Web lists-archives.com

[Samba] Samba AD DC + external DHCP + BIND9_DLZ dynamic dns updates doesn't work for domain members.




Dear All,

I have a setup with samba acting as active directory domain controller, DNS
updates are done via bind DLZ. I have recompiled it to allow spnego. DHCP server
is external, no changes in it are possible. Domain members try to register in
the DNS, KDC is aware of them, however no DNS entries for them are created and
BIND returns errors. Any hints are welcome since I really need it working. Thank
you in advance.

samba log:
  samba version 4.8.5 started.
  Copyright Andrew Tridgell and the Samba Team 1992-2018
[2018/10/16 18:29:56.934115,  0] ../source4/smbd/server.c:638(binary_smbd_main)
  binary_smbd_main: samba: using 'standard' process model
[2018/10/16 18:29:57.251109,  0]
../lib/util/util_runcmd.c:327(samba_runcmd_io_handler)
  /usr/sbin/krb5kdc: krb5kdc: starting...

named log:
16-Oct-2018 18:29:53.526 general: info: managed-keys-zone: loaded serial 0
16-Oct-2018 18:29:53.538 general: info: zone localhost/IN: loaded serial 0
16-Oct-2018 18:29:53.539 general: info: zone virtual/IN: loaded serial 0
16-Oct-2018 18:29:53.539 general: info: zone 0.0.127.in-addr.arpa/IN: loaded
serial 1
16-Oct-2018 18:29:53.540 general: notice: all zones loaded
16-Oct-2018 18:29:53.540 general: notice: running
16-Oct-2018 18:30:03.684 resolver: info: resolver priming query complete
16-Oct-2018 18:30:08.719 database: info: samba_dlz: starting transaction on zone
XXXX
16-Oct-2018 18:30:08.724 update-security: error: client @0x7fe2b4418390
10.8.0.6#50122: update 'XXXX/IN' denied
16-Oct-2018 18:30:08.724 database: info: samba_dlz: cancelling transaction on
zone XXXX
16-Oct-2018 18:30:09.240 database: info: samba_dlz: starting transaction on zone
XXXX
16-Oct-2018 18:30:09.248 database: error: samba_dlz: spnego update failed
16-Oct-2018 18:30:09.248 update: info: client @0x7fe2b4418390 10.8.0.6#44955/key
ZKF-VM01\$\@XXXX: updating zone 'XXXX/NONE': update failed: rejected by secure
update (REFUSED)
16-Oct-2018 18:30:09.248 database: info: samba_dlz: cancelling transaction on
zone XXXX
16-Oct-2018 18:30:24.880 resolver: info: resolver priming query complete
16-Oct-2018 18:30:25.041 resolver: info: resolver priming query complete

kdc log:

paź 16 18:29:57 dc01.XXXX krb5kdc[41865](Error): preauth spake failed to
initialize: No SPAKE preauth groups configured
paź 16 18:29:57 dc01.XXXX krb5kdc[41865](info): setting up network...
krb5kdc: setsockopt(17,IPV6_V6ONLY,1) worked
krb5kdc: setsockopt(19,IPV6_V6ONLY,1) worked
paź 16 18:29:57 dc01.XXXX krb5kdc[41865](info): set up 4 sockets
paź 16 18:29:57 dc01.XXXX krb5kdc[41865](info): commencing operation
paź 16 18:30:06 dc01.XXXX krb5kdc[41865](info): TGS_REQ (5 etypes {18 17 23 24
-135}) 10.8.0.6: ISSUE: authtime 1539706701, etypes {rep=18 tkt=23 ses=23}, 
ZKF-VM01$@XXXX for DNS/dc01.XXXX@XXXX
paź 16 18:30:06 dc01.XXXX krb5kdc[41865](info): closing down fd 20
samba-kdc: samba_kdc_fetch: message2entry failed

-- 
-- 

Pozdrawiam,

-- 
Zuzanna K. Filutowska
www: http://platyna.info
Trzeba mieć wytrwałość i wiarę w siebie,
że jest się do czegoś zdolnym. -- Maria Curie-Skłodowska



-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba