Re: [Samba] samba 4 dns-update issue
First of all. If you have a single samba4 server system: Important did you install: download.fedora.redhat.com/pub/fedora/epel/5/i386/python-dns-1.7.1-1.el5.noa rch.rpm Test all your dns conf: host -t SRV _ldap._tcp.your.domain.com EX: [r...@node1 ~]# host -t SRV _ldap._tcp.tuebingen.tst.loc #--- your doman here _ldap._tcp.tuebingen.tst.loc has SRV record 0 100 389 node1.tuebingen.tst.loc.#---must give you host -t SRV _kerberos._udp.your.domain.com EX: [r...@node1 ~]# host -t SRV _kerberos._udp.tuebingen.tst.loc _kerberos._udp.tuebingen.tst.loc has SRV record 0 100 88 node1.tuebingen.tst.loc. host -t A nameofteserver.your.domain.com EX: [r...@node1 ~]# host -t A node1.tuebingen.tst.loc node1.tuebingen.tst.loc has address 192.168.134.27 This must work. If not you have a mistake somewhere. Look at you /usr/local/samba/private/named.conf.update. It should look like this: [r...@node1 private]# cat named.conf.update /* this file is auto-generated - do not edit */ update-policy { grant TUEBINGEN.TST.LOC ms-self * A ; grant administra...@tuebingen.tst.loc wildcard * A SRV CNAME TXT; grant nod...@tuebingen.tst.loc wildcard * A SRV CNAME; }; Then at last samba_dnsupdate --verbose must succed with no errors. If you have 2 samba4 server dc-forest. All of the commands are only running on the first-master-dc. Please post the answer of above commands here, and your named.conf, your /etc/sysconfig/named, your samba4-zone-file (in ../private/dns) --- EDV Daniel Müller Leitung EDV Tropenklinik Paul-Lechler-Krankenhaus Paul-Lechler-Str. 24 72076 Tübingen Tel.: 07071/206-463, Fax: 07071/206-499 eMail: muel...@tropenklinik.de Internet: www.tropenklinik.de --- -Ursprüngliche Nachricht- Von: Roland de Lepper [mailto:roland.de.lep...@cvis.nl] Gesendet: Donnerstag, 12. August 2010 21:05 An: muel...@tropenklinik.de Cc: samba@lists.samba.org Betreff: Re: AW: AW: AW: AW: [Samba] samba 4 dns-update issue Yes I do. Centos 5.5 I do have those two lines in my /etc/sytsconfig/named file. btw. This evening I've installed a new virtual machine and used your howto for the installation of samba4 and DNS. Unfortunatly...I have the same problem again: Aug 12 20:58:34 localhost named[28804]: client 192.168.122.150#54473: update 'quinox.nl/IN' denied This is driving me crazy.I even chmod -R 777 /usr/local/samba/private/dns but also that didn't help. I have installed bind-9.6.2-5. regards, Roland de Lepper You are running on CentOs? Mine keytab file (for GSS-TSIG) [r...@node1 sysconfig]# cat named # BIND named process options # KEYTAB_FILE=/usr/local/samba/private/dns.keytab export KEYTAB_FILE # -- Specify named service keytab file (for GSS-TSIG) Your: tkey-gssapi-credential DNS/quinox.be; tkey-domain QUINOX.BE; --- EDV Daniel Müller Leitung EDV Tropenklinik Paul-Lechler-Krankenhaus Paul-Lechler-Str. 24 72076 Tübingen Tel.: 07071/206-463, Fax: 07071/206-499 eMail: muel...@tropenklinik.de Internet: www.tropenklinik.de --- -Ursprüngliche Nachricht- Von: Roland de Lepper [mailto:roland.de.lep...@cvis.nl] Gesendet: Donnerstag, 12. August 2010 11:16 An: muel...@tropenklinik.de Betreff: Re: AW: AW: AW: [Samba] samba 4 dns-update issue Is was working with the same denied message in my log, but after the changes yesterday, it isn't working anymore: [r...@sambaserver sbin]# ./samba_dnsupdate --verbose Looking for DNS entry A quinox.be 192.168.122.100 as quinox.be. Traceback (most recent call last): File ./samba_dnsupdate, line 275, in ? if not check_dns_name(d): File ./samba_dnsupdate, line 160, in check_dns_name ans = resolver.query(normalised_name, d.type) File /usr/lib/python2.4/site-packages/dns/resolver.py, line 723, in query return get_default_resolver().query(qname, rdtype, rdclass, tcp, source) File /usr/lib/python2.4/site-packages/dns/resolver.py, line 604, in query timeout = self._compute_timeout(start) File /usr/lib/python2.4/site-packages/dns/resolver.py, line 537, in _compute_timeout raise Timeout dns.exception.Timeout Is this working: samba_dnsupdate --verbose ??? --- EDV Daniel Müller Leitung EDV Tropenklinik Paul-Lechler-Krankenhaus Paul-Lechler-Str. 24 72076 Tübingen Tel.: 07071/206-463, Fax: 07071/206-499 eMail: muel...@tropenklinik.de Internet: www.tropenklinik.de --- -Ursprüngliche Nachricht- Von: Roland de Lepper [mailto:roland.de.lep...@cvis.nl] Gesendet: Donnerstag, 12. August 2010 10:09 An: muel...@tropenklinik.de Cc: samba@lists.samba.org Betreff: Re: AW: AW: [Samba] samba 4 dns-update issue Yes I did. here is my /etc/named.conf [r...@sambaserver
Re: [Samba] samba 4 dns-update issue
First of all, I really appriciate your help. thanks. First of all. If you have a single samba4 server system: Important did you install: download.fedora.redhat.com/pub/fedora/epel/5/i386/python-dns-1.7.1-1.el5.noa rch.rpm Yes I did. [r...@sambadc private]# rpm -qa | grep python-dns python-dns-1.7.1-1.el5 Test all your dns conf: host -t SRV _ldap._tcp.your.domain.com EX: [r...@node1 ~]# host -t SRV _ldap._tcp.tuebingen.tst.loc #--- your doman here _ldap._tcp.tuebingen.tst.loc has SRV record 0 100 389 node1.tuebingen.tst.loc.#---must give you host -t SRV _kerberos._udp.your.domain.com EX: [r...@node1 ~]# host -t SRV _kerberos._udp.tuebingen.tst.loc _kerberos._udp.tuebingen.tst.loc has SRV record 0 100 88 node1.tuebingen.tst.loc. host -t A nameofteserver.your.domain.com EX: [r...@node1 ~]# host -t A node1.tuebingen.tst.loc node1.tuebingen.tst.loc has address 192.168.134.27 [r...@sambadc private]# host -t SRV _ldap._tcp.quinox.nl _ldap._tcp.quinox.nl has SRV record 0 100 389 sambadc.quinox.nl. [r...@sambadc private]# host -t SRV _kerberos._udp.quinox.nl _kerberos._udp.quinox.nl has SRV record 0 100 88 sambadc.quinox.nl. [r...@sambadc private]# host -t A sambadc.quinox.nl sambadc.quinox.nl has address 192.168.122.200 This must work. If not you have a mistake somewhere. Look at you /usr/local/samba/private/named.conf.update. It should look like this: [r...@node1 private]# cat named.conf.update /* this file is auto-generated - do not edit */ update-policy { grant TUEBINGEN.TST.LOC ms-self * A ; grant administra...@tuebingen.tst.loc wildcard * A SRV CNAME TXT; grant nod...@tuebingen.tst.loc wildcard * A SRV CNAME; }; Here is mine: [r...@sambadc private]# cat named.conf.update /* this file is auto-generated - do not edit */ update-policy { grant QUINOX.NL ms-self * A ; grant administra...@quinox.nl wildcard * A SRV CNAME TXT; grant samba...@quinox.nl wildcard * A SRV CNAME; }; Then at last samba_dnsupdate --verbose must succed with no errors. [r...@sambadc private]# samba_dnsupdate --verbose Looking for DNS entry A quinox.nl 192.168.122.200 as quinox.nl. Looking for DNS entry A sambadc.quinox.nl 192.168.122.200 as sambadc.quinox.nl. Looking for DNS entry CNAME be631f11-f50c-48e2-bf76-024a8994fcf8._msdcs.quinox.nl sambadc.quinox.nl as be631f11-f50c-48e2-bf76-024a8994fcf8._msdcs.quinox.nl. Looking for DNS entry SRV _kerberos._tcp.Default-First-Site-Name._sites.dc._msdcs.quinox.nl sambadc.quinox.nl 88 as _kerberos._tcp.Default-First-Site-Name._sites.dc._msdcs.quinox.nl. Checking 0 100 88 sambadc.quinox.nl. against SRV _kerberos._tcp.Default-First-Site-Name._sites.dc._msdcs.quinox.nl sambadc.quinox.nl 88 Looking for DNS entry SRV _ldap._tcp.Default-First-Site-Name._sites.dc._msdcs.quinox.nl sambadc.quinox.nl 389 as _ldap._tcp.Default-First-Site-Name._sites.dc._msdcs.quinox.nl. Checking 0 100 389 sambadc.quinox.nl. against SRV _ldap._tcp.Default-First-Site-Name._sites.dc._msdcs.quinox.nl sambadc.quinox.nl 389 Looking for DNS entry SRV _kerberos._tcp.dc._msdcs.quinox.nl sambadc.quinox.nl 88 as _kerberos._tcp.dc._msdcs.quinox.nl. Checking 0 100 88 sambadc.quinox.nl. against SRV _kerberos._tcp.dc._msdcs.quinox.nl sambadc.quinox.nl 88 Looking for DNS entry SRV _ldap._tcp.dc._msdcs.quinox.nl sambadc.quinox.nl 389 as _ldap._tcp.dc._msdcs.quinox.nl. Checking 0 100 389 sambadc.quinox.nl. against SRV _ldap._tcp.dc._msdcs.quinox.nl sambadc.quinox.nl 389 Looking for DNS entry SRV _ldap._tcp.32b23a16-212e-446b-ab89-fd0206a1e9fe.domains._msdcs.quinox.nl sambadc.quinox.nl 389 as _ldap._tcp.32b23a16-212e-446b-ab89-fd0206a1e9fe.domains._msdcs.quinox.nl. Checking 0 100 389 sambadc.quinox.nl. against SRV _ldap._tcp.32b23a16-212e-446b-ab89-fd0206a1e9fe.domains._msdcs.quinox.nl sambadc.quinox.nl 389 Looking for DNS entry SRV _ldap._tcp.Default-First-Site-Name._sites.gc._msdcs.quinox.nl sambadc.quinox.nl 3268 as _ldap._tcp.Default-First-Site-Name._sites.gc._msdcs.quinox.nl. Checking 0 100 3268 sambadc.quinox.nl. against SRV _ldap._tcp.Default-First-Site-Name._sites.gc._msdcs.quinox.nl sambadc.quinox.nl 3268 Looking for DNS entry SRV _ldap._tcp.gc._msdcs.quinox.nl sambadc.quinox.nl 3268 as _ldap._tcp.gc._msdcs.quinox.nl. Checking 0 100 3268 sambadc.quinox.nl. against SRV _ldap._tcp.gc._msdcs.quinox.nl sambadc.quinox.nl 3268 Looking for DNS entry SRV _ldap._tcp.pdc._msdcs.quinox.nl sambadc.quinox.nl 389 as _ldap._tcp.pdc._msdcs.quinox.nl. Checking 0 100 389 sambadc.quinox.nl. against SRV _ldap._tcp.pdc._msdcs.quinox.nl sambadc.quinox.nl 389 Looking for DNS entry SRV _gc._tcp.Default-First-Site-Name._sites.quinox.nl sambadc.quinox.nl 3268 as _gc._tcp.Default-First-Site-Name._sites.quinox.nl. Checking 0 100 3268 sambadc.quinox.nl. against SRV _gc._tcp.Default-First-Site-Name._sites.quinox.nl sambadc.quinox.nl 3268 Looking for DNS entry SRV _kerberos._tcp.Default-First-Site-Name._sites.quinox.nl sambadc.quinox.nl
Re: [Samba] samba 4 dns-update issue
Did you set a allow query to all your subnets in your named conf?? Here is mine: options { listen-on port 53 { 127.0.0.1;192.168.134.27; };---imortant put an ip listen-on-v6 port 53 { ::1; }; directory /var/named; dump-file /var/named/data/cache_dump.db; statistics-file /var/named/data/named_stats.txt; memstatistics-file /var/named/data/named_mem_stats.txt; allow-query { localhost; 192.168.135.0/24; 192.168.134.0/24; };---all your subnets here recursion yes; forwarders { 192.168.134.253; }; logging { channel default_debug { file data/named.run; severity dynamic; }; }; zone . IN { type hint; file named.ca; }; include /usr/local/samba/private/named.conf;--- this named.conf must be named:named, and the file at which it is pointing to:/usr/local/samba/private/named.conf.update Also the entry dns.keytab file in /etc/sysconfig/named: [r...@node1 sysconfig]# cat named # BIND named process options # KEYTAB_FILE=/usr/local/samba/private/dns.keytab export KEYTAB_FILE # -- Specify named service keytab file (for GSS-TSIG) Make shure named can read and write to it. Try in your smb.conf Interfaces= ip Ex mine: [globals] netbios name= NODE1 workgroup = TUEBINGEN realm = TUEBINGEN.TST.LOC server role = domain controller interfaces= 192.168.134.27 Make a samba_dnsupdate --verbose: [r...@node1 sysconfig]# samba_dnsupdate --verbose Looking for DNS entry A tuebingen.tst.loc 192.168.134.27 as tuebingen.tst.loc. Looking for DNS entry A node1.tuebingen.tst.loc 192.168.134.27 as node1.tuebingen.tst.loc. Looking for DNS entry CNAME 02284f45-de16-4125-a795-3b614f540ef7._msdcs.tuebingen.tst.loc node1.tuebingen.tst.loc as 02284f45-de16-4125-a795-3b614f540ef7._msdcs.tuebingen.tst.loc. Looking for DNS entry SRV _kerberos._tcp.Default-First-Site-Name._sites.dc._msdcs.tuebingen.tst.loc node1.tuebingen.tst.loc 88 as _kerberos._tcp.Default-First-Site-Name._sites.dc._msdcs.tuebingen.tst.loc. Checking 0 100 88 node2.tuebingen.tst.loc. against SRV _kerberos._tcp.Default-First-Site-Name._sites.dc._msdcs.tuebingen.tst.loc node1.tuebingen.tst.loc 88 Checking 0 100 88 node1.tuebingen.tst.loc. against SRV _kerberos._tcp.Default-First-Site-Name._sites.dc._msdcs.tuebingen.tst.loc node1.tuebingen.tst.loc 88 Looking for DNS entry SRV _ldap._tcp.Default-First-Site-Name._sites.dc._msdcs.tuebingen.tst.loc node1.tuebingen.tst.loc 389 as _ldap._tcp.Default-First-Site-Name._sites.dc._msdcs.tuebingen.tst.loc. Checking 0 100 389 node1.tuebingen.tst.loc. against SRV _ldap._tcp.Default-First-Site-Name._sites.dc._msdcs.tuebingen.tst.loc node1.tuebingen.tst.loc 389 Looking for DNS entry SRV _kerberos._tcp.dc._msdcs.tuebingen.tst.loc node1.tuebingen.tst.loc 88 as _kerberos._tcp.dc._msdcs.tuebingen.tst.loc. Checking 0 100 88 node1.tuebingen.tst.loc. against SRV _kerberos._tcp.dc._msdcs.tuebingen.tst.loc node1.tuebingen.tst.loc 88 Looking for DNS entry SRV _ldap._tcp.dc._msdcs.tuebingen.tst.loc node1.tuebingen.tst.loc 389 as _ldap._tcp.dc._msdcs.tuebingen.tst.loc. Checking 0 100 389 node2.tuebingen.tst.loc. against SRV _ldap._tcp.dc._msdcs.tuebingen.tst.loc node1.tuebingen.tst.loc 389 Checking 0 100 389 node1.tuebingen.tst.loc. against SRV _ldap._tcp.dc._msdcs.tuebingen.tst.loc node1.tuebingen.tst.loc 389 Looking for DNS entry SRV _ldap._tcp.3d718df6-359c-4eb4-a0de-5a7aaf5b0d26.domains._msdcs.tuebingen.tst .loc node1.tuebingen.tst.loc 389 as _ldap._tcp.3d718df6-359c-4eb4-a0de-5a7aaf5b0d26.domains._msdcs.tuebingen.tst .loc. Checking 0 100 389 node1.tuebingen.tst.loc. against SRV _ldap._tcp.3d718df6-359c-4eb4-a0de-5a7aaf5b0d26.domains._msdcs.tuebingen.tst .loc node1.tuebingen.tst.loc 389 Looking for DNS entry SRV _ldap._tcp.Default-First-Site-Name._sites.gc._msdcs.tuebingen.tst.loc node1.tuebingen.tst.loc 3268 as _ldap._tcp.Default-First-Site-Name._sites.gc._msdcs.tuebingen.tst.loc. Checking 0 100 3268 node1.tuebingen.tst.loc. against SRV _ldap._tcp.Default-First-Site-Name._sites.gc._msdcs.tuebingen.tst.loc node1.tuebingen.tst.loc 3268 Looking for DNS entry SRV _ldap._tcp.gc._msdcs.tuebingen.tst.loc node1.tuebingen.tst.loc 3268 as _ldap._tcp.gc._msdcs.tuebingen.tst.loc. Checking 0 100 3268 node1.tuebingen.tst.loc. against SRV _ldap._tcp.gc._msdcs.tuebingen.tst.loc node1.tuebingen.tst.loc 3268 Looking for DNS entry SRV _ldap._tcp.pdc._msdcs.tuebingen.tst.loc node1.tuebingen.tst.loc 389 as _ldap._tcp.pdc._msdcs.tuebingen.tst.loc. Checking 0 100 389 node1.tuebingen.tst.loc. against SRV _ldap._tcp.pdc._msdcs.tuebingen.tst.loc node1.tuebingen.tst.loc 389 Looking for DNS entry SRV _gc._tcp.Default-First-Site-Name._sites.tuebingen.tst.loc node1.tuebingen.tst.loc 3268 as _gc._tcp.Default-First-Site-Name._sites.tuebingen.tst.loc. Checking 0 100 3268 node1.tuebingen.tst.loc. against SRV _gc._tcp.Default-First-Site-Name._sites.tuebingen.tst.loc
Re: [Samba] samba 4 dns-update issue
Yes I did. here is my /etc/named.conf [r...@sambaserver ~]# cat /etc/named.conf // // named.conf // // Provided by Red Hat bind package to configure the ISC BIND named(8) DNS // server as a caching only nameserver (as a localhost DNS resolver only). // // See /usr/share/doc/bind*/sample/ for example named configuration files. // options { listen-on port 53 { 127.0.0.1; 192.168.122.100; }; ## listen-on-v6 port 53 { ::1; }; directory /var/named; dump-file /var/named/data/cache_dump.db; statistics-file /var/named/data/named_stats.txt; memstatistics-file /var/named/data/named_mem_stats.txt; allow-query { localhost; 192.168.122.0/24; }; recursion yes; forwarders { 192.168.122.1; }; tkey-gssapi-credential DNS/quinox.be; tkey-domain QUINOX.BE; }; logging { channel default_debug { file data/named.run; severity dynamic; }; }; zone . IN { type hint; file named.ca; }; include /etc/named.rfc1912.zones; include /etc/named-samba.conf; Did you set a allow query to all your subnets in your named conf?? Here is mine: options { listen-on port 53 { 127.0.0.1;192.168.134.27; };---imortant put an ip listen-on-v6 port 53 { ::1; }; directory /var/named; dump-file /var/named/data/cache_dump.db; statistics-file /var/named/data/named_stats.txt; memstatistics-file /var/named/data/named_mem_stats.txt; allow-query { localhost; 192.168.135.0/24; 192.168.134.0/24; };---all your subnets here recursion yes; forwarders { 192.168.134.253; }; logging { channel default_debug { file data/named.run; severity dynamic; }; }; zone . IN { type hint; file named.ca; }; include /usr/local/samba/private/named.conf;--- this named.conf must be named:named, and the file at which it is pointing to:/usr/local/samba/private/named.conf.update Also the entry dns.keytab file in /etc/sysconfig/named: [r...@node1 sysconfig]# cat named # BIND named process options # KEYTAB_FILE=/usr/local/samba/private/dns.keytab export KEYTAB_FILE # -- Specify named service keytab file (for GSS-TSIG) Make shure named can read and write to it. Try in your smb.conf Interfaces= ip Ex mine: [globals] netbios name= NODE1 workgroup = TUEBINGEN realm = TUEBINGEN.TST.LOC server role = domain controller interfaces= 192.168.134.27 Make a samba_dnsupdate --verbose: [r...@node1 sysconfig]# samba_dnsupdate --verbose Looking for DNS entry A tuebingen.tst.loc 192.168.134.27 as tuebingen.tst.loc. Looking for DNS entry A node1.tuebingen.tst.loc 192.168.134.27 as node1.tuebingen.tst.loc. Looking for DNS entry CNAME 02284f45-de16-4125-a795-3b614f540ef7._msdcs.tuebingen.tst.loc node1.tuebingen.tst.loc as 02284f45-de16-4125-a795-3b614f540ef7._msdcs.tuebingen.tst.loc. Looking for DNS entry SRV _kerberos._tcp.Default-First-Site-Name._sites.dc._msdcs.tuebingen.tst.loc node1.tuebingen.tst.loc 88 as _kerberos._tcp.Default-First-Site-Name._sites.dc._msdcs.tuebingen.tst.loc. Checking 0 100 88 node2.tuebingen.tst.loc. against SRV _kerberos._tcp.Default-First-Site-Name._sites.dc._msdcs.tuebingen.tst.loc node1.tuebingen.tst.loc 88 Checking 0 100 88 node1.tuebingen.tst.loc. against SRV _kerberos._tcp.Default-First-Site-Name._sites.dc._msdcs.tuebingen.tst.loc node1.tuebingen.tst.loc 88 Looking for DNS entry SRV _ldap._tcp.Default-First-Site-Name._sites.dc._msdcs.tuebingen.tst.loc node1.tuebingen.tst.loc 389 as _ldap._tcp.Default-First-Site-Name._sites.dc._msdcs.tuebingen.tst.loc. Checking 0 100 389 node1.tuebingen.tst.loc. against SRV _ldap._tcp.Default-First-Site-Name._sites.dc._msdcs.tuebingen.tst.loc node1.tuebingen.tst.loc 389 Looking for DNS entry SRV _kerberos._tcp.dc._msdcs.tuebingen.tst.loc node1.tuebingen.tst.loc 88 as _kerberos._tcp.dc._msdcs.tuebingen.tst.loc. Checking 0 100 88 node1.tuebingen.tst.loc. against SRV _kerberos._tcp.dc._msdcs.tuebingen.tst.loc node1.tuebingen.tst.loc 88 Looking for DNS entry SRV _ldap._tcp.dc._msdcs.tuebingen.tst.loc node1.tuebingen.tst.loc 389 as _ldap._tcp.dc._msdcs.tuebingen.tst.loc. Checking 0 100 389 node2.tuebingen.tst.loc. against SRV _ldap._tcp.dc._msdcs.tuebingen.tst.loc node1.tuebingen.tst.loc 389 Checking 0 100 389 node1.tuebingen.tst.loc. against SRV _ldap._tcp.dc._msdcs.tuebingen.tst.loc node1.tuebingen.tst.loc 389 Looking for DNS entry SRV _ldap._tcp.3d718df6-359c-4eb4-a0de-5a7aaf5b0d26.domains._msdcs.tuebingen.tst .loc node1.tuebingen.tst.loc 389 as _ldap._tcp.3d718df6-359c-4eb4-a0de-5a7aaf5b0d26.domains._msdcs.tuebingen.tst .loc. Checking 0 100 389 node1.tuebingen.tst.loc. against SRV _ldap._tcp.3d718df6-359c-4eb4-a0de-5a7aaf5b0d26.domains._msdcs.tuebingen.tst .loc
Re: [Samba] samba 4 dns-update issue
Is this working: samba_dnsupdate --verbose ??? --- EDV Daniel Müller Leitung EDV Tropenklinik Paul-Lechler-Krankenhaus Paul-Lechler-Str. 24 72076 Tübingen Tel.: 07071/206-463, Fax: 07071/206-499 eMail: muel...@tropenklinik.de Internet: www.tropenklinik.de --- -Ursprüngliche Nachricht- Von: Roland de Lepper [mailto:roland.de.lep...@cvis.nl] Gesendet: Donnerstag, 12. August 2010 10:09 An: muel...@tropenklinik.de Cc: samba@lists.samba.org Betreff: Re: AW: AW: [Samba] samba 4 dns-update issue Yes I did. here is my /etc/named.conf [r...@sambaserver ~]# cat /etc/named.conf // // named.conf // // Provided by Red Hat bind package to configure the ISC BIND named(8) DNS // server as a caching only nameserver (as a localhost DNS resolver only). // // See /usr/share/doc/bind*/sample/ for example named configuration files. // options { listen-on port 53 { 127.0.0.1; 192.168.122.100; }; ## listen-on-v6 port 53 { ::1; }; directory /var/named; dump-file /var/named/data/cache_dump.db; statistics-file /var/named/data/named_stats.txt; memstatistics-file /var/named/data/named_mem_stats.txt; allow-query { localhost; 192.168.122.0/24; }; recursion yes; forwarders { 192.168.122.1; }; tkey-gssapi-credential DNS/quinox.be; tkey-domain QUINOX.BE; }; logging { channel default_debug { file data/named.run; severity dynamic; }; }; zone . IN { type hint; file named.ca; }; include /etc/named.rfc1912.zones; include /etc/named-samba.conf; Did you set a allow query to all your subnets in your named conf?? Here is mine: options { listen-on port 53 { 127.0.0.1;192.168.134.27; };---imortant put an ip listen-on-v6 port 53 { ::1; }; directory /var/named; dump-file /var/named/data/cache_dump.db; statistics-file /var/named/data/named_stats.txt; memstatistics-file /var/named/data/named_mem_stats.txt; allow-query { localhost; 192.168.135.0/24; 192.168.134.0/24; };---all your subnets here recursion yes; forwarders { 192.168.134.253; }; logging { channel default_debug { file data/named.run; severity dynamic; }; }; zone . IN { type hint; file named.ca; }; include /usr/local/samba/private/named.conf;--- this named.conf must be named:named, and the file at which it is pointing to:/usr/local/samba/private/named.conf.update Also the entry dns.keytab file in /etc/sysconfig/named: [r...@node1 sysconfig]# cat named # BIND named process options # KEYTAB_FILE=/usr/local/samba/private/dns.keytab export KEYTAB_FILE # -- Specify named service keytab file (for GSS-TSIG) Make shure named can read and write to it. Try in your smb.conf Interfaces= ip Ex mine: [globals] netbios name= NODE1 workgroup = TUEBINGEN realm = TUEBINGEN.TST.LOC server role = domain controller interfaces= 192.168.134.27 Make a samba_dnsupdate --verbose: [r...@node1 sysconfig]# samba_dnsupdate --verbose Looking for DNS entry A tuebingen.tst.loc 192.168.134.27 as tuebingen.tst.loc. Looking for DNS entry A node1.tuebingen.tst.loc 192.168.134.27 as node1.tuebingen.tst.loc. Looking for DNS entry CNAME 02284f45-de16-4125-a795-3b614f540ef7._msdcs.tuebingen.tst.loc node1.tuebingen.tst.loc as 02284f45-de16-4125-a795-3b614f540ef7._msdcs.tuebingen.tst.loc. Looking for DNS entry SRV _kerberos._tcp.Default-First-Site-Name._sites.dc._msdcs.tuebingen.tst.loc node1.tuebingen.tst.loc 88 as _kerberos._tcp.Default-First-Site-Name._sites.dc._msdcs.tuebingen.tst.loc. Checking 0 100 88 node2.tuebingen.tst.loc. against SRV _kerberos._tcp.Default-First-Site-Name._sites.dc._msdcs.tuebingen.tst.loc node1.tuebingen.tst.loc 88 Checking 0 100 88 node1.tuebingen.tst.loc. against SRV _kerberos._tcp.Default-First-Site-Name._sites.dc._msdcs.tuebingen.tst.loc node1.tuebingen.tst.loc 88 Looking for DNS entry SRV _ldap._tcp.Default-First-Site-Name._sites.dc._msdcs.tuebingen.tst.loc node1.tuebingen.tst.loc 389 as _ldap._tcp.Default-First-Site-Name._sites.dc._msdcs.tuebingen.tst.loc. Checking 0 100 389 node1.tuebingen.tst.loc. against SRV _ldap._tcp.Default-First-Site-Name._sites.dc._msdcs.tuebingen.tst.loc node1.tuebingen.tst.loc 389 Looking for DNS entry SRV _kerberos._tcp.dc._msdcs.tuebingen.tst.loc node1.tuebingen.tst.loc 88 as _kerberos._tcp.dc._msdcs.tuebingen.tst.loc. Checking 0 100 88 node1.tuebingen.tst.loc. against SRV _kerberos._tcp.dc._msdcs.tuebingen.tst.loc node1.tuebingen.tst.loc 88 Looking for DNS entry SRV _ldap._tcp.dc._msdcs.tuebingen.tst.loc node1.tuebingen.tst.loc 389 as _ldap._tcp.dc._msdcs.tuebingen.tst.loc. Checking 0 100 389
Re: [Samba] samba 4 dns-update issue
Roland de Lepper wrote: I've setup samba4 according to the samba4 wiki on centOS 5.4 in KVM. This went without any problems. I only had to install a higher version of bind to 9.6.x because Centos bind in repo will install version 9.3.x. I've used the Fedora12 source rpms for this to build bind 9.6.x on Centos 5.4. Then I configured bind according to the samba wiki (http://wiki.samba.org/index.php/Samba4/DNS) I did all the check in the wiki to see if bind is working. All tests passed. But in my logs a got the messages The working directory is not writable. I changed the owner on /var/named to the group named, which solved that problem. Then i installed Win7 virtual in KVM and joined the domain. I can login, create users via dsa.msc tool on windows and see them in wbinfo -u on the samba4 domain controller. All looks right, except for my ddns. The zone could not be updated with the new win7 machine. The win7 machine has a fixed ip-address. I checked all the howto again and again, but couldn't find a thing which could cause this. The error I see in my log is: Aug 11 09:34:46 sambaserver named[2281]: client 192.168.122.150#60058: query 'roland.quinox.be/SOA/IN' denied Is this a permission problem? I check and the group 'named' has write access to my zone file. (the user 'named' is member of the group 'named') This is the only issue I have with my samba4 installation and I really want to solve this issue. If you need more information or configurations, i can post them. Kind regards, Roland I don't know the Samba side of this, but that looks like a permission problem in the named.conf file. Your main options section (or view, if you're using views), should contain something like: allow-query { localnets; }; allow-query-cache { localnets; }; to tell bind that, yes, it is actually allowed to answer queries on your local network. Other subnets and IP ranges can be added alongside, or instead of, localnets if necessary. Moray. To err is human. To purr, feline -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] samba 4 dns-update issue
Yes I do. Centos 5.5 I do have those two lines in my /etc/sytsconfig/named file. btw. This evening I've installed a new virtual machine and used your howto for the installation of samba4 and DNS. Unfortunatly...I have the same problem again: Aug 12 20:58:34 localhost named[28804]: client 192.168.122.150#54473: update 'quinox.nl/IN' denied This is driving me crazy.I even chmod -R 777 /usr/local/samba/private/dns but also that didn't help. I have installed bind-9.6.2-5. regards, Roland de Lepper You are running on CentOs? Mine keytab file (for GSS-TSIG) [r...@node1 sysconfig]# cat named # BIND named process options # KEYTAB_FILE=/usr/local/samba/private/dns.keytab export KEYTAB_FILE # -- Specify named service keytab file (for GSS-TSIG) Your: tkey-gssapi-credential DNS/quinox.be; tkey-domain QUINOX.BE; --- EDV Daniel Müller Leitung EDV Tropenklinik Paul-Lechler-Krankenhaus Paul-Lechler-Str. 24 72076 Tübingen Tel.: 07071/206-463, Fax: 07071/206-499 eMail: muel...@tropenklinik.de Internet: www.tropenklinik.de --- -Ursprüngliche Nachricht- Von: Roland de Lepper [mailto:roland.de.lep...@cvis.nl] Gesendet: Donnerstag, 12. August 2010 11:16 An: muel...@tropenklinik.de Betreff: Re: AW: AW: AW: [Samba] samba 4 dns-update issue Is was working with the same denied message in my log, but after the changes yesterday, it isn't working anymore: [r...@sambaserver sbin]# ./samba_dnsupdate --verbose Looking for DNS entry A quinox.be 192.168.122.100 as quinox.be. Traceback (most recent call last): File ./samba_dnsupdate, line 275, in ? if not check_dns_name(d): File ./samba_dnsupdate, line 160, in check_dns_name ans = resolver.query(normalised_name, d.type) File /usr/lib/python2.4/site-packages/dns/resolver.py, line 723, in query return get_default_resolver().query(qname, rdtype, rdclass, tcp, source) File /usr/lib/python2.4/site-packages/dns/resolver.py, line 604, in query timeout = self._compute_timeout(start) File /usr/lib/python2.4/site-packages/dns/resolver.py, line 537, in _compute_timeout raise Timeout dns.exception.Timeout Is this working: samba_dnsupdate --verbose ??? --- EDV Daniel Müller Leitung EDV Tropenklinik Paul-Lechler-Krankenhaus Paul-Lechler-Str. 24 72076 Tübingen Tel.: 07071/206-463, Fax: 07071/206-499 eMail: muel...@tropenklinik.de Internet: www.tropenklinik.de --- -Ursprüngliche Nachricht- Von: Roland de Lepper [mailto:roland.de.lep...@cvis.nl] Gesendet: Donnerstag, 12. August 2010 10:09 An: muel...@tropenklinik.de Cc: samba@lists.samba.org Betreff: Re: AW: AW: [Samba] samba 4 dns-update issue Yes I did. here is my /etc/named.conf [r...@sambaserver ~]# cat /etc/named.conf // // named.conf // // Provided by Red Hat bind package to configure the ISC BIND named(8) DNS // server as a caching only nameserver (as a localhost DNS resolver only). // // See /usr/share/doc/bind*/sample/ for example named configuration files. // options { listen-on port 53 { 127.0.0.1; 192.168.122.100; }; ## listen-on-v6 port 53 { ::1; }; directory /var/named; dump-file /var/named/data/cache_dump.db; statistics-file /var/named/data/named_stats.txt; memstatistics-file /var/named/data/named_mem_stats.txt; allow-query { localhost; 192.168.122.0/24; }; recursion yes; forwarders { 192.168.122.1; }; tkey-gssapi-credential DNS/quinox.be; tkey-domain QUINOX.BE; }; logging { channel default_debug { file data/named.run; severity dynamic; }; }; zone . IN { type hint; file named.ca; }; include /etc/named.rfc1912.zones; include /etc/named-samba.conf; Did you set a allow query to all your subnets in your named conf?? Here is mine: options { listen-on port 53 { 127.0.0.1;192.168.134.27; };---imortant put an ip listen-on-v6 port 53 { ::1; }; directory /var/named; dump-file /var/named/data/cache_dump.db; statistics-file /var/named/data/named_stats.txt; memstatistics-file /var/named/data/named_mem_stats.txt; allow-query { localhost; 192.168.135.0/24; 192.168.134.0/24; };---all your subnets here recursion yes; forwarders { 192.168.134.253; }; logging { channel default_debug { file data/named.run; severity dynamic; }; }; zone . IN { type hint; file named.ca; }; include /usr/local/samba/private/named.conf;--- this named.conf must be named:named, and the file at which it is pointing to:/usr/local/samba/private/named.conf.update Also the entry dns.keytab file in
Re: [Samba] samba 4 dns-update issue
I,ve looked at your howto, and it's exactly what I've did too. I also compiled bind after I created the user'named' and added to the group 'named'. I've set the permissions on the files as in your howto, but still no luck. Selinux and the firewall are disabled on the samba-server and the firewall is disabled on the win7 client machine. Kind regards, Roland de Lepper Look at my thread: HOWTO samba4 centos5.5 named dnsupdate drbd simple failover --- EDV Daniel Müller Leitung EDV Tropenklinik Paul-Lechler-Krankenhaus Paul-Lechler-Str. 24 72076 Tübingen Tel.: 07071/206-463, Fax: 07071/206-499 eMail: muel...@tropenklinik.de Internet: www.tropenklinik.de --- -Ursprüngliche Nachricht- Von: samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org] Im Auftrag von Roland de Lepper Gesendet: Mittwoch, 11. August 2010 09:38 An: samba@lists.samba.org Betreff: [Samba] samba 4 dns-update issue Hi all, I've setup samba4 according to the samba4 wiki on centOS 5.4 in KVM. This went without any problems. I only had to install a higher version of bind to 9.6.x because Centos bind in repo will install version 9.3.x. I've used the Fedora12 source rpms for this to build bind 9.6.x on Centos 5.4. Then I configured bind according to the samba wiki (http://wiki.samba.org/index.php/Samba4/DNS) I did all the check in the wiki to see if bind is working. All tests passed. But in my logs a got the messages The working directory is not writable. I changed the owner on /var/named to the group named, which solved that problem. Then i installed Win7 virtual in KVM and joined the domain. I can login, create users via dsa.msc tool on windows and see them in wbinfo -u on the samba4 domain controller. All looks right, except for my ddns. The zone could not be updated with the new win7 machine. The win7 machine has a fixed ip-address. I checked all the howto again and again, but couldn't find a thing which could cause this. The error I see in my log is: Aug 11 09:34:46 sambaserver named[2281]: client 192.168.122.150#60058: query 'roland.quinox.be/SOA/IN' denied Is this a permission problem? I check and the group 'named' has write access to my zone file. (the user 'named' is member of the group 'named') This is the only issue I have with my samba4 installation and I really want to solve this issue. If you need more information or configurations, i can post them. Kind regards, Roland -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba