insufficient access rights [ Was - Samba4 DNS Updates - Linux Clients - Is it possible?]
Mike Howard
mike at dewberryfields.co.uk
Wed Jan 25 07:05:46 MST 2012
On 25/01/2012 12:34, Amitay Isaacs wrote:
> On Wed, Jan 25, 2012 at 10:03 PM, Mike Howard<mike at dewberryfields.co.uk> wrote:
>> On 25/01/2012 02:45, Amitay Isaacs wrote:
>>>
>>>
>>> 20-Jan-2012 11:10:03.080 database: info: samba_dlz: starting transaction
>>> on zone saitelitalia.local
>>> 20-Jan-2012 11:10:03.081 update-security: error: client
>>> 192.168.12.56#60235: update 'saitelitalia.local/IN' denied
>>> 20-Jan-2012 11:10:03.081 database: info: samba_dlz: cancelling
>>> transaction on zone saitelitalia.local
>>> 20-Jan-2012 11:10:03.110 database: info: samba_dlz: starting transaction
>>> on zone saitelitalia.local
>>> 20-Jan-2012 11:10:03.114 database: info: samba_dlz: disallowing update
>>> of signer=ua01\$\@SAITELITALIA.LOCAL name=ua01.saitelitalia.local type=A
>>> error=insufficient access rights
>>> 20-Jan-2012 11:10:03.114 update: info: client 192.168.12.56#60543/key
>>> ua01\$\@SAITELITALIA.LOCAL: updating zone 'saitelitalia.local/NONE':
>>> update failed: rejected by secure update (REFUSED)
>>> 20-Jan-2012 11:10:03.115 database: info: samba_dlz: cancelling
>>> transaction on zone saitelitalia.local
>>>
>>> but it says that signer has insufficient access rights: what rights
>>> should I change or look for?
>>>
>>> Daniele.
>>>
>>> The fix for DNS updates failing is in the master.
>>>
>>> Amitay.
>> Hi Amitay,
>>
>> As Daniele hijacked the original thread, I've changed the title.
>>
>> I did a 'git pull' this morning at about 7am and the 'insufficient access
>> rights' problem is still there when joining an XP client. As a matter of
>> interest, this issue did not exist a short while ago.
>>
>> Regards,
>> Mike.
>> --
>> Any question is easy if you know the answer!
> Hi Mike,
>
> Can you confirm you have following patch in the git tree you pulled?
>
> dc4ef9b57b7e5f6f44ccf799a26b497c6025609b dlz_bind9: for authenticated
> user, set the AUTHENTICATED USERS sid in token
>
> If the problem is persisting after the patch, can you check if the there is an
> entry for the windows XP in DNS records?
>
> ldbsearch -H /path/to/sam.ldb -b
> "DC=DomainDnsZones,DC=your,DC=domain,DC=name"
> "(name=windowsxp-hostname)"
>
>
> Amitay.
Hi Amitay,
I did another git clone and a fresh install of samba and the problem is
no longer with us.
Thanks,
Mike.
--
Any question is easy if you know the answer!
More information about the samba-technical
mailing list