samba-users August 2010 archive
Main Archive Page > Month Archives  > samba-users archives
samba-users: Re: [Samba] samba 4 dns-update issue

Re: [Samba] samba 4 dns-update issue

From: Moray Henderson <Moray.Henderson_at_nospam>
Date: Thu Aug 12 2010 - 09:03:24 GMT
To: "'Roland de Lepper'" <roland.de.lepper@cvis.nl>, <samba@lists.samba.org>

Roland de Lepper wrote:
>I've setup samba4 according to the samba4 wiki on centOS 5.4 in KVM.
>This went without any problems. I only had to install a higher version
of
>bind to 9.6.x because Centos bind in repo will install version 9.3.x.
>I've used the Fedora12 source rpms for this to build bind 9.6.x on
Centos
>5.4.
>
>Then I configured bind according to the samba wiki
>(http://wiki.samba.org/index.php/Samba4/DNS)
>
>I did all the check in the wiki to see if bind is working. All tests
>passed.
>But in my logs a got the messages "The working directory is not
writable".
>I changed the owner on /var/named to the group named, which solved that
>problem.
>
>Then i installed Win7 virtual in KVM and joined the domain. I can
login,
>create users via dsa.msc tool on windows and see them in wbinfo -u on
the
>samba4 domain controller. All looks right, except for my ddns. The zone
>could not be updated with the new win7 machine. The win7 machine has a
>fixed ip-address.
>
>I checked all the howto again and again, but couldn't find a thing
which
>could cause this. The error I see in my log is:
>
>Aug 11 09:34:46 sambaserver named[2281]: client 192.168.122.150#60058:
>query 'roland.quinox.be/SOA/IN' denied
>
>Is this a permission problem? I check and the group 'named' has write
>access to my zone file. (the user 'named' is member of the group
'named')
>
>This is the only issue I have with my samba4 installation and I really
>want to solve this issue.
>
>If you need more information or configurations, i can post them.
>
>Kind regards,
>
>Roland

I don't know the Samba side of this, but that looks like a permission
problem in the named.conf file. Your main options section (or view, if
you're using views), should contain something like:

        allow-query { localnets; };
        allow-query-cache { localnets; };

to tell bind that, yes, it is actually allowed to answer queries on your
local network. Other subnets and IP ranges can be added alongside, or
instead of, "localnets" if necessary.

Moray.
"To err is human.  To purr, feline"

-- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba