[Samba] Error update ddnc with static ips and samba 4.4.5

Rowland Penny rpenny at samba.org
Mon Oct 17 07:12:38 UTC 2016


On Sun, 16 Oct 2016 21:55:12 +0200
Trenta sis via samba <samba at lists.samba.org> wrote:

> hi,
> 
> thanks for your information, we have dhcp (configured as wiki samba
> example) and is working perfect only fails with machines with static
> ip. I have tried to disable option update dns record and then this
> errors is not showed but seems that with pure active directory this
> doesn't fail... It is normal?
> 
> 
> thanks> Hi,
> >
> > With samba 4.4.5 with bind DLZ we have detected an error message
> > with machines that has static ip
> >
> > Oct  8 16:52:47 server named[4247]: samba_dlz: starting transaction
> > on zone domain.com
> > Oct  8 16:52:47 server named[4247]: client 172.22.187.193#55746:
> > update ' domain.com/IN' denied
> > Oct  8 16:52:47 server named[4247]: samba_dlz: cancelling
> > transaction on zone domain.com
> > Oct  8 16:52:47 server named[4247]: samba_dlz: starting transaction
> > on zone domain.com
> > Oct  8 16:52:47 server named[4247]: samba_dlz: disallowing update of
> > signer=SERVER\$\@domain.com name=SERVER.domain.com type=AAAA
> > error=insufficient access rights
> > Oct  8 16:52:47 server named[4247]: client 172.22.187.193#54706/key
> > SERVER\$\@domain.com: updating zone 'domain.com/NONE': update
> > failed: rejected by secure update (REFUSED)
> > Oct  8 16:52:47 server named[4247]: samba_dlz: cancelling
> > transaction on zone domain.com
> >
> > We have detected that machines with dhcp (It was configured as is
> > described in samba wiki dhcp and samba 4) are updating correclty and
> > any message with error is reported, only with static ips
> >
> > I have found some messages win samba list  describing this error
> > after a samba upgrade, and suggest recreate inverse zone, but our
> > environment is a new environment with 4.4.5, migrated from samba 3
> >
> > Where is the problem?
> 
> Are these windows clients, if so, you need to stop any windows clients
> from trying to update their own dns records. You can do this on a
> machine by machine basis, or there is a GPO.
> 
> Rowland
> 
> 
> 
> 2016-10-10 19:18 GMT+02:00 Trenta sis <trenta.sis at gmail.com>:
> 
> >
> > Hi,
> >
> > With samba 4.4.5 with bind DLZ we have detected an error message
> > with machines that has static ip
> >
> > Oct  8 16:52:47 server named[4247]: samba_dlz: starting transaction
> > on zone domain.com
> > Oct  8 16:52:47 server named[4247]: client 172.22.187.193#55746:
> > update ' domain.com/IN' denied
> > Oct  8 16:52:47 server named[4247]: samba_dlz: cancelling
> > transaction on zone domain.com
> > Oct  8 16:52:47 server named[4247]: samba_dlz: starting transaction
> > on zone domain.com
> > Oct  8 16:52:47 server named[4247]: samba_dlz: disallowing update of
> > signer=SERVER\$\@domain.com name=SERVER.domain.com type=AAAA
> > error=insufficient access rights
> > Oct  8 16:52:47 server named[4247]: client 172.22.187.193#54706/key
> > SERVER\$\@domain.com: updating zone 'domain.com/NONE': update
> > failed: rejected by secure update (REFUSED)
> > Oct  8 16:52:47 server named[4247]: samba_dlz: cancelling
> > transaction on zone domain.com
> >
> > We have detected that machines with dhcp (It was configured as is
> > described in samba wiki dhcp and samba 4) are updating correclty
> > and any message with error is reported, only with static ips
> >
> > I have found some messages win samba list  describing this error
> > after a samba upgrade, and suggest recreate inverse zone, but our
> > environment is a new environment with 4.4.5, migrated from samba 3
> >
> > Where is the problem?
> >
> >

It is trying to update an ipv6 address, do you use these ?
and have you stopped windows trying to update ipv6 records ?

Rowland




More information about the samba mailing list