Barry Ralphs
2020-Aug-19 18:29 UTC
[Samba] Windows 10 workstation won't register with DNS after Samba update
We recently upgraded Samba on our DC from 4.7.6-0 to 4.11.9-3.
Everything seems to be running fine over the last few weeks after the
update.
I'm now setting up a new computer & am having issues getting it to
register with DNS.
Windows shows that it has joined the domain.
I can see the system in ADUC, but no A record in DNS Manager.
I've run ipconfig /registerdns, but the event log shows it failing.
The named.log shows:
19-Aug-2020 10:07:24.098 database: info: samba_dlz: starting transaction
on zone tipping.lan
19-Aug-2020 10:07:24.099 update-security: error: client @0x7fc9f8317ef0
192.168.254.160#60868: update 'tipping.lan/IN' denied
19-Aug-2020 10:07:24.099 database: info: samba_dlz: cancelling
transaction on zone tipping.lan
19-Aug-2020 10:07:24.108 database: info: samba_dlz: starting transaction
on zone tipping.lan
19-Aug-2020 10:07:24.111 database: info: samba_dlz: disallowing update
of signer=I7X8-44G-9\$\@TIPPING.LAN name=i7x8-44g-9.tipping.lan
type=AAAA error=Unwilling to perform
19-Aug-2020 10:07:24.111 update: info: client @0x7fc9f8317ef0
192.168.254.160#52558/key I7X8-44G-9\$\@TIPPING.LAN: updating zone
'tipping.lan/NONE': update failed: rejected by secure update (REFUSED)
19-Aug-2020 10:07:24.111 database: info: samba_dlz: cancelling
transaction on zone tipping.lan
And here's my named.conf file:
??? acl mynetworks {
??????? 192.168.254.0/24;
??????? 192.168.252.0/24;
??????? 192.168.251.0/24;
??????? 192.168.250.0/24;
???? };
??? options {
??????? directory???? "/var/named";
??????? notify no;
??????? empty-zones-enable no;
??????? allow-query???? { localhost; mynetworks; };
??????? allow-recursion { 127.0.0.1/32; mynetworks; };
??????? forwarders { 1.1.1.2; 1.0.0.2; };
??????? allow-transfer { none; };
??????? dnssec-validation no;
??????? dnssec-enable no;
??????? dnssec-lookaside no;
??????? listen-on-v6 { none; };
??????? listen-on port 53 { localnets; };
??????? dump-file???? "/var/named/data/cache_dump.db";
??????? statistics-file "/var/named/data/named_stats.txt";
??????? memstatistics-file "/var/named/data/named_mem_stats.txt";
??????? managed-keys-directory "/var/named/dynamic";
??????? pid-file "/run/named/named.pid";
??????? session-keyfile "/run/named/session.key";
??????? # samba BIND9_DLZ
??????? tkey-gssapi-keytab "/var/lib/samba/private/dns.keytab";
??? };
??? logging {
??????? channel default_debug {
??????????? file "data/named.run";
??????????? severity dynamic;
??????? };
??????? channel my_log_file {
??????????? file "/var/log/named/named.log" versions 3 size 3m;
??????????? severity info;
??????????? print-time yes;
??????????? print-severity yes;
??????????? print-category yes;
??????? };
??????? channel my_syslog {
??????????? syslog daemon;
??????????? severity info;
??????????? print-time no;
??????????? print-severity no;
??????????? print-category no;
??????? };
??????? category default { my_log_file; my_syslog; };
??????? category dnssec? { my_log_file; };
??????? category lame-servers { null; };
??? };
??? zone "." IN {
??????? type hint;
??????? file "named.ca";
??? };
??? include "/var/lib/samba/private/named.conf";
??? include "/etc/named.rfc1912.zones";
Any suggestions on how to resolve this issue?
Rowland penny
2020-Aug-19 19:02 UTC
[Samba] Windows 10 workstation won't register with DNS after Samba update
On 19/08/2020 19:29, Barry Ralphs via samba wrote:> We recently upgraded Samba on our DC from 4.7.6-0 to 4.11.9-3. > > ??????? # samba BIND9_DLZ > ??????? tkey-gssapi-keytab "/var/lib/samba/private/dns.keytab"; > > Any suggestions on how to resolve this issue?Yes, change the 'tkey-gssapi-keytab' line to point to '/var/lib/samba/bind-dns/dns.keytab' Rowland
Barry Ralphs
2020-Aug-19 19:27 UTC
[Samba] Windows 10 workstation won't register with DNS after Samba update
On 8/19/2020 12:02 PM, Rowland penny via samba wrote:> On 19/08/2020 19:29, Barry Ralphs via samba wrote: >> We recently upgraded Samba on our DC from 4.7.6-0 to 4.11.9-3. >> >> ??????? # samba BIND9_DLZ >> ??????? tkey-gssapi-keytab "/var/lib/samba/private/dns.keytab"; >> >> Any suggestions on how to resolve this issue? > > Yes, change the 'tkey-gssapi-keytab' line to point to > '/var/lib/samba/bind-dns/dns.keytab' > > Rowland >Thanks for the reply Rowland. The '/var/lib/samba/bind-dns' directory is empty. Will 'dns.keytab' be generated automatically or should I copy it from 'private'?