Re: [Samba] V4 - New Install - Missing Zone File

Thu, 23 Feb 2012 08:32:13 -0800 

On Thu, Feb 23, 2012 at 4:33 PM, Jeremy Davis<jdavis4...@gmail.com>  wrote:




I forgot to mention that nsupdate command should also include -g 
flag to

force
secure (kerberos) updates.

    nsupdate command = /path/to/nsupdate -g

dlz_bind9 module only allows secure dynamic updates.

Amitay.


I added the -g to the smb.conf and restarted samba and named but it 
doesn't

seem to do anything. Could this be an issue with kerberos? I am able to
authenticate with my Windows machine and via the command line using the
tests on the samba4 wiki. Any ideas as to what this could be?

What happens when you run samba_dnsupdate --verbose?
What's the output from BIND?

Amitay.


Well, the samba_dnsupdate logs are the same but bind is now showing a 
little different error.

samba-dnsupdate:


IPs: ['2002:4b46:c8ad:0:a00:27ff:fe14:5491', 
'fe80::a00:27ff:fe14:5491%eth0', 'fe80::a00:27ff:fee5:5840%eth1', 
'192.168.7.30', '192.168.30.1']

Looking for DNS entry A bob-dc.com 192.168.7.30 as bob-dc.com.
Looking for DNS entry A dc1.bob-dc.com 192.168.7.30 as dc1.bob-dc.com.

Looking for DNS entry AAAA bob-dc.com 
2002:4b46:c8ad:0:a00:27ff:fe14:5491 as bob-dc.com.
Failed to find matching DNS entry AAAA bob-dc.com 
2002:4b46:c8ad:0:a00:27ff:fe14:5491
Looking for DNS entry AAAA dc1.bob-dc.com 
2002:4b46:c8ad:0:a00:27ff:fe14:5491 as dc1.bob-dc.com.
Failed to find matching DNS entry AAAA dc1.bob-dc.com 
2002:4b46:c8ad:0:a00:27ff:fe14:5491
Looking for DNS entry A gc._msdcs.bob-dc.com 192.168.7.30 as 
gc._msdcs.bob-dc.com.
Looking for DNS entry AAAA gc._msdcs.bob-dc.com 
2002:4b46:c8ad:0:a00:27ff:fe14:5491 as gc._msdcs.bob-dc.com.
Failed to find matching DNS entry AAAA gc._msdcs.bob-dc.com 
2002:4b46:c8ad:0:a00:27ff:fe14:5491
Looking for DNS entry CNAME 
48c0fc0c-dcc1-425d-bcb2-a229d40ab48c._msdcs.bob-dc.com dc1.bob-dc.com 
as 48c0fc0c-dcc1-425d-bcb2-a229d40ab48c._msdcs.bob-dc.com.
Looking for DNS entry SRV _kpasswd._tcp.bob-dc.com dc1.bob-dc.com 464 
as _kpasswd._tcp.bob-dc.com.
Checking 0 100 464 dc1.bob-dc.com. against SRV 
_kpasswd._tcp.bob-dc.com dc1.bob-dc.com 464
Looking for DNS entry SRV _kpasswd._udp.bob-dc.com dc1.bob-dc.com 464 
as _kpasswd._udp.bob-dc.com.
Checking 0 100 464 dc1.bob-dc.com. against SRV 
_kpasswd._udp.bob-dc.com dc1.bob-dc.com 464
Looking for DNS entry SRV _kerberos._tcp.bob-dc.com dc1.bob-dc.com 88 
as _kerberos._tcp.bob-dc.com.
Checking 0 100 88 dc1.bob-dc.com. against SRV 
_kerberos._tcp.bob-dc.com dc1.bob-dc.com 88
Looking for DNS entry SRV _kerberos._tcp.dc._msdcs.bob-dc.com 
dc1.bob-dc.com 88 as _kerberos._tcp.dc._msdcs.bob-dc.com.
Checking 0 100 88 dc1.bob-dc.com. against SRV 
_kerberos._tcp.dc._msdcs.bob-dc.com dc1.bob-dc.com 88
Looking for DNS entry SRV 
_kerberos._tcp.default-first-site-name._sites.bob-dc.com 
dc1.bob-dc.com 88 as 
_kerberos._tcp.default-first-site-name._sites.bob-dc.com.
Checking 0 100 88 dc1.bob-dc.com. against SRV 
_kerberos._tcp.default-first-site-name._sites.bob-dc.com 
dc1.bob-dc.com 88
Looking for DNS entry SRV 
_kerberos._tcp.default-first-site-name._sites.dc._msdcs.bob-dc.com 
dc1.bob-dc.com 88 as 
_kerberos._tcp.default-first-site-name._sites.dc._msdcs.bob-dc.com.
Checking 0 100 88 dc1.bob-dc.com. against SRV 
_kerberos._tcp.default-first-site-name._sites.dc._msdcs.bob-dc.com 
dc1.bob-dc.com 88
Looking for DNS entry SRV _kerberos._udp.bob-dc.com dc1.bob-dc.com 88 
as _kerberos._udp.bob-dc.com.
Checking 0 100 88 dc1.bob-dc.com. against SRV 
_kerberos._udp.bob-dc.com dc1.bob-dc.com 88
Looking for DNS entry SRV _ldap._tcp.bob-dc.com dc1.bob-dc.com 389 as 
_ldap._tcp.bob-dc.com.
Checking 0 100 389 dc1.bob-dc.com. against SRV _ldap._tcp.bob-dc.com 
dc1.bob-dc.com 389
Looking for DNS entry SRV _ldap._tcp.dc._msdcs.bob-dc.com 
dc1.bob-dc.com 389 as _ldap._tcp.dc._msdcs.bob-dc.com.
Checking 0 100 389 dc1.bob-dc.com. against SRV 
_ldap._tcp.dc._msdcs.bob-dc.com dc1.bob-dc.com 389
Looking for DNS entry SRV _ldap._tcp.gc._msdcs.bob-dc.com 
dc1.bob-dc.com 3268 as _ldap._tcp.gc._msdcs.bob-dc.com.
Checking 0 100 3268 dc1.bob-dc.com. against SRV 
_ldap._tcp.gc._msdcs.bob-dc.com dc1.bob-dc.com 3268
Looking for DNS entry SRV _ldap._tcp.pdc._msdcs.bob-dc.com 
dc1.bob-dc.com 389 as _ldap._tcp.pdc._msdcs.bob-dc.com.
Checking 0 100 389 dc1.bob-dc.com. against SRV 
_ldap._tcp.pdc._msdcs.bob-dc.com dc1.bob-dc.com 389
Looking for DNS entry SRV 
_ldap._tcp.default-first-site-name._sites.bob-dc.com dc1.bob-dc.com 
389 as _ldap._tcp.default-first-site-name._sites.bob-dc.com.
Checking 0 100 389 dc1.bob-dc.com. against SRV 
_ldap._tcp.default-first-site-name._sites.bob-dc.com dc1.bob-dc.com 389
Looking for DNS entry SRV 
_ldap._tcp.default-first-site-name._sites.dc._msdcs.bob-dc.com 
dc1.bob-dc.com 389 as 
_ldap._tcp.default-first-site-name._sites.dc._msdcs.bob-dc.com.
Checking 0 100 389 dc1.bob-dc.com. against SRV 
_ldap._tcp.default-first-site-name._sites.dc._msdcs.bob-dc.com 
dc1.bob-dc.com 389
Looking for DNS entry SRV 
_ldap._tcp.default-first-site-name._sites.gc._msdcs.bob-dc.com 
dc1.bob-dc.com 3268 as 
_ldap._tcp.default-first-site-name._sites.gc._msdcs.bob-dc.com.
Checking 0 100 3268 dc1.bob-dc.com. against SRV 
_ldap._tcp.default-first-site-name._sites.gc._msdcs.bob-dc.com 
dc1.bob-dc.com 3268
Looking for DNS entry SRV 
_ldap._tcp.2d1290ec-d837-4f59-8730-9deb5078c8f0.domains._msdcs.bob-dc.com 
dc1.bob-dc.com 389 as 
_ldap._tcp.2d1290ec-d837-4f59-8730-9deb5078c8f0.domains._msdcs.bob-dc.com.
Checking 0 100 389 dc1.bob-dc.com. against SRV 
_ldap._tcp.2d1290ec-d837-4f59-8730-9deb5078c8f0.domains._msdcs.bob-dc.com 
dc1.bob-dc.com 389
Looking for DNS entry SRV _gc._tcp.bob-dc.com dc1.bob-dc.com 3268 as 
_gc._tcp.bob-dc.com.
Checking 0 100 3268 dc1.bob-dc.com. against SRV _gc._tcp.bob-dc.com 
dc1.bob-dc.com 3268
Looking for DNS entry SRV 
_gc._tcp.default-first-site-name._sites.bob-dc.com dc1.bob-dc.com 3268 
as _gc._tcp.default-first-site-name._sites.bob-dc.com.
Checking 0 100 3268 dc1.bob-dc.com. against SRV 
_gc._tcp.default-first-site-name._sites.bob-dc.com dc1.bob-dc.com 3268

Looking for DNS entry A bob-dc.com 192.168.30.1 as bob-dc.com.
Failed to find matching DNS entry A bob-dc.com 192.168.30.1
Looking for DNS entry A dc1.bob-dc.com 192.168.30.1 as dc1.bob-dc.com.
Failed to find matching DNS entry A dc1.bob-dc.com 192.168.30.1

Looking for DNS entry A gc._msdcs.bob-dc.com 192.168.30.1 as 
gc._msdcs.bob-dc.com.

Failed to find matching DNS entry A gc._msdcs.bob-dc.com 192.168.30.1
Calling nsupdate for AAAA bob-dc.com 2002:4b46:c8ad:0:a00:27ff:fe14:5491
Outgoing update query:
;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id:      0
;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0
;; UPDATE SECTION:

bob-dc.com.        900    IN    AAAA    
2002:4b46:c8ad:0:a00:27ff:fe14:5491


update failed: REFUSED
Failed nsupdate: 2

Calling nsupdate for AAAA dc1.bob-dc.com 
2002:4b46:c8ad:0:a00:27ff:fe14:5491

Outgoing update query:
;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id:      0
;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0
;; UPDATE SECTION:

dc1.bob-dc.com.    900    IN    AAAA    
2002:4b46:c8ad:0:a00:27ff:fe14:5491


update failed: REFUSED
Failed nsupdate: 2

Calling nsupdate for AAAA gc._msdcs.bob-dc.com 
2002:4b46:c8ad:0:a00:27ff:fe14:5491

Outgoing update query:
;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id:      0
;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0
;; UPDATE SECTION:

gc._msdcs.bob-dc.com.    900    IN    AAAA    
2002:4b46:c8ad:0:a00:27ff:fe14:5491


update failed: REFUSED
Failed nsupdate: 2
Calling nsupdate for A bob-dc.com 192.168.30.1
Outgoing update query:
;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id:      0
;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0
;; UPDATE SECTION:
bob-dc.com.        900    IN    A    192.168.30.1

update failed: REFUSED
Failed nsupdate: 2
Calling nsupdate for A dc1.bob-dc.com 192.168.30.1
Outgoing update query:
;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id:      0
;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0
;; UPDATE SECTION:
dc1.bob-dc.com.    900    IN    A    192.168.30.1

update failed: REFUSED
Failed nsupdate: 2
Calling nsupdate for A gc._msdcs.bob-dc.com 192.168.30.1
Outgoing update query:
;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id:      0
;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0
;; UPDATE SECTION:
gc._msdcs.bob-dc.com.    900    IN    A    192.168.30.1

update failed: REFUSED
Failed nsupdate: 2
Failed update of 6 entries


bind logs:


Feb 22 22:51:43 dc1 named[2498]: samba_dlz: starting transaction on 
zone bob-dc.com

Feb 22 22:51:43 dc1 named[2498]: samba_dlz: spnego update failed

Feb 22 22:51:43 dc1 named[2498]: client 192.168.30.1#43717: updating 
zone 'bob-dc.com/NONE': update failed: rejected by secure update 
(REFUSED)
Feb 22 22:51:43 dc1 named[2498]: samba_dlz: cancelling transaction on 
zone bob-dc.com
Feb 22 22:51:43 dc1 named[2498]: samba_dlz: starting transaction on 
zone bob-dc.com

Feb 22 22:51:43 dc1 named[2498]: samba_dlz: spnego update failed

Feb 22 22:51:43 dc1 named[2498]: client 192.168.30.1#33042: updating 
zone 'bob-dc.com/NONE': update failed: rejected by secure update 
(REFUSED)
Feb 22 22:51:43 dc1 named[2498]: samba_dlz: cancelling transaction on 
zone bob-dc.com
Feb 22 22:51:43 dc1 named[2498]: samba_dlz: starting transaction on 
zone _msdcs.bob-dc.com

Feb 22 22:51:43 dc1 named[2498]: samba_dlz: spnego update failed

Feb 22 22:51:43 dc1 named[2498]: client 192.168.30.1#40855: updating 
zone '_msdcs.bob-dc.com/NONE': update failed: rejected by secure 
update (REFUSED)
Feb 22 22:51:43 dc1 named[2498]: samba_dlz: cancelling transaction on 
zone _msdcs.bob-dc.com
Feb 22 22:51:43 dc1 named[2498]: samba_dlz: starting transaction on 
zone bob-dc.com

Feb 22 22:51:43 dc1 named[2498]: samba_dlz: spnego update failed

Feb 22 22:51:43 dc1 named[2498]: client 192.168.30.1#38049: updating 
zone 'bob-dc.com/NONE': update failed: rejected by secure update 
(REFUSED)
Feb 22 22:51:43 dc1 named[2498]: samba_dlz: cancelling transaction on 
zone bob-dc.com
Feb 22 22:51:44 dc1 named[2498]: samba_dlz: starting transaction on 
zone bob-dc.com

Feb 22 22:51:44 dc1 named[2498]: samba_dlz: spnego update failed

Feb 22 22:51:44 dc1 named[2498]: client 192.168.30.1#34189: updating 
zone 'bob-dc.com/NONE': update failed: rejected by secure update 
(REFUSED)
Feb 22 22:51:44 dc1 named[2498]: samba_dlz: cancelling transaction on 
zone bob-dc.com
Feb 22 22:51:44 dc1 named[2498]: samba_dlz: starting transaction on 
zone _msdcs.bob-dc.com

Feb 22 22:51:44 dc1 named[2498]: samba_dlz: spnego update failed

Feb 22 22:51:44 dc1 named[2498]: client 192.168.30.1#41075: updating 
zone '_msdcs.bob-dc.com/NONE': update failed: rejected by secure 
update (REFUSED)
Feb 22 22:51:44 dc1 named[2498]: samba_dlz: cancelling transaction on 
zone _msdcs.bob-dc.com





Forgot to copy the samba list on the latest logs. Also I just saw 
Steve's email. I can say that samba is in the path as I used samba to 
start the samba service. I also double checked that everything is in the 
path. The above logs are the current logs that I am getting after adding 
the -g option as requested by Amitay.

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba























					Reply via email to