Web lists-archives.com

Re: [Samba] samba Digest, Vol 172, Issue 2




Hallo Rowland

If this parameter not for the internal dns?

Ok. I changed the parameter. The same problem.

The test with the internal dns. It looks good.

service sernet-samba-ad stop
service bind9 stop

change
server services = -dns
to
# server services = -dns

samba_upgradedns --dns-backend=SAMBA_INTERNAL

service sernet-samba-ad start

netstat -tulpen | grep 53 (dns in running)



I think i found the error.

bind9 at debian 8.7 was default not compiled with "--with-dlopen=yes" only with '--with-gssapi=/usr'



named -V
--------
BIND 9.9.5-9+deb8u10-Debian (Extended Support Version) <id:f9b8a50e>
built by make with '--prefix=/usr' '--mandir=/usr/share/man'
'--infodir=/usr/share/info'
'--sysconfdir=/etc/bind' '--localstatedir=/var' '--enable-threads'
'--enable-largefile' '--with-libtool' '--enable-shared' '--enable-static'
'--with-openssl=/usr' '--with-gssapi=/usr' '--with-gnu-ld'
'--with-geoip=/usr' '--with-atf=no' '--enable-ipv6' '--enable-rrl'
'--enable-filter-aaaa'
'CFLAGS=-fno-strict-aliasing -fno-delete-null-pointer-checks
-DDIG_SIGCHASE -O2'
compiled by GCC 4.9.2
using OpenSSL version: OpenSSL 1.0.1t  3 May 2016
using libxml2 version: 2.9.1




Regards,

Karl Heinz


Am 02.04.2017 um 19:21 schrieb Rowland Penny:
On Sun, 2 Apr 2017 19:02:35 +0200
Karl Heinz Wichmann via samba <samba@xxxxxxxxxxxxxxx> wrote:

Hallo Marc

I change the loglevel to 10


  database
"dlopen /usr/lib/x86_64-linux-gnu/samba/bind9/dlz_bind9_9.so -d 10";

and i get following errors:

02-Apr-2017 18:47:44.389 samba_dlz: ldb: ldb_asprintf/set_errstring:
No such Base DN:
DC=client008.my.domain.de,CN=MicrosoftDNS,DC=ForestDnsZones,DC=my,DC=domain,DC=de
02-Apr-2017 18:47:44.389 samba_dlz: ldb: ldb_trace_response: DONE
02-Apr-2017 18:47:44.389 samba_dlz: error: 32
02-Apr-2017 18:47:44.389 samba_dlz: msg: No such Base DN:
DC=client008.my.domain.de,CN=MicrosoftDNS,DC=ForestDnsZones,DC=my,DC=domain,DC=de
02-Apr-2017 18:47:44.389 samba_dlz:
02-Apr-2017 18:47:44.389 samba_dlz: ldb: ldb_trace_request: SEARCH
02-Apr-2017 18:47:44.389 samba_dlz:  dn:
DC=client008.my.domain.de,CN=MicrosoftDNS,CN=System,DC=my,DC=domain,DC=de
02-Apr-2017 18:47:44.389 samba_dlz:  scope: base
02-Apr-2017 18:47:44.389 samba_dlz:  expr: (objectClass=dnsZone)
02-Apr-2017 18:47:44.389 samba_dlz:  control: <NONE>

and

02-Apr-2017 18:47:41.373 samba_dlz: Starting GENSEC mechanism spnego
02-Apr-2017 18:47:41.373 samba_dlz: Starting GENSEC submechanism
gssapi_krb5 02-Apr-2017 18:47:41.373 samba_dlz: spnego update failed
02-Apr-2017 18:47:41.374 client 192.168.99.6#58125/key
CLIENT\$\@my.domain.de: updating zone 'my.domain.de/NONE': update
failed: rejected by secure update (REFUSED)
02-Apr-2017 18:47:41.374 samba_dlz: ldb: cancel ldb transaction
(nesting: 0)



Try adding 'allow dns updates = nonsecure' to smb.conf

Rowland


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba