Hello, I had the same problem during this weekend and I found the solution.
Sat, Jun 01, 2013 at 02:58:04PM -0700, Gary Maurizi napsal(a): > 01-Jun-2013 14:56:05.799 samba_dlz: starting transaction on zone > mtolympus.local > 01-Jun-2013 14:56:05.800 client 10.0.0.106#60674: update > 'mtolympus.local/IN' denied > 01-Jun-2013 14:56:05.800 samba_dlz: cancelling transaction on zone > mtolympus.local This means that non-secure updates are forbidden in the zone. > 01-Jun-2013 14:56:05.894 client 10.0.0.106#57284: TCP request > 01-Jun-2013 14:56:05.894 client 10.0.0.106#57284: using view '_default' > 01-Jun-2013 14:56:05.894 client 10.0.0.106#57284: request is not signed > 01-Jun-2013 14:56:05.894 client 10.0.0.106#57284: recursion available > 01-Jun-2013 14:56:05.894 client 10.0.0.106#57284: query > 01-Jun-2013 14:56:05.894 failed gss_inquire_cred: GSSAPI error: Major = > Unspecified GSS failure. Minor code may provide more information, Minor = > Success. > 01-Jun-2013 14:56:05.940 gss-api source name (accept) is > gm-bed-desktop$@MTOLYMPUS.LOCAL > 01-Jun-2013 14:56:05.940 process_gsstkey(): dns_tsigerror_noerror I don't think it's the major problem (but I had no time to debug it after I solve the problem). It's in log_cred function which doesn't return any value and it's continue well - gss-api source name (accept). I see in tcpdump that bind returns success but windows doesn't continue in TSIG. > Thank you so very much for any help, I am so desperately lost at this > point, I have tried everything. Not everything ;o) You trust the RH too much. As you can see at least steve has no problem with it (on ubuntu, suse). > On Sat, Jun 1, 2013 at 1:13 PM, Gary Maurizi <garymaur...@gmail.com> wrote: > > On Sat, Jun 1, 2013 at 9:46 AM, Michael De Groote < > > i...@sint-pietersschool.be> wrote: > > > >> Nick, > >> > >> doesn't that bug apply to internal dns only? (Gary says he's using > >> BIND9_DLZ) > >> > >> 2013/6/1 Nick Semenkovich <seme...@alum.mit.edu> > >> > >> > Looks like bug https://bugzilla.samba.org/show_bug.cgi?id=9559 which > >> > looks like it'll be fixed in git momentarily. > >> > > >> > On Sat, Jun 1, 2013 at 1:59 AM, Gary Maurizi <garymaur...@gmail.com> > >> > wrote: > >> > > I just can't seem to get dynamic DNS updates working on CentOS 6.4 > >> with > >> > > samba 4.0 .tar.gz from samba.org using BIND9_DLZ. > >> > > > >> > > If I run bind 9.8.2.rc1 in debug mode and go to a domain joined > >> windows > >> > > client and run 'ipconfig /registerdns' this is what I get in my > >> console: > >> > > > >> > > 31-May-2013 23:51:06.520 client 10.0.0.106#54352: new TCP connection > >> > > 31-May-2013 23:51:06.520 client 10.0.0.106#54352: replace > >> > > 31-May-2013 23:51:06.520 clientmgr @0x7fe0575b5010: createclients > >> > > 31-May-2013 23:51:06.520 clientmgr @0x7fe0575b5010: recycle > >> > > 31-May-2013 23:51:06.520 client 10.0.0.106#54352: read > >> > > 31-May-2013 23:51:06.520 client @0x7fe04c159600: accept > >> > > 31-May-2013 23:51:06.529 client 10.0.0.106#54352: TCP request > >> > > 31-May-2013 23:51:06.529 client 10.0.0.106#54352: view internal-view: > >> > using > >> > > view 'internal-view' > >> > > 31-May-2013 23:51:06.529 client 10.0.0.106#54352: view internal-view: > >> > > request is not signed > >> > > 31-May-2013 23:51:06.529 client 10.0.0.106#54352: view internal-view: > >> > > recursion available > >> > > 31-May-2013 23:51:06.529 client 10.0.0.106#54352: view internal-view: > >> > query > >> > > 31-May-2013 23:51:06.529 failed gss_inquire_cred: GSSAPI error: Major > >> = > >> > > Unspecified GSS failure. Minor code may provide more information, > >> Minor > >> > = > >> > > Success. > >> > > 31-May-2013 23:51:06.573 gss-api source name (accept) is > >> > > gm-bed-desktop$@MTOLYMPUS.LOCAL > >> > > 31-May-2013 23:51:06.573 process_gsstkey(): dns_tsigerror_noerror > >> > > 31-May-2013 23:51:06.573 client 10.0.0.106#54352: view internal-view: > >> > send > >> > > 31-May-2013 23:51:06.573 client 10.0.0.106#54352: view internal-view: > >> > sendto > >> > > 31-May-2013 23:51:06.573 client 10.0.0.106#54352: view internal-view: > >> > > senddone > >> > > 31-May-2013 23:51:06.573 client 10.0.0.106#54352: view internal-view: > >> > next > >> > > 31-May-2013 23:51:06.573 client 10.0.0.106#54352: view internal-view: > >> > > endrequest > >> > > 31-May-2013 23:51:06.573 client 10.0.0.106#54352: read > >> > > 31-May-2013 23:51:06.609 client 10.0.0.106#54352: next > >> > > 31-May-2013 23:51:06.609 client 10.0.0.106#54352: request failed: end > >> of > >> > > file > >> > > 31-May-2013 23:51:06.609 client 10.0.0.106#54352: endrequest > >> > > 31-May-2013 23:51:06.609 client 10.0.0.106#54352: closetcp > >> > > ^C31-May-2013 23:51:29.665 shutting down > >> > > 31-May-2013 23:51:29.665 stopping command channel on 127.0.0.1#953 > >> > > 31-May-2013 23:51:29.665 res 0x7fe0575c3010: shutdown > >> > > 31-May-2013 23:51:29.665 res 0x7fe0575c3010: exiting > >> > > > >> > > I have checked file permissions everywhere I can think of, this is my > >> 7th > >> > > time following the official samba.org samba 4 primary domain > >> controller > >> > > tutorial and this has happened every single time. > >> > > > >> > > Everything else seems to be functioning, I can manage everything from > >> a > >> > > windows client with the AD snap-ins and the computer shows up in > >> > 'Computers > >> > > and Users' snap in, it just does NOT have a DNS A record! So the solution is very simple. You need to compile bind without --disable-isc-spnego Just download the bind src.rpm, install it, edit rpmbuild/SPEC/bind.spec and remove the line with --disable-isc-spnego and rebuild the package using rpmbuild -ba. Install newly created packages and restart named. That's all. Can someone write warning about this option (at least on RH like systems) into the wiki? https://wiki.samba.org/index.php/Dns-backend_bind#Compiling_Bind I hope it helps and save time to others (It took 8 hours of my life). Best regards, Luf -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba