Web lists-archives.com

Re: [Samba] Workstations cannot update DNS




On 14/05/2019 21:36, Durwin via samba wrote:
I am trying to get DDNS working, so workstations can update their ip.

The domain is msi.mycompany.com

The DC server works, as well as group policies.

I set rights to these files
chgrp bind /var/lib/samba/private/
chmod 750 /var/lib/samba/private/
chgrp bind /var/lib/samba/private/dns.keytab
chmod 640 /var/lib/samba/private/dns.keytab
journalctl shows this.
May 14 14:22:32 audit[2117]: AVC apparmor="DENIED" operation="file_lock"
profile="/usr/sbin/named" name="/var/lib/samba/private/dns.keytab"
pid=2117 comm="isc-worker0000" requested_mask="k" denied_mask="k"
fsuid=111 ouid=0
May 14 14:22:32 kernel: audit: type=1400 audit(1557865352.085:35):
apparmor="DENIED" operation="file_lock" profile="/usr/sbin/named"
name="/var/lib/samba/private/dns.keytab" pid=2117 comm="isc-worker0000"
requested_mask="k" denied_mask="k" fsuid=111 ouid=0

It looks like you need to fix Apparmor (at least), try reading this:

https://wiki.samba.org/index.php/BIND9_DLZ_AppArmor_and_SELinux_Integration

Rowland


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba