Yes I do. Centos 5.5 I do have those two lines in my /etc/sytsconfig/named file.
btw. This evening I've installed a new virtual machine and used your howto for the installation of samba4 and DNS. Unfortunatly...I have the same problem again: Aug 12 20:58:34 localhost named[28804]: client 192.168.122.150#54473: update 'quinox.nl/IN' denied This is driving me crazy.I even chmod -R 777 /usr/local/samba/private/dns but also that didn't help. I have installed bind-9.6.2-5. regards, Roland de Lepper > You are running on CentOs? > > Mine keytab file (for GSS-TSIG) > >>> [r...@node1 sysconfig]# cat named >>> # BIND named process options >>> # >>> KEYTAB_FILE="/usr/local/samba/private/dns.keytab" >>> export KEYTAB_FILE >>> # -- Specify named service keytab file (for GSS-TSIG) > > Your: > >> tkey-gssapi-credential "DNS/quinox.be"; >> tkey-domain "QUINOX.BE"; > > ----------------------------------------------- > EDV Daniel Müller > > Leitung EDV > Tropenklinik Paul-Lechler-Krankenhaus > Paul-Lechler-Str. 24 > 72076 Tübingen > > Tel.: 07071/206-463, Fax: 07071/206-499 > eMail: muel...@tropenklinik.de > Internet: www.tropenklinik.de > ----------------------------------------------- > > -----Ursprüngliche Nachricht----- > Von: Roland de Lepper [mailto:roland.de.lep...@cvis.nl] > Gesendet: Donnerstag, 12. August 2010 11:16 > An: muel...@tropenklinik.de > Betreff: Re: AW: AW: AW: [Samba] samba 4 dns-update issue > > Is was working with the same denied message in my log, but after the > changes yesterday, it isn't working anymore: > > [r...@sambaserver sbin]# ./samba_dnsupdate --verbose > Looking for DNS entry A quinox.be 192.168.122.100 as quinox.be. > Traceback (most recent call last): > File "./samba_dnsupdate", line 275, in ? > if not check_dns_name(d): > File "./samba_dnsupdate", line 160, in check_dns_name > ans = resolver.query(normalised_name, d.type) > File "/usr/lib/python2.4/site-packages/dns/resolver.py", line 723, in > query > return get_default_resolver().query(qname, rdtype, rdclass, tcp, > source) > File "/usr/lib/python2.4/site-packages/dns/resolver.py", line 604, in > query > timeout = self._compute_timeout(start) > File "/usr/lib/python2.4/site-packages/dns/resolver.py", line 537, in > _compute_timeout > raise Timeout > dns.exception.Timeout > > > >> Is this working: samba_dnsupdate --verbose ??? >> >> ----------------------------------------------- >> EDV Daniel Müller >> >> Leitung EDV >> Tropenklinik Paul-Lechler-Krankenhaus >> Paul-Lechler-Str. 24 >> 72076 Tübingen >> >> Tel.: 07071/206-463, Fax: 07071/206-499 >> eMail: muel...@tropenklinik.de >> Internet: www.tropenklinik.de >> ----------------------------------------------- >> >> -----Ursprüngliche Nachricht----- >> Von: Roland de Lepper [mailto:roland.de.lep...@cvis.nl] >> Gesendet: Donnerstag, 12. August 2010 10:09 >> An: muel...@tropenklinik.de >> Cc: samba@lists.samba.org >> Betreff: Re: AW: AW: [Samba] samba 4 dns-update issue >> >> Yes I did. >> >> here is my /etc/named.conf >> >> [r...@sambaserver ~]# cat /etc/named.conf >> // >> // named.conf >> // >> // Provided by Red Hat bind package to configure the ISC BIND named(8) >> DNS >> // server as a caching only nameserver (as a localhost DNS resolver >> only). >> // >> // See /usr/share/doc/bind*/sample/ for example named configuration >> files. >> // >> >> options { >> listen-on port 53 { 127.0.0.1; 192.168.122.100; }; >> ## listen-on-v6 port 53 { ::1; }; >> directory "/var/named"; >> dump-file "/var/named/data/cache_dump.db"; >> statistics-file "/var/named/data/named_stats.txt"; >> memstatistics-file "/var/named/data/named_mem_stats.txt"; >> allow-query { localhost; 192.168.122.0/24; }; >> recursion yes; >> forwarders { 192.168.122.1; }; >> tkey-gssapi-credential "DNS/quinox.be"; >> tkey-domain "QUINOX.BE"; >> }; >> >> >> logging { >> channel default_debug { >> file "data/named.run"; >> severity dynamic; >> }; >> }; >> >> zone "." IN { >> type hint; >> file "named.ca"; >> }; >> >> include "/etc/named.rfc1912.zones"; >> include "/etc/named-samba.conf"; >> >> >>> Did you set a allow query to all your subnets in your named conf?? >>> Here is mine: >>> >>> >>> >>> options { >>> listen-on port 53 { 127.0.0.1;192.168.134.27; };<---imortant >>> put >>> an >>> ip >>> listen-on-v6 port 53 { ::1; }; >>> directory "/var/named"; >>> dump-file "/var/named/data/cache_dump.db"; >>> statistics-file "/var/named/data/named_stats.txt"; >>> memstatistics-file "/var/named/data/named_mem_stats.txt"; >>> allow-query { localhost; 192.168.135.0/24; >>> 192.168.134.0/24; >>> };<---all your subnets here >>> recursion yes; >>> forwarders { 192.168.134.253; }; >>> >>> >>> logging { >>> channel default_debug { >>> file "data/named.run"; >>> severity dynamic; >>> }; >>> }; >>> >>> zone "." IN { >>> type hint; >>> file "named.ca"; >>> }; >>> include "/usr/local/samba/private/named.conf";<--- this named.conf must >>> be >>> named:named, and the file at which it is pointing >>> to:/usr/local/samba/private/named.conf.update >>> Also the entry dns.keytab file in /etc/sysconfig/named: >>> >>> >>> [r...@node1 sysconfig]# cat named >>> # BIND named process options >>> # >>> KEYTAB_FILE="/usr/local/samba/private/dns.keytab" >>> export KEYTAB_FILE >>> # -- Specify named service keytab file (for GSS-TSIG) >>> >>> Make shure named can read and write to it. >>> >>> Try in your smb.conf >>> Interfaces= ip >>> Ex mine: >>> >>> [globals] >>> netbios name = NODE1 >>> workgroup = TUEBINGEN >>> realm = TUEBINGEN.TST.LOC >>> server role = domain controller >>> interfaces= 192.168.134.27 >>> >>> Make a samba_dnsupdate --verbose: >>> [r...@node1 sysconfig]# samba_dnsupdate --verbose >>> Looking for DNS entry A tuebingen.tst.loc 192.168.134.27 as >>> tuebingen.tst.loc. >>> Looking for DNS entry A node1.tuebingen.tst.loc 192.168.134.27 as >>> node1.tuebingen.tst.loc. >>> Looking for DNS entry CNAME >>> 02284f45-de16-4125-a795-3b614f540ef7._msdcs.tuebingen.tst.loc >>> node1.tuebingen.tst.loc as >>> 02284f45-de16-4125-a795-3b614f540ef7._msdcs.tuebingen.tst.loc. >>> Looking for DNS entry SRV >>> _kerberos._tcp.Default-First-Site-Name._sites.dc._msdcs.tuebingen.tst.loc >>> node1.tuebingen.tst.loc 88 as >>> > _kerberos._tcp.Default-First-Site-Name._sites.dc._msdcs.tuebingen.tst.loc. >>> Checking 0 100 88 node2.tuebingen.tst.loc. against SRV >>> _kerberos._tcp.Default-First-Site-Name._sites.dc._msdcs.tuebingen.tst.loc >>> node1.tuebingen.tst.loc 88 >>> Checking 0 100 88 node1.tuebingen.tst.loc. against SRV >>> _kerberos._tcp.Default-First-Site-Name._sites.dc._msdcs.tuebingen.tst.loc >>> node1.tuebingen.tst.loc 88 >>> Looking for DNS entry SRV >>> _ldap._tcp.Default-First-Site-Name._sites.dc._msdcs.tuebingen.tst.loc >>> node1.tuebingen.tst.loc 389 as >>> _ldap._tcp.Default-First-Site-Name._sites.dc._msdcs.tuebingen.tst.loc. >>> Checking 0 100 389 node1.tuebingen.tst.loc. against SRV >>> _ldap._tcp.Default-First-Site-Name._sites.dc._msdcs.tuebingen.tst.loc >>> node1.tuebingen.tst.loc 389 >>> Looking for DNS entry SRV _kerberos._tcp.dc._msdcs.tuebingen.tst.loc >>> node1.tuebingen.tst.loc 88 as >>> _kerberos._tcp.dc._msdcs.tuebingen.tst.loc. >>> Checking 0 100 88 node1.tuebingen.tst.loc. against SRV >>> _kerberos._tcp.dc._msdcs.tuebingen.tst.loc node1.tuebingen.tst.loc 88 >>> Looking for DNS entry SRV _ldap._tcp.dc._msdcs.tuebingen.tst.loc >>> node1.tuebingen.tst.loc 389 as _ldap._tcp.dc._msdcs.tuebingen.tst.loc. >>> Checking 0 100 389 node2.tuebingen.tst.loc. against SRV >>> _ldap._tcp.dc._msdcs.tuebingen.tst.loc node1.tuebingen.tst.loc 389 >>> Checking 0 100 389 node1.tuebingen.tst.loc. against SRV >>> _ldap._tcp.dc._msdcs.tuebingen.tst.loc node1.tuebingen.tst.loc 389 >>> Looking for DNS entry SRV >>> >> > _ldap._tcp.3d718df6-359c-4eb4-a0de-5a7aaf5b0d26.domains._msdcs.tuebingen.tst >>> .loc node1.tuebingen.tst.loc 389 as >>> >> > _ldap._tcp.3d718df6-359c-4eb4-a0de-5a7aaf5b0d26.domains._msdcs.tuebingen.tst >>> .loc. >>> Checking 0 100 389 node1.tuebingen.tst.loc. against SRV >>> >> > _ldap._tcp.3d718df6-359c-4eb4-a0de-5a7aaf5b0d26.domains._msdcs.tuebingen.tst >>> .loc node1.tuebingen.tst.loc 389 >>> Looking for DNS entry SRV >>> _ldap._tcp.Default-First-Site-Name._sites.gc._msdcs.tuebingen.tst.loc >>> node1.tuebingen.tst.loc 3268 as >>> _ldap._tcp.Default-First-Site-Name._sites.gc._msdcs.tuebingen.tst.loc. >>> Checking 0 100 3268 node1.tuebingen.tst.loc. against SRV >>> _ldap._tcp.Default-First-Site-Name._sites.gc._msdcs.tuebingen.tst.loc >>> node1.tuebingen.tst.loc 3268 >>> Looking for DNS entry SRV _ldap._tcp.gc._msdcs.tuebingen.tst.loc >>> node1.tuebingen.tst.loc 3268 as _ldap._tcp.gc._msdcs.tuebingen.tst.loc. >>> Checking 0 100 3268 node1.tuebingen.tst.loc. against SRV >>> _ldap._tcp.gc._msdcs.tuebingen.tst.loc node1.tuebingen.tst.loc 3268 >>> Looking for DNS entry SRV _ldap._tcp.pdc._msdcs.tuebingen.tst.loc >>> node1.tuebingen.tst.loc 389 as _ldap._tcp.pdc._msdcs.tuebingen.tst.loc. >>> Checking 0 100 389 node1.tuebingen.tst.loc. against SRV >>> _ldap._tcp.pdc._msdcs.tuebingen.tst.loc node1.tuebingen.tst.loc 389 >>> Looking for DNS entry SRV >>> _gc._tcp.Default-First-Site-Name._sites.tuebingen.tst.loc >>> node1.tuebingen.tst.loc 3268 as >>> _gc._tcp.Default-First-Site-Name._sites.tuebingen.tst.loc. >>> Checking 0 100 3268 node1.tuebingen.tst.loc. against SRV >>> _gc._tcp.Default-First-Site-Name._sites.tuebingen.tst.loc >>> node1.tuebingen.tst.loc 3268 >>> Looking for DNS entry SRV >>> _kerberos._tcp.Default-First-Site-Name._sites.tuebingen.tst.loc >>> node1.tuebingen.tst.loc 88 as >>> _kerberos._tcp.Default-First-Site-Name._sites.tuebingen.tst.loc. >>> Checking 0 100 88 node2.tuebingen.tst.loc. against SRV >>> _kerberos._tcp.Default-First-Site-Name._sites.tuebingen.tst.loc >>> node1.tuebingen.tst.loc 88 >>> Checking 0 100 88 node1.tuebingen.tst.loc. against SRV >>> _kerberos._tcp.Default-First-Site-Name._sites.tuebingen.tst.loc >>> node1.tuebingen.tst.loc 88 >>> Looking for DNS entry SRV >>> _ldap._tcp.Default-First-Site-Name._sites.tuebingen.tst.loc >>> node1.tuebingen.tst.loc 389 as >>> _ldap._tcp.Default-First-Site-Name._sites.tuebingen.tst.loc. >>> Checking 0 100 389 node1.tuebingen.tst.loc. against SRV >>> _ldap._tcp.Default-First-Site-Name._sites.tuebingen.tst.loc >>> node1.tuebingen.tst.loc 389 >>> Looking for DNS entry SRV _gc._tcp.tuebingen.tst.loc >>> node1.tuebingen.tst.loc >>> 3268 as _gc._tcp.tuebingen.tst.loc. >>> Checking 0 100 3268 node1.tuebingen.tst.loc. against SRV >>> _gc._tcp.tuebingen.tst.loc node1.tuebingen.tst.loc 3268 >>> Looking for DNS entry SRV _kerberos._tcp.tuebingen.tst.loc >>> node1.tuebingen.tst.loc 88 as _kerberos._tcp.tuebingen.tst.loc. >>> Checking 0 100 88 node2.tuebingen.tst.loc. against SRV >>> _kerberos._tcp.tuebingen.tst.loc node1.tuebingen.tst.loc 88 >>> Checking 0 100 88 node1.tuebingen.tst.loc. against SRV >>> _kerberos._tcp.tuebingen.tst.loc node1.tuebingen.tst.loc 88 >>> Looking for DNS entry SRV _kpasswd._tcp.tuebingen.tst.loc >>> node1.tuebingen.tst.loc 464 as _kpasswd._tcp.tuebingen.tst.loc. >>> Checking 0 100 464 node1.tuebingen.tst.loc. against SRV >>> _kpasswd._tcp.tuebingen.tst.loc node1.tuebingen.tst.loc 464 >>> Looking for DNS entry SRV _ldap._tcp.tuebingen.tst.loc >>> node1.tuebingen.tst.loc 389 as _ldap._tcp.tuebingen.tst.loc. >>> Checking 0 100 389 node2.tuebingen.tst.loc. against SRV >>> _ldap._tcp.tuebingen.tst.loc node1.tuebingen.tst.loc 389 >>> Checking 0 100 389 node1.tuebingen.tst.loc. against SRV >>> _ldap._tcp.tuebingen.tst.loc node1.tuebingen.tst.loc 389 >>> Looking for DNS entry SRV _kerberos._udp.tuebingen.tst.loc >>> node1.tuebingen.tst.loc 88 as _kerberos._udp.tuebingen.tst.loc. >>> Checking 0 100 88 node2.tuebingen.tst.loc. against SRV >>> _kerberos._udp.tuebingen.tst.loc node1.tuebingen.tst.loc 88 >>> Checking 0 100 88 node1.tuebingen.tst.loc. against SRV >>> _kerberos._udp.tuebingen.tst.loc node1.tuebingen.tst.loc 88 >>> Looking for DNS entry SRV _kpasswd._udp.tuebingen.tst.loc >>> node1.tuebingen.tst.loc 464 as _kpasswd._udp.tuebingen.tst.loc. >>> Checking 0 100 464 node2.tuebingen.tst.loc. against SRV >>> _kpasswd._udp.tuebingen.tst.loc node1.tuebingen.tst.loc 464 >>> Checking 0 100 464 node1.tuebingen.tst.loc. against SRV >>> _kpasswd._udp.tuebingen.tst.loc node1.tuebingen.tst.loc 464 >>> No DNS updates needed >>> >>> ----------------------------------------------- >>> EDV Daniel Müller >>> >>> Leitung EDV >>> Tropenklinik Paul-Lechler-Krankenhaus >>> Paul-Lechler-Str. 24 >>> 72076 Tübingen >>> >>> Tel.: 07071/206-463, Fax: 07071/206-499 >>> eMail: muel...@tropenklinik.de >>> Internet: www.tropenklinik.de >>> ----------------------------------------------- >>> >>> -----Ursprüngliche Nachricht----- >>> Von: Roland de Lepper [mailto:roland.de.lep...@cvis.nl] >>> Gesendet: Mittwoch, 11. August 2010 13:16 >>> An: muel...@tropenklinik.de >>> Cc: samba@lists.samba.org >>> Betreff: Re: AW: [Samba] samba 4 dns-update issue >>> >>> I,ve looked at your howto, and it's exactly what I've did too. I also >>> compiled bind after I created the user'named' and added to the group >>> 'named'. I've set the permissions on the files as in your howto, but >>> still >>> no luck. >>> >>> Selinux and the firewall are disabled on the samba-server and the >>> firewall >>> is disabled on the win7 client machine. >>> >>> Kind regards, >>> >>> Roland de Lepper >>> >>> >>> >>>> Look at my thread: HOWTO samba4 centos5.5 named dnsupdate drbd simple >>>> failover >>>> >>>> ----------------------------------------------- >>>> EDV Daniel Müller >>>> >>>> Leitung EDV >>>> Tropenklinik Paul-Lechler-Krankenhaus >>>> Paul-Lechler-Str. 24 >>>> 72076 Tübingen >>>> >>>> Tel.: 07071/206-463, Fax: 07071/206-499 >>>> eMail: muel...@tropenklinik.de >>>> Internet: www.tropenklinik.de >>>> ----------------------------------------------- >>>> >>>> -----Ursprüngliche Nachricht----- >>>> Von: samba-boun...@lists.samba.org >>>> [mailto:samba-boun...@lists.samba.org] >>>> Im >>>> Auftrag von Roland de Lepper >>>> Gesendet: Mittwoch, 11. August 2010 09:38 >>>> An: samba@lists.samba.org >>>> Betreff: [Samba] samba 4 dns-update issue >>>> >>>> Hi all, >>>> >>>> I've setup samba4 according to the samba4 wiki on centOS 5.4 in KVM. >>>> This went without any problems. I only had to install a higher version >>>> of >>>> bind to 9.6.x because Centos bind in repo will install version 9.3.x. >>>> I've used the Fedora12 source rpms for this to build bind 9.6.x on >>>> Centos >>>> 5.4. >>>> >>>> Then I configured bind according to the samba wiki >>>> (http://wiki.samba.org/index.php/Samba4/DNS) >>>> >>>> I did all the check in the wiki to see if bind is working. All tests >>>> passed. >>>> But in my logs a got the messages "The working directory is not >>>> writable". >>>> I changed the owner on /var/named to the group named, which solved >>>> that >>>> problem. >>>> >>>> Then i installed Win7 virtual in KVM and joined the domain. I can >>>> login, >>>> create users via dsa.msc tool on windows and see them in wbinfo -u on >>>> the >>>> samba4 domain controller. All looks right, except for my ddns. The >>>> zone >>>> could not be updated with the new win7 machine. The win7 machine has a >>>> fixed ip-address. >>>> >>>> I checked all the howto again and again, but couldn't find a thing >>>> which >>>> could cause this. The error I see in my log is: >>>> >>>> Aug 11 09:34:46 sambaserver named[2281]: client 192.168.122.150#60058: >>>> query 'roland.quinox.be/SOA/IN' denied >>>> >>>> Is this a permission problem? I check and the group 'named' has write >>>> access to my zone file. (the user 'named' is member of the group >>>> 'named') >>>> >>>> This is the only issue I have with my samba4 installation and I really >>>> want to solve this issue. >>>> >>>> If you need more information or configurations, i can post them. >>>> >>>> Kind regards, >>>> >>>> Roland >>>> >>>> >>>> >>>> -- >>>> To unsubscribe from this list go to the following URL and read the >>>> instructions: https://lists.samba.org/mailman/options/samba >>>> >>>> >>>> >>> >>> >>> >>> >>> >> >> >> >> >> > > > > > -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba