[Samba] samba_dlz: disallowing update of signer error=insufficient access rights
lmloge
lmloge at orange.fr
Fri Nov 27 11:13:09 UTC 2020
Hello,
When I run "systemctl status bind9.service" on my SAMBA_SERVER, I get
the output below.
- There is one problem which implies "192.168.3.249",
"wpad.mycompany.lan", "ecs.office.com".
What can this be, given that I know no "wpad" equipment in my network
and that I do not know what "ecs.office.com" is?
Can you explain to me what is the meaning of the related messages below?
- There is a second problem which implies "192.168.2.55" and
"WELL_KNOWN_MACHINE".
"WELL_KNOWN_MACHINE" is a machine that is very well known, very
important in my network.
Can you explain what the problem is and how to solve it?
The error message says "insufficient access rights". How can I check
what's wrong?
Thanks.
--
Léa
root at SAMBA_SERVER:~# systemctl status bind9.service
? bind9.service - BIND Domain Name Server
Loaded: loaded (/lib/systemd/system/bind9.service; enabled; vendor
preset: enabled)
Drop-In: /etc/systemd/system/bind9.service.d
+-override.conf
Active: active (running) since Thu 2020-06-11 21:33:05 CEST; 5
months 16 days ago
Docs: man:named(8)
Process: 431 ExecStart=/usr/sbin/named $OPTIONS (code=exited,
status=0/SUCCESS)
Main PID: 527 (named)
Tasks: 7 (limit: 4915)
Memory: 81.4M
CGroup: /system.slice/bind9.service
+-527 /usr/sbin/named -u bind -4
Nov 27 10:12:51 SAMBA_SERVER named[527]: client @0x7f96c80d1cf0
192.168.3.249#50160 (wpad.mycompany.lan): query
'wpad.mycompany.lan/A/IN' denied
Nov 27 10:12:51 SAMBA_SERVER named[527]: client @0x7f96d0fc5d20
192.168.3.249#54685
(_ldap._tcp.Default-First-Site-Name._sites.dc._msdcs.mycompany.lan):
query
'_ldap._tcp.Default-First-Site-Name._sites.dc._msdcs.mycompany.lan/SRV/IN'
denied
Nov 27 10:12:53 SAMBA_SERVER named[527]: client @0x7f96d0fc5d20
192.168.3.249#58257 (ecs.office.com): query (cache)
'ecs.office.com/A/IN' denied
Nov 27 10:57:31 SAMBA_SERVER named[527]: samba_dlz: starting transaction
on zone mycompany.lan
Nov 27 10:57:31 SAMBA_SERVER named[527]: client @0x7f96c406fed0
192.168.2.55#55685: update 'mycompany.lan/IN' denied
Nov 27 10:57:31 SAMBA_SERVER named[527]: samba_dlz: cancelling
transaction on zone mycompany.lan
Nov 27 10:57:31 SAMBA_SERVER named[527]: samba_dlz: starting transaction
on zone mycompany.lan
Nov 27 10:57:31 SAMBA_SERVER named[527]: samba_dlz: disallowing update
of signer=WELL_KNOWN_MACHINE\$\@MYCOMPANY.LAN
name=WELL_KNOWN_MACHINE.mycompany.lan type=AAAA error=insufficient
access rights
Nov 27 10:57:31 SAMBA_SERVER named[527]: client @0x7f96c406fed0
192.168.2.55#54935/key WELL_KNOWN_MACHINE\$\@MYCOMPANY.LAN: updating
zone 'mycompany.lan/NONE': update failed: rejected by secure update
(REFUSED)
Nov 27 10:57:31 SAMBA_SERVER named[527]: samba_dlz: cancelling
transaction on zone mycompany.lan
More information about the samba
mailing list