Re: [Samba] V4 - New Install - Missing Zone File
On Thu, Feb 23, 2012 at 4:33 PM, Jeremy Davisjdavis4...@gmail.com wrote: I forgot to mention that nsupdate command should also include -g flag to force secure (kerberos) updates. nsupdate command = /path/to/nsupdate -g dlz_bind9 module only allows secure dynamic updates. Amitay. I added the -g to the smb.conf and restarted samba and named but it doesn't seem to do anything. Could this be an issue with kerberos? I am able to authenticate with my Windows machine and via the command line using the tests on the samba4 wiki. Any ideas as to what this could be? What happens when you run samba_dnsupdate --verbose? What's the output from BIND? Amitay. Well, the samba_dnsupdate logs are the same but bind is now showing a little different error. samba-dnsupdate: IPs: ['2002:4b46:c8ad:0:a00:27ff:fe14:5491', 'fe80::a00:27ff:fe14:5491%eth0', 'fe80::a00:27ff:fee5:5840%eth1', '192.168.7.30', '192.168.30.1'] Looking for DNS entry A bob-dc.com 192.168.7.30 as bob-dc.com. Looking for DNS entry A dc1.bob-dc.com 192.168.7.30 as dc1.bob-dc.com. Looking for DNS entry bob-dc.com 2002:4b46:c8ad:0:a00:27ff:fe14:5491 as bob-dc.com. Failed to find matching DNS entry bob-dc.com 2002:4b46:c8ad:0:a00:27ff:fe14:5491 Looking for DNS entry dc1.bob-dc.com 2002:4b46:c8ad:0:a00:27ff:fe14:5491 as dc1.bob-dc.com. Failed to find matching DNS entry dc1.bob-dc.com 2002:4b46:c8ad:0:a00:27ff:fe14:5491 Looking for DNS entry A gc._msdcs.bob-dc.com 192.168.7.30 as gc._msdcs.bob-dc.com. Looking for DNS entry gc._msdcs.bob-dc.com 2002:4b46:c8ad:0:a00:27ff:fe14:5491 as gc._msdcs.bob-dc.com. Failed to find matching DNS entry gc._msdcs.bob-dc.com 2002:4b46:c8ad:0:a00:27ff:fe14:5491 Looking for DNS entry CNAME 48c0fc0c-dcc1-425d-bcb2-a229d40ab48c._msdcs.bob-dc.com dc1.bob-dc.com as 48c0fc0c-dcc1-425d-bcb2-a229d40ab48c._msdcs.bob-dc.com. Looking for DNS entry SRV _kpasswd._tcp.bob-dc.com dc1.bob-dc.com 464 as _kpasswd._tcp.bob-dc.com. Checking 0 100 464 dc1.bob-dc.com. against SRV _kpasswd._tcp.bob-dc.com dc1.bob-dc.com 464 Looking for DNS entry SRV _kpasswd._udp.bob-dc.com dc1.bob-dc.com 464 as _kpasswd._udp.bob-dc.com. Checking 0 100 464 dc1.bob-dc.com. against SRV _kpasswd._udp.bob-dc.com dc1.bob-dc.com 464 Looking for DNS entry SRV _kerberos._tcp.bob-dc.com dc1.bob-dc.com 88 as _kerberos._tcp.bob-dc.com. Checking 0 100 88 dc1.bob-dc.com. against SRV _kerberos._tcp.bob-dc.com dc1.bob-dc.com 88 Looking for DNS entry SRV _kerberos._tcp.dc._msdcs.bob-dc.com dc1.bob-dc.com 88 as _kerberos._tcp.dc._msdcs.bob-dc.com. Checking 0 100 88 dc1.bob-dc.com. against SRV _kerberos._tcp.dc._msdcs.bob-dc.com dc1.bob-dc.com 88 Looking for DNS entry SRV _kerberos._tcp.default-first-site-name._sites.bob-dc.com dc1.bob-dc.com 88 as _kerberos._tcp.default-first-site-name._sites.bob-dc.com. Checking 0 100 88 dc1.bob-dc.com. against SRV _kerberos._tcp.default-first-site-name._sites.bob-dc.com dc1.bob-dc.com 88 Looking for DNS entry SRV _kerberos._tcp.default-first-site-name._sites.dc._msdcs.bob-dc.com dc1.bob-dc.com 88 as _kerberos._tcp.default-first-site-name._sites.dc._msdcs.bob-dc.com. Checking 0 100 88 dc1.bob-dc.com. against SRV _kerberos._tcp.default-first-site-name._sites.dc._msdcs.bob-dc.com dc1.bob-dc.com 88 Looking for DNS entry SRV _kerberos._udp.bob-dc.com dc1.bob-dc.com 88 as _kerberos._udp.bob-dc.com. Checking 0 100 88 dc1.bob-dc.com. against SRV _kerberos._udp.bob-dc.com dc1.bob-dc.com 88 Looking for DNS entry SRV _ldap._tcp.bob-dc.com dc1.bob-dc.com 389 as _ldap._tcp.bob-dc.com. Checking 0 100 389 dc1.bob-dc.com. against SRV _ldap._tcp.bob-dc.com dc1.bob-dc.com 389 Looking for DNS entry SRV _ldap._tcp.dc._msdcs.bob-dc.com dc1.bob-dc.com 389 as _ldap._tcp.dc._msdcs.bob-dc.com. Checking 0 100 389 dc1.bob-dc.com. against SRV _ldap._tcp.dc._msdcs.bob-dc.com dc1.bob-dc.com 389 Looking for DNS entry SRV _ldap._tcp.gc._msdcs.bob-dc.com dc1.bob-dc.com 3268 as _ldap._tcp.gc._msdcs.bob-dc.com. Checking 0 100 3268 dc1.bob-dc.com. against SRV _ldap._tcp.gc._msdcs.bob-dc.com dc1.bob-dc.com 3268 Looking for DNS entry SRV _ldap._tcp.pdc._msdcs.bob-dc.com dc1.bob-dc.com 389 as _ldap._tcp.pdc._msdcs.bob-dc.com. Checking 0 100 389 dc1.bob-dc.com. against SRV _ldap._tcp.pdc._msdcs.bob-dc.com dc1.bob-dc.com 389 Looking for DNS entry SRV _ldap._tcp.default-first-site-name._sites.bob-dc.com dc1.bob-dc.com 389 as _ldap._tcp.default-first-site-name._sites.bob-dc.com. Checking 0 100 389 dc1.bob-dc.com. against SRV _ldap._tcp.default-first-site-name._sites.bob-dc.com dc1.bob-dc.com 389 Looking for DNS entry SRV _ldap._tcp.default-first-site-name._sites.dc._msdcs.bob-dc.com dc1.bob-dc.com 389 as _ldap._tcp.default-first-site-name._sites.dc._msdcs.bob-dc.com. Checking 0 100 389 dc1.bob-dc.com. against SRV _ldap._tcp.default-first-site-name._sites.dc._msdcs.bob-dc.com dc1.bob-dc.com 389 Looking for DNS entry SRV _ldap._tcp.default-first-site-name._sites.gc._msdcs.bob-dc.com dc1.bob-dc.com
Re: [Samba] V4 - New Install - Missing Zone File
Hello All, On 02/23/2012 09:31 AM, Jeremy Davis wrote: On Thu, Feb 23, 2012 at 4:33 PM, Jeremy Davisjdavis4...@gmail.com wrote: I forgot to mention that nsupdate command should also include -g flag to force secure (kerberos) updates. nsupdate command = /path/to/nsupdate -g dlz_bind9 module only allows secure dynamic updates. Amitay. I added the -g to the smb.conf and restarted samba and named but it doesn't seem to do anything. Could this be an issue with kerberos? I am able to authenticate with my Windows machine and via the command line using the tests on the samba4 wiki. Any ideas as to what this could be? What happens when you run samba_dnsupdate --verbose? What's the output from BIND? Amitay. Well, the samba_dnsupdate logs are the same but bind is now showing a little different error. samba-dnsupdate: IPs: ['2002:4b46:c8ad:0:a00:27ff:fe14:5491', 'fe80::a00:27ff:fe14:5491%eth0', 'fe80::a00:27ff:fee5:5840%eth1', '192.168.7.30', '192.168.30.1'] Looking for DNS entry A bob-dc.com 192.168.7.30 as bob-dc.com. Looking for DNS entry A dc1.bob-dc.com 192.168.7.30 as dc1.bob-dc.com. Looking for DNS entry bob-dc.com 2002:4b46:c8ad:0:a00:27ff:fe14:5491 as bob-dc.com. Failed to find matching DNS entry bob-dc.com 2002:4b46:c8ad:0:a00:27ff:fe14:5491 Looking for DNS entry dc1.bob-dc.com 2002:4b46:c8ad:0:a00:27ff:fe14:5491 as dc1.bob-dc.com. Failed to find matching DNS entry dc1.bob-dc.com 2002:4b46:c8ad:0:a00:27ff:fe14:5491 Looking for DNS entry A gc._msdcs.bob-dc.com 192.168.7.30 as gc._msdcs.bob-dc.com. Looking for DNS entry gc._msdcs.bob-dc.com 2002:4b46:c8ad:0:a00:27ff:fe14:5491 as gc._msdcs.bob-dc.com. Failed to find matching DNS entry gc._msdcs.bob-dc.com 2002:4b46:c8ad:0:a00:27ff:fe14:5491 Looking for DNS entry CNAME 48c0fc0c-dcc1-425d-bcb2-a229d40ab48c._msdcs.bob-dc.com dc1.bob-dc.com as 48c0fc0c-dcc1-425d-bcb2-a229d40ab48c._msdcs.bob-dc.com. Looking for DNS entry SRV _kpasswd._tcp.bob-dc.com dc1.bob-dc.com 464 as _kpasswd._tcp.bob-dc.com. Checking 0 100 464 dc1.bob-dc.com. against SRV _kpasswd._tcp.bob-dc.com dc1.bob-dc.com 464 Looking for DNS entry SRV _kpasswd._udp.bob-dc.com dc1.bob-dc.com 464 as _kpasswd._udp.bob-dc.com. Checking 0 100 464 dc1.bob-dc.com. against SRV _kpasswd._udp.bob-dc.com dc1.bob-dc.com 464 Looking for DNS entry SRV _kerberos._tcp.bob-dc.com dc1.bob-dc.com 88 as _kerberos._tcp.bob-dc.com. Checking 0 100 88 dc1.bob-dc.com. against SRV _kerberos._tcp.bob-dc.com dc1.bob-dc.com 88 Looking for DNS entry SRV _kerberos._tcp.dc._msdcs.bob-dc.com dc1.bob-dc.com 88 as _kerberos._tcp.dc._msdcs.bob-dc.com. Checking 0 100 88 dc1.bob-dc.com. against SRV _kerberos._tcp.dc._msdcs.bob-dc.com dc1.bob-dc.com 88 Looking for DNS entry SRV _kerberos._tcp.default-first-site-name._sites.bob-dc.com dc1.bob-dc.com 88 as _kerberos._tcp.default-first-site-name._sites.bob-dc.com. Checking 0 100 88 dc1.bob-dc.com. against SRV _kerberos._tcp.default-first-site-name._sites.bob-dc.com dc1.bob-dc.com 88 Looking for DNS entry SRV _kerberos._tcp.default-first-site-name._sites.dc._msdcs.bob-dc.com dc1.bob-dc.com 88 as _kerberos._tcp.default-first-site-name._sites.dc._msdcs.bob-dc.com. Checking 0 100 88 dc1.bob-dc.com. against SRV _kerberos._tcp.default-first-site-name._sites.dc._msdcs.bob-dc.com dc1.bob-dc.com 88 Looking for DNS entry SRV _kerberos._udp.bob-dc.com dc1.bob-dc.com 88 as _kerberos._udp.bob-dc.com. Checking 0 100 88 dc1.bob-dc.com. against SRV _kerberos._udp.bob-dc.com dc1.bob-dc.com 88 Looking for DNS entry SRV _ldap._tcp.bob-dc.com dc1.bob-dc.com 389 as _ldap._tcp.bob-dc.com. Checking 0 100 389 dc1.bob-dc.com. against SRV _ldap._tcp.bob-dc.com dc1.bob-dc.com 389 Looking for DNS entry SRV _ldap._tcp.dc._msdcs.bob-dc.com dc1.bob-dc.com 389 as _ldap._tcp.dc._msdcs.bob-dc.com. Checking 0 100 389 dc1.bob-dc.com. against SRV _ldap._tcp.dc._msdcs.bob-dc.com dc1.bob-dc.com 389 Looking for DNS entry SRV _ldap._tcp.gc._msdcs.bob-dc.com dc1.bob-dc.com 3268 as _ldap._tcp.gc._msdcs.bob-dc.com. Checking 0 100 3268 dc1.bob-dc.com. against SRV _ldap._tcp.gc._msdcs.bob-dc.com dc1.bob-dc.com 3268 Looking for DNS entry SRV _ldap._tcp.pdc._msdcs.bob-dc.com dc1.bob-dc.com 389 as _ldap._tcp.pdc._msdcs.bob-dc.com. Checking 0 100 389 dc1.bob-dc.com. against SRV _ldap._tcp.pdc._msdcs.bob-dc.com dc1.bob-dc.com 389 Looking for DNS entry SRV _ldap._tcp.default-first-site-name._sites.bob-dc.com dc1.bob-dc.com 389 as _ldap._tcp.default-first-site-name._sites.bob-dc.com. Checking 0 100 389 dc1.bob-dc.com. against SRV _ldap._tcp.default-first-site-name._sites.bob-dc.com dc1.bob-dc.com 389 Looking for DNS entry SRV _ldap._tcp.default-first-site-name._sites.dc._msdcs.bob-dc.com dc1.bob-dc.com 389 as _ldap._tcp.default-first-site-name._sites.dc._msdcs.bob-dc.com. Checking 0 100 389 dc1.bob-dc.com. against SRV _ldap._tcp.default-first-site-name._sites.dc._msdcs.bob-dc.com dc1.bob-dc.com 389 Looking for DNS entry SRV _ldap._tcp.default
Re: [Samba] V4 - New Install - Missing Zone File
Hello Amitay,
On 02/22/2012 02:34 PM, Amitay Isaacs wrote:
Hi Jeremy,
That error message needs to be fixed. :)
Looks like nsupdate command is not in the path. samba_dnsupdate
script uses nsupdate to dynamically update DNS entries.
Try adding nsupdate command = /path/to/nsupdate in smb.conf.
Amitay.
Thank you SO MUCH for getting me this far!! :) That looks like it fixed
that issue but I have now ran into a denied error message for bind.
Below you can find my logs for both samba_dnsupdate and bind. Seems like
the dns.keytab file is not correct or something. I have tried to put
allow-update { 192.168.30.1; } in my options section of my named.conf
with no luck.
samba-dnsupdate:
IPs: ['2002:4b46:c8ad:0:a00:27ff:fe14:5491',
'fe80::a00:27ff:fe14:5491%eth0', 'fe80::a00:27ff:fee5:5840%eth1',
'192.168.7.30', '192.168.30.1']
Looking for DNS entry A bob-dc.com 192.168.7.30 as bob-dc.com.
Looking for DNS entry A dc1.bob-dc.com 192.168.7.30 as dc1.bob-dc.com.
Looking for DNS entry bob-dc.com
2002:4b46:c8ad:0:a00:27ff:fe14:5491 as bob-dc.com.
Failed to find matching DNS entry bob-dc.com
2002:4b46:c8ad:0:a00:27ff:fe14:5491
Looking for DNS entry dc1.bob-dc.com
2002:4b46:c8ad:0:a00:27ff:fe14:5491 as dc1.bob-dc.com.
Failed to find matching DNS entry dc1.bob-dc.com
2002:4b46:c8ad:0:a00:27ff:fe14:5491
Looking for DNS entry A gc._msdcs.bob-dc.com 192.168.7.30 as
gc._msdcs.bob-dc.com.
Looking for DNS entry gc._msdcs.bob-dc.com
2002:4b46:c8ad:0:a00:27ff:fe14:5491 as gc._msdcs.bob-dc.com.
Failed to find matching DNS entry gc._msdcs.bob-dc.com
2002:4b46:c8ad:0:a00:27ff:fe14:5491
Looking for DNS entry CNAME
48c0fc0c-dcc1-425d-bcb2-a229d40ab48c._msdcs.bob-dc.com dc1.bob-dc.com as
48c0fc0c-dcc1-425d-bcb2-a229d40ab48c._msdcs.bob-dc.com.
Looking for DNS entry SRV _kpasswd._tcp.bob-dc.com dc1.bob-dc.com 464 as
_kpasswd._tcp.bob-dc.com.
Checking 0 100 464 dc1.bob-dc.com. against SRV _kpasswd._tcp.bob-dc.com
dc1.bob-dc.com 464
Looking for DNS entry SRV _kpasswd._udp.bob-dc.com dc1.bob-dc.com 464 as
_kpasswd._udp.bob-dc.com.
Checking 0 100 464 dc1.bob-dc.com. against SRV _kpasswd._udp.bob-dc.com
dc1.bob-dc.com 464
Looking for DNS entry SRV _kerberos._tcp.bob-dc.com dc1.bob-dc.com 88 as
_kerberos._tcp.bob-dc.com.
Checking 0 100 88 dc1.bob-dc.com. against SRV _kerberos._tcp.bob-dc.com
dc1.bob-dc.com 88
Looking for DNS entry SRV _kerberos._tcp.dc._msdcs.bob-dc.com
dc1.bob-dc.com 88 as _kerberos._tcp.dc._msdcs.bob-dc.com.
Checking 0 100 88 dc1.bob-dc.com. against SRV
_kerberos._tcp.dc._msdcs.bob-dc.com dc1.bob-dc.com 88
Looking for DNS entry SRV
_kerberos._tcp.default-first-site-name._sites.bob-dc.com dc1.bob-dc.com
88 as _kerberos._tcp.default-first-site-name._sites.bob-dc.com.
Checking 0 100 88 dc1.bob-dc.com. against SRV
_kerberos._tcp.default-first-site-name._sites.bob-dc.com dc1.bob-dc.com 88
Looking for DNS entry SRV
_kerberos._tcp.default-first-site-name._sites.dc._msdcs.bob-dc.com
dc1.bob-dc.com 88 as
_kerberos._tcp.default-first-site-name._sites.dc._msdcs.bob-dc.com.
Checking 0 100 88 dc1.bob-dc.com. against SRV
_kerberos._tcp.default-first-site-name._sites.dc._msdcs.bob-dc.com
dc1.bob-dc.com 88
Looking for DNS entry SRV _kerberos._udp.bob-dc.com dc1.bob-dc.com 88 as
_kerberos._udp.bob-dc.com.
Checking 0 100 88 dc1.bob-dc.com. against SRV _kerberos._udp.bob-dc.com
dc1.bob-dc.com 88
Looking for DNS entry SRV _ldap._tcp.bob-dc.com dc1.bob-dc.com 389 as
_ldap._tcp.bob-dc.com.
Checking 0 100 389 dc1.bob-dc.com. against SRV _ldap._tcp.bob-dc.com
dc1.bob-dc.com 389
Looking for DNS entry SRV _ldap._tcp.dc._msdcs.bob-dc.com dc1.bob-dc.com
389 as _ldap._tcp.dc._msdcs.bob-dc.com.
Checking 0 100 389 dc1.bob-dc.com. against SRV
_ldap._tcp.dc._msdcs.bob-dc.com dc1.bob-dc.com 389
Looking for DNS entry SRV _ldap._tcp.gc._msdcs.bob-dc.com dc1.bob-dc.com
3268 as _ldap._tcp.gc._msdcs.bob-dc.com.
Checking 0 100 3268 dc1.bob-dc.com. against SRV
_ldap._tcp.gc._msdcs.bob-dc.com dc1.bob-dc.com 3268
Looking for DNS entry SRV _ldap._tcp.pdc._msdcs.bob-dc.com
dc1.bob-dc.com 389 as _ldap._tcp.pdc._msdcs.bob-dc.com.
Checking 0 100 389 dc1.bob-dc.com. against SRV
_ldap._tcp.pdc._msdcs.bob-dc.com dc1.bob-dc.com 389
Looking for DNS entry SRV
_ldap._tcp.default-first-site-name._sites.bob-dc.com dc1.bob-dc.com 389
as _ldap._tcp.default-first-site-name._sites.bob-dc.com.
Checking 0 100 389 dc1.bob-dc.com. against SRV
_ldap._tcp.default-first-site-name._sites.bob-dc.com dc1.bob-dc.com 389
Looking for DNS entry SRV
_ldap._tcp.default-first-site-name._sites.dc._msdcs.bob-dc.com
dc1.bob-dc.com 389 as
_ldap._tcp.default-first-site-name._sites.dc._msdcs.bob-dc.com.
Checking 0 100 389 dc1.bob-dc.com. against SRV
_ldap._tcp.default-first-site-name._sites.dc._msdcs.bob-dc.com
dc1.bob-dc.com 389
Looking for DNS entry SRV
_ldap._tcp.default-first-site-name._sites.gc._msdcs.bob-dc.com
dc1.bob-dc.com 3268 as
_ldap._tcp.default-first-site-name._sites.gc._msdcs.bob-dc.com.
Checking 0 100
Re: [Samba] V4 - New Install - Missing Zone File
Hello Amitay,
On 02/22/2012 10:07 PM, Amitay Isaacs wrote:
Hi Jeremy,
On Thu, Feb 23, 2012 at 3:29 PM, Jeremy Davisjdavis4...@gmail.com wrote:
Hello Amitay,
On 02/22/2012 02:34 PM, Amitay Isaacs wrote:
Hi Jeremy,
That error message needs to be fixed. :)
Looks like nsupdate command is not in the path. samba_dnsupdate
script uses nsupdate to dynamically update DNS entries.
Try adding nsupdate command = /path/to/nsupdate in smb.conf.
Amitay.
Thank you SO MUCH for getting me this far!! :) That looks like it fixed that
issue but I have now ran into a denied error message for bind. Below you can
find my logs for both samba_dnsupdate and bind. Seems like the dns.keytab
file is not correct or something. I have tried to put allow-update {
192.168.30.1; } in my options section of my named.conf with no luck.
I forgot to mention that nsupdate command should also include -g flag to force
secure (kerberos) updates.
nsupdate command = /path/to/nsupdate -g
dlz_bind9 module only allows secure dynamic updates.
Amitay.
I added the -g to the smb.conf and restarted samba and named but it
doesn't seem to do anything. Could this be an issue with kerberos? I am
able to authenticate with my Windows machine and via the command line
using the tests on the samba4 wiki. Any ideas as to what this could be?
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
