Have you created the reverse zone? Samba, for some reason, does not automatically create it. If I run your command, I get:
IPs: ['192.168.0.2'] Calling nsupdate for A domain.lan 192.168.0.2 Outgoing update query: ;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id: 0 ;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0 ;; UPDATE SECTION: domain.lan. 900 IN A 192.168.0.2 and so on ~~~~~ Rowland On 11 June 2013 10:54, NOC <[email protected]> wrote: > Hi All > > I've started again from scratch, following the wikipage at > https://wiki.samba.org/index.**php/Dns-backend_bind#Bind_9.8_**.2F_9.9<https://wiki.samba.org/index.php/Dns-backend_bind#Bind_9.8_.2F_9.9> > > I'm using bind 9.8.5-P1 and samba4 master (from yesterday I guess) > > compiling from scratch: > bind: ./configure --with-gssapi=/usr/include/**gssapi --with-dlopen=yes > > And the given named.conf in /etc/bind/ (as this is where I want the config > to reside) > > I've include the local zones as provided and I modified the named in a few > places: > diff orig-named.conf /etc/bind/named.conf > 6c6 > < directory "/var/named"; > --- > > directory "/etc/bind"; > 8c8 > < forwarders { 8.8.8.8; 8.8.4.4; }; > --- > > forwarders { 172.16.1.12; 172.16.1.18; }; > 16,17c16,18 > < 10.1.1.0/24; > < ...other networks you want to allow to query your DNS...; > --- > > 192.168.6.0/24; > > 127.0.0.0/8; > > #...other networks you want to allow to query your DNS...; > 21,22c22,24 > < 10.1.1.0/24; > < ...other networks you want to allow to do recursive > queries...; > --- > > 192.168.6.0/24; > > 127.0.0.0/8; > > #...other networks you want to allow to do recursive > queries...; > 24a27,28 > > tkey-gssapi-keytab "/usr/local/samba/private/dns.**keytab"; > > > 26a31 > > include "/usr/local/samba/private/**named.conf"; > > > This is just so bind actually works and the files created by provision are > included > > Provision was done using: > samba-tool domain provision > Realm: example > Domain [example]: example.com > Server Role (dc, member, standalone) [dc]: dc > DNS backend (SAMBA_INTERNAL, BIND9_FLATFILE, BIND9_DLZ, NONE) > [SAMBA_INTERNAL]: BIND9_DLZ > Administrator password: > Retype password: > Looking up IPv4 addresses > Looking up IPv6 addresses > No IPv6 address will be assigned > Setting up share.ldb > Setting up secrets.ldb > Setting up the registry > Setting up the privileges database > Setting up idmap db > Setting up SAM db > Setting up sam.ldb partitions and settings > Setting up sam.ldb rootDSE > Pre-loading the Samba 4 and AD schema > Adding DomainDN: DC=example > Adding configuration container > Setting up sam.ldb schema > Setting up sam.ldb configuration data > Setting up display specifiers > Modifying display specifiers > Adding users container > Modifying users container > Adding computers container > Modifying computers container > Setting up sam.ldb data > Setting up well known security principals > Setting up sam.ldb users and groups > Setting up self join > Adding DNS accounts > Creating CN=MicrosoftDNS,CN=System,DC=**example > Creating DomainDnsZones and ForestDnsZones partitions > Populating DomainDnsZones and ForestDnsZones partitions > See /usr/local/samba/private/**named.conf for an example configuration > include file for BIND > and /usr/local/samba/private/**named.txt for further documentation > required for secure DNS updates > Setting up sam.ldb rootDSE marking as synchronized > Fixing provision GUIDs > A Kerberos configuration suitable for Samba 4 has been generated at > /usr/local/samba/private/krb5.**conf > Once the above files are installed, your Samba4 server will be ready to use > Server Role: active directory domain controller > Hostname: sambabind02 > NetBIOS Domain: EXAMPLE.COM > DNS Domain: example > DOMAIN SID: S-1-5-21-294307859-3325552197-**969134079 > > > stopped/started bind using the new config file > > Then I started /usr/local/samba/sbin/samba -D > > Then command: > # /usr/local/samba/sbin/samba_**dnsupdate --verbose --all-names > IPs: ['192.168.6.86'] > > Traceback (most recent call last): > File "/usr/local/samba/sbin/samba_**dnsupdate", line 511, in <module> > get_credentials(lp) > File "/usr/local/samba/sbin/samba_**dnsupdate", line 124, in > get_credentials > raise e > RuntimeError: kinit for SAMBABIND02$@EXAMPLE failed (Cannot contact any > KDC for requested realm) > > It appears that samba_dnsupdate tries to get a ticket from the KDC that it > tries to find using DNS, but the record isn't yet inserted in the bind dns > database. Is it a chicken/egg problem? > > Now either the wiki hasn't been fully tested or it's missing a obvious step > > Any clues? > > /Simon > > > > > -- > To unsubscribe from this list go to the following URL and read the > instructions: > https://lists.samba.org/**mailman/options/samba<https://lists.samba.org/mailman/options/samba> > -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
