On Tue, 2013-10-08 at 22:59 -0700, Scott Goodwin wrote: > > * Samba4 with BIND_DLZ (with windows clients updating AD via kerberos) > Dammit this is so close! But Windows client dns updates do not work. > Actually, they worked at first, then they stopped working. Errors like > this: > Oct 8 21:38:16 earl named[7695]: samba_dlz: starting transaction on zone > mydomain.com > Oct 8 21:38:16 earl named[7695]: client 10.2.2.227#52980: update ' > mydomain.com/IN' denied > Oct 8 21:38:16 earl named[7695]: samba_dlz: cancelling transaction on zone > mydomain.com > This is a decidedly ubiquitous problem out there, and one can google on > this for hours, with no solid fixes or answers. Per this guy's > advice<http://article.gmane.org/gmane.network.samba.general/131081/match=>I > downloaded and compiled bind 9.8, and also 9.9 (just for good measure) > using the proper flags ( --with-dlopen=yes, > --with-gssapi=/usr/include/gssapi, and WITHOUT the flag > --disable-isc-spnego). After I did this, it actually worked for a few > hours! Then all of a sudden, stopped working with the above errors > littering my named.log again.
Hi Do you have CNAME's? If not, then it's just because you've tried different Samba versions but with the same dns records. Try deleting the old machine record so that a new one corresponding to your new install will recreate it at the next update request. I don't know your domain names and finding the DN for the machine took some working out, but I've an example here: http://linuxcostablanca.blogspot.com.es/2013/09/samba4-bind9dlz-stale-dns-records-with.html HTH Steve -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
