samba - Aug 2014 - Samba 4.1.9 with bind 9.9.4 and ddns update denied messages

Hi everybody,
1)
i've successfully installed a samba4 AD with Version 4.1.11 and bind 9.9.4
on centos 7 with bind flatfiles. On the client side i've a windows7 sp1
machine. The only trouble i have is an ddns update denied message in
/var/log/messages. But after the denied message is shown, the forward and
reverse lookup zone will be aktualized successfully.
Could it be that windows 7 first try to do an unsecure ddns update and if this
is not possible it would try a secure update? A Win 8.1 client seems to update
only on the system start...
 
The extract from the message is:
 
Aug  6 22:25:18 Server1 chronyd[807]: NTP packet received from unauthorised host
192.168.178.120 port 123 Aug  6 22:25:18 Server1 named[11069]: client
192.168.178.120#65377: update 'winnet.local/IN' denied
Aug  6 22:25:18 Server1 named[11069]: client 192.168.178.120#59880/key
client1\$\@WINNET.LOCAL: updating zone 'winnet.local/IN': deleting rrset
at 'client1.winnet.local' AAAA
Aug  6 22:25:18 Server1 named[11069]: client 192.168.178.120#59880/key
client1\$\@WINNET.LOCAL: updating zone 'winnet.local/IN': deleting rrset
at 'client1.winnet.local' A
Aug  6 22:25:18 Server1 named[11069]: client 192.168.178.120#59880/key
client1\$\@WINNET.LOCAL: updating zone 'winnet.local/IN': adding an RR
at 'client1.winnet.local' A
Aug  6 22:25:18 Server1 named[11069]: client 192.168.178.120#53636: update
'178.168.192.in-addr.arpa/IN' denied
Aug  6 22:25:18 Server1 named[11069]: client 192.168.178.120#56114/key
client1\$\@WINNET.LOCAL: updating zone '178.168.192.in-addr.arpa/IN':
deleting rrset at '120.178.168.192.in-addr.arpa' PTR
Aug  6 22:25:18 Server1 named[11069]: client 192.168.178.120#56114/key
client1\$\@WINNET.LOCAL: updating zone '178.168.192.in-addr.arpa/IN':
adding an RR at '120.178.168.192.in-addr.arpa' PTR


SELinux and the deamon firewalld are deaktivated.
 
I hope that someone could help me :-( is this a problem or the normal behaviour.
If i should post my configuration files thats no problem. I will give you all
you need. Please help me...
 
2)
Could it be that the internal samba dns can only ddns for the forward-lookup
zone? In another test environment i tried the internal dns and added a reverse
lookup zone with the remote administrative tools on an windows 7 sp1 machine.
But neither the samba-server nor the windows 7 client will do their entries in
this reverse lookup zone.
 
 
 
Kind regarts
Markus

Hi,
I have exactly the same message in the log bind after adding the computer
to Win7.
It seems to me that Samba is working correctly but if this problem is not
serious?

Can someone say something more about it?


Regards
?ukasz


2014-08-08 0:51 GMT+02:00 Markus Roth <markusroth1983 at gmx.net>:
> Hi everybody,
> 1)
> i've successfully installed a samba4 AD with Version 4.1.11 and bind
9.9.4
> on centos 7 with bind flatfiles. On the client side i've a windows7 sp1
> machine. The only trouble i have is an ddns update denied message in
> /var/log/messages. But after the denied message is shown, the forward and
> reverse lookup zone will be aktualized successfully.
> Could it be that windows 7 first try to do an unsecure ddns update and if
> this is not possible it would try a secure update? A Win 8.1 client seems
> to update only on the system start...
>
> The extract from the message is:
>
> Aug  6 22:25:18 Server1 chronyd[807]: NTP packet received from
> unauthorised host 192.168.178.120 port 123 Aug  6 22:25:18 Server1
> named[11069]: client 192.168.178.120#65377: update
'winnet.local/IN' denied
> Aug  6 22:25:18 Server1 named[11069]: client 192.168.178.120#59880/key
> client1\$\@WINNET.LOCAL: updating zone 'winnet.local/IN': deleting
rrset at
> 'client1.winnet.local' AAAA
> Aug  6 22:25:18 Server1 named[11069]: client 192.168.178.120#59880/key
> client1\$\@WINNET.LOCAL: updating zone 'winnet.local/IN': deleting
rrset at
> 'client1.winnet.local' A
> Aug  6 22:25:18 Server1 named[11069]: client 192.168.178.120#59880/key
> client1\$\@WINNET.LOCAL: updating zone 'winnet.local/IN': adding an
RR at
> 'client1.winnet.local' A
> Aug  6 22:25:18 Server1 named[11069]: client 192.168.178.120#53636: update
> '178.168.192.in-addr.arpa/IN' denied
> Aug  6 22:25:18 Server1 named[11069]: client 192.168.178.120#56114/key
> client1\$\@WINNET.LOCAL: updating zone
'178.168.192.in-addr.arpa/IN':
> deleting rrset at '120.178.168.192.in-addr.arpa' PTR
> Aug  6 22:25:18 Server1 named[11069]: client 192.168.178.120#56114/key
> client1\$\@WINNET.LOCAL: updating zone
'178.168.192.in-addr.arpa/IN':
> adding an RR at '120.178.168.192.in-addr.arpa' PTR
>
>
> SELinux and the deamon firewalld are deaktivated.
>
> I hope that someone could help me :-( is this a problem or the normal
> behaviour. If i should post my configuration files thats no problem. I will
> give you all you need. Please help me...
>
> 2)
> Could it be that the internal samba dns can only ddns for the
> forward-lookup zone? In another test environment i tried the internal dns
> and added a reverse lookup zone with the remote administrative tools on an
> windows 7 sp1 machine. But neither the samba-server nor the windows 7
> client will do their entries in this reverse lookup zone.
>
>
>
> Kind regarts
> Markus
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
>