[Samba] insufficient access rights / denied / DNS

Sun May 18 04:58:49 MDT 2014

Hi,

maybe ist a general Problem.

i have the following question. Wheni create manually a DNS record with RSAT Tools there is no problem.

The following steps i try to get automatically updates. The following steps i have done.

-          Remove the Computer from AD

-          Remove DNS Record (checked also with ldbsearch for the principal, nothing found)

-          Join the Computer back to AD

Now there is the problem. The Computer Comes back but the DNS Record have not the right privileges. After that i added the Computer Account to the privileges and Update will work. But not completely i think. There is always a denied.

-------------------------------------------
May 18 12:47:56 orion named[18721]: client 192.168.24.43#56273/key pc53\$\@SWI.LOCAL: updating zone 'swi.local/NONE': deleting rrset at 'PC53.swi.local' AAAA
May 18 12:47:56 orion named[18721]: client 192.168.24.43#56273/key pc53\$\@SWI.LOCAL: updating zone 'swi.local/NONE': deleting rrset at 'PC53.swi.local' A
May 18 12:47:56 orion named[18721]: samba_dlz: subtracted rdataset PC53.swi.local 'PC53.swi.local.      1200    IN      A       192.168.24.43'
May 18 12:47:56 orion named[18721]: client 192.168.24.43#56273/key pc53\$\@SWI.LOCAL: updating zone 'swi.local/NONE': adding an RR at 'PC53.swi.local' A
May 18 12:47:56 orion named[18721]: samba_dlz: added rdataset PC53.swi.local 'PC53.swi.local.   1200    IN      A       192.168.24.43'
May 18 12:47:56 orion named[18721]: samba_dlz: committed transaction on zone swi.local
May 18 12:47:59 orion named[18721]: samba_dlz: starting transaction on zone swi.local
May 18 12:47:59 orion named[18721]: client 192.168.24.43#61842: update 'swi.local/IN' denied <--------- why that?
May 18 12:47:59 orion named[18721]: samba_dlz: cancelling transaction on zone swi.local
May 18 12:47:59 orion named[18721]: samba_dlz: starting transaction on zone swi.local
May 18 12:47:59 orion named[18721]: samba_dlz: allowing update of signer=pc53\$\@SWI.LOCAL name=PC53.swi.local tcpaddr= type=AAAA key=568-ms-7.19-3c70119.4d728336-dde6-11e3-ca9b-005056ba093d/160/0
May 18 12:47:59 orion named[18721]: samba_dlz: allowing update of signer=pc53\$\@SWI.LOCAL name=PC53.swi.local tcpaddr= type=A key=568-ms-7.19-3c70119.4d728336-dde6-11e3-ca9b-005056ba093d/160/0
May 18 12:47:59 orion named[18721]: samba_dlz: allowing update of signer=pc53\$\@SWI.LOCAL name=PC53.swi.local tcpaddr= type=A key=568-ms-7.19-3c70119.4d728336-dde6-11e3-ca9b-005056ba093d/160/0
May 18 12:47:59 orion named[18721]: client 192.168.24.43#56054/key pc53\$\@SWI.LOCAL: updating zone 'swi.local/NONE': deleting rrset at 'PC53.swi.local' AAAA
May 18 12:47:59 orion named[18721]: client 192.168.24.43#56054/key pc53\$\@SWI.LOCAL: updating zone 'swi.local/NONE': deleting rrset at 'PC53.swi.local' A
May 18 12:47:59 orion named[18721]: samba_dlz: subtracted rdataset PC53.swi.local 'PC53.swi.local.      1200    IN      A       192.168.24.43'
May 18 12:47:59 orion named[18721]: client 192.168.24.43#56054/key pc53\$\@SWI.LOCAL: updating zone 'swi.local/NONE': adding an RR at 'PC53.swi.local' A
May 18 12:47:59 orion named[18721]: samba_dlz: added rdataset PC53.swi.local 'PC53.swi.local.   1200    IN      A       192.168.24.43'
May 18 12:47:59 orion named[18721]: samba_dlz: committed transaction on zone swi.local
-------------------------------------------

First Question: After rejoin why will there not the correct privileges on the record? How can i remove all things that when i rejoin all things are correct and i dont need to adjust it manually like below? (look above i uses ldbsearch ... sam.ldb and found no record  before rejoin)

Second Question: please look at the pictures above. The automatically created Records they have a other icon/symbol that the Computer which i added. Why is that so and how can i fix it?

automatic join DNS Record with domain
http://dev.kupper-computer.com/intern/auto_join.JPG

other principal manually no domain
http://dev.kupper-computer.com/intern/manually_add_after_join.JPG

thanks for our help and time... greetings

Sven

Mit freundlichen Grüßen

Sven Vogel

---------------------------------------------
Sven Vogel
Systemingenieur / Consultant
Kupper Computer GmbH