On 09/10/13 21:44, Scott Goodwin wrote:
Ah, by golly, I think that may do it! I hadn't found that url yet, so
mega thanks for the link.
Because nsupdate will be run from the server (as opposed to the
clients, which is where the failed kerberos dns updates are coming
from), I think this will work. I mean, I can update dns records just
fine if I do it from the command line on the server -- it's only when
remote clients attempt updates that it fails.
I'll give this a whirl and post my results.
There is hope!
*Scott Goodwin*
IT Lead
Mimic Technologies, Inc
811 First Avenue, Suite 408 | Seattle, WA 98104
phone: 1.800.918.1670 | direct: 206.456.9180
fax: 206.623.3491 | cell: 206.355.7767
On Wed, Oct 9, 2013 at 1:36 PM, Rowland Penny
<rowlandpe...@googlemail.com <mailto:rowlandpe...@googlemail.com>> wrote:
On 09/10/13 20:15, Scott Goodwin wrote:
Thanks for the advice Steve. I had actually tried this before,
and it did
work temporarily, but after a few hours, the updates starting
failing again.
This is so weird! Why is this happening? I have nothing but
respect for
the samba team and all their hard work, but egads, I just
can't figure out
why such a critical issue is still running rampant. (Ok, so
it's not
critical in the sense that all your clients are down, and they
can't work.
But heck, every time a pc gets a new dhcp lease, I have to
change it by
hand, and that becomes a maintenance nightmare).
I'm being completely serious when I say this: how do larger
companies that
have rolled out samba4 cope with this issue? Is there some
workaround I'm
not aware of?
*Scott Goodwin*
IT Lead
Mimic Technologies, Inc
811 First Avenue, Suite 408 | Seattle, WA 98104
phone: 1.800.918.1670 <tel:1.800.918.1670> | direct:
206.456.9180 <tel:206.456.9180>
fax: 206.623.3491 <tel:206.623.3491> | cell: 206.355.7767
<tel:206.355.7767>
On Tue, Oct 8, 2013 at 11:56 PM, steve <st...@steve-ss.com
<mailto:st...@steve-ss.com>> wrote:
On Tue, 2013-10-08 at 22:59 -0700, Scott Goodwin wrote:
* Samba4 with BIND_DLZ (with windows clients updating
AD via kerberos)
Dammit this is so close! But Windows client dns
updates do not work.
Actually, they worked at first, then they stopped
working. Errors like
this:
Oct 8 21:38:16 earl named[7695]: samba_dlz: starting
transaction on zone
mydomain.com <http://mydomain.com>
Oct 8 21:38:16 earl named[7695]: client
10.2.2.227#52980: update '
mydomain.com/IN <http://mydomain.com/IN>' denied
Oct 8 21:38:16 earl named[7695]: samba_dlz:
cancelling transaction on
zone
mydomain.com <http://mydomain.com>
This is a decidedly ubiquitous problem out there, and
one can google on
this for hours, with no solid fixes or answers. Per
this guy's
advice<
http://article.gmane.org/gmane.network.samba.general/131081/match=>I
downloaded and compiled bind 9.8, and also 9.9 (just
for good measure)
using the proper flags ( --with-dlopen=yes,
--with-gssapi=/usr/include/gssapi, and WITHOUT the flag
--disable-isc-spnego). After I did this, it actually
worked for a few
hours! Then all of a sudden, stopped working with the
above errors
littering my named.log again.
Hi
Do you have CNAME's? If not, then it's just because you've
tried
different Samba versions but with the same dns records.
Try deleting the
old machine record so that a new one corresponding to your
new install
will recreate it at the next update request. I don't know
your domain
names and finding the DN for the machine took some working
out, but I've
an example here:
http://linuxcostablanca.blogspot.com.es/2013/09/samba4-bind9dlz-stale-dns-records-with.html
HTH
Steve
--
To unsubscribe from this list go to the following URL and
read the
instructions: https://lists.samba.org/mailman/options/samba
Hi, try starting here:
http://blog.michael.kuron-germany.de/2011/02/isc-dhcpd-dynamic-dns-updates-against-secure-microsoft-dns/
Rowland
I know it will work, I've had it working for the last 10 months or so,
give me an email if you get stuck.
Rowland
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
