[Samba] samba_dlz: disallowing update of signer error=insufficient access rights
lmloge
lmloge at orange.fr
Fri Nov 27 16:16:05 UTC 2020
To say things quickly:
I have two Samba servers with a VPN between the two.
SAMBA_SERVER made a domain provision, SAMBA_SERVER_2 made a domain join.
SAMBA_SERVER's IP is 192.168.3.x and is on one side of the VPN.
SAMBA_SERVER_2's IP is 192.168.2.y and is on the other side of the VPN.
WELL_KNOWN_MACHINE's IP is 192.168.2.55, on the same side of the VPN as
SAMBA_SERVER_2.
WELL_KNOWN_MACHINE's real name is 7 alpha characters long (it is a fine
name). All my hostnames are fine.
WELL_KNOWN_MACHINE has a fixed IP which I added that way:
echo <pwd> | samba-tool dns add SAMBA_SERVER_2 mycompany.lan
WELL_KNOWN_MACHINE A 192.168.2.55 -Uadministrator
"systemctl status bind9.service" has changed since my first post.
Also, I made a mistake, this is on SAMBA_SERVER_2 that I run the command
below.
root at SAMBA_SERVER_2# systemctl status bind9.service
[...]
Nov 27 16:57:31 SAMBA_SERVER_2 named[20057]: samba_dlz: starting
transaction on zone mycompany.lan
Nov 27 16:57:31 SAMBA_SERVER_2 named[20057]: client @0x7f56d80441a0
192.168.2.55#53696: update 'mycompany.lan/IN' denied
Nov 27 16:57:31 SAMBA_SERVER_2 named[20057]: samba_dlz: cancelling
transaction on zone mycompany.lan
Nov 27 16:57:31 SAMBA_SERVER_2 named[20057]: samba_dlz: starting
transaction on zone mycompany.lan
Nov 27 16:57:31 SAMBA_SERVER_2 named[20057]: samba_dlz: disallowing
update of signer=WELL_KNOWN_MACHINE\$\@MYCOMPANY.LAN
name=WELL_KNOWN_MACHINE.mycompany.lan type=AAAA error=insufficient
access rights
Nov 27 16:57:31 SAMBA_SERVER_2 named[20057]: client @0x7f56d80441a0
192.168.2.55#61237/key WELL_KNOWN_MACHINE\$\@MYCOMPANY.LAN: updating
zone 'mycompany.lan/NONE': update failed: rejected by secure update
(REFUSED)
Nov 27 16:57:31 SAMBA_SERVER_2 named[20057]: samba_dlz: cancelling
transaction on zone mycompany.lan
[...]
I have two reverse zones: "2.168.192.in-addr.arpa" and
"3.168.192.in-addr.arpa".
> stop it trying to update any of its records.
How do I do that?
Thanks.
--
Léa
More information about the samba
mailing list