> > I expected Samba to behave like MS DNS server and replace the old
> > record with a new one.
>
> Yes, that should work. If it doesn't work for you, you need to tell us
> some more details about your smb.conf and maybe provide a network
> capture of the failing DNS update.
# cat etc/smb.conf
# Global parameters
[global]
workgroup = MK_KLIN
realm = klin.kifato-mk.com
netbios name = DC1
interfaces = 192.168.1.24, 127.0.0.1
bind interfaces only = Yes
server role = active directory domain controller
idmap_ldb:use rfc2307 = yes
debug level = 1
wins server = 192.168.1.31
allow dns updates = secure only
[netlogon]
path = /usr/local/samba/var/locks/sysvol/klin.kifato-mk.com/scripts
read only = No
[sysvol]
path = /usr/local/samba/var/locks/sysvol
read only = No
PCAP-formatted dump is attached. According to the dump, Windows just doesn't
try to send a signed update after receiveng TKEY. However, this host had
succeded at least once today. Rebooted it, now no updates happen, but Samba
started to say:
[2012/11/01 14:32:30, 1]
../source4/dns_server/dns_server.c:150(dns_process_send)
Failed to verify TSIG!
Some background: we already had the same symptoms this week for most of our
Windows hosts (and some Samba 3 based, too). Yesterday we had to delete the
zone (it was somewhat dirty after years on Windows, e.g. MMC DNS said "Server
couldn't load the zone" when you open it on Samba server) and rebuilt it from
scratch. As a side effect those TSIG-related messages had gone and records had
started to update (one time until deletion). Now it looks like nothing had
actually changed.
> Again, we probably need a network capture to see what's
> going on with the DNS MMC failing to update the SOA record.
Attached (PCAP-formatted).
Thanks in advance.
--
Best regards,
Dmitry Khromov
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
