Here are the logfile entries from what happend during joining the domain:
Dec 6 11:01:22 s4ad named[3913]: samba_dlz: starting transaction on
zone xxx.local
Dec 6 11:01:22 s4ad named[3913]: client 192.168.1.121#50528: update
'xxx.local/IN' denied
Dec 6 11:01:22 s4ad named[3913]: samba_dlz: cancelling transaction on
zone xxx.local
Dec 6 11:01:23 s4ad named[3913]: samba_dlz: starting transaction on
zone xxx.local
Dec 6 11:01:23 s4ad named[3913]: samba_dlz: disallowing update of
signer=s4client\$\@XXX.LOCAL name=S4CLIENT.xxx.local type=AAAA
error=insufficient access rights
Dec 6 11:01:23 s4ad named[3913]: client 192.168.1.121#64904/key
s4client\$\@XXX.LOCAL: updating zone 'baettenhausen.local/NONE': update
failed: rejected by secure update (RE
FUSED)
Dec 6 11:01:23 s4ad named[3913]: samba_dlz: cancelling transaction on
zone xxx.local
Am 06.12.2013 10:40, schrieb Stefan Sch?fer:> Hello,
>
> one of my S4 ADs shows a strange behavior. The Server is a stand-alone
> ad controller with bind (bind_dlz) as dns-server. The Samba Version is
> 4.1.2 running on SLES11 SP3.
>
> If i add a new A-record with the DNS-Tool from the Microsoft
> remote-server-tools an check the box "verkn?pften PTR-Eintrag
> erstellen", it creates the A-Record, but not the pointer-record.
>
> If i join the domain with a new computer now DNS-Record is created.
>
> The only hint i found are the aipServerAddrs and aipListenAddrs Values
> showed by:
>
> samba-tool dns serverinfo
>
> ...
> aipServerAddrs : ['127.0.0.2 (53)', '127.0.0.2
(53)',
> '127.0.0.2 (53)']
> aipListenAddrs : ['127.0.0.2 (53)', '127.0.0.2
(53)',
> '127.0.0.2 (53)']
> ...
>
> The same is shown by the DNS-Tool from the Microsoft
> remote-server-tools The server has no interface with the shown
> IP-address, and there is relating entry in /etc/hosts.
>
> It seems that there is no possibility to change these entries to the
> real ip-address of the server. Am i wrong?
>
> Could these wrong entries be the reason for the described behavior?
>
> Regards
>
> Stefan
>