Web lists-archives.com

Re: [Samba] samba Digest, Vol 172, Issue 2




Hello Rowland

I removed the parameter "forward only;" and changed the setting like below.

But the same problem.

 update failed: rejected by secure update (REFUSED)



Am 02.04.2017 um 17:04 schrieb Rowland Penny:
On Sun, 2 Apr 2017 16:36:09 +0200
Karl Heinz Wichmann via samba <samba@xxxxxxxxxxxxxxx> wrote:

Hello Rowland





Can this be a Problem with my debian 8.7 bind service?


No, definitely not

Try making your named.conf.options look like this:

options {
        directory "/var/cache/bind";
        version "0.0.7";
        notify no;
        empty-zones-enable no;
        allow-query { 127.0.0.1; 192.168.99.0/24; };
        allow-recursion { 192.168.99.0/24;  127.0.0.1/32; };
        forwarders { 8.8.8.8; };
        allow-transfer { none; };
        dnssec-validation no;
        dnssec-enable no;

        listen-on-v6 { none; };
        listen-on port 53 { 192.168.99.8; 127.0.0.1; };
        tkey-gssapi-keytab "/var/lib/samba/private/dns.keytab";
};

There is one really big problem in your version (there are others as
well):

'forward only;' With this, you Bind server doesn't even try to search
AD for your domain computers, it forwards the search to what ever <IP
of my forwarder> is.

Rowland


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba