samba_dlz refusing updates

Amitay Isaacs amitay at
Tue Jul 10 18:12:08 MDT 2012

Hi Peter,

On Wed, Jul 11, 2012 at 4:54 AM, Peter Clark <pclark at> wrote:
> Hi,
> I've been googling for a while but I can't seem to find an answer.
> I'm running the latest git pull (Version 4.0.0beta4-GIT-3aa186f) and I'm
> getting errors with samba_dlz:
> Jul 10 14:46:10 c3po named[10669]: samba_dlz: disallowing update of
> signer=host\$\@domain type=AAAA error=insufficient
> access rights

This usually happens if the record was created manually or with older
version of samba which did not set the security descriptor on the DNS
record correctly.

> I'm not really sure where to start looking for the fix here, it worked
> until the July 3rd GIT pull.
> Any thoughts of where I missed an upgrade step?

I would suggest, you delete this DNS entry from AD database and it
will be created with correct security descriptor next time
"" tries to update the record using dynamic dns update.

   ldbdel -H /path/to/sam.ldb


More information about the samba-technical mailing list