Thanks for the advice Steve. I had actually tried this before, and it did work temporarily, but after a few hours, the updates starting failing again. This is so weird! Why is this happening? I have nothing but respect for the samba team and all their hard work, but egads, I just can't figure out why such a critical issue is still running rampant. (Ok, so it's not critical in the sense that all your clients are down, and they can't work. But heck, every time a pc gets a new dhcp lease, I have to change it by hand, and that becomes a maintenance nightmare). I'm being completely serious when I say this: how do larger companies that have rolled out samba4 cope with this issue? Is there some workaround I'm not aware of?
*Scott Goodwin* IT Lead Mimic Technologies, Inc 811 First Avenue, Suite 408 | Seattle, WA 98104 phone: 1.800.918.1670 | direct: 206.456.9180 fax: 206.623.3491 | cell: 206.355.7767 On Tue, Oct 8, 2013 at 11:56 PM, steve <st...@steve-ss.com> wrote: > On Tue, 2013-10-08 at 22:59 -0700, Scott Goodwin wrote: > > > > > * Samba4 with BIND_DLZ (with windows clients updating AD via kerberos) > > Dammit this is so close! But Windows client dns updates do not work. > > Actually, they worked at first, then they stopped working. Errors like > > this: > > Oct 8 21:38:16 earl named[7695]: samba_dlz: starting transaction on zone > > mydomain.com > > Oct 8 21:38:16 earl named[7695]: client 10.2.2.227#52980: update ' > > mydomain.com/IN' denied > > Oct 8 21:38:16 earl named[7695]: samba_dlz: cancelling transaction on > zone > > mydomain.com > > This is a decidedly ubiquitous problem out there, and one can google on > > this for hours, with no solid fixes or answers. Per this guy's > > advice< > http://article.gmane.org/gmane.network.samba.general/131081/match=>I > > downloaded and compiled bind 9.8, and also 9.9 (just for good measure) > > using the proper flags ( --with-dlopen=yes, > > --with-gssapi=/usr/include/gssapi, and WITHOUT the flag > > --disable-isc-spnego). After I did this, it actually worked for a few > > hours! Then all of a sudden, stopped working with the above errors > > littering my named.log again. > > Hi > Do you have CNAME's? If not, then it's just because you've tried > different Samba versions but with the same dns records. Try deleting the > old machine record so that a new one corresponding to your new install > will recreate it at the next update request. I don't know your domain > names and finding the DN for the machine took some working out, but I've > an example here: > > http://linuxcostablanca.blogspot.com.es/2013/09/samba4-bind9dlz-stale-dns-records-with.html > HTH > Steve > > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba > -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
