Re: [Samba] samba 4 dns-update issue
First of all. If you have a single samba4 server system:
Important did you install:
download.fedora.redhat.com/pub/fedora/epel/5/i386/python-dns-1.7.1-1.el5.noa
rch.rpm
Test all your dns conf:
host -t SRV _ldap._tcp.your.domain.com
EX:
[r...@node1 ~]# host -t SRV _ldap._tcp.tuebingen.tst.loc #--- your doman
here
_ldap._tcp.tuebingen.tst.loc has SRV record 0 100 389
node1.tuebingen.tst.loc.#---must give you
host -t SRV _kerberos._udp.your.domain.com
EX:
[r...@node1 ~]# host -t SRV _kerberos._udp.tuebingen.tst.loc
_kerberos._udp.tuebingen.tst.loc has SRV record 0 100 88
node1.tuebingen.tst.loc.
host -t A nameofteserver.your.domain.com
EX:
[r...@node1 ~]# host -t A node1.tuebingen.tst.loc
node1.tuebingen.tst.loc has address 192.168.134.27
This must work. If not you have a mistake somewhere.
Look at you /usr/local/samba/private/named.conf.update. It should look like
this:
[r...@node1 private]# cat named.conf.update
/* this file is auto-generated - do not edit */
update-policy {
grant TUEBINGEN.TST.LOC ms-self * A ;
grant administra...@tuebingen.tst.loc wildcard * A SRV CNAME
TXT;
grant nod...@tuebingen.tst.loc wildcard * A SRV CNAME;
};
Then at last samba_dnsupdate --verbose must succed with no errors.
If you have 2 samba4 server dc-forest. All of the commands are only running
on the first-master-dc.
Please post the answer of above commands here, and your named.conf, your
/etc/sysconfig/named, your samba4-zone-file (in ../private/dns)
---
EDV Daniel Müller
Leitung EDV
Tropenklinik Paul-Lechler-Krankenhaus
Paul-Lechler-Str. 24
72076 Tübingen
Tel.: 07071/206-463, Fax: 07071/206-499
eMail: muel...@tropenklinik.de
Internet: www.tropenklinik.de
---
-Ursprüngliche Nachricht-
Von: Roland de Lepper [mailto:roland.de.lep...@cvis.nl]
Gesendet: Donnerstag, 12. August 2010 21:05
An: muel...@tropenklinik.de
Cc: samba@lists.samba.org
Betreff: Re: AW: AW: AW: AW: [Samba] samba 4 dns-update issue
Yes I do. Centos 5.5
I do have those two lines in my /etc/sytsconfig/named file.
btw. This evening I've installed a new virtual machine and used your howto
for the installation of samba4 and DNS.
Unfortunatly...I have the same problem again:
Aug 12 20:58:34 localhost named[28804]: client 192.168.122.150#54473:
update 'quinox.nl/IN' denied
This is driving me crazy.I even chmod -R 777 /usr/local/samba/private/dns
but also that didn't help.
I have installed bind-9.6.2-5.
regards,
Roland de Lepper
You are running on CentOs?
Mine keytab file (for GSS-TSIG)
[r...@node1 sysconfig]# cat named
# BIND named process options
#
KEYTAB_FILE=/usr/local/samba/private/dns.keytab
export KEYTAB_FILE
# -- Specify named service keytab file (for GSS-TSIG)
Your:
tkey-gssapi-credential DNS/quinox.be;
tkey-domain QUINOX.BE;
---
EDV Daniel Müller
Leitung EDV
Tropenklinik Paul-Lechler-Krankenhaus
Paul-Lechler-Str. 24
72076 Tübingen
Tel.: 07071/206-463, Fax: 07071/206-499
eMail: muel...@tropenklinik.de
Internet: www.tropenklinik.de
---
-Ursprüngliche Nachricht-
Von: Roland de Lepper [mailto:roland.de.lep...@cvis.nl]
Gesendet: Donnerstag, 12. August 2010 11:16
An: muel...@tropenklinik.de
Betreff: Re: AW: AW: AW: [Samba] samba 4 dns-update issue
Is was working with the same denied message in my log, but after the
changes yesterday, it isn't working anymore:
[r...@sambaserver sbin]# ./samba_dnsupdate --verbose
Looking for DNS entry A quinox.be 192.168.122.100 as quinox.be.
Traceback (most recent call last):
File ./samba_dnsupdate, line 275, in ?
if not check_dns_name(d):
File ./samba_dnsupdate, line 160, in check_dns_name
ans = resolver.query(normalised_name, d.type)
File /usr/lib/python2.4/site-packages/dns/resolver.py, line 723, in
query
return get_default_resolver().query(qname, rdtype, rdclass, tcp,
source)
File /usr/lib/python2.4/site-packages/dns/resolver.py, line 604, in
query
timeout = self._compute_timeout(start)
File /usr/lib/python2.4/site-packages/dns/resolver.py, line 537, in
_compute_timeout
raise Timeout
dns.exception.Timeout
Is this working: samba_dnsupdate --verbose ???
---
EDV Daniel Müller
Leitung EDV
Tropenklinik Paul-Lechler-Krankenhaus
Paul-Lechler-Str. 24
72076 Tübingen
Tel.: 07071/206-463, Fax: 07071/206-499
eMail: muel...@tropenklinik.de
Internet: www.tropenklinik.de
---
-Ursprüngliche Nachricht-
Von: Roland de Lepper [mailto:roland.de.lep...@cvis.nl]
Gesendet: Donnerstag, 12. August 2010 10:09
An: muel...@tropenklinik.de
Cc: samba@lists.samba.org
Betreff: Re: AW: AW: [Samba] samba 4 dns-update issue
Yes I did.
here is my /etc/named.conf
[r...@sambaserver
Re: [Samba] samba 4 dns-update issue
First of all, I really appriciate your help. thanks.
First of all. If you have a single samba4 server system:
Important did you install:
download.fedora.redhat.com/pub/fedora/epel/5/i386/python-dns-1.7.1-1.el5.noa
rch.rpm
Yes I did.
[r...@sambadc private]# rpm -qa | grep python-dns
python-dns-1.7.1-1.el5
Test all your dns conf:
host -t SRV _ldap._tcp.your.domain.com
EX:
[r...@node1 ~]# host -t SRV _ldap._tcp.tuebingen.tst.loc #--- your doman
here
_ldap._tcp.tuebingen.tst.loc has SRV record 0 100 389
node1.tuebingen.tst.loc.#---must give you
host -t SRV _kerberos._udp.your.domain.com
EX:
[r...@node1 ~]# host -t SRV _kerberos._udp.tuebingen.tst.loc
_kerberos._udp.tuebingen.tst.loc has SRV record 0 100 88
node1.tuebingen.tst.loc.
host -t A nameofteserver.your.domain.com
EX:
[r...@node1 ~]# host -t A node1.tuebingen.tst.loc
node1.tuebingen.tst.loc has address 192.168.134.27
[r...@sambadc private]# host -t SRV _ldap._tcp.quinox.nl
_ldap._tcp.quinox.nl has SRV record 0 100 389 sambadc.quinox.nl.
[r...@sambadc private]# host -t SRV _kerberos._udp.quinox.nl
_kerberos._udp.quinox.nl has SRV record 0 100 88 sambadc.quinox.nl.
[r...@sambadc private]# host -t A sambadc.quinox.nl
sambadc.quinox.nl has address 192.168.122.200
This must work. If not you have a mistake somewhere.
Look at you /usr/local/samba/private/named.conf.update. It should look
like
this:
[r...@node1 private]# cat named.conf.update
/* this file is auto-generated - do not edit */
update-policy {
grant TUEBINGEN.TST.LOC ms-self * A ;
grant administra...@tuebingen.tst.loc wildcard * A SRV CNAME
TXT;
grant nod...@tuebingen.tst.loc wildcard * A SRV CNAME;
};
Here is mine:
[r...@sambadc private]# cat named.conf.update
/* this file is auto-generated - do not edit */
update-policy {
grant QUINOX.NL ms-self * A ;
grant administra...@quinox.nl wildcard * A SRV CNAME TXT;
grant samba...@quinox.nl wildcard * A SRV CNAME;
};
Then at last samba_dnsupdate --verbose must succed with no errors.
[r...@sambadc private]# samba_dnsupdate --verbose
Looking for DNS entry A quinox.nl 192.168.122.200 as quinox.nl.
Looking for DNS entry A sambadc.quinox.nl 192.168.122.200 as
sambadc.quinox.nl.
Looking for DNS entry CNAME
be631f11-f50c-48e2-bf76-024a8994fcf8._msdcs.quinox.nl sambadc.quinox.nl as
be631f11-f50c-48e2-bf76-024a8994fcf8._msdcs.quinox.nl.
Looking for DNS entry SRV
_kerberos._tcp.Default-First-Site-Name._sites.dc._msdcs.quinox.nl
sambadc.quinox.nl 88 as
_kerberos._tcp.Default-First-Site-Name._sites.dc._msdcs.quinox.nl.
Checking 0 100 88 sambadc.quinox.nl. against SRV
_kerberos._tcp.Default-First-Site-Name._sites.dc._msdcs.quinox.nl
sambadc.quinox.nl 88
Looking for DNS entry SRV
_ldap._tcp.Default-First-Site-Name._sites.dc._msdcs.quinox.nl
sambadc.quinox.nl 389 as
_ldap._tcp.Default-First-Site-Name._sites.dc._msdcs.quinox.nl.
Checking 0 100 389 sambadc.quinox.nl. against SRV
_ldap._tcp.Default-First-Site-Name._sites.dc._msdcs.quinox.nl
sambadc.quinox.nl 389
Looking for DNS entry SRV _kerberos._tcp.dc._msdcs.quinox.nl
sambadc.quinox.nl 88 as _kerberos._tcp.dc._msdcs.quinox.nl.
Checking 0 100 88 sambadc.quinox.nl. against SRV
_kerberos._tcp.dc._msdcs.quinox.nl sambadc.quinox.nl 88
Looking for DNS entry SRV _ldap._tcp.dc._msdcs.quinox.nl sambadc.quinox.nl
389 as _ldap._tcp.dc._msdcs.quinox.nl.
Checking 0 100 389 sambadc.quinox.nl. against SRV
_ldap._tcp.dc._msdcs.quinox.nl sambadc.quinox.nl 389
Looking for DNS entry SRV
_ldap._tcp.32b23a16-212e-446b-ab89-fd0206a1e9fe.domains._msdcs.quinox.nl
sambadc.quinox.nl 389 as
_ldap._tcp.32b23a16-212e-446b-ab89-fd0206a1e9fe.domains._msdcs.quinox.nl.
Checking 0 100 389 sambadc.quinox.nl. against SRV
_ldap._tcp.32b23a16-212e-446b-ab89-fd0206a1e9fe.domains._msdcs.quinox.nl
sambadc.quinox.nl 389
Looking for DNS entry SRV
_ldap._tcp.Default-First-Site-Name._sites.gc._msdcs.quinox.nl
sambadc.quinox.nl 3268 as
_ldap._tcp.Default-First-Site-Name._sites.gc._msdcs.quinox.nl.
Checking 0 100 3268 sambadc.quinox.nl. against SRV
_ldap._tcp.Default-First-Site-Name._sites.gc._msdcs.quinox.nl
sambadc.quinox.nl 3268
Looking for DNS entry SRV _ldap._tcp.gc._msdcs.quinox.nl sambadc.quinox.nl
3268 as _ldap._tcp.gc._msdcs.quinox.nl.
Checking 0 100 3268 sambadc.quinox.nl. against SRV
_ldap._tcp.gc._msdcs.quinox.nl sambadc.quinox.nl 3268
Looking for DNS entry SRV _ldap._tcp.pdc._msdcs.quinox.nl
sambadc.quinox.nl 389 as _ldap._tcp.pdc._msdcs.quinox.nl.
Checking 0 100 389 sambadc.quinox.nl. against SRV
_ldap._tcp.pdc._msdcs.quinox.nl sambadc.quinox.nl 389
Looking for DNS entry SRV
_gc._tcp.Default-First-Site-Name._sites.quinox.nl sambadc.quinox.nl 3268
as _gc._tcp.Default-First-Site-Name._sites.quinox.nl.
Checking 0 100 3268 sambadc.quinox.nl. against SRV
_gc._tcp.Default-First-Site-Name._sites.quinox.nl sambadc.quinox.nl 3268
Looking for DNS entry SRV
_kerberos._tcp.Default-First-Site-Name._sites.quinox.nl sambadc.quinox.nl
Re: [Samba] samba 4 dns-update issue
Did you set a allow query to all your subnets in your named conf??
Here is mine:
options {
listen-on port 53 { 127.0.0.1;192.168.134.27; };---imortant put an
ip
listen-on-v6 port 53 { ::1; };
directory /var/named;
dump-file /var/named/data/cache_dump.db;
statistics-file /var/named/data/named_stats.txt;
memstatistics-file /var/named/data/named_mem_stats.txt;
allow-query { localhost; 192.168.135.0/24; 192.168.134.0/24;
};---all your subnets here
recursion yes;
forwarders { 192.168.134.253; };
logging {
channel default_debug {
file data/named.run;
severity dynamic;
};
};
zone . IN {
type hint;
file named.ca;
};
include /usr/local/samba/private/named.conf;--- this named.conf must be
named:named, and the file at which it is pointing
to:/usr/local/samba/private/named.conf.update
Also the entry dns.keytab file in /etc/sysconfig/named:
[r...@node1 sysconfig]# cat named
# BIND named process options
#
KEYTAB_FILE=/usr/local/samba/private/dns.keytab
export KEYTAB_FILE
# -- Specify named service keytab file (for GSS-TSIG)
Make shure named can read and write to it.
Try in your smb.conf
Interfaces= ip
Ex mine:
[globals]
netbios name= NODE1
workgroup = TUEBINGEN
realm = TUEBINGEN.TST.LOC
server role = domain controller
interfaces= 192.168.134.27
Make a samba_dnsupdate --verbose:
[r...@node1 sysconfig]# samba_dnsupdate --verbose
Looking for DNS entry A tuebingen.tst.loc 192.168.134.27 as
tuebingen.tst.loc.
Looking for DNS entry A node1.tuebingen.tst.loc 192.168.134.27 as
node1.tuebingen.tst.loc.
Looking for DNS entry CNAME
02284f45-de16-4125-a795-3b614f540ef7._msdcs.tuebingen.tst.loc
node1.tuebingen.tst.loc as
02284f45-de16-4125-a795-3b614f540ef7._msdcs.tuebingen.tst.loc.
Looking for DNS entry SRV
_kerberos._tcp.Default-First-Site-Name._sites.dc._msdcs.tuebingen.tst.loc
node1.tuebingen.tst.loc 88 as
_kerberos._tcp.Default-First-Site-Name._sites.dc._msdcs.tuebingen.tst.loc.
Checking 0 100 88 node2.tuebingen.tst.loc. against SRV
_kerberos._tcp.Default-First-Site-Name._sites.dc._msdcs.tuebingen.tst.loc
node1.tuebingen.tst.loc 88
Checking 0 100 88 node1.tuebingen.tst.loc. against SRV
_kerberos._tcp.Default-First-Site-Name._sites.dc._msdcs.tuebingen.tst.loc
node1.tuebingen.tst.loc 88
Looking for DNS entry SRV
_ldap._tcp.Default-First-Site-Name._sites.dc._msdcs.tuebingen.tst.loc
node1.tuebingen.tst.loc 389 as
_ldap._tcp.Default-First-Site-Name._sites.dc._msdcs.tuebingen.tst.loc.
Checking 0 100 389 node1.tuebingen.tst.loc. against SRV
_ldap._tcp.Default-First-Site-Name._sites.dc._msdcs.tuebingen.tst.loc
node1.tuebingen.tst.loc 389
Looking for DNS entry SRV _kerberos._tcp.dc._msdcs.tuebingen.tst.loc
node1.tuebingen.tst.loc 88 as _kerberos._tcp.dc._msdcs.tuebingen.tst.loc.
Checking 0 100 88 node1.tuebingen.tst.loc. against SRV
_kerberos._tcp.dc._msdcs.tuebingen.tst.loc node1.tuebingen.tst.loc 88
Looking for DNS entry SRV _ldap._tcp.dc._msdcs.tuebingen.tst.loc
node1.tuebingen.tst.loc 389 as _ldap._tcp.dc._msdcs.tuebingen.tst.loc.
Checking 0 100 389 node2.tuebingen.tst.loc. against SRV
_ldap._tcp.dc._msdcs.tuebingen.tst.loc node1.tuebingen.tst.loc 389
Checking 0 100 389 node1.tuebingen.tst.loc. against SRV
_ldap._tcp.dc._msdcs.tuebingen.tst.loc node1.tuebingen.tst.loc 389
Looking for DNS entry SRV
_ldap._tcp.3d718df6-359c-4eb4-a0de-5a7aaf5b0d26.domains._msdcs.tuebingen.tst
.loc node1.tuebingen.tst.loc 389 as
_ldap._tcp.3d718df6-359c-4eb4-a0de-5a7aaf5b0d26.domains._msdcs.tuebingen.tst
.loc.
Checking 0 100 389 node1.tuebingen.tst.loc. against SRV
_ldap._tcp.3d718df6-359c-4eb4-a0de-5a7aaf5b0d26.domains._msdcs.tuebingen.tst
.loc node1.tuebingen.tst.loc 389
Looking for DNS entry SRV
_ldap._tcp.Default-First-Site-Name._sites.gc._msdcs.tuebingen.tst.loc
node1.tuebingen.tst.loc 3268 as
_ldap._tcp.Default-First-Site-Name._sites.gc._msdcs.tuebingen.tst.loc.
Checking 0 100 3268 node1.tuebingen.tst.loc. against SRV
_ldap._tcp.Default-First-Site-Name._sites.gc._msdcs.tuebingen.tst.loc
node1.tuebingen.tst.loc 3268
Looking for DNS entry SRV _ldap._tcp.gc._msdcs.tuebingen.tst.loc
node1.tuebingen.tst.loc 3268 as _ldap._tcp.gc._msdcs.tuebingen.tst.loc.
Checking 0 100 3268 node1.tuebingen.tst.loc. against SRV
_ldap._tcp.gc._msdcs.tuebingen.tst.loc node1.tuebingen.tst.loc 3268
Looking for DNS entry SRV _ldap._tcp.pdc._msdcs.tuebingen.tst.loc
node1.tuebingen.tst.loc 389 as _ldap._tcp.pdc._msdcs.tuebingen.tst.loc.
Checking 0 100 389 node1.tuebingen.tst.loc. against SRV
_ldap._tcp.pdc._msdcs.tuebingen.tst.loc node1.tuebingen.tst.loc 389
Looking for DNS entry SRV
_gc._tcp.Default-First-Site-Name._sites.tuebingen.tst.loc
node1.tuebingen.tst.loc 3268 as
_gc._tcp.Default-First-Site-Name._sites.tuebingen.tst.loc.
Checking 0 100 3268 node1.tuebingen.tst.loc. against SRV
_gc._tcp.Default-First-Site-Name._sites.tuebingen.tst.loc
Re: [Samba] samba 4 dns-update issue
Yes I did.
here is my /etc/named.conf
[r...@sambaserver ~]# cat /etc/named.conf
//
// named.conf
//
// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
// server as a caching only nameserver (as a localhost DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//
options {
listen-on port 53 { 127.0.0.1; 192.168.122.100; };
## listen-on-v6 port 53 { ::1; };
directory /var/named;
dump-file /var/named/data/cache_dump.db;
statistics-file /var/named/data/named_stats.txt;
memstatistics-file /var/named/data/named_mem_stats.txt;
allow-query { localhost; 192.168.122.0/24; };
recursion yes;
forwarders { 192.168.122.1; };
tkey-gssapi-credential DNS/quinox.be;
tkey-domain QUINOX.BE;
};
logging {
channel default_debug {
file data/named.run;
severity dynamic;
};
};
zone . IN {
type hint;
file named.ca;
};
include /etc/named.rfc1912.zones;
include /etc/named-samba.conf;
Did you set a allow query to all your subnets in your named conf??
Here is mine:
options {
listen-on port 53 { 127.0.0.1;192.168.134.27; };---imortant put
an
ip
listen-on-v6 port 53 { ::1; };
directory /var/named;
dump-file /var/named/data/cache_dump.db;
statistics-file /var/named/data/named_stats.txt;
memstatistics-file /var/named/data/named_mem_stats.txt;
allow-query { localhost; 192.168.135.0/24; 192.168.134.0/24;
};---all your subnets here
recursion yes;
forwarders { 192.168.134.253; };
logging {
channel default_debug {
file data/named.run;
severity dynamic;
};
};
zone . IN {
type hint;
file named.ca;
};
include /usr/local/samba/private/named.conf;--- this named.conf must be
named:named, and the file at which it is pointing
to:/usr/local/samba/private/named.conf.update
Also the entry dns.keytab file in /etc/sysconfig/named:
[r...@node1 sysconfig]# cat named
# BIND named process options
#
KEYTAB_FILE=/usr/local/samba/private/dns.keytab
export KEYTAB_FILE
# -- Specify named service keytab file (for GSS-TSIG)
Make shure named can read and write to it.
Try in your smb.conf
Interfaces= ip
Ex mine:
[globals]
netbios name= NODE1
workgroup = TUEBINGEN
realm = TUEBINGEN.TST.LOC
server role = domain controller
interfaces= 192.168.134.27
Make a samba_dnsupdate --verbose:
[r...@node1 sysconfig]# samba_dnsupdate --verbose
Looking for DNS entry A tuebingen.tst.loc 192.168.134.27 as
tuebingen.tst.loc.
Looking for DNS entry A node1.tuebingen.tst.loc 192.168.134.27 as
node1.tuebingen.tst.loc.
Looking for DNS entry CNAME
02284f45-de16-4125-a795-3b614f540ef7._msdcs.tuebingen.tst.loc
node1.tuebingen.tst.loc as
02284f45-de16-4125-a795-3b614f540ef7._msdcs.tuebingen.tst.loc.
Looking for DNS entry SRV
_kerberos._tcp.Default-First-Site-Name._sites.dc._msdcs.tuebingen.tst.loc
node1.tuebingen.tst.loc 88 as
_kerberos._tcp.Default-First-Site-Name._sites.dc._msdcs.tuebingen.tst.loc.
Checking 0 100 88 node2.tuebingen.tst.loc. against SRV
_kerberos._tcp.Default-First-Site-Name._sites.dc._msdcs.tuebingen.tst.loc
node1.tuebingen.tst.loc 88
Checking 0 100 88 node1.tuebingen.tst.loc. against SRV
_kerberos._tcp.Default-First-Site-Name._sites.dc._msdcs.tuebingen.tst.loc
node1.tuebingen.tst.loc 88
Looking for DNS entry SRV
_ldap._tcp.Default-First-Site-Name._sites.dc._msdcs.tuebingen.tst.loc
node1.tuebingen.tst.loc 389 as
_ldap._tcp.Default-First-Site-Name._sites.dc._msdcs.tuebingen.tst.loc.
Checking 0 100 389 node1.tuebingen.tst.loc. against SRV
_ldap._tcp.Default-First-Site-Name._sites.dc._msdcs.tuebingen.tst.loc
node1.tuebingen.tst.loc 389
Looking for DNS entry SRV _kerberos._tcp.dc._msdcs.tuebingen.tst.loc
node1.tuebingen.tst.loc 88 as _kerberos._tcp.dc._msdcs.tuebingen.tst.loc.
Checking 0 100 88 node1.tuebingen.tst.loc. against SRV
_kerberos._tcp.dc._msdcs.tuebingen.tst.loc node1.tuebingen.tst.loc 88
Looking for DNS entry SRV _ldap._tcp.dc._msdcs.tuebingen.tst.loc
node1.tuebingen.tst.loc 389 as _ldap._tcp.dc._msdcs.tuebingen.tst.loc.
Checking 0 100 389 node2.tuebingen.tst.loc. against SRV
_ldap._tcp.dc._msdcs.tuebingen.tst.loc node1.tuebingen.tst.loc 389
Checking 0 100 389 node1.tuebingen.tst.loc. against SRV
_ldap._tcp.dc._msdcs.tuebingen.tst.loc node1.tuebingen.tst.loc 389
Looking for DNS entry SRV
_ldap._tcp.3d718df6-359c-4eb4-a0de-5a7aaf5b0d26.domains._msdcs.tuebingen.tst
.loc node1.tuebingen.tst.loc 389 as
_ldap._tcp.3d718df6-359c-4eb4-a0de-5a7aaf5b0d26.domains._msdcs.tuebingen.tst
.loc.
Checking 0 100 389 node1.tuebingen.tst.loc. against SRV
_ldap._tcp.3d718df6-359c-4eb4-a0de-5a7aaf5b0d26.domains._msdcs.tuebingen.tst
.loc
Re: [Samba] samba 4 dns-update issue
Is this working: samba_dnsupdate --verbose ???
---
EDV Daniel Müller
Leitung EDV
Tropenklinik Paul-Lechler-Krankenhaus
Paul-Lechler-Str. 24
72076 Tübingen
Tel.: 07071/206-463, Fax: 07071/206-499
eMail: muel...@tropenklinik.de
Internet: www.tropenklinik.de
---
-Ursprüngliche Nachricht-
Von: Roland de Lepper [mailto:roland.de.lep...@cvis.nl]
Gesendet: Donnerstag, 12. August 2010 10:09
An: muel...@tropenklinik.de
Cc: samba@lists.samba.org
Betreff: Re: AW: AW: [Samba] samba 4 dns-update issue
Yes I did.
here is my /etc/named.conf
[r...@sambaserver ~]# cat /etc/named.conf
//
// named.conf
//
// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
// server as a caching only nameserver (as a localhost DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//
options {
listen-on port 53 { 127.0.0.1; 192.168.122.100; };
## listen-on-v6 port 53 { ::1; };
directory /var/named;
dump-file /var/named/data/cache_dump.db;
statistics-file /var/named/data/named_stats.txt;
memstatistics-file /var/named/data/named_mem_stats.txt;
allow-query { localhost; 192.168.122.0/24; };
recursion yes;
forwarders { 192.168.122.1; };
tkey-gssapi-credential DNS/quinox.be;
tkey-domain QUINOX.BE;
};
logging {
channel default_debug {
file data/named.run;
severity dynamic;
};
};
zone . IN {
type hint;
file named.ca;
};
include /etc/named.rfc1912.zones;
include /etc/named-samba.conf;
Did you set a allow query to all your subnets in your named conf??
Here is mine:
options {
listen-on port 53 { 127.0.0.1;192.168.134.27; };---imortant put
an
ip
listen-on-v6 port 53 { ::1; };
directory /var/named;
dump-file /var/named/data/cache_dump.db;
statistics-file /var/named/data/named_stats.txt;
memstatistics-file /var/named/data/named_mem_stats.txt;
allow-query { localhost; 192.168.135.0/24; 192.168.134.0/24;
};---all your subnets here
recursion yes;
forwarders { 192.168.134.253; };
logging {
channel default_debug {
file data/named.run;
severity dynamic;
};
};
zone . IN {
type hint;
file named.ca;
};
include /usr/local/samba/private/named.conf;--- this named.conf must be
named:named, and the file at which it is pointing
to:/usr/local/samba/private/named.conf.update
Also the entry dns.keytab file in /etc/sysconfig/named:
[r...@node1 sysconfig]# cat named
# BIND named process options
#
KEYTAB_FILE=/usr/local/samba/private/dns.keytab
export KEYTAB_FILE
# -- Specify named service keytab file (for GSS-TSIG)
Make shure named can read and write to it.
Try in your smb.conf
Interfaces= ip
Ex mine:
[globals]
netbios name= NODE1
workgroup = TUEBINGEN
realm = TUEBINGEN.TST.LOC
server role = domain controller
interfaces= 192.168.134.27
Make a samba_dnsupdate --verbose:
[r...@node1 sysconfig]# samba_dnsupdate --verbose
Looking for DNS entry A tuebingen.tst.loc 192.168.134.27 as
tuebingen.tst.loc.
Looking for DNS entry A node1.tuebingen.tst.loc 192.168.134.27 as
node1.tuebingen.tst.loc.
Looking for DNS entry CNAME
02284f45-de16-4125-a795-3b614f540ef7._msdcs.tuebingen.tst.loc
node1.tuebingen.tst.loc as
02284f45-de16-4125-a795-3b614f540ef7._msdcs.tuebingen.tst.loc.
Looking for DNS entry SRV
_kerberos._tcp.Default-First-Site-Name._sites.dc._msdcs.tuebingen.tst.loc
node1.tuebingen.tst.loc 88 as
_kerberos._tcp.Default-First-Site-Name._sites.dc._msdcs.tuebingen.tst.loc.
Checking 0 100 88 node2.tuebingen.tst.loc. against SRV
_kerberos._tcp.Default-First-Site-Name._sites.dc._msdcs.tuebingen.tst.loc
node1.tuebingen.tst.loc 88
Checking 0 100 88 node1.tuebingen.tst.loc. against SRV
_kerberos._tcp.Default-First-Site-Name._sites.dc._msdcs.tuebingen.tst.loc
node1.tuebingen.tst.loc 88
Looking for DNS entry SRV
_ldap._tcp.Default-First-Site-Name._sites.dc._msdcs.tuebingen.tst.loc
node1.tuebingen.tst.loc 389 as
_ldap._tcp.Default-First-Site-Name._sites.dc._msdcs.tuebingen.tst.loc.
Checking 0 100 389 node1.tuebingen.tst.loc. against SRV
_ldap._tcp.Default-First-Site-Name._sites.dc._msdcs.tuebingen.tst.loc
node1.tuebingen.tst.loc 389
Looking for DNS entry SRV _kerberos._tcp.dc._msdcs.tuebingen.tst.loc
node1.tuebingen.tst.loc 88 as _kerberos._tcp.dc._msdcs.tuebingen.tst.loc.
Checking 0 100 88 node1.tuebingen.tst.loc. against SRV
_kerberos._tcp.dc._msdcs.tuebingen.tst.loc node1.tuebingen.tst.loc 88
Looking for DNS entry SRV _ldap._tcp.dc._msdcs.tuebingen.tst.loc
node1.tuebingen.tst.loc 389 as _ldap._tcp.dc._msdcs.tuebingen.tst.loc.
Checking 0 100 389
Re: [Samba] samba 4 dns-update issue
Roland de Lepper wrote:
I've setup samba4 according to the samba4 wiki on centOS 5.4 in KVM.
This went without any problems. I only had to install a higher version
of
bind to 9.6.x because Centos bind in repo will install version 9.3.x.
I've used the Fedora12 source rpms for this to build bind 9.6.x on
Centos
5.4.
Then I configured bind according to the samba wiki
(http://wiki.samba.org/index.php/Samba4/DNS)
I did all the check in the wiki to see if bind is working. All tests
passed.
But in my logs a got the messages The working directory is not
writable.
I changed the owner on /var/named to the group named, which solved that
problem.
Then i installed Win7 virtual in KVM and joined the domain. I can
login,
create users via dsa.msc tool on windows and see them in wbinfo -u on
the
samba4 domain controller. All looks right, except for my ddns. The zone
could not be updated with the new win7 machine. The win7 machine has a
fixed ip-address.
I checked all the howto again and again, but couldn't find a thing
which
could cause this. The error I see in my log is:
Aug 11 09:34:46 sambaserver named[2281]: client 192.168.122.150#60058:
query 'roland.quinox.be/SOA/IN' denied
Is this a permission problem? I check and the group 'named' has write
access to my zone file. (the user 'named' is member of the group
'named')
This is the only issue I have with my samba4 installation and I really
want to solve this issue.
If you need more information or configurations, i can post them.
Kind regards,
Roland
I don't know the Samba side of this, but that looks like a permission
problem in the named.conf file. Your main options section (or view, if
you're using views), should contain something like:
allow-query { localnets; };
allow-query-cache { localnets; };
to tell bind that, yes, it is actually allowed to answer queries on your
local network. Other subnets and IP ranges can be added alongside, or
instead of, localnets if necessary.
Moray.
To err is human. To purr, feline
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] samba 4 dns-update issue
Yes I do. Centos 5.5
I do have those two lines in my /etc/sytsconfig/named file.
btw. This evening I've installed a new virtual machine and used your howto
for the installation of samba4 and DNS.
Unfortunatly...I have the same problem again:
Aug 12 20:58:34 localhost named[28804]: client 192.168.122.150#54473:
update 'quinox.nl/IN' denied
This is driving me crazy.I even chmod -R 777 /usr/local/samba/private/dns
but also that didn't help.
I have installed bind-9.6.2-5.
regards,
Roland de Lepper
You are running on CentOs?
Mine keytab file (for GSS-TSIG)
[r...@node1 sysconfig]# cat named
# BIND named process options
#
KEYTAB_FILE=/usr/local/samba/private/dns.keytab
export KEYTAB_FILE
# -- Specify named service keytab file (for GSS-TSIG)
Your:
tkey-gssapi-credential DNS/quinox.be;
tkey-domain QUINOX.BE;
---
EDV Daniel Müller
Leitung EDV
Tropenklinik Paul-Lechler-Krankenhaus
Paul-Lechler-Str. 24
72076 Tübingen
Tel.: 07071/206-463, Fax: 07071/206-499
eMail: muel...@tropenklinik.de
Internet: www.tropenklinik.de
---
-Ursprüngliche Nachricht-
Von: Roland de Lepper [mailto:roland.de.lep...@cvis.nl]
Gesendet: Donnerstag, 12. August 2010 11:16
An: muel...@tropenklinik.de
Betreff: Re: AW: AW: AW: [Samba] samba 4 dns-update issue
Is was working with the same denied message in my log, but after the
changes yesterday, it isn't working anymore:
[r...@sambaserver sbin]# ./samba_dnsupdate --verbose
Looking for DNS entry A quinox.be 192.168.122.100 as quinox.be.
Traceback (most recent call last):
File ./samba_dnsupdate, line 275, in ?
if not check_dns_name(d):
File ./samba_dnsupdate, line 160, in check_dns_name
ans = resolver.query(normalised_name, d.type)
File /usr/lib/python2.4/site-packages/dns/resolver.py, line 723, in
query
return get_default_resolver().query(qname, rdtype, rdclass, tcp,
source)
File /usr/lib/python2.4/site-packages/dns/resolver.py, line 604, in
query
timeout = self._compute_timeout(start)
File /usr/lib/python2.4/site-packages/dns/resolver.py, line 537, in
_compute_timeout
raise Timeout
dns.exception.Timeout
Is this working: samba_dnsupdate --verbose ???
---
EDV Daniel Müller
Leitung EDV
Tropenklinik Paul-Lechler-Krankenhaus
Paul-Lechler-Str. 24
72076 Tübingen
Tel.: 07071/206-463, Fax: 07071/206-499
eMail: muel...@tropenklinik.de
Internet: www.tropenklinik.de
---
-Ursprüngliche Nachricht-
Von: Roland de Lepper [mailto:roland.de.lep...@cvis.nl]
Gesendet: Donnerstag, 12. August 2010 10:09
An: muel...@tropenklinik.de
Cc: samba@lists.samba.org
Betreff: Re: AW: AW: [Samba] samba 4 dns-update issue
Yes I did.
here is my /etc/named.conf
[r...@sambaserver ~]# cat /etc/named.conf
//
// named.conf
//
// Provided by Red Hat bind package to configure the ISC BIND named(8)
DNS
// server as a caching only nameserver (as a localhost DNS resolver
only).
//
// See /usr/share/doc/bind*/sample/ for example named configuration
files.
//
options {
listen-on port 53 { 127.0.0.1; 192.168.122.100; };
## listen-on-v6 port 53 { ::1; };
directory /var/named;
dump-file /var/named/data/cache_dump.db;
statistics-file /var/named/data/named_stats.txt;
memstatistics-file /var/named/data/named_mem_stats.txt;
allow-query { localhost; 192.168.122.0/24; };
recursion yes;
forwarders { 192.168.122.1; };
tkey-gssapi-credential DNS/quinox.be;
tkey-domain QUINOX.BE;
};
logging {
channel default_debug {
file data/named.run;
severity dynamic;
};
};
zone . IN {
type hint;
file named.ca;
};
include /etc/named.rfc1912.zones;
include /etc/named-samba.conf;
Did you set a allow query to all your subnets in your named conf??
Here is mine:
options {
listen-on port 53 { 127.0.0.1;192.168.134.27; };---imortant
put
an
ip
listen-on-v6 port 53 { ::1; };
directory /var/named;
dump-file /var/named/data/cache_dump.db;
statistics-file /var/named/data/named_stats.txt;
memstatistics-file /var/named/data/named_mem_stats.txt;
allow-query { localhost; 192.168.135.0/24;
192.168.134.0/24;
};---all your subnets here
recursion yes;
forwarders { 192.168.134.253; };
logging {
channel default_debug {
file data/named.run;
severity dynamic;
};
};
zone . IN {
type hint;
file named.ca;
};
include /usr/local/samba/private/named.conf;--- this named.conf must
be
named:named, and the file at which it is pointing
to:/usr/local/samba/private/named.conf.update
Also the entry dns.keytab file in
Re: [Samba] samba 4 dns-update issue
I,ve looked at your howto, and it's exactly what I've did too. I also compiled bind after I created the user'named' and added to the group 'named'. I've set the permissions on the files as in your howto, but still no luck. Selinux and the firewall are disabled on the samba-server and the firewall is disabled on the win7 client machine. Kind regards, Roland de Lepper Look at my thread: HOWTO samba4 centos5.5 named dnsupdate drbd simple failover --- EDV Daniel Müller Leitung EDV Tropenklinik Paul-Lechler-Krankenhaus Paul-Lechler-Str. 24 72076 Tübingen Tel.: 07071/206-463, Fax: 07071/206-499 eMail: muel...@tropenklinik.de Internet: www.tropenklinik.de --- -Ursprüngliche Nachricht- Von: samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org] Im Auftrag von Roland de Lepper Gesendet: Mittwoch, 11. August 2010 09:38 An: samba@lists.samba.org Betreff: [Samba] samba 4 dns-update issue Hi all, I've setup samba4 according to the samba4 wiki on centOS 5.4 in KVM. This went without any problems. I only had to install a higher version of bind to 9.6.x because Centos bind in repo will install version 9.3.x. I've used the Fedora12 source rpms for this to build bind 9.6.x on Centos 5.4. Then I configured bind according to the samba wiki (http://wiki.samba.org/index.php/Samba4/DNS) I did all the check in the wiki to see if bind is working. All tests passed. But in my logs a got the messages The working directory is not writable. I changed the owner on /var/named to the group named, which solved that problem. Then i installed Win7 virtual in KVM and joined the domain. I can login, create users via dsa.msc tool on windows and see them in wbinfo -u on the samba4 domain controller. All looks right, except for my ddns. The zone could not be updated with the new win7 machine. The win7 machine has a fixed ip-address. I checked all the howto again and again, but couldn't find a thing which could cause this. The error I see in my log is: Aug 11 09:34:46 sambaserver named[2281]: client 192.168.122.150#60058: query 'roland.quinox.be/SOA/IN' denied Is this a permission problem? I check and the group 'named' has write access to my zone file. (the user 'named' is member of the group 'named') This is the only issue I have with my samba4 installation and I really want to solve this issue. If you need more information or configurations, i can post them. Kind regards, Roland -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
