Samba 4.12 rc3: bind DNS say "named: client update denied"

Isaac Boukris iboukris at
Mon Feb 24 10:24:15 UTC 2020

Hi Dario

On Sun, Feb 23, 2020 at 11:58 AM Dario Lesca via samba-technical
<samba-technical at> wrote:
> Hi, I'm doing some tests samba DC 4.12.rc3  MIT Kerberos  + Bind DNS +
> Dhcpd script  on Fedora 32 beta.
> All work fine except this issue:
> The dhcp for a workstation "win10a.fedora.loc" NOT joined to domain
> work great, name and reverse are added to Samba Bind DNS.
> At this point I have Join the WS to domain without problem, I can login
> on it with domain account and access to other network resource (win10b,
> centos8 member server, ecc).
> But after this join, some time (10/15 minutes) into syslog I get this
> error:
> named[718]: client @0x7f128c3e5eb0 update
> 'fedora.loc/IN' denied

Not sure related, but I noticed dns errors sometimes related to
kerberos when forwradable is not set by default. Try looking in
kerberos packet capture, and try adding "forwardable = true" to the
libdefaults section of all krb5.conf files (including the one in
private dir), see if it makes any difference.

More information about the samba-technical mailing list