On 25/02/13 22:44, Scott Whitten wrote:
Hi All,
I'm trying to integrate Samba 4 DHCPD and Bind 9.9 into a complete solution.
I'm using the BIND/Samba 4 DLZ plugin.
DHCP by itself works and hands out IP addresses.
What I would like to have happen is the following:
- PC is joined to the Samba 4 domain (this works)
- PC gets an IP via DHCPD
- DHCP or the PC registers the IP in BIND
Network PC's should resolve cleanly when pinging pc01.office.local
My logs are full of messges aalong the lines of:
Feb 25 14:36:24 knottypine named[22655]: samba_dlz: starting transaction on
zone office.local
Feb 25 14:36:24 knottypine named[22655]: client 192.168.65.101#57781:
update 'office.local/IN' denied
Feb 25 14:36:24 knottypine named[22655]: samba_dlz: cancelling transaction
on zone office.local
Clearly I'm missing something but not sure what exactly.
Thanks for any suggestions you might have.
For reference... here are my various config files:
==
smb.conf
---
# Global parameters
[global]
server role = active directory domain controller
workgroup = OFFICE
interfaces = eth0
bind interfaces only = yes
realm = office.local
netbios name = KNOTTYPINE
passdb backend = samba4
idmap_ldb:use rfc2307 = yes
allow dns updates = True
[netlogon]
path = /usr/local/samba/var/locks/sysvol/office.local/scripts
read only = No
[sysvol]
path = /usr/local/samba/var/locks/sysvol
read only = No
[IPC$]
path = /tmp
read only = No
[Data]
path = /u0/sambashares/data
read only = no
==
ddns-update-style ad-hoc;
allow unknown-clients;
subnet 192.168.65.0 netmask 255.255.255.0 {
# --- default gateway
option routers 192.168.65.1;
option subnet-mask 255.255.255.0;
option domain-name office.local;
option domain-name-servers 192.168.65.2;
option netbios-name-servers 192.168.65.2;
option netbios-node-type 2;
default-lease-time 21600;
max-lease-time 43200;
allow unknown-clients;
range 192.168.65.100 192.168.65.150;
}
==
//
// sample BIND configuration file
//
acl mynet {
192.168.65.0/24;
127.0.0.1;
};
options {
listen-on { 127.0.0.1; 192.168.65.0/24; };
allow-query { 192.168.65.0/24; localhost; };
allow-recursion { 192.168.65.0/24; localhost; };
tkey-gssapi-keytab /usr/local/samba/private/dns.keytab;
forwarders {8.8.8.8;};
};
// Where the localhost hostname is defined
zone localhost IN {
type master;
file /etc/namedb/zone.localhost;
allow-update { none; };
};
// Where the 127.0.0.0 network is defined
zone 0.0.127.in-addr.arpa IN {
type master;
file /etc/namedb/revp.127.0.0;
allow-update { none; };
};
zone 65.168.192.in-addr.arpa {
type master;
file /etc/namedb/192.168.65.0.rev;
allow-query {
mynet;
};
allow-transfer {
mynet;
};
allow-update {
mynet;
};
};
include /usr/local/samba/private/named.conf;
Hi, you appear to be trying to get DHCP to carry out the updates
directly, this does not work, or at least I could not get it to work,
try starting here:
http://blog.michael.kuron-germany.de/2011/02/isc-dhcpd-dynamic-dns-updates-against-secure-microsoft-dns/
This works for me, Ubuntu 12.04, DHCP, Bind 9.9.1 and a version of the
script found on Michael Kurons webpage.
Rowland
--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba