samba_dlz refusing updates
Amitay Isaacs
amitay at gmail.com
Tue Jul 10 18:12:08 MDT 2012
Hi Peter,
On Wed, Jul 11, 2012 at 4:54 AM, Peter Clark <pclark at pclark.com> wrote:
> Hi,
>
> I've been googling for a while but I can't seem to find an answer.
>
> I'm running the latest git pull (Version 4.0.0beta4-GIT-3aa186f) and I'm
> getting errors with samba_dlz:
>
> Jul 10 14:46:10 c3po named[10669]: samba_dlz: disallowing update of
> signer=host\$\@domain name=host.domain.com type=AAAA error=insufficient
> access rights
This usually happens if the record was created manually or with older
version of samba which did not set the security descriptor on the DNS
record correctly.
> I'm not really sure where to start looking for the fix here, it worked
> until the July 3rd GIT pull.
>
> Any thoughts of where I missed an upgrade step?
>
I would suggest, you delete this DNS entry from AD database and it
will be created with correct security descriptor next time
"host.domain.com" tries to update the record using dynamic dns update.
ldbdel -H /path/to/sam.ldb
"DC=host,DC=domain.com,CN=MicrosoftDNS,DC=DomainDnsZones,DC=domain,DC=com"
Amitay.
More information about the samba-technical
mailing list