samba - Jun 2016 - WERR_DNS_ERROR_RCODE_REFUSED

Hello!
I have Samba 4.3.3 with Windows Server 2008 R2 SP1, I cm problems in 
DNS, which in windows can not create dns entries:


Windows = 192.168.200.66
Samba = 192.168.200.90

Error trying to create samba-tool:

samba-tool dns add 192.168.200.66 _msdcs.local.domain 
9e0c71b8-36e0-4269-a69e-1a03bdab4841 CNAME WIN2008.local.domain 
-Uadministrator
Password is [LOCAL \ administrator]
ERROR (runtime): uncaught exception - (9005,
'WERR_DNS_ERROR_RCODE_REFUSED')
File
"/opt/samba/lib/python2.7/site-packages/samba/netcmd/__init__.py",
line 175, in _run
self.run return (* args, ** kwargs)
File "/opt/samba/lib/python2.7/site-packages/samba/netcmd/dns.py",
line
1073, in run
0, server, zone, name, add_rec_buf, None)
root @ samba: /opt/samba_src/samba-4.3.3#



Samba 4 logs:

Jun 28 17:28:40 samba named [8988]: samba_dlz: starting transaction on 
zone local.domain
Jun 28 17:28:40 samba named [8988]: client 192.168.200.66 # 59830: 
update 'local.domain / IN' denied
Jun 28 17:28:40 samba named [8988]: samba_dlz: canceling transaction on 
zone local.domain
Jun 28 17:28:40 samba named [8988]: samba_dlz: starting transaction on 
zone local.domain
Jun 28 17:28:40 samba named [8988]: samba_dlz: Allowing update of signer 
= Win2008 \ $ \ @ LOCAL.DOMAIN name = WIN2008.local.domain tcpaddr = 
type = AAAA key = 996-ms-7.3-37764d. 
e5b44e60-3d6e-11e6-02b3-080027f8e516 / 160/0
Jun 28 17:28:40 samba named [8988]: samba_dlz: Allowing update of signer 
= Win2008 \ $ \ @ LOCAL.DOMAIN name = WIN2008.local.domain tcpaddr = 
type = A key = 996-ms-7.3-37764d. e5b44e60-3d6e-11e6-02b3-080027f8e516 / 
160/0
Jun 28 17:28:40 samba named [8988]: samba_dlz: Allowing update of signer 
= Win2008 \ $ \ @ LOCAL.DOMAIN name = WIN2008.local.domain tcpaddr = 
type = A key = 996-ms-7.3-37764d. e5b44e60-3d6e-11e6-02b3-080027f8e516 / 
160/0
Jun 28 17:28:40 samba named [8988]: client 192.168.200.66 # 50239 / key 
Win2008 \ $ \ @ LOCAL.DOMAIN: updating zone 'local.domain / NONE': 
deleting RRset at 'WIN2008.local.domain' YYYY
Jun 28 17:28:40 samba named [8988]: client 192.168.200.66 # 50239 / key 
Win2008 \ $ \ @ LOCAL.DOMAIN: updating zone 'local.domain / NONE': 
deleting RRset at 'WIN2008.local.domain' THE
Jun 28 17:28:40 samba named [8988]: samba_dlz: subtracted rdataset 
WIN2008.local.domain '. WIN2008.local.domain # 011900 # 011IN # 011A # 
011192.168.200.66'
Jun 28 17:28:40 samba named [8988]: client 192.168.200.66 # 50239 / key 
Win2008 \ $ \ @ LOCAL.DOMAIN: updating zone 'local.domain / NONE': 
adding an RR at 'WIN2008.local.domain 'The 192.168.200.66
Jun 28 17:28:40 samba named [8988]: samba_dlz: added rdataset 
WIN2008.local.domain 'WIN2008.local.domain # 0111200 # 011IN # 011A # 
011192.168.200.66.'
Jun 28 17:28:40 samba named [8988]: samba_dlz:. Subtracted local.domain 
rdataset 'local.domain # 0113600 # # 011SOA 011IN # 
011samba.local.domain. hostmaster.local.domain. 5900600 86400 3600 '
Jun 28 17:28:40 samba named [8988]: samba_dlz: added rdataset 
local.domain 'local.domain # 0113600 # # 011SOA 011IN # 
011samba.local.domain.. hostmaster.local.domain. 6900600 86400 3600 '
Jun 28 17:28:40 samba named [8988]: samba_dlz: committed transaction on 
zone local.domain

Any idea ?

Thank you

On 28/06/16 21:37, Carlos A. P. Cunha wrote:
> Hello!
> I have Samba 4.3.3 with Windows Server 2008 R2 SP1, I cm problems in 
> DNS, which in windows can not create dns entries:
>
>
> Windows = 192.168.200.66
> Samba = 192.168.200.90
>
> Error trying to create samba-tool:
>
> samba-tool dns add 192.168.200.66 _msdcs.local.domain 
> 9e0c71b8-36e0-4269-a69e-1a03bdab4841 CNAME WIN2008.local.domain 
> -Uadministrator
> Password is [LOCAL \ administrator]
> ERROR (runtime): uncaught exception - (9005, 
> 'WERR_DNS_ERROR_RCODE_REFUSED')
It looks like the windows DC flatly refused the update
> File 
>
"/opt/samba/lib/python2.7/site-packages/samba/netcmd/__init__.py",
> line 175, in _run
> self.run return (* args, ** kwargs)
> File
"/opt/samba/lib/python2.7/site-packages/samba/netcmd/dns.py",
> line 1073, in run
> 0, server, zone, name, add_rec_buf, None)
> root @ samba: /opt/samba_src/samba-4.3.3#
>
>
>
> Samba 4 logs:
>
> Jun 28 17:28:40 samba named [8988]: samba_dlz: starting transaction on 
> zone local.domain
> Jun 28 17:28:40 samba named [8988]: client 192.168.200.66 # 59830: 
> update 'local.domain / IN' denied
> Jun 28 17:28:40 samba named [8988]: samba_dlz: canceling transaction 
> on zone local.domain
> Jun 28 17:28:40 samba named [8988]: samba_dlz: starting transaction on 
> zone local.domain
> Jun 28 17:28:40 samba named [8988]: samba_dlz: Allowing update of 
> signer = Win2008 \ $ \ @ LOCAL.DOMAIN name = WIN2008.local.domain 
> tcpaddr = type = AAAA key = 996-ms-7.3-37764d. 
> e5b44e60-3d6e-11e6-02b3-080027f8e516 / 160/0
> Jun 28 17:28:40 samba named [8988]: samba_dlz: Allowing update of 
> signer = Win2008 \ $ \ @ LOCAL.DOMAIN name = WIN2008.local.domain 
> tcpaddr = type = A key = 996-ms-7.3-37764d. 
> e5b44e60-3d6e-11e6-02b3-080027f8e516 / 160/0
> Jun 28 17:28:40 samba named [8988]: samba_dlz: Allowing update of 
> signer = Win2008 \ $ \ @ LOCAL.DOMAIN name = WIN2008.local.domain 
> tcpaddr = type = A key = 996-ms-7.3-37764d. 
> e5b44e60-3d6e-11e6-02b3-080027f8e516 / 160/0
> Jun 28 17:28:40 samba named [8988]: client 192.168.200.66 # 50239 / 
> key Win2008 \ $ \ @ LOCAL.DOMAIN: updating zone 'local.domain /
NONE':
> deleting RRset at 'WIN2008.local.domain' YYYY
> Jun 28 17:28:40 samba named [8988]: client 192.168.200.66 # 50239 / 
> key Win2008 \ $ \ @ LOCAL.DOMAIN: updating zone 'local.domain /
NONE':
> deleting RRset at 'WIN2008.local.domain' THE
> Jun 28 17:28:40 samba named [8988]: samba_dlz: subtracted rdataset 
> WIN2008.local.domain '. WIN2008.local.domain # 011900 # 011IN # 011A # 
> 011192.168.200.66'
> Jun 28 17:28:40 samba named [8988]: client 192.168.200.66 # 50239 / 
> key Win2008 \ $ \ @ LOCAL.DOMAIN: updating zone 'local.domain /
NONE':
> adding an RR at 'WIN2008.local.domain 'The 192.168.200.66
> Jun 28 17:28:40 samba named [8988]: samba_dlz: added rdataset 
> WIN2008.local.domain 'WIN2008.local.domain # 0111200 # 011IN # 011A # 
> 011192.168.200.66.'
> Jun 28 17:28:40 samba named [8988]: samba_dlz:. Subtracted 
> local.domain rdataset 'local.domain # 0113600 # # 011SOA 011IN # 
> 011samba.local.domain. hostmaster.local.domain. 5900600 86400 3600 '
> Jun 28 17:28:40 samba named [8988]: samba_dlz: added rdataset 
> local.domain 'local.domain # 0113600 # # 011SOA 011IN # 
> 011samba.local.domain.. hostmaster.local.domain. 6900600 86400 3600 '
> Jun 28 17:28:40 samba named [8988]: samba_dlz: committed transaction 
> on zone local.domain
>
This log fragment is only showing the DC updating its own record on a 
Samba DC, you will need to look in the logs on the windows DC.

I take it that the windows DC is running a DNS server, I think you said 
in an earlier post that this is Bind DNS server, if this is the case 
*where does Bind store the zone info ? *

Rowland
> Any idea ?
>
> Thank you
>

Hello!

Yes, Windows dns too, my dns in samba is Bind!!!


I dont understande -> "where does Bind store the zone info ? *"

:-|


Thanks

Em 28-06-2016 18:25, Rowland penny escreveu:
> On 28/06/16 21:37, Carlos A. P. Cunha wrote:
>> Hello!
>> I have Samba 4.3.3 with Windows Server 2008 R2 SP1, I cm problems in 
>> DNS, which in windows can not create dns entries:
>>
>>
>> Windows = 192.168.200.66
>> Samba = 192.168.200.90
>>
>> Error trying to create samba-tool:
>>
>> samba-tool dns add 192.168.200.66 _msdcs.local.domain 
>> 9e0c71b8-36e0-4269-a69e-1a03bdab4841 CNAME WIN2008.local.domain 
>> -Uadministrator
>> Password is [LOCAL \ administrator]
>> ERROR (runtime): uncaught exception - (9005, 
>> 'WERR_DNS_ERROR_RCODE_REFUSED')
>
> It looks like the windows DC flatly refused the update
>
>> File 
>>
"/opt/samba/lib/python2.7/site-packages/samba/netcmd/__init__.py",
>> line 175, in _run
>> self.run return (* args, ** kwargs)
>> File
"/opt/samba/lib/python2.7/site-packages/samba/netcmd/dns.py",
>> line 1073, in run
>> 0, server, zone, name, add_rec_buf, None)
>> root @ samba: /opt/samba_src/samba-4.3.3#
>>
>>
>>
>> Samba 4 logs:
>>
>> Jun 28 17:28:40 samba named [8988]: samba_dlz: starting transaction 
>> on zone local.domain
>> Jun 28 17:28:40 samba named [8988]: client 192.168.200.66 # 59830: 
>> update 'local.domain / IN' denied
>> Jun 28 17:28:40 samba named [8988]: samba_dlz: canceling transaction 
>> on zone local.domain
>> Jun 28 17:28:40 samba named [8988]: samba_dlz: starting transaction 
>> on zone local.domain
>> Jun 28 17:28:40 samba named [8988]: samba_dlz: Allowing update of 
>> signer = Win2008 \ $ \ @ LOCAL.DOMAIN name = WIN2008.local.domain 
>> tcpaddr = type = AAAA key = 996-ms-7.3-37764d. 
>> e5b44e60-3d6e-11e6-02b3-080027f8e516 / 160/0
>> Jun 28 17:28:40 samba named [8988]: samba_dlz: Allowing update of 
>> signer = Win2008 \ $ \ @ LOCAL.DOMAIN name = WIN2008.local.domain 
>> tcpaddr = type = A key = 996-ms-7.3-37764d. 
>> e5b44e60-3d6e-11e6-02b3-080027f8e516 / 160/0
>> Jun 28 17:28:40 samba named [8988]: samba_dlz: Allowing update of 
>> signer = Win2008 \ $ \ @ LOCAL.DOMAIN name = WIN2008.local.domain 
>> tcpaddr = type = A key = 996-ms-7.3-37764d. 
>> e5b44e60-3d6e-11e6-02b3-080027f8e516 / 160/0
>> Jun 28 17:28:40 samba named [8988]: client 192.168.200.66 # 50239 / 
>> key Win2008 \ $ \ @ LOCAL.DOMAIN: updating zone 'local.domain / 
>> NONE': deleting RRset at 'WIN2008.local.domain' YYYY
>> Jun 28 17:28:40 samba named [8988]: client 192.168.200.66 # 50239 / 
>> key Win2008 \ $ \ @ LOCAL.DOMAIN: updating zone 'local.domain / 
>> NONE': deleting RRset at 'WIN2008.local.domain' THE
>> Jun 28 17:28:40 samba named [8988]: samba_dlz: subtracted rdataset 
>> WIN2008.local.domain '. WIN2008.local.domain # 011900 # 011IN #
011A
>> # 011192.168.200.66'
>> Jun 28 17:28:40 samba named [8988]: client 192.168.200.66 # 50239 / 
>> key Win2008 \ $ \ @ LOCAL.DOMAIN: updating zone 'local.domain / 
>> NONE': adding an RR at 'WIN2008.local.domain 'The
192.168.200.66
>> Jun 28 17:28:40 samba named [8988]: samba_dlz: added rdataset 
>> WIN2008.local.domain 'WIN2008.local.domain # 0111200 # 011IN # 011A
#
>> 011192.168.200.66.'
>> Jun 28 17:28:40 samba named [8988]: samba_dlz:. Subtracted 
>> local.domain rdataset 'local.domain # 0113600 # # 011SOA 011IN # 
>> 011samba.local.domain. hostmaster.local.domain. 5900600 86400 3600
'
>> Jun 28 17:28:40 samba named [8988]: samba_dlz: added rdataset 
>> local.domain 'local.domain # 0113600 # # 011SOA 011IN # 
>> 011samba.local.domain.. hostmaster.local.domain. 6900600 86400 3600
'
>> Jun 28 17:28:40 samba named [8988]: samba_dlz: committed transaction 
>> on zone local.domain
>>
>
> This log fragment is only showing the DC updating its own record on a 
> Samba DC, you will need to look in the logs on the windows DC.
>
> I take it that the windows DC is running a DNS server, I think you 
> said in an earlier post that this is Bind DNS server, if this is the 
> case *where does Bind store the zone info ? *
>
> Rowland
>
>> Any idea ?
>>
>> Thank you
>>
>
>