[Samba] DHCP, DNS and non-domain members
Andrew Bartlett
abartlet at samba.org
Tue Nov 28 09:54:57 UTC 2017
On Tue, 2017-11-28 at 10:46 +0100, Martin Renner via samba wrote:
> But shortly after these messages, I can see messages which seem to come from the client:
>
> samba_dlz: starting transaction on zone ad.company.com
> client 192.168.105.101#59890: update 'ad.company.com/IN' denied
> samba_dlz: cancelling transaction on zone ad.company.com
> samba_dlz: starting transaction on zone ad.company.com
> samba_dlz: disallowing update of signer=TEST-PC\$\@AD.COMPANY.COM name=test-PC.ad.company.com
> type=A error=insufficient access rights
> client 192.168.105.101#63148/key TEST-PC\$\@AD.COMPANY.COM: updating zone 'ad.company.com/NONE':
> update failed: rejected by secure update (REFUSED)
>
> This looks to me like if the client is still trying to update its DNS entry. Did I miss anything in
> the client configuration?
DNS entries are owned on a first-to-claim basis by the account that
creates it, so if DHCP creates it, the PC will be denied.
Long ago I remember a dhcp option to hint to the client that the server
was doing the DNS updates, perhaps that might help.
Andrew Bartlett
--
Andrew Bartlett http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
Samba Developer, Catalyst IT http://catalyst.net.nz/services/samba
More information about the samba
mailing list