[Samba] samba_dlz: disallowing update of signer error=insufficient access rights

lmloge lmloge at orange.fr
Fri Nov 27 16:16:05 UTC 2020


To say things quickly:
I have two Samba servers with a VPN between the two.
SAMBA_SERVER made a domain provision, SAMBA_SERVER_2 made a domain join.

SAMBA_SERVER's IP is 192.168.3.x and is on one side of the VPN.
SAMBA_SERVER_2's IP is 192.168.2.y and is on the other side of the VPN.
WELL_KNOWN_MACHINE's IP is 192.168.2.55, on the same side of the VPN as 
SAMBA_SERVER_2.

WELL_KNOWN_MACHINE's real name is 7 alpha characters long (it is a fine 
name). All my hostnames are fine.
WELL_KNOWN_MACHINE has a fixed IP which I added that way:
echo <pwd> | samba-tool dns add SAMBA_SERVER_2 mycompany.lan 
WELL_KNOWN_MACHINE A 192.168.2.55 -Uadministrator

"systemctl status bind9.service" has changed since my first post.
Also, I made a mistake, this is on SAMBA_SERVER_2 that I run the command 
below.

root at SAMBA_SERVER_2# systemctl status bind9.service
[...]
Nov 27 16:57:31 SAMBA_SERVER_2 named[20057]: samba_dlz: starting 
transaction on zone mycompany.lan
Nov 27 16:57:31 SAMBA_SERVER_2 named[20057]: client @0x7f56d80441a0 
192.168.2.55#53696: update 'mycompany.lan/IN' denied
Nov 27 16:57:31 SAMBA_SERVER_2 named[20057]: samba_dlz: cancelling 
transaction on zone mycompany.lan
Nov 27 16:57:31 SAMBA_SERVER_2 named[20057]: samba_dlz: starting 
transaction on zone mycompany.lan
Nov 27 16:57:31 SAMBA_SERVER_2 named[20057]: samba_dlz: disallowing 
update of signer=WELL_KNOWN_MACHINE\$\@MYCOMPANY.LAN 
name=WELL_KNOWN_MACHINE.mycompany.lan type=AAAA error=insufficient 
access rights
Nov 27 16:57:31 SAMBA_SERVER_2 named[20057]: client @0x7f56d80441a0 
192.168.2.55#61237/key WELL_KNOWN_MACHINE\$\@MYCOMPANY.LAN: updating 
zone 'mycompany.lan/NONE': update failed: rejected by secure update 
(REFUSED)
Nov 27 16:57:31 SAMBA_SERVER_2 named[20057]: samba_dlz: cancelling 
transaction on zone mycompany.lan
[...]

I have two reverse zones: "2.168.192.in-addr.arpa" and 
"3.168.192.in-addr.arpa".

 > stop it trying to update any of its records.
How do I do that?

Thanks.
--
Léa




More information about the samba mailing list