Samba 4.12 rc3: bind DNS say "named: client update denied"

Rowland penny rpenny at samba.org
Sun Feb 23 12:29:03 UTC 2020


On 23/02/2020 10:31, Dario Lesca via samba-technical wrote:
> Hi, I'm doing some tests samba DC 4.12.rc3  MIT Kerberos  + Bind DNS +
> Dhcpd script  on Fedora 32 beta.
I wouldn't suggest using this in production, MIT on an AD DC is still 
experimental.
> All work fine except this issue:
>
> The dhcp for a workstation "win10a.fedora.loc" NOT joined to domain
> work great, name and reverse are added to Samba Bind DNS.
>
> But after this join, some time (10/15 minutes) into syslog I get this
> error:
>
> named[718]: client @0x7f128c3e5eb0 192.168.122.103#54566: update
> 'fedora.loc/IN' denied
> But despite this, everything works well

First, there is no point in asking Fedora about this, the dhcp script is 
supplied by Samba (or to be more precise, by myself).

Secondly, it looks like your clients are trying to update their own 
records in AD, which they cannot, because they do not belong to them, so 
stop your clients trying to do this..

Thirdly, this is the wrong place to ask, you should have asked on the 
samba mailing list.

Rowland





More information about the samba-technical mailing list