Markus Roth
2014-Aug-07 22:51 UTC
[Samba] Samba 4.1.9 with bind 9.9.4 and ddns update denied messages
Hi everybody, 1) i've successfully installed a samba4 AD with Version 4.1.11 and bind 9.9.4 on centos 7 with bind flatfiles. On the client side i've a windows7 sp1 machine. The only trouble i have is an ddns update denied message in /var/log/messages. But after the denied message is shown, the forward and reverse lookup zone will be aktualized successfully. Could it be that windows 7 first try to do an unsecure ddns update and if this is not possible it would try a secure update? A Win 8.1 client seems to update only on the system start... The extract from the message is: Aug 6 22:25:18 Server1 chronyd[807]: NTP packet received from unauthorised host 192.168.178.120 port 123 Aug 6 22:25:18 Server1 named[11069]: client 192.168.178.120#65377: update 'winnet.local/IN' denied Aug 6 22:25:18 Server1 named[11069]: client 192.168.178.120#59880/key client1\$\@WINNET.LOCAL: updating zone 'winnet.local/IN': deleting rrset at 'client1.winnet.local' AAAA Aug 6 22:25:18 Server1 named[11069]: client 192.168.178.120#59880/key client1\$\@WINNET.LOCAL: updating zone 'winnet.local/IN': deleting rrset at 'client1.winnet.local' A Aug 6 22:25:18 Server1 named[11069]: client 192.168.178.120#59880/key client1\$\@WINNET.LOCAL: updating zone 'winnet.local/IN': adding an RR at 'client1.winnet.local' A Aug 6 22:25:18 Server1 named[11069]: client 192.168.178.120#53636: update '178.168.192.in-addr.arpa/IN' denied Aug 6 22:25:18 Server1 named[11069]: client 192.168.178.120#56114/key client1\$\@WINNET.LOCAL: updating zone '178.168.192.in-addr.arpa/IN': deleting rrset at '120.178.168.192.in-addr.arpa' PTR Aug 6 22:25:18 Server1 named[11069]: client 192.168.178.120#56114/key client1\$\@WINNET.LOCAL: updating zone '178.168.192.in-addr.arpa/IN': adding an RR at '120.178.168.192.in-addr.arpa' PTR SELinux and the deamon firewalld are deaktivated. I hope that someone could help me :-( is this a problem or the normal behaviour. If i should post my configuration files thats no problem. I will give you all you need. Please help me... 2) Could it be that the internal samba dns can only ddns for the forward-lookup zone? In another test environment i tried the internal dns and added a reverse lookup zone with the remote administrative tools on an windows 7 sp1 machine. But neither the samba-server nor the windows 7 client will do their entries in this reverse lookup zone. Kind regarts Markus
Ćukasz Tomaszewski
2014-Aug-08 10:55 UTC
[Samba] Samba 4.1.9 with bind 9.9.4 and ddns update denied messages
Hi, I have exactly the same message in the log bind after adding the computer to Win7. It seems to me that Samba is working correctly but if this problem is not serious? Can someone say something more about it? Regards ?ukasz 2014-08-08 0:51 GMT+02:00 Markus Roth <markusroth1983 at gmx.net>:> Hi everybody, > 1) > i've successfully installed a samba4 AD with Version 4.1.11 and bind 9.9.4 > on centos 7 with bind flatfiles. On the client side i've a windows7 sp1 > machine. The only trouble i have is an ddns update denied message in > /var/log/messages. But after the denied message is shown, the forward and > reverse lookup zone will be aktualized successfully. > Could it be that windows 7 first try to do an unsecure ddns update and if > this is not possible it would try a secure update? A Win 8.1 client seems > to update only on the system start... > > The extract from the message is: > > Aug 6 22:25:18 Server1 chronyd[807]: NTP packet received from > unauthorised host 192.168.178.120 port 123 Aug 6 22:25:18 Server1 > named[11069]: client 192.168.178.120#65377: update 'winnet.local/IN' denied > Aug 6 22:25:18 Server1 named[11069]: client 192.168.178.120#59880/key > client1\$\@WINNET.LOCAL: updating zone 'winnet.local/IN': deleting rrset at > 'client1.winnet.local' AAAA > Aug 6 22:25:18 Server1 named[11069]: client 192.168.178.120#59880/key > client1\$\@WINNET.LOCAL: updating zone 'winnet.local/IN': deleting rrset at > 'client1.winnet.local' A > Aug 6 22:25:18 Server1 named[11069]: client 192.168.178.120#59880/key > client1\$\@WINNET.LOCAL: updating zone 'winnet.local/IN': adding an RR at > 'client1.winnet.local' A > Aug 6 22:25:18 Server1 named[11069]: client 192.168.178.120#53636: update > '178.168.192.in-addr.arpa/IN' denied > Aug 6 22:25:18 Server1 named[11069]: client 192.168.178.120#56114/key > client1\$\@WINNET.LOCAL: updating zone '178.168.192.in-addr.arpa/IN': > deleting rrset at '120.178.168.192.in-addr.arpa' PTR > Aug 6 22:25:18 Server1 named[11069]: client 192.168.178.120#56114/key > client1\$\@WINNET.LOCAL: updating zone '178.168.192.in-addr.arpa/IN': > adding an RR at '120.178.168.192.in-addr.arpa' PTR > > > SELinux and the deamon firewalld are deaktivated. > > I hope that someone could help me :-( is this a problem or the normal > behaviour. If i should post my configuration files thats no problem. I will > give you all you need. Please help me... > > 2) > Could it be that the internal samba dns can only ddns for the > forward-lookup zone? In another test environment i tried the internal dns > and added a reverse lookup zone with the remote administrative tools on an > windows 7 sp1 machine. But neither the samba-server nor the windows 7 > client will do their entries in this reverse lookup zone. > > > > Kind regarts > Markus > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba >