Web lists-archives.com

Re: [Samba] client @0x7f6ed800bc20 172.16.5.86#62582: update 'campus.company.intra/IN' denied




On Mon, 2 Jul 2018 12:12:07 -0300
Elias Pereira via samba <samba@xxxxxxxxxxxxxxx> wrote:

> >
> > Hmm, bind 9.12.x isn't supported yet.
> 
> 
> He works with "dlopen
> /usr/lib/x86_64-linux-gnu/samba/bind9/dlz_bind9_11.so" without
> problems, at first.

I repeat, Bind 9.12.x is unsupported at this time, just because it
worked once is no reason to use it. It may have nothing to do with your
problem, but using a supported Bind version will rule it out.

> 
> include "/etc/bind/rndc.key";
> > controls {
> >           inet 127.0.0.1 allow { localhost; } keys { rndc-key;};
> > };
> > You do not need the four lines above
> 
> 
> Ok, but if I leave it, does not have problems either, I believe!?

OK, your server, but I think you should be aware that I have been using
Bind9 with Samba since December 2012 and I have never used the rndc.key

> 
> You mention '#public IP' twice, are they both the same IP and is it
> > the DC ipaddress and if so, why are you trying to forward the DC to
> > itself ?
> 
> 
> No, two different networks.
> xxx.xxx.xxx.0/26
> xxx.xxx.xxx.128/26
> 
> Sometimes the "samba_dlz: spnego update failed" appears in the log. I
> found this link talks about the problem.
> https://bugzilla.redhat.com/show_bug.cgi?id=1528867
> 
> I added the "KRB5RCACHETYPE="none"" on the /etc/default/bind9, but the
> error message keeps.
> 

That is if you are using the MIT kerberos with Samba, instead of the
default HEIMDAL.

Rowland

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba