[Samba] DHCP, DNS and non-domain members

Rowland Penny rpenny at samba.org
Tue Nov 28 10:04:35 UTC 2017


On Tue, 28 Nov 2017 22:54:57 +1300
Andrew Bartlett via samba <samba at lists.samba.org> wrote:

> On Tue, 2017-11-28 at 10:46 +0100, Martin Renner via samba wrote:
> > But shortly after these messages, I can see messages which seem to
> > come from the client:
> > 
> >    samba_dlz: starting transaction on zone ad.company.com
> >    client 192.168.105.101#59890: update 'ad.company.com/IN' denied
> >    samba_dlz: cancelling transaction on zone ad.company.com
> >    samba_dlz: starting transaction on zone ad.company.com
> >    samba_dlz: disallowing update of
> > signer=TEST-PC\$\@AD.COMPANY.COM name=test-PC.ad.company.com type=A
> > error=insufficient access rights client 192.168.105.101#63148/key
> > TEST-PC\$\@AD.COMPANY.COM: updating zone 'ad.company.com/NONE':
> > update failed: rejected by secure update (REFUSED)
> > 
> > This looks to me like if the client is still trying to update its
> > DNS entry. Did I miss anything in the client configuration?
> 
> DNS entries are owned on a first-to-claim basis by the account that
> creates it, so if DHCP creates it, the PC will be denied. 

Correct ;-)

> 
> Long ago I remember a dhcp option to hint to the client that the
> server was doing the DNS updates, perhaps that might help.

No, you just need to stop the windows clients trying to update their
own records, this has nothing to do with DHCP.

Rowland




More information about the samba mailing list