[Samba] client @0x7f6ed800bc20 172.16.5.86#62582: update 'campus.company.intra/IN' denied
Rowland Penny
rpenny at samba.org
Tue Jul 3 07:50:04 UTC 2018
On Mon, 2 Jul 2018 22:56:39 -0300
Elias Pereira via samba <samba at lists.samba.org> wrote:
> >
> > I don't know what error you are getting, even if you have posted it,
> > can you post the full error. Can you please post all the lines from
> > syslog around the error and not just the error.
>
>
> The only logs that show is below.
>
> ./daemon.log.1:33430:Jul 2 06:16:28 dc3 named[9754]: client
> 10.10.4.3#52074: update 'campus.company.intra/IN' denied
> ./daemon.log.1:33432:Jul 2 06:17:03 dc3 named[9754]: client
> 10.10.1.2#58780: update 'campus. company.intra /IN' denied
> ./daemon.log.1:33433:Jul 2 06:17:03 dc3 named[9754]: client
> 10.10.1.2#56611: update 'campus. company.intra /IN' denied
> ./daemon.log.1:33436:Jul 2 06:18:53 dc3 named[9754]: client
> 10.10.5.12#60664: update 'campus. company.intra /IN' denied
> ./daemon.log.1:33442:Jul 2 06:24:43 dc3 named[9754]: client
> 10.10.5.12#55716: update 'campus. company.intra /IN' denied
>
> Maybe execute dlz_bind9_11.so in *debug*
> <https://wiki.samba.org/index.php/BIND9_DLZ_DNS_Back_End#Debugging_the_BIND9_DLZ_Module>mode
> for more information?
>
You could try that, but that log fragment looks a bit different from
mine. Okay, I do not have any lines similar to yours, but if I did, I
feel they would look like this:
Jul 2 06:16:28 dc3 named[9754]: client 10.10.4.3#52074: update 'campus.company.intra/IN' denied
Jul 2 06:17:03 dc3 named[9754]: client 10.10.1.2#58780: update 'campus. company.intra /IN' denied
Jul 2 06:17:03 dc3 named[9754]: client 10.10.1.2#56611: update 'campus. company.intra /IN' denied
Jul 2 06:18:53 dc3 named[9754]: client 10.10.5.12#60664: update 'campus. company.intra /IN' denied
Jul 2 06:24:43 dc3 named[9754]: client 10.10.5.12#55716: update 'campus. company.intra /IN' denied
Note the lack of './daemon.log.1:33430:'. I have '/var/log/deamon.log'
and it contains lines in the format above, they all start with the date.
The lines show that various clients are being denied updating a record,
this may be perfectly okay, they may not own the record. Do you have
anything else updating the records, DHCP for instance. If so, the
problem does not lie on the DC, it lies on the clients and they need to
be told to stop trying to update their own records.
Rowland
More information about the samba
mailing list