Hello
We have installed 4 Sernet AD controllers on Debian 8.7 with bind9. If
we run ipconfig /registerdns on a windowsclient , an
error message is in the logfiles:
31-Mar-2017 11:08:49.270 client 192.168.99.6#50357
(client006.my.domain.de): query: client006.my.domain.de IN SOA +
(192.168.99.8)
31-Mar-2017 11:08:49.274 client 192.168.99.6#51046
(client008.my.domain.de): query: client008.my.domain.de IN A +
(192.168.99.8)
31-Mar-2017 11:08:49.279 samba_dlz: starting transaction on zone
my.domain.de
31-Mar-2017 11:08:49.280 client 192.168.99.6#63377: update
'my.domain.de/IN' denied
31-Mar-2017 11:08:49.280 samba_dlz: cancelling transaction on zone
my.domain.de
31-Mar-2017 11:08:49.282 client 192.168.99.6#58242
(196-ms-7.22-4b26a5.ce2ea96c-15e6-11e7-5e9d-525400186fdb): query:
196-ms-7.22-4b26a5.ce2ea96c-15e6-11e7-5e9d-525400186fdb IN TKEY -T
(192.168.99.8)
31-Mar-2017 11:08:49.285 client 192.168.99.6#51560
(6.99.30.172.in-addr.arpa): query: 6.99.30.172.in-addr.arpa IN SOA +
(192.168.99.8)
31-Mar-2017 11:08:49.288 client 192.168.99.6#58260
(client008.my.domain.de): query: client008.my.domain.de IN A +
(192.168.99.8)
31-Mar-2017 11:08:49.294 samba_dlz: starting transaction on zone
99.30.172.in-addr.arpa
31-Mar-2017 11:08:49.294 client 192.168.99.6#49428: update
'99.30.172.in-addr.arpa/IN' denied
31-Mar-2017 11:08:49.295 samba_dlz: cancelling transaction on zone
99.30.172.in-addr.arpa
31-Mar-2017 11:08:49.297 client 192.168.99.6#60163
(196-ms-7.23-4b26a5.ce2ea96c-15e6-11e7-5e9d-525400186fdb): query:
196-ms-7.23-4b26a5.ce2ea96c-15e6-11e7-5e9d-525400186fdb IN TKEY -T
(192.168.99.8)
31-Mar-2017 11:08:49.270 client 192.168.99.6#50357
(client006.my.domain.de): query: client006.my.domain.de IN SOA +
(192.168.99.8)
31-Mar-2017 11:08:49.274 client 192.168.99.6#51046
(client008.my.domain.de): query: client008.my.domain.de IN A +
(192.168.99.8)
31-Mar-2017 11:08:49.279 samba_dlz: starting transaction on zone
my.domain.de
31-Mar-2017 11:08:49.280 client 192.168.99.6#63377: update
'my.domain.de/IN' denied
31-Mar-2017 11:08:49.280 samba_dlz: cancelling transaction on zone
my.domain.de
31-Mar-2017 11:08:49.282 client 192.168.99.6#58242
(196-ms-7.22-4b26a5.ce2ea96c-15e6-11e7-5e9d-525400186fdb): query:
196-ms-7.22-4b26a5.ce2ea96c-15e6-11e7-5e9d-525400186fdb IN TKEY -T
(192.168.99.8)
31-Mar-2017 11:08:49.285 client 192.168.99.6#51560
(6.99.30.172.in-addr.arpa): query: 6.99.30.172.in-addr.arpa IN SOA +
(192.168.99.8)
31-Mar-2017 11:08:49.288 client 192.168.99.6#58260
(client008.my.domain.de): query: client008.my.domain.de IN A +
(192.168.99.8)
31-Mar-2017 11:08:49.294 samba_dlz: starting transaction on zone
99.30.172.in-addr.arpa
31-Mar-2017 11:08:49.294 client 192.168.99.6#49428: update
'99.30.172.in-addr.arpa/IN' denied
31-Mar-2017 11:08:49.295 samba_dlz: cancelling transaction on zone
99.30.172.in-addr.arpa
31-Mar-2017 11:08:49.297 client 192.168.99.6#60163
(196-ms-7.23-4b26a5.ce2ea96c-15e6-11e7-5e9d-525400186fdb): query:
196-ms-7.23-4b26a5.ce2ea96c-15e6-11e7-5e9d-525400186fdb IN TKEY -T
(192.168.99.8)
If we executed
samba_dnsupdate --verbose --all-names
no errors are displayed.
The rights of /var/lib/samba/private/dns/sam.ldb.d/*
are 660.
relevated content of /etc/bind/named.conf.options
-------------------------------------------------
allow-update { any;};
tkey-gssapi-keytab "/var/lib/samba/private/dns.keytab";
dnssec-validation no;
dnssec-enable no;
We run
------
samba_upgradedns --dns-backend=BIND9_DLZ
/etc/samba/smb.conf
-------------------
server services = -dns
named -V
--------
BIND 9.9.5-9+deb8u10-Debian (Extended Support Version) <id:f9b8a50e>
built by make with '--prefix=/usr' '--mandir=/usr/share/man'
'--infodir=/usr/share/info'
'--sysconfdir=/etc/bind' '--localstatedir=/var'
'--enable-threads'
'--enable-largefile' '--with-libtool' '--enable-shared'
'--enable-static'
'--with-openssl=/usr' '--with-gssapi=/usr'
'--with-gnu-ld'
'--with-geoip=/usr' '--with-atf=no' '--enable-ipv6'
'--enable-rrl'
'--enable-filter-aaaa'
'CFLAGS=-fno-strict-aliasing -fno-delete-null-pointer-checks
-DDIG_SIGCHASE -O2'
compiled by GCC 4.9.2
using OpenSSL version: OpenSSL 1.0.1t 3 May 2016
using libxml2 version: 2.9.1
Timesync
---------
correct time
In the named.config.local we have not create an zone for
"my.domain.de".
I think this is not nessesary.
dpkg -l | grep sernet
----------------------
ii libwbclient0:amd64 99:4.5.7-16
amd64 Glue package for sernet-samba-libs.
ii sernet-samba 99:4.5.7-16
amd64 SMB/CIFS file, print, and login server for Unix
ii sernet-samba-ad 99:4.5.7-16
amd64 Samba Active Directory Domain Controller
ii sernet-samba-client 99:4.5.7-16
amd64 a LanManager-like simple client for Unix
ii sernet-samba-common 99:4.5.7-16
all Samba common files used by both the server and the client
ii sernet-samba-keyring 1.5
all GnuPG archive keys of the SerNet Samba archive
ii sernet-samba-libs:amd64 99:4.5.7-16
amd64 Samba common library files used by both the server and the
client
ii sernet-samba-libsmbclient0:amd64 99:4.5.7-16
amd64 Shared library that allows applications to talk to SMB servers
ii sernet-samba-winbind 99:4.5.7-16
amd64 Samba nameservice integration server
Can anybody help me?