Samba 4.12 rc3: bind DNS say "named: client update denied"
iboukris at gmail.com
Mon Feb 24 10:24:15 UTC 2020
On Sun, Feb 23, 2020 at 11:58 AM Dario Lesca via samba-technical
<samba-technical at lists.samba.org> wrote:
> Hi, I'm doing some tests samba DC 4.12.rc3 MIT Kerberos + Bind DNS +
> Dhcpd script on Fedora 32 beta.
> All work fine except this issue:
> The dhcp for a workstation "win10a.fedora.loc" NOT joined to domain
> work great, name and reverse are added to Samba Bind DNS.
> At this point I have Join the WS to domain without problem, I can login
> on it with domain account and access to other network resource (win10b,
> centos8 member server, ecc).
> But after this join, some time (10/15 minutes) into syslog I get this
> named: client @0x7f128c3e5eb0 192.168.122.103#54566: update
> 'fedora.loc/IN' denied
Not sure related, but I noticed dns errors sometimes related to
kerberos when forwradable is not set by default. Try looking in
kerberos packet capture, and try adding "forwardable = true" to the
libdefaults section of all krb5.conf files (including the one in
private dir), see if it makes any difference.
More information about the samba-technical