Re: [Samba] V4 - New Install - Missing Zone File
On Thu, Feb 23, 2012 at 4:33 PM, Jeremy Davisjdavis4...@gmail.com wrote: I forgot to mention that nsupdate command should also include -g flag to force secure (kerberos) updates. nsupdate command = /path/to/nsupdate -g dlz_bind9 module only allows secure dynamic updates. Amitay. I added the -g to the smb.conf and restarted samba and named but it doesn't seem to do anything. Could this be an issue with kerberos? I am able to authenticate with my Windows machine and via the command line using the tests on the samba4 wiki. Any ideas as to what this could be? What happens when you run samba_dnsupdate --verbose? What's the output from BIND? Amitay. Well, the samba_dnsupdate logs are the same but bind is now showing a little different error. samba-dnsupdate: IPs: ['2002:4b46:c8ad:0:a00:27ff:fe14:5491', 'fe80::a00:27ff:fe14:5491%eth0', 'fe80::a00:27ff:fee5:5840%eth1', '192.168.7.30', '192.168.30.1'] Looking for DNS entry A bob-dc.com 192.168.7.30 as bob-dc.com. Looking for DNS entry A dc1.bob-dc.com 192.168.7.30 as dc1.bob-dc.com. Looking for DNS entry bob-dc.com 2002:4b46:c8ad:0:a00:27ff:fe14:5491 as bob-dc.com. Failed to find matching DNS entry bob-dc.com 2002:4b46:c8ad:0:a00:27ff:fe14:5491 Looking for DNS entry dc1.bob-dc.com 2002:4b46:c8ad:0:a00:27ff:fe14:5491 as dc1.bob-dc.com. Failed to find matching DNS entry dc1.bob-dc.com 2002:4b46:c8ad:0:a00:27ff:fe14:5491 Looking for DNS entry A gc._msdcs.bob-dc.com 192.168.7.30 as gc._msdcs.bob-dc.com. Looking for DNS entry gc._msdcs.bob-dc.com 2002:4b46:c8ad:0:a00:27ff:fe14:5491 as gc._msdcs.bob-dc.com. Failed to find matching DNS entry gc._msdcs.bob-dc.com 2002:4b46:c8ad:0:a00:27ff:fe14:5491 Looking for DNS entry CNAME 48c0fc0c-dcc1-425d-bcb2-a229d40ab48c._msdcs.bob-dc.com dc1.bob-dc.com as 48c0fc0c-dcc1-425d-bcb2-a229d40ab48c._msdcs.bob-dc.com. Looking for DNS entry SRV _kpasswd._tcp.bob-dc.com dc1.bob-dc.com 464 as _kpasswd._tcp.bob-dc.com. Checking 0 100 464 dc1.bob-dc.com. against SRV _kpasswd._tcp.bob-dc.com dc1.bob-dc.com 464 Looking for DNS entry SRV _kpasswd._udp.bob-dc.com dc1.bob-dc.com 464 as _kpasswd._udp.bob-dc.com. Checking 0 100 464 dc1.bob-dc.com. against SRV _kpasswd._udp.bob-dc.com dc1.bob-dc.com 464 Looking for DNS entry SRV _kerberos._tcp.bob-dc.com dc1.bob-dc.com 88 as _kerberos._tcp.bob-dc.com. Checking 0 100 88 dc1.bob-dc.com. against SRV _kerberos._tcp.bob-dc.com dc1.bob-dc.com 88 Looking for DNS entry SRV _kerberos._tcp.dc._msdcs.bob-dc.com dc1.bob-dc.com 88 as _kerberos._tcp.dc._msdcs.bob-dc.com. Checking 0 100 88 dc1.bob-dc.com. against SRV _kerberos._tcp.dc._msdcs.bob-dc.com dc1.bob-dc.com 88 Looking for DNS entry SRV _kerberos._tcp.default-first-site-name._sites.bob-dc.com dc1.bob-dc.com 88 as _kerberos._tcp.default-first-site-name._sites.bob-dc.com. Checking 0 100 88 dc1.bob-dc.com. against SRV _kerberos._tcp.default-first-site-name._sites.bob-dc.com dc1.bob-dc.com 88 Looking for DNS entry SRV _kerberos._tcp.default-first-site-name._sites.dc._msdcs.bob-dc.com dc1.bob-dc.com 88 as _kerberos._tcp.default-first-site-name._sites.dc._msdcs.bob-dc.com. Checking 0 100 88 dc1.bob-dc.com. against SRV _kerberos._tcp.default-first-site-name._sites.dc._msdcs.bob-dc.com dc1.bob-dc.com 88 Looking for DNS entry SRV _kerberos._udp.bob-dc.com dc1.bob-dc.com 88 as _kerberos._udp.bob-dc.com. Checking 0 100 88 dc1.bob-dc.com. against SRV _kerberos._udp.bob-dc.com dc1.bob-dc.com 88 Looking for DNS entry SRV _ldap._tcp.bob-dc.com dc1.bob-dc.com 389 as _ldap._tcp.bob-dc.com. Checking 0 100 389 dc1.bob-dc.com. against SRV _ldap._tcp.bob-dc.com dc1.bob-dc.com 389 Looking for DNS entry SRV _ldap._tcp.dc._msdcs.bob-dc.com dc1.bob-dc.com 389 as _ldap._tcp.dc._msdcs.bob-dc.com. Checking 0 100 389 dc1.bob-dc.com. against SRV _ldap._tcp.dc._msdcs.bob-dc.com dc1.bob-dc.com 389 Looking for DNS entry SRV _ldap._tcp.gc._msdcs.bob-dc.com dc1.bob-dc.com 3268 as _ldap._tcp.gc._msdcs.bob-dc.com. Checking 0 100 3268 dc1.bob-dc.com. against SRV _ldap._tcp.gc._msdcs.bob-dc.com dc1.bob-dc.com 3268 Looking for DNS entry SRV _ldap._tcp.pdc._msdcs.bob-dc.com dc1.bob-dc.com 389 as _ldap._tcp.pdc._msdcs.bob-dc.com. Checking 0 100 389 dc1.bob-dc.com. against SRV _ldap._tcp.pdc._msdcs.bob-dc.com dc1.bob-dc.com 389 Looking for DNS entry SRV _ldap._tcp.default-first-site-name._sites.bob-dc.com dc1.bob-dc.com 389 as _ldap._tcp.default-first-site-name._sites.bob-dc.com. Checking 0 100 389 dc1.bob-dc.com. against SRV _ldap._tcp.default-first-site-name._sites.bob-dc.com dc1.bob-dc.com 389 Looking for DNS entry SRV _ldap._tcp.default-first-site-name._sites.dc._msdcs.bob-dc.com dc1.bob-dc.com 389 as _ldap._tcp.default-first-site-name._sites.dc._msdcs.bob-dc.com. Checking 0 100 389 dc1.bob-dc.com. against SRV _ldap._tcp.default-first-site-name._sites.dc._msdcs.bob-dc.com dc1.bob-dc.com 389 Looking for DNS entry SRV _ldap._tcp.default-first-site-name._sites.gc._msdcs.bob-dc.com dc1.bob-dc.com
Re: [Samba] V4 - New Install - Missing Zone File
Hello All, On 02/23/2012 09:31 AM, Jeremy Davis wrote: On Thu, Feb 23, 2012 at 4:33 PM, Jeremy Davisjdavis4...@gmail.com wrote: I forgot to mention that nsupdate command should also include -g flag to force secure (kerberos) updates. nsupdate command = /path/to/nsupdate -g dlz_bind9 module only allows secure dynamic updates. Amitay. I added the -g to the smb.conf and restarted samba and named but it doesn't seem to do anything. Could this be an issue with kerberos? I am able to authenticate with my Windows machine and via the command line using the tests on the samba4 wiki. Any ideas as to what this could be? What happens when you run samba_dnsupdate --verbose? What's the output from BIND? Amitay. Well, the samba_dnsupdate logs are the same but bind is now showing a little different error. samba-dnsupdate: IPs: ['2002:4b46:c8ad:0:a00:27ff:fe14:5491', 'fe80::a00:27ff:fe14:5491%eth0', 'fe80::a00:27ff:fee5:5840%eth1', '192.168.7.30', '192.168.30.1'] Looking for DNS entry A bob-dc.com 192.168.7.30 as bob-dc.com. Looking for DNS entry A dc1.bob-dc.com 192.168.7.30 as dc1.bob-dc.com. Looking for DNS entry bob-dc.com 2002:4b46:c8ad:0:a00:27ff:fe14:5491 as bob-dc.com. Failed to find matching DNS entry bob-dc.com 2002:4b46:c8ad:0:a00:27ff:fe14:5491 Looking for DNS entry dc1.bob-dc.com 2002:4b46:c8ad:0:a00:27ff:fe14:5491 as dc1.bob-dc.com. Failed to find matching DNS entry dc1.bob-dc.com 2002:4b46:c8ad:0:a00:27ff:fe14:5491 Looking for DNS entry A gc._msdcs.bob-dc.com 192.168.7.30 as gc._msdcs.bob-dc.com. Looking for DNS entry gc._msdcs.bob-dc.com 2002:4b46:c8ad:0:a00:27ff:fe14:5491 as gc._msdcs.bob-dc.com. Failed to find matching DNS entry gc._msdcs.bob-dc.com 2002:4b46:c8ad:0:a00:27ff:fe14:5491 Looking for DNS entry CNAME 48c0fc0c-dcc1-425d-bcb2-a229d40ab48c._msdcs.bob-dc.com dc1.bob-dc.com as 48c0fc0c-dcc1-425d-bcb2-a229d40ab48c._msdcs.bob-dc.com. Looking for DNS entry SRV _kpasswd._tcp.bob-dc.com dc1.bob-dc.com 464 as _kpasswd._tcp.bob-dc.com. Checking 0 100 464 dc1.bob-dc.com. against SRV _kpasswd._tcp.bob-dc.com dc1.bob-dc.com 464 Looking for DNS entry SRV _kpasswd._udp.bob-dc.com dc1.bob-dc.com 464 as _kpasswd._udp.bob-dc.com. Checking 0 100 464 dc1.bob-dc.com. against SRV _kpasswd._udp.bob-dc.com dc1.bob-dc.com 464 Looking for DNS entry SRV _kerberos._tcp.bob-dc.com dc1.bob-dc.com 88 as _kerberos._tcp.bob-dc.com. Checking 0 100 88 dc1.bob-dc.com. against SRV _kerberos._tcp.bob-dc.com dc1.bob-dc.com 88 Looking for DNS entry SRV _kerberos._tcp.dc._msdcs.bob-dc.com dc1.bob-dc.com 88 as _kerberos._tcp.dc._msdcs.bob-dc.com. Checking 0 100 88 dc1.bob-dc.com. against SRV _kerberos._tcp.dc._msdcs.bob-dc.com dc1.bob-dc.com 88 Looking for DNS entry SRV _kerberos._tcp.default-first-site-name._sites.bob-dc.com dc1.bob-dc.com 88 as _kerberos._tcp.default-first-site-name._sites.bob-dc.com. Checking 0 100 88 dc1.bob-dc.com. against SRV _kerberos._tcp.default-first-site-name._sites.bob-dc.com dc1.bob-dc.com 88 Looking for DNS entry SRV _kerberos._tcp.default-first-site-name._sites.dc._msdcs.bob-dc.com dc1.bob-dc.com 88 as _kerberos._tcp.default-first-site-name._sites.dc._msdcs.bob-dc.com. Checking 0 100 88 dc1.bob-dc.com. against SRV _kerberos._tcp.default-first-site-name._sites.dc._msdcs.bob-dc.com dc1.bob-dc.com 88 Looking for DNS entry SRV _kerberos._udp.bob-dc.com dc1.bob-dc.com 88 as _kerberos._udp.bob-dc.com. Checking 0 100 88 dc1.bob-dc.com. against SRV _kerberos._udp.bob-dc.com dc1.bob-dc.com 88 Looking for DNS entry SRV _ldap._tcp.bob-dc.com dc1.bob-dc.com 389 as _ldap._tcp.bob-dc.com. Checking 0 100 389 dc1.bob-dc.com. against SRV _ldap._tcp.bob-dc.com dc1.bob-dc.com 389 Looking for DNS entry SRV _ldap._tcp.dc._msdcs.bob-dc.com dc1.bob-dc.com 389 as _ldap._tcp.dc._msdcs.bob-dc.com. Checking 0 100 389 dc1.bob-dc.com. against SRV _ldap._tcp.dc._msdcs.bob-dc.com dc1.bob-dc.com 389 Looking for DNS entry SRV _ldap._tcp.gc._msdcs.bob-dc.com dc1.bob-dc.com 3268 as _ldap._tcp.gc._msdcs.bob-dc.com. Checking 0 100 3268 dc1.bob-dc.com. against SRV _ldap._tcp.gc._msdcs.bob-dc.com dc1.bob-dc.com 3268 Looking for DNS entry SRV _ldap._tcp.pdc._msdcs.bob-dc.com dc1.bob-dc.com 389 as _ldap._tcp.pdc._msdcs.bob-dc.com. Checking 0 100 389 dc1.bob-dc.com. against SRV _ldap._tcp.pdc._msdcs.bob-dc.com dc1.bob-dc.com 389 Looking for DNS entry SRV _ldap._tcp.default-first-site-name._sites.bob-dc.com dc1.bob-dc.com 389 as _ldap._tcp.default-first-site-name._sites.bob-dc.com. Checking 0 100 389 dc1.bob-dc.com. against SRV _ldap._tcp.default-first-site-name._sites.bob-dc.com dc1.bob-dc.com 389 Looking for DNS entry SRV _ldap._tcp.default-first-site-name._sites.dc._msdcs.bob-dc.com dc1.bob-dc.com 389 as _ldap._tcp.default-first-site-name._sites.dc._msdcs.bob-dc.com. Checking 0 100 389 dc1.bob-dc.com. against SRV _ldap._tcp.default-first-site-name._sites.dc._msdcs.bob-dc.com dc1.bob-dc.com 389 Looking for DNS entry SRV _ldap._tcp.default
Re: [Samba] V4 - New Install - Missing Zone File
Hello Amitay, On 02/22/2012 02:34 PM, Amitay Isaacs wrote: Hi Jeremy, That error message needs to be fixed. :) Looks like nsupdate command is not in the path. samba_dnsupdate script uses nsupdate to dynamically update DNS entries. Try adding nsupdate command = /path/to/nsupdate in smb.conf. Amitay. Thank you SO MUCH for getting me this far!! :) That looks like it fixed that issue but I have now ran into a denied error message for bind. Below you can find my logs for both samba_dnsupdate and bind. Seems like the dns.keytab file is not correct or something. I have tried to put allow-update { 192.168.30.1; } in my options section of my named.conf with no luck. samba-dnsupdate: IPs: ['2002:4b46:c8ad:0:a00:27ff:fe14:5491', 'fe80::a00:27ff:fe14:5491%eth0', 'fe80::a00:27ff:fee5:5840%eth1', '192.168.7.30', '192.168.30.1'] Looking for DNS entry A bob-dc.com 192.168.7.30 as bob-dc.com. Looking for DNS entry A dc1.bob-dc.com 192.168.7.30 as dc1.bob-dc.com. Looking for DNS entry bob-dc.com 2002:4b46:c8ad:0:a00:27ff:fe14:5491 as bob-dc.com. Failed to find matching DNS entry bob-dc.com 2002:4b46:c8ad:0:a00:27ff:fe14:5491 Looking for DNS entry dc1.bob-dc.com 2002:4b46:c8ad:0:a00:27ff:fe14:5491 as dc1.bob-dc.com. Failed to find matching DNS entry dc1.bob-dc.com 2002:4b46:c8ad:0:a00:27ff:fe14:5491 Looking for DNS entry A gc._msdcs.bob-dc.com 192.168.7.30 as gc._msdcs.bob-dc.com. Looking for DNS entry gc._msdcs.bob-dc.com 2002:4b46:c8ad:0:a00:27ff:fe14:5491 as gc._msdcs.bob-dc.com. Failed to find matching DNS entry gc._msdcs.bob-dc.com 2002:4b46:c8ad:0:a00:27ff:fe14:5491 Looking for DNS entry CNAME 48c0fc0c-dcc1-425d-bcb2-a229d40ab48c._msdcs.bob-dc.com dc1.bob-dc.com as 48c0fc0c-dcc1-425d-bcb2-a229d40ab48c._msdcs.bob-dc.com. Looking for DNS entry SRV _kpasswd._tcp.bob-dc.com dc1.bob-dc.com 464 as _kpasswd._tcp.bob-dc.com. Checking 0 100 464 dc1.bob-dc.com. against SRV _kpasswd._tcp.bob-dc.com dc1.bob-dc.com 464 Looking for DNS entry SRV _kpasswd._udp.bob-dc.com dc1.bob-dc.com 464 as _kpasswd._udp.bob-dc.com. Checking 0 100 464 dc1.bob-dc.com. against SRV _kpasswd._udp.bob-dc.com dc1.bob-dc.com 464 Looking for DNS entry SRV _kerberos._tcp.bob-dc.com dc1.bob-dc.com 88 as _kerberos._tcp.bob-dc.com. Checking 0 100 88 dc1.bob-dc.com. against SRV _kerberos._tcp.bob-dc.com dc1.bob-dc.com 88 Looking for DNS entry SRV _kerberos._tcp.dc._msdcs.bob-dc.com dc1.bob-dc.com 88 as _kerberos._tcp.dc._msdcs.bob-dc.com. Checking 0 100 88 dc1.bob-dc.com. against SRV _kerberos._tcp.dc._msdcs.bob-dc.com dc1.bob-dc.com 88 Looking for DNS entry SRV _kerberos._tcp.default-first-site-name._sites.bob-dc.com dc1.bob-dc.com 88 as _kerberos._tcp.default-first-site-name._sites.bob-dc.com. Checking 0 100 88 dc1.bob-dc.com. against SRV _kerberos._tcp.default-first-site-name._sites.bob-dc.com dc1.bob-dc.com 88 Looking for DNS entry SRV _kerberos._tcp.default-first-site-name._sites.dc._msdcs.bob-dc.com dc1.bob-dc.com 88 as _kerberos._tcp.default-first-site-name._sites.dc._msdcs.bob-dc.com. Checking 0 100 88 dc1.bob-dc.com. against SRV _kerberos._tcp.default-first-site-name._sites.dc._msdcs.bob-dc.com dc1.bob-dc.com 88 Looking for DNS entry SRV _kerberos._udp.bob-dc.com dc1.bob-dc.com 88 as _kerberos._udp.bob-dc.com. Checking 0 100 88 dc1.bob-dc.com. against SRV _kerberos._udp.bob-dc.com dc1.bob-dc.com 88 Looking for DNS entry SRV _ldap._tcp.bob-dc.com dc1.bob-dc.com 389 as _ldap._tcp.bob-dc.com. Checking 0 100 389 dc1.bob-dc.com. against SRV _ldap._tcp.bob-dc.com dc1.bob-dc.com 389 Looking for DNS entry SRV _ldap._tcp.dc._msdcs.bob-dc.com dc1.bob-dc.com 389 as _ldap._tcp.dc._msdcs.bob-dc.com. Checking 0 100 389 dc1.bob-dc.com. against SRV _ldap._tcp.dc._msdcs.bob-dc.com dc1.bob-dc.com 389 Looking for DNS entry SRV _ldap._tcp.gc._msdcs.bob-dc.com dc1.bob-dc.com 3268 as _ldap._tcp.gc._msdcs.bob-dc.com. Checking 0 100 3268 dc1.bob-dc.com. against SRV _ldap._tcp.gc._msdcs.bob-dc.com dc1.bob-dc.com 3268 Looking for DNS entry SRV _ldap._tcp.pdc._msdcs.bob-dc.com dc1.bob-dc.com 389 as _ldap._tcp.pdc._msdcs.bob-dc.com. Checking 0 100 389 dc1.bob-dc.com. against SRV _ldap._tcp.pdc._msdcs.bob-dc.com dc1.bob-dc.com 389 Looking for DNS entry SRV _ldap._tcp.default-first-site-name._sites.bob-dc.com dc1.bob-dc.com 389 as _ldap._tcp.default-first-site-name._sites.bob-dc.com. Checking 0 100 389 dc1.bob-dc.com. against SRV _ldap._tcp.default-first-site-name._sites.bob-dc.com dc1.bob-dc.com 389 Looking for DNS entry SRV _ldap._tcp.default-first-site-name._sites.dc._msdcs.bob-dc.com dc1.bob-dc.com 389 as _ldap._tcp.default-first-site-name._sites.dc._msdcs.bob-dc.com. Checking 0 100 389 dc1.bob-dc.com. against SRV _ldap._tcp.default-first-site-name._sites.dc._msdcs.bob-dc.com dc1.bob-dc.com 389 Looking for DNS entry SRV _ldap._tcp.default-first-site-name._sites.gc._msdcs.bob-dc.com dc1.bob-dc.com 3268 as _ldap._tcp.default-first-site-name._sites.gc._msdcs.bob-dc.com. Checking 0 100
Re: [Samba] V4 - New Install - Missing Zone File
Hello Amitay, On 02/22/2012 10:07 PM, Amitay Isaacs wrote: Hi Jeremy, On Thu, Feb 23, 2012 at 3:29 PM, Jeremy Davisjdavis4...@gmail.com wrote: Hello Amitay, On 02/22/2012 02:34 PM, Amitay Isaacs wrote: Hi Jeremy, That error message needs to be fixed. :) Looks like nsupdate command is not in the path. samba_dnsupdate script uses nsupdate to dynamically update DNS entries. Try adding nsupdate command = /path/to/nsupdate in smb.conf. Amitay. Thank you SO MUCH for getting me this far!! :) That looks like it fixed that issue but I have now ran into a denied error message for bind. Below you can find my logs for both samba_dnsupdate and bind. Seems like the dns.keytab file is not correct or something. I have tried to put allow-update { 192.168.30.1; } in my options section of my named.conf with no luck. I forgot to mention that nsupdate command should also include -g flag to force secure (kerberos) updates. nsupdate command = /path/to/nsupdate -g dlz_bind9 module only allows secure dynamic updates. Amitay. I added the -g to the smb.conf and restarted samba and named but it doesn't seem to do anything. Could this be an issue with kerberos? I am able to authenticate with my Windows machine and via the command line using the tests on the samba4 wiki. Any ideas as to what this could be? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba