage to get it working either. In the end I decided
>>>>>>>>> to keep the standard security and just use static IPs and DNS
>>>>>>>>> records for winbind machines.
>>>>>>>>>
>>>>>>>> I'm use static IP and I haven't DHCP. and this problem not an AD:
>>>>>>>> Windows machines successfully update DNS.
>>>>>>>>
>>>>>>>> also I have ~200 machines and I can't add every DNS record
>>>>>>>> manually.
>>>>>>>>
>>>>> It seems, secure DNS update has broken in samba. I tried to use
>>>>> different versions of samba (3.2.4, 3.4.4, 3.5.4, etc), but always got
>>>>> an error during DNS update, in spite of "wbinfo -t" and "net ads info"
>>>>> commands output was OK.
>>>>>
>>>>> Secure DNS update via nss-update script has sucssefully completed, but
>>>>> it requires a domain admin creditionals.
>>>>> Guys from http://rc.quest.com/topics/ddns/old.php create a patch for
>>>>> nss- update and GSSAPI library to use machine account instead admin
>>>>> one, but I don't try this.
>>>>>
>>>>> So, I don't promise to disable the secure DNS update, because it
>>>>> decrease AD security.
>>>>>
>>>>> Perghaps, somebody tell us, what we doing wrong?
>>>>>
>>>> Earlier I tested DNS update on samba package included in Debian Etch,
>>>> Lenny and testing Debian branch.
>>>>
>>>> Now I download CentOS distribution and try to update DNS via "net ads
>>>> dns register -P" command. I'm surprised when command reports
>>>> "Successfully registered hostname with DNS" with samba 3.0.33 and
>>>> 3.5.4 versions.
>>>>
>>>> So, it isn't samba problem, but problem of specific distribution.
>>>>
>>>> And what's your distribution?
>>>>
>>> I'm use Linux Mint 9 (based on Ubuntu 10.4), samba is 3.4.7, and in
>>> network 192.168.1.0/24 dns updated successfully via "net ads dns
>>> register -P". So, it's samba problem:)
>>>
>> Now I trying to update DNS from CentOS with two NICs: 192.168.33.131 and
>> 10.0.3.15, and both addresses is being added to DNS sucsessfully.
>>
>> PS: "net ads dns register -P"
>>
> So, my tests:
>
> Debian Etch:
> samba & winbind 3.2.5-4~bpo41+1
> libkrb53 1.4.4-7etch6
>
> .>net ads dns register -P
> .>Successfully registered hostname with DNS
>
> Debian Lenny:
> samba & winbind 3.4.8~dfsg-2~bpo50+1 and 3.2.5-4lenny12 (work with
> both)
>
> libkrb53 1.6.dfsg.4~beta1-5lenny4
>
> .>net ads dns register -P
> .>Successfully registered hostname with DNS
>
> Debian Sid/Unstable (my case)
> samba & winbind 3.4.8~dfsg-2 and 3.5.4~dfsg-1 (not work with both)
>
> libkrb53 1.8.1+dfsg-5
>
> .>net ads dns register -P
> .>DNS update failed!
>
I try CentOS, Suse and Slackware, and ever, in second network, DNS
wasn't update. :(

--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba

First  |  Prev  | 
Pages: 1 2
Prev: Multiple Workgroups and Subnets
Next: windows 7 professional Samba share access denied