[Samba] Error update ddnc with static ips and samba 4.4.5

Trenta sis trenta.sis at gmail.com
Sun Oct 16 19:55:12 UTC 2016 

hi,

thanks for your information, we have dhcp (configured as wiki samba
example) and is working perfect only fails with machines with static ip.
I have tried to disable option update dns record and then this errors is
not showed but seems that with pure active directory this doesn't fail...
It is normal?


thanks> Hi,
>
> With samba 4.4.5 with bind DLZ we have detected an error message with
> machines that has static ip
>
> Oct  8 16:52:47 server named[4247]: samba_dlz: starting transaction
> on zone domain.com
> Oct  8 16:52:47 server named[4247]: client 172.22.187.193#55746:
> update ' domain.com/IN' denied
> Oct  8 16:52:47 server named[4247]: samba_dlz: cancelling transaction
> on zone domain.com
> Oct  8 16:52:47 server named[4247]: samba_dlz: starting transaction
> on zone domain.com
> Oct  8 16:52:47 server named[4247]: samba_dlz: disallowing update of
> signer=SERVER\$\@domain.com name=SERVER.domain.com type=AAAA
> error=insufficient access rights
> Oct  8 16:52:47 server named[4247]: client 172.22.187.193#54706/key
> SERVER\$\@domain.com: updating zone 'domain.com/NONE': update failed:
> rejected by secure update (REFUSED)
> Oct  8 16:52:47 server named[4247]: samba_dlz: cancelling transaction
> on zone domain.com
>
> We have detected that machines with dhcp (It was configured as is
> described in samba wiki dhcp and samba 4) are updating correclty and
> any message with error is reported, only with static ips
>
> I have found some messages win samba list  describing this error
> after a samba upgrade, and suggest recreate inverse zone, but our
> environment is a new environment with 4.4.5, migrated from samba 3
>
> Where is the problem?

Are these windows clients, if so, you need to stop any windows clients
from trying to update their own dns records. You can do this on a
machine by machine basis, or there is a GPO.

Rowland



2016-10-10 19:18 GMT+02:00 Trenta sis <trenta.sis at gmail.com>:

>
> Hi,
>
> With samba 4.4.5 with bind DLZ we have detected an error message with
> machines that has static ip
>
> Oct  8 16:52:47 server named[4247]: samba_dlz: starting transaction on
> zone domain.com
> Oct  8 16:52:47 server named[4247]: client 172.22.187.193#55746: update '
> domain.com/IN' denied
> Oct  8 16:52:47 server named[4247]: samba_dlz: cancelling transaction on
> zone domain.com
> Oct  8 16:52:47 server named[4247]: samba_dlz: starting transaction on
> zone domain.com
> Oct  8 16:52:47 server named[4247]: samba_dlz: disallowing update of
> signer=SERVER\$\@domain.com name=SERVER.domain.com type=AAAA
> error=insufficient access rights
> Oct  8 16:52:47 server named[4247]: client 172.22.187.193#54706/key
> SERVER\$\@domain.com: updating zone 'domain.com/NONE': update failed:
> rejected by secure update (REFUSED)
> Oct  8 16:52:47 server named[4247]: samba_dlz: cancelling transaction on
> zone domain.com
>
> We have detected that machines with dhcp (It was configured as is
> described in samba wiki dhcp and samba 4) are updating correclty and any
> message with error is reported, only with static ips
>
> I have found some messages win samba list  describing this error after a
> samba upgrade, and suggest recreate inverse zone, but our environment is a
> new environment with 4.4.5, migrated from samba 3
>
> Where is the problem?
>
>

More information about the samba mailing list