Samba 4.12 rc3: bind DNS say "named: client update denied"

Dario Lesca d.lesca at
Sun Feb 23 14:30:11 UTC 2020

Il giorno dom, 23/02/2020 alle 12.29 +0000, Rowland penny via samba-
technical ha scritto:
> On 23/02/2020 10:31, Dario Lesca via samba-technical wrote:
> > Hi, I'm doing some tests samba DC 4.12.rc3  MIT Kerberos  + Bind
> > DNS +Dhcpd script  on Fedora 32 beta.
> I wouldn't suggest using this in production, MIT on an AD DC is still
> experimental.

Yes, I know.
In this case is a test environment for test fedora 32 (not yet
released) and samba 4.12 (not yet released)
... and sooner or later the world "Experimental" for samba+MIT Kerberos
it will be wipe away from someone.

> > But despite this, everything works well
> First, there is no point in asking Fedora about this, the dhcp script
> is supplied by Samba (or to be more precise, by myself).

That's why I asked it here.
The script work great, and I take this opportunity to thank you.

> Secondly, it looks like your clients are trying to update their own
> records in AD, which they cannot, because they do not belong to them,
> so stop your clients trying to do this..

Thanks, this is the answer to my question: This error message is not a
DC problem.
I can disable on Windows client the own record update (I will find out
how) ... or ignore this error log (I know how to do it).

Two little question to better understand:
a) There is alto the way and it would make sense on Samba DC (or Bind?)
to allow the client to update their own records like (I image) their do
on MS-DC server?
b) This issue is there also on samba heimdal kerberos?

> Thirdly, this is the wrong place to ask, you should have asked on the
> samba mailing list.

Sorry, I thought that since samba 4.12 was not released yet, I had to
go here.
I must move the message to other list?

Many thanks for reply

Dario Lesca
(inviato dal mio Linux Fedora 31 Workstation)

More information about the samba-technical mailing list