[Samba] samba_dlz: disallowing update of signer error=insufficient access rights

L.P.H. van Belle belle at bazuin.nl
Fri Nov 27 15:44:16 UTC 2020


And in addition. 

https://findproxyforurl.com/official-toolset/ 
Learn here more on wpad. 
What i does and most important, how you can use it. 

I enforce it trough dhcp. 



> -----Oorspronkelijk bericht-----
> Van: samba [mailto:samba-bounces at lists.samba.org] Namens 
> Arnaud FLORENT via samba
> Verzonden: vrijdag 27 november 2020 16:29
> Aan: samba at lists.samba.org
> Onderwerp: Re: [Samba] samba_dlz: disallowing update of 
> signer error=insufficient access rights
> 
> 
> Le 27/11/2020 à 12:13, lmloge via samba a écrit :
> > Hello,
> >
> > When I run "systemctl status bind9.service" on my 
> SAMBA_SERVER, I get 
> > the output below.
> >
> > - There is one problem which implies "192.168.3.249", 
> > "wpad.mycompany.lan", "ecs.office.com".
> > What can this be, given that I know no "wpad" equipment in 
> my network 
> > and that I do not know what "ecs.office.com" is?
> 
> wpad means Web Proxy Auto-Discovery
> 
> it is queried by browsers to  download proxy configuration file
> 
> 
> https://en.wikipedia.org/wiki/Web_Proxy_Auto-Discovery_Protocol
> 
> > Can you explain to me what is the meaning of the related 
> messages below?
> >
> > - There is a second problem which implies "192.168.2.55" and 
> > "WELL_KNOWN_MACHINE".
> > "WELL_KNOWN_MACHINE" is a machine that is very well known, very 
> > important in my network.
> > Can you explain what the problem is and how to solve it?
> > The error message says "insufficient access rights". How 
> can I check 
> > what's wrong?
> >
> > Thanks.
> > -- 
> > Léa
> >
> > root at SAMBA_SERVER:~# systemctl status bind9.service
> > ? bind9.service - BIND Domain Name Server
> >    Loaded: loaded (/lib/systemd/system/bind9.service; 
> enabled; vendor 
> > preset: enabled)
> >   Drop-In: /etc/systemd/system/bind9.service.d
> >            +-override.conf
> >    Active: active (running) since Thu 2020-06-11 21:33:05 CEST; 5 
> > months 16 days ago
> >      Docs: man:named(8)
> >   Process: 431 ExecStart=/usr/sbin/named $OPTIONS (code=exited, 
> > status=0/SUCCESS)
> >  Main PID: 527 (named)
> >     Tasks: 7 (limit: 4915)
> >    Memory: 81.4M
> >    CGroup: /system.slice/bind9.service
> >            +-527 /usr/sbin/named -u bind -4
> >
> > Nov 27 10:12:51 SAMBA_SERVER named[527]: client @0x7f96c80d1cf0 
> > 192.168.3.249#50160 (wpad.mycompany.lan): query 
> > 'wpad.mycompany.lan/A/IN' denied
> > Nov 27 10:12:51 SAMBA_SERVER named[527]: client @0x7f96d0fc5d20 
> > 192.168.3.249#54685 
> > 
> (_ldap._tcp.Default-First-Site-Name._sites.dc._msdcs.mycompany.lan): 
> > query 
> > 
> '_ldap._tcp.Default-First-Site-Name._sites.dc._msdcs.mycompany
> .lan/SRV/IN' 
> > denied
> > Nov 27 10:12:53 SAMBA_SERVER named[527]: client @0x7f96d0fc5d20 
> > 192.168.3.249#58257 (ecs.office.com): query (cache) 
> > 'ecs.office.com/A/IN' denied
> > Nov 27 10:57:31 SAMBA_SERVER named[527]: samba_dlz: starting 
> > transaction on zone mycompany.lan
> > Nov 27 10:57:31 SAMBA_SERVER named[527]: client @0x7f96c406fed0 
> > 192.168.2.55#55685: update 'mycompany.lan/IN' denied
> > Nov 27 10:57:31 SAMBA_SERVER named[527]: samba_dlz: cancelling 
> > transaction on zone mycompany.lan
> > Nov 27 10:57:31 SAMBA_SERVER named[527]: samba_dlz: starting 
> > transaction on zone mycompany.lan
> > Nov 27 10:57:31 SAMBA_SERVER named[527]: samba_dlz: 
> disallowing update 
> > of signer=WELL_KNOWN_MACHINE\$\@MYCOMPANY.LAN 
> > name=WELL_KNOWN_MACHINE.mycompany.lan type=AAAA error=insufficient 
> > access rights
> > Nov 27 10:57:31 SAMBA_SERVER named[527]: client @0x7f96c406fed0 
> > 192.168.2.55#54935/key WELL_KNOWN_MACHINE\$\@MYCOMPANY.LAN: 
> updating 
> > zone 'mycompany.lan/NONE': update failed: rejected by secure update 
> > (REFUSED)
> > Nov 27 10:57:31 SAMBA_SERVER named[527]: samba_dlz: cancelling 
> > transaction on zone mycompany.lan
> >
> -- 
> Arnaud FLORENT
> IRIS Technologies
> 
> 
> -- 
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
> 
> 




More information about the samba mailing list