[Samba] Windows 10 workstation won't register with DNS after Samba update
Barry Ralphs
b.ralphs at tippingstructural.com
Wed Aug 19 18:29:23 UTC 2020
We recently upgraded Samba on our DC from 4.7.6-0 to 4.11.9-3.
Everything seems to be running fine over the last few weeks after the
update.
I'm now setting up a new computer & am having issues getting it to
register with DNS.
Windows shows that it has joined the domain.
I can see the system in ADUC, but no A record in DNS Manager.
I've run ipconfig /registerdns, but the event log shows it failing.
The named.log shows:
19-Aug-2020 10:07:24.098 database: info: samba_dlz: starting transaction
on zone tipping.lan
19-Aug-2020 10:07:24.099 update-security: error: client @0x7fc9f8317ef0
192.168.254.160#60868: update 'tipping.lan/IN' denied
19-Aug-2020 10:07:24.099 database: info: samba_dlz: cancelling
transaction on zone tipping.lan
19-Aug-2020 10:07:24.108 database: info: samba_dlz: starting transaction
on zone tipping.lan
19-Aug-2020 10:07:24.111 database: info: samba_dlz: disallowing update
of signer=I7X8-44G-9\$\@TIPPING.LAN name=i7x8-44g-9.tipping.lan
type=AAAA error=Unwilling to perform
19-Aug-2020 10:07:24.111 update: info: client @0x7fc9f8317ef0
192.168.254.160#52558/key I7X8-44G-9\$\@TIPPING.LAN: updating zone
'tipping.lan/NONE': update failed: rejected by secure update (REFUSED)
19-Aug-2020 10:07:24.111 database: info: samba_dlz: cancelling
transaction on zone tipping.lan
And here's my named.conf file:
acl mynetworks {
192.168.254.0/24;
192.168.252.0/24;
192.168.251.0/24;
192.168.250.0/24;
};
options {
directory "/var/named";
notify no;
empty-zones-enable no;
allow-query { localhost; mynetworks; };
allow-recursion { 127.0.0.1/32; mynetworks; };
forwarders { 1.1.1.2; 1.0.0.2; };
allow-transfer { none; };
dnssec-validation no;
dnssec-enable no;
dnssec-lookaside no;
listen-on-v6 { none; };
listen-on port 53 { localnets; };
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
managed-keys-directory "/var/named/dynamic";
pid-file "/run/named/named.pid";
session-keyfile "/run/named/session.key";
# samba BIND9_DLZ
tkey-gssapi-keytab "/var/lib/samba/private/dns.keytab";
};
logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
channel my_log_file {
file "/var/log/named/named.log" versions 3 size 3m;
severity info;
print-time yes;
print-severity yes;
print-category yes;
};
channel my_syslog {
syslog daemon;
severity info;
print-time no;
print-severity no;
print-category no;
};
category default { my_log_file; my_syslog; };
category dnssec { my_log_file; };
category lame-servers { null; };
};
zone "." IN {
type hint;
file "named.ca";
};
include "/var/lib/samba/private/named.conf";
include "/etc/named.rfc1912.zones";
Any suggestions on how to resolve this issue?
More information about the samba
mailing list