[Samba] DC won't update Windows 10 PTR records
Barry Ralphs
b.ralphs at tippingstructural.com
Wed May 23 21:59:42 UTC 2018
Our Domain Controller is running Samba 4.6.2
We have both Windows 7 & 10 on our network.
All of the Windows 7 workstations seem to be updating their reverse PTR
records just fine, but the Windows 10 workstations seem to always fail.
Here are the named logs from the DC:
23-May-2018 13:53:08.965 update-security: error: client
192.168.254.210#60093: update 'tipping.lan/IN' denied
23-May-2018 13:53:08.965 database: info: samba_dlz: cancelling
transaction on zone tipping.lan
23-May-2018 13:53:08.998 database: info: samba_dlz: starting transaction
on zone tipping.lan
23-May-2018 13:53:09.002 database: info: samba_dlz: allowing update of
signer=I7X4-45G-2\$\@TIPPING.LAN name=i7x4-45G-2.tipping.lan tcpaddr=
type=AAAA key=1744-ms-7.3-ac5fb46.7f4b13c3-5d26-11e8-3184-2c4d54d1ed8a/160/0
23-May-2018 13:53:09.005 database: info: samba_dlz: allowing update of
signer=I7X4-45G-2\$\@TIPPING.LAN name=i7x4-45G-2.tipping.lan tcpaddr=
type=A key=1744-ms-7.3-ac5fb46.7f4b13c3-5d26-11e8-3184-2c4d54d1ed8a/160/0
23-May-2018 13:53:09.008 database: info: samba_dlz: allowing update of
signer=I7X4-45G-2\$\@TIPPING.LAN name=i7x4-45G-2.tipping.lan tcpaddr=
type=A key=1744-ms-7.3-ac5fb46.7f4b13c3-5d26-11e8-3184-2c4d54d1ed8a/160/0
23-May-2018 13:53:09.008 update: info: client 192.168.254.210#64901/key
I7X4-45G-2\$\@TIPPING.LAN: updating zone 'tipping.lan/NONE': deleting
rrset at 'i7x4-45G-2.tipping.lan' AAAA
23-May-2018 13:53:09.009 update: info: client 192.168.254.210#64901/key
I7X4-45G-2\$\@TIPPING.LAN: updating zone 'tipping.lan/NONE': deleting
rrset at 'i7x4-45G-2.tipping.lan' A
23-May-2018 13:53:09.012 database: info: samba_dlz: subtracted rdataset
i7x4-45G-2.tipping.lan 'i7x4-45G-2.tipping.lan. 1200 IN A
192.168.254.210'
23-May-2018 13:53:09.022 update: info: client 192.168.254.210#64901/key
I7X4-45G-2\$\@TIPPING.LAN: updating zone 'tipping.lan/NONE': adding an
RR at 'i7x4-45G-2.tipping.lan' A
23-May-2018 13:53:09.036 database: info: samba_dlz: added rdataset
i7x4-45G-2.tipping.lan 'i7x4-45G-2.tipping.lan. 1200 IN A
192.168.254.210'
23-May-2018 13:53:09.045 database: info: samba_dlz: committed
transaction on zone tipping.lan
23-May-2018 13:53:09.070 database: info: samba_dlz: starting transaction
on zone 254.168.192.in-addr.arpa
23-May-2018 13:53:09.079 update-security: error: client
192.168.254.210#57291: update '254.168.192.in-addr.arpa/IN' denied
23-May-2018 13:53:09.079 database: info: samba_dlz: cancelling
transaction on zone 254.168.192.in-addr.arpa
23-May-2018 13:53:09.080 database: info: samba_dlz: starting transaction
on zone 254.168.192.in-addr.arpa
23-May-2018 13:53:09.094 database: info: samba_dlz: disallowing update
of signer=I7X4-45G-2\$\@TIPPING.LAN name=210.254.168.192.in-addr.arpa
type=PTR error=insufficient access rights
23-May-2018 13:53:09.094 update: info: client 192.168.254.210#52915/key
I7X4-45G-2\$\@TIPPING.LAN: updating zone
'254.168.192.in-addr.arpa/NONE': update failed: rejected by secure
update (REFUSED)
Any suggestions?
More information about the samba
mailing list