[Samba] Error update ddnc with static ips and samba 4.4.5
Rowland Penny
rpenny at samba.org
Mon Oct 10 17:25:48 UTC 2016
On Mon, 10 Oct 2016 19:18:17 +0200
Trenta sis via samba <samba at lists.samba.org> wrote:
> Hi,
>
> With samba 4.4.5 with bind DLZ we have detected an error message with
> machines that has static ip
>
> Oct 8 16:52:47 server named[4247]: samba_dlz: starting transaction
> on zone domain.com
> Oct 8 16:52:47 server named[4247]: client 172.22.187.193#55746:
> update ' domain.com/IN' denied
> Oct 8 16:52:47 server named[4247]: samba_dlz: cancelling transaction
> on zone domain.com
> Oct 8 16:52:47 server named[4247]: samba_dlz: starting transaction
> on zone domain.com
> Oct 8 16:52:47 server named[4247]: samba_dlz: disallowing update of
> signer=SERVER\$\@domain.com name=SERVER.domain.com type=AAAA
> error=insufficient access rights
> Oct 8 16:52:47 server named[4247]: client 172.22.187.193#54706/key
> SERVER\$\@domain.com: updating zone 'domain.com/NONE': update failed:
> rejected by secure update (REFUSED)
> Oct 8 16:52:47 server named[4247]: samba_dlz: cancelling transaction
> on zone domain.com
>
> We have detected that machines with dhcp (It was configured as is
> described in samba wiki dhcp and samba 4) are updating correclty and
> any message with error is reported, only with static ips
>
> I have found some messages win samba list describing this error
> after a samba upgrade, and suggest recreate inverse zone, but our
> environment is a new environment with 4.4.5, migrated from samba 3
>
> Where is the problem?
Are these windows clients, if so, you need to stop any windows clients
from trying to update their own dns records. You can do this on a
machine by machine basis, or there is a GPO.
Rowland
More information about the samba
mailing list