Is this working: samba_dnsupdate --verbose ??? ----------------------------------------------- EDV Daniel Müller
Leitung EDV Tropenklinik Paul-Lechler-Krankenhaus Paul-Lechler-Str. 24 72076 Tübingen Tel.: 07071/206-463, Fax: 07071/206-499 eMail: muel...@tropenklinik.de Internet: www.tropenklinik.de ----------------------------------------------- -----Ursprüngliche Nachricht----- Von: Roland de Lepper [mailto:roland.de.lep...@cvis.nl] Gesendet: Donnerstag, 12. August 2010 10:09 An: muel...@tropenklinik.de Cc: samba@lists.samba.org Betreff: Re: AW: AW: [Samba] samba 4 dns-update issue Yes I did. here is my /etc/named.conf [r...@sambaserver ~]# cat /etc/named.conf // // named.conf // // Provided by Red Hat bind package to configure the ISC BIND named(8) DNS // server as a caching only nameserver (as a localhost DNS resolver only). // // See /usr/share/doc/bind*/sample/ for example named configuration files. // options { listen-on port 53 { 127.0.0.1; 192.168.122.100; }; ## listen-on-v6 port 53 { ::1; }; directory "/var/named"; dump-file "/var/named/data/cache_dump.db"; statistics-file "/var/named/data/named_stats.txt"; memstatistics-file "/var/named/data/named_mem_stats.txt"; allow-query { localhost; 192.168.122.0/24; }; recursion yes; forwarders { 192.168.122.1; }; tkey-gssapi-credential "DNS/quinox.be"; tkey-domain "QUINOX.BE"; }; logging { channel default_debug { file "data/named.run"; severity dynamic; }; }; zone "." IN { type hint; file "named.ca"; }; include "/etc/named.rfc1912.zones"; include "/etc/named-samba.conf"; > Did you set a allow query to all your subnets in your named conf?? > Here is mine: > > > > options { > listen-on port 53 { 127.0.0.1;192.168.134.27; };<---imortant put > an > ip > listen-on-v6 port 53 { ::1; }; > directory "/var/named"; > dump-file "/var/named/data/cache_dump.db"; > statistics-file "/var/named/data/named_stats.txt"; > memstatistics-file "/var/named/data/named_mem_stats.txt"; > allow-query { localhost; 192.168.135.0/24; 192.168.134.0/24; > };<---all your subnets here > recursion yes; > forwarders { 192.168.134.253; }; > > > logging { > channel default_debug { > file "data/named.run"; > severity dynamic; > }; > }; > > zone "." IN { > type hint; > file "named.ca"; > }; > include "/usr/local/samba/private/named.conf";<--- this named.conf must be > named:named, and the file at which it is pointing > to:/usr/local/samba/private/named.conf.update > Also the entry dns.keytab file in /etc/sysconfig/named: > > > [r...@node1 sysconfig]# cat named > # BIND named process options > # > KEYTAB_FILE="/usr/local/samba/private/dns.keytab" > export KEYTAB_FILE > # -- Specify named service keytab file (for GSS-TSIG) > > Make shure named can read and write to it. > > Try in your smb.conf > Interfaces= ip > Ex mine: > > [globals] > netbios name = NODE1 > workgroup = TUEBINGEN > realm = TUEBINGEN.TST.LOC > server role = domain controller > interfaces= 192.168.134.27 > > Make a samba_dnsupdate --verbose: > [r...@node1 sysconfig]# samba_dnsupdate --verbose > Looking for DNS entry A tuebingen.tst.loc 192.168.134.27 as > tuebingen.tst.loc. > Looking for DNS entry A node1.tuebingen.tst.loc 192.168.134.27 as > node1.tuebingen.tst.loc. > Looking for DNS entry CNAME > 02284f45-de16-4125-a795-3b614f540ef7._msdcs.tuebingen.tst.loc > node1.tuebingen.tst.loc as > 02284f45-de16-4125-a795-3b614f540ef7._msdcs.tuebingen.tst.loc. > Looking for DNS entry SRV > _kerberos._tcp.Default-First-Site-Name._sites.dc._msdcs.tuebingen.tst.loc > node1.tuebingen.tst.loc 88 as > _kerberos._tcp.Default-First-Site-Name._sites.dc._msdcs.tuebingen.tst.loc. > Checking 0 100 88 node2.tuebingen.tst.loc. against SRV > _kerberos._tcp.Default-First-Site-Name._sites.dc._msdcs.tuebingen.tst.loc > node1.tuebingen.tst.loc 88 > Checking 0 100 88 node1.tuebingen.tst.loc. against SRV > _kerberos._tcp.Default-First-Site-Name._sites.dc._msdcs.tuebingen.tst.loc > node1.tuebingen.tst.loc 88 > Looking for DNS entry SRV > _ldap._tcp.Default-First-Site-Name._sites.dc._msdcs.tuebingen.tst.loc > node1.tuebingen.tst.loc 389 as > _ldap._tcp.Default-First-Site-Name._sites.dc._msdcs.tuebingen.tst.loc. > Checking 0 100 389 node1.tuebingen.tst.loc. against SRV > _ldap._tcp.Default-First-Site-Name._sites.dc._msdcs.tuebingen.tst.loc > node1.tuebingen.tst.loc 389 > Looking for DNS entry SRV _kerberos._tcp.dc._msdcs.tuebingen.tst.loc > node1.tuebingen.tst.loc 88 as _kerberos._tcp.dc._msdcs.tuebingen.tst.loc. > Checking 0 100 88 node1.tuebingen.tst.loc. against SRV > _kerberos._tcp.dc._msdcs.tuebingen.tst.loc node1.tuebingen.tst.loc 88 > Looking for DNS entry SRV _ldap._tcp.dc._msdcs.tuebingen.tst.loc > node1.tuebingen.tst.loc 389 as _ldap._tcp.dc._msdcs.tuebingen.tst.loc. > Checking 0 100 389 node2.tuebingen.tst.loc. against SRV > _ldap._tcp.dc._msdcs.tuebingen.tst.loc node1.tuebingen.tst.loc 389 > Checking 0 100 389 node1.tuebingen.tst.loc. against SRV > _ldap._tcp.dc._msdcs.tuebingen.tst.loc node1.tuebingen.tst.loc 389 > Looking for DNS entry SRV > _ldap._tcp.3d718df6-359c-4eb4-a0de-5a7aaf5b0d26.domains._msdcs.tuebingen.tst > .loc node1.tuebingen.tst.loc 389 as > _ldap._tcp.3d718df6-359c-4eb4-a0de-5a7aaf5b0d26.domains._msdcs.tuebingen.tst > .loc. > Checking 0 100 389 node1.tuebingen.tst.loc. against SRV > _ldap._tcp.3d718df6-359c-4eb4-a0de-5a7aaf5b0d26.domains._msdcs.tuebingen.tst > .loc node1.tuebingen.tst.loc 389 > Looking for DNS entry SRV > _ldap._tcp.Default-First-Site-Name._sites.gc._msdcs.tuebingen.tst.loc > node1.tuebingen.tst.loc 3268 as > _ldap._tcp.Default-First-Site-Name._sites.gc._msdcs.tuebingen.tst.loc. > Checking 0 100 3268 node1.tuebingen.tst.loc. against SRV > _ldap._tcp.Default-First-Site-Name._sites.gc._msdcs.tuebingen.tst.loc > node1.tuebingen.tst.loc 3268 > Looking for DNS entry SRV _ldap._tcp.gc._msdcs.tuebingen.tst.loc > node1.tuebingen.tst.loc 3268 as _ldap._tcp.gc._msdcs.tuebingen.tst.loc. > Checking 0 100 3268 node1.tuebingen.tst.loc. against SRV > _ldap._tcp.gc._msdcs.tuebingen.tst.loc node1.tuebingen.tst.loc 3268 > Looking for DNS entry SRV _ldap._tcp.pdc._msdcs.tuebingen.tst.loc > node1.tuebingen.tst.loc 389 as _ldap._tcp.pdc._msdcs.tuebingen.tst.loc. > Checking 0 100 389 node1.tuebingen.tst.loc. against SRV > _ldap._tcp.pdc._msdcs.tuebingen.tst.loc node1.tuebingen.tst.loc 389 > Looking for DNS entry SRV > _gc._tcp.Default-First-Site-Name._sites.tuebingen.tst.loc > node1.tuebingen.tst.loc 3268 as > _gc._tcp.Default-First-Site-Name._sites.tuebingen.tst.loc. > Checking 0 100 3268 node1.tuebingen.tst.loc. against SRV > _gc._tcp.Default-First-Site-Name._sites.tuebingen.tst.loc > node1.tuebingen.tst.loc 3268 > Looking for DNS entry SRV > _kerberos._tcp.Default-First-Site-Name._sites.tuebingen.tst.loc > node1.tuebingen.tst.loc 88 as > _kerberos._tcp.Default-First-Site-Name._sites.tuebingen.tst.loc. > Checking 0 100 88 node2.tuebingen.tst.loc. against SRV > _kerberos._tcp.Default-First-Site-Name._sites.tuebingen.tst.loc > node1.tuebingen.tst.loc 88 > Checking 0 100 88 node1.tuebingen.tst.loc. against SRV > _kerberos._tcp.Default-First-Site-Name._sites.tuebingen.tst.loc > node1.tuebingen.tst.loc 88 > Looking for DNS entry SRV > _ldap._tcp.Default-First-Site-Name._sites.tuebingen.tst.loc > node1.tuebingen.tst.loc 389 as > _ldap._tcp.Default-First-Site-Name._sites.tuebingen.tst.loc. > Checking 0 100 389 node1.tuebingen.tst.loc. against SRV > _ldap._tcp.Default-First-Site-Name._sites.tuebingen.tst.loc > node1.tuebingen.tst.loc 389 > Looking for DNS entry SRV _gc._tcp.tuebingen.tst.loc > node1.tuebingen.tst.loc > 3268 as _gc._tcp.tuebingen.tst.loc. > Checking 0 100 3268 node1.tuebingen.tst.loc. against SRV > _gc._tcp.tuebingen.tst.loc node1.tuebingen.tst.loc 3268 > Looking for DNS entry SRV _kerberos._tcp.tuebingen.tst.loc > node1.tuebingen.tst.loc 88 as _kerberos._tcp.tuebingen.tst.loc. > Checking 0 100 88 node2.tuebingen.tst.loc. against SRV > _kerberos._tcp.tuebingen.tst.loc node1.tuebingen.tst.loc 88 > Checking 0 100 88 node1.tuebingen.tst.loc. against SRV > _kerberos._tcp.tuebingen.tst.loc node1.tuebingen.tst.loc 88 > Looking for DNS entry SRV _kpasswd._tcp.tuebingen.tst.loc > node1.tuebingen.tst.loc 464 as _kpasswd._tcp.tuebingen.tst.loc. > Checking 0 100 464 node1.tuebingen.tst.loc. against SRV > _kpasswd._tcp.tuebingen.tst.loc node1.tuebingen.tst.loc 464 > Looking for DNS entry SRV _ldap._tcp.tuebingen.tst.loc > node1.tuebingen.tst.loc 389 as _ldap._tcp.tuebingen.tst.loc. > Checking 0 100 389 node2.tuebingen.tst.loc. against SRV > _ldap._tcp.tuebingen.tst.loc node1.tuebingen.tst.loc 389 > Checking 0 100 389 node1.tuebingen.tst.loc. against SRV > _ldap._tcp.tuebingen.tst.loc node1.tuebingen.tst.loc 389 > Looking for DNS entry SRV _kerberos._udp.tuebingen.tst.loc > node1.tuebingen.tst.loc 88 as _kerberos._udp.tuebingen.tst.loc. > Checking 0 100 88 node2.tuebingen.tst.loc. against SRV > _kerberos._udp.tuebingen.tst.loc node1.tuebingen.tst.loc 88 > Checking 0 100 88 node1.tuebingen.tst.loc. against SRV > _kerberos._udp.tuebingen.tst.loc node1.tuebingen.tst.loc 88 > Looking for DNS entry SRV _kpasswd._udp.tuebingen.tst.loc > node1.tuebingen.tst.loc 464 as _kpasswd._udp.tuebingen.tst.loc. > Checking 0 100 464 node2.tuebingen.tst.loc. against SRV > _kpasswd._udp.tuebingen.tst.loc node1.tuebingen.tst.loc 464 > Checking 0 100 464 node1.tuebingen.tst.loc. against SRV > _kpasswd._udp.tuebingen.tst.loc node1.tuebingen.tst.loc 464 > No DNS updates needed > > ----------------------------------------------- > EDV Daniel Müller > > Leitung EDV > Tropenklinik Paul-Lechler-Krankenhaus > Paul-Lechler-Str. 24 > 72076 Tübingen > > Tel.: 07071/206-463, Fax: 07071/206-499 > eMail: muel...@tropenklinik.de > Internet: www.tropenklinik.de > ----------------------------------------------- > > -----Ursprüngliche Nachricht----- > Von: Roland de Lepper [mailto:roland.de.lep...@cvis.nl] > Gesendet: Mittwoch, 11. August 2010 13:16 > An: muel...@tropenklinik.de > Cc: samba@lists.samba.org > Betreff: Re: AW: [Samba] samba 4 dns-update issue > > I,ve looked at your howto, and it's exactly what I've did too. I also > compiled bind after I created the user'named' and added to the group > 'named'. I've set the permissions on the files as in your howto, but still > no luck. > > Selinux and the firewall are disabled on the samba-server and the firewall > is disabled on the win7 client machine. > > Kind regards, > > Roland de Lepper > > > >> Look at my thread: HOWTO samba4 centos5.5 named dnsupdate drbd simple >> failover >> >> ----------------------------------------------- >> EDV Daniel Müller >> >> Leitung EDV >> Tropenklinik Paul-Lechler-Krankenhaus >> Paul-Lechler-Str. 24 >> 72076 Tübingen >> >> Tel.: 07071/206-463, Fax: 07071/206-499 >> eMail: muel...@tropenklinik.de >> Internet: www.tropenklinik.de >> ----------------------------------------------- >> >> -----Ursprüngliche Nachricht----- >> Von: samba-boun...@lists.samba.org >> [mailto:samba-boun...@lists.samba.org] >> Im >> Auftrag von Roland de Lepper >> Gesendet: Mittwoch, 11. August 2010 09:38 >> An: samba@lists.samba.org >> Betreff: [Samba] samba 4 dns-update issue >> >> Hi all, >> >> I've setup samba4 according to the samba4 wiki on centOS 5.4 in KVM. >> This went without any problems. I only had to install a higher version >> of >> bind to 9.6.x because Centos bind in repo will install version 9.3.x. >> I've used the Fedora12 source rpms for this to build bind 9.6.x on >> Centos >> 5.4. >> >> Then I configured bind according to the samba wiki >> (http://wiki.samba.org/index.php/Samba4/DNS) >> >> I did all the check in the wiki to see if bind is working. All tests >> passed. >> But in my logs a got the messages "The working directory is not >> writable". >> I changed the owner on /var/named to the group named, which solved that >> problem. >> >> Then i installed Win7 virtual in KVM and joined the domain. I can login, >> create users via dsa.msc tool on windows and see them in wbinfo -u on >> the >> samba4 domain controller. All looks right, except for my ddns. The zone >> could not be updated with the new win7 machine. The win7 machine has a >> fixed ip-address. >> >> I checked all the howto again and again, but couldn't find a thing which >> could cause this. The error I see in my log is: >> >> Aug 11 09:34:46 sambaserver named[2281]: client 192.168.122.150#60058: >> query 'roland.quinox.be/SOA/IN' denied >> >> Is this a permission problem? I check and the group 'named' has write >> access to my zone file. (the user 'named' is member of the group >> 'named') >> >> This is the only issue I have with my samba4 installation and I really >> want to solve this issue. >> >> If you need more information or configurations, i can post them. >> >> Kind regards, >> >> Roland >> >> >> >> -- >> To unsubscribe from this list go to the following URL and read the >> instructions: https://lists.samba.org/mailman/options/samba >> >> >> > > > > > -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba