[Samba] DDNS and DHCP problems

[Rowland Penny]

On 16/11/15 17:12, Sam wrote:
> Hello all,
>
> I have two new server samba4, with isc-dhcp and Bind. ( Thanks to 
> Louis 's scripts )
> The AD was migrate from 2 Windows 2000 servers last friday, with a 
> copy of them in a private lan.
> Today we have shutdown the old windows 2000 server and put the 2 new 
> samba4 in place of them.
> The problem is that the DHCP does not update the DNS systematically...
> That works with laptops ( which have not been connected to the lan 
> last week ), but without reverse ptr too...
>
> I can see some error in the syslog file :
> Nov 16 17:19:39 S4 named[2269]: samba_dlz b9_format: unhandled record 
> type 0
> Nov 16 17:19:53 S4 named[2269]: samba_dlz: starting transaction on 
> zone ariane.intra
> Nov 16 17:19:53 S4 named[2269]: client 172.21.37.104#51400: update 
> 'ariane.intra/IN' denied
> Nov 16 17:19:53 S4 named[2269]: samba_dlz: cancelling transaction on 
> zone ariane.intra
> Nov 16 17:19:53 S4 named[2269]: samba_dlz: starting transaction on 
> zone ariane.intra
> Nov 16 17:19:53 S4 named[2269]: samba_dlz: disallowing update of 
> signer=l-s4gt963\$\@ARIANE.INTRA name=L-S4GT963.ariane.intra type=A 
> error=insufficient access rights
> Nov 16 17:19:53 S4 named[2269]: client 172.21.37.104#50486: updating 
> zone 'ariane.intra/NONE': update failed: rejected by secure update 
> (REFUSED)
> Nov 16 17:19:53 S4 named[2269]: samba_dlz: cancelling transaction on 
> zone ariane.intra
>
> I identified these potential mistakes and try to resolve it without 
> better results :
> - I was trying to update dns in server1 from the server2 dhcp
> - In smb.conf I set allow dns updates = secure ( and not nonsecure and 
> secure like in the samba wiki )
>
> Thanks for helping!
> Best regards.
>
> Sam

It looks to me as if your windows clients are trying to update their own 
records, there is a GPO to stop this.
You should run dhcp and bind on the same DC. You do not need to change 
anything in smb.conf if your setup is correct.

Rowland