[Samba] gpupdate use wrong url

Rowland Penny rpenny at samba.org
Wed Feb 8 11:02:28 UTC 2017

On Wed, 8 Feb 2017 11:20:13 +0100
basti via samba <samba at lists.samba.org> wrote:

> I have done the bind config like Rowland's post.
> The problem is still the same.
> windows:
> nslookup foo -> nxdomain
> nslookup foo. -> ip of DC
> in linux both is return an ip
> Whats about the file named.conf.update in samba/private?
> I have try to include in named.conf or in
> dlz "AD DNS Zone"{
> ...
> include ../named.conf.update
> }
> without success.
> My bind log errors like
> named[27869]: samba_dlz: starting transaction on zone foo
> named[27869]: client update 'foo/IN' denied
> named[27869]: samba_dlz: cancelling transaction on zone foo

Apart from the files I posted, my bind setup is the same as yours,
except I also run a dhcp server on the DC.

I have just tried 'nslookup' on a windows 7 machine, a Samba DC and a
Linux domain member, they all return the same results.

This line:

named[27869]: client update 'foo/IN' denied

Shows that your clients are being denied permission to update their own
records. You need to investigate this, or add 'allow dns updates =
nonsecure' to the smb.conf on the Samba AD DC

I think your 'nslookup' problems are being caused by having your dns
domain set to 'foo', which is also the same as your workgroup name


More information about the samba mailing list