Trenta sis
2016-Oct-10 17:18 UTC
[Samba] Error update ddnc with static ips and samba 4.4.5
Hi, With samba 4.4.5 with bind DLZ we have detected an error message with machines that has static ip Oct 8 16:52:47 server named[4247]: samba_dlz: starting transaction on zone domain.com Oct 8 16:52:47 server named[4247]: client 172.22.187.193#55746: update ' domain.com/IN' denied Oct 8 16:52:47 server named[4247]: samba_dlz: cancelling transaction on zone domain.com Oct 8 16:52:47 server named[4247]: samba_dlz: starting transaction on zone domain.com Oct 8 16:52:47 server named[4247]: samba_dlz: disallowing update of signer=SERVER\$\@domain.com name=SERVER.domain.com type=AAAA error=insufficient access rights Oct 8 16:52:47 server named[4247]: client 172.22.187.193#54706/key SERVER\$\@domain.com: updating zone 'domain.com/NONE': update failed: rejected by secure update (REFUSED) Oct 8 16:52:47 server named[4247]: samba_dlz: cancelling transaction on zone domain.com We have detected that machines with dhcp (It was configured as is described in samba wiki dhcp and samba 4) are updating correclty and any message with error is reported, only with static ips I have found some messages win samba list describing this error after a samba upgrade, and suggest recreate inverse zone, but our environment is a new environment with 4.4.5, migrated from samba 3 Where is the problem?
Rowland Penny
2016-Oct-10 17:25 UTC
[Samba] Error update ddnc with static ips and samba 4.4.5
On Mon, 10 Oct 2016 19:18:17 +0200 Trenta sis via samba <samba at lists.samba.org> wrote:> Hi, > > With samba 4.4.5 with bind DLZ we have detected an error message with > machines that has static ip > > Oct 8 16:52:47 server named[4247]: samba_dlz: starting transaction > on zone domain.com > Oct 8 16:52:47 server named[4247]: client 172.22.187.193#55746: > update ' domain.com/IN' denied > Oct 8 16:52:47 server named[4247]: samba_dlz: cancelling transaction > on zone domain.com > Oct 8 16:52:47 server named[4247]: samba_dlz: starting transaction > on zone domain.com > Oct 8 16:52:47 server named[4247]: samba_dlz: disallowing update of > signer=SERVER\$\@domain.com name=SERVER.domain.com type=AAAA > error=insufficient access rights > Oct 8 16:52:47 server named[4247]: client 172.22.187.193#54706/key > SERVER\$\@domain.com: updating zone 'domain.com/NONE': update failed: > rejected by secure update (REFUSED) > Oct 8 16:52:47 server named[4247]: samba_dlz: cancelling transaction > on zone domain.com > > We have detected that machines with dhcp (It was configured as is > described in samba wiki dhcp and samba 4) are updating correclty and > any message with error is reported, only with static ips > > I have found some messages win samba list describing this error > after a samba upgrade, and suggest recreate inverse zone, but our > environment is a new environment with 4.4.5, migrated from samba 3 > > Where is the problem?Are these windows clients, if so, you need to stop any windows clients from trying to update their own dns records. You can do this on a machine by machine basis, or there is a GPO. Rowland
Trenta sis
2016-Oct-16 19:55 UTC
[Samba] Error update ddnc with static ips and samba 4.4.5
hi, thanks for your information, we have dhcp (configured as wiki samba example) and is working perfect only fails with machines with static ip. I have tried to disable option update dns record and then this errors is not showed but seems that with pure active directory this doesn't fail... It is normal? thanks> Hi,> > With samba 4.4.5 with bind DLZ we have detected an error message with > machines that has static ip > > Oct 8 16:52:47 server named[4247]: samba_dlz: starting transaction > on zone domain.com > Oct 8 16:52:47 server named[4247]: client 172.22.187.193#55746: > update ' domain.com/IN' denied > Oct 8 16:52:47 server named[4247]: samba_dlz: cancelling transaction > on zone domain.com > Oct 8 16:52:47 server named[4247]: samba_dlz: starting transaction > on zone domain.com > Oct 8 16:52:47 server named[4247]: samba_dlz: disallowing update of > signer=SERVER\$\@domain.com name=SERVER.domain.com type=AAAA > error=insufficient access rights > Oct 8 16:52:47 server named[4247]: client 172.22.187.193#54706/key > SERVER\$\@domain.com: updating zone 'domain.com/NONE': update failed: > rejected by secure update (REFUSED) > Oct 8 16:52:47 server named[4247]: samba_dlz: cancelling transaction > on zone domain.com > > We have detected that machines with dhcp (It was configured as is > described in samba wiki dhcp and samba 4) are updating correclty and > any message with error is reported, only with static ips > > I have found some messages win samba list describing this error > after a samba upgrade, and suggest recreate inverse zone, but our > environment is a new environment with 4.4.5, migrated from samba 3 > > Where is the problem?Are these windows clients, if so, you need to stop any windows clients from trying to update their own dns records. You can do this on a machine by machine basis, or there is a GPO. Rowland 2016-10-10 19:18 GMT+02:00 Trenta sis <trenta.sis at gmail.com>:> > Hi, > > With samba 4.4.5 with bind DLZ we have detected an error message with > machines that has static ip > > Oct 8 16:52:47 server named[4247]: samba_dlz: starting transaction on > zone domain.com > Oct 8 16:52:47 server named[4247]: client 172.22.187.193#55746: update ' > domain.com/IN' denied > Oct 8 16:52:47 server named[4247]: samba_dlz: cancelling transaction on > zone domain.com > Oct 8 16:52:47 server named[4247]: samba_dlz: starting transaction on > zone domain.com > Oct 8 16:52:47 server named[4247]: samba_dlz: disallowing update of > signer=SERVER\$\@domain.com name=SERVER.domain.com type=AAAA > error=insufficient access rights > Oct 8 16:52:47 server named[4247]: client 172.22.187.193#54706/key > SERVER\$\@domain.com: updating zone 'domain.com/NONE': update failed: > rejected by secure update (REFUSED) > Oct 8 16:52:47 server named[4247]: samba_dlz: cancelling transaction on > zone domain.com > > We have detected that machines with dhcp (It was configured as is > described in samba wiki dhcp and samba 4) are updating correclty and any > message with error is reported, only with static ips > > I have found some messages win samba list describing this error after a > samba upgrade, and suggest recreate inverse zone, but our environment is a > new environment with 4.4.5, migrated from samba 3 > > Where is the problem? > >
Rowland Penny
2016-Oct-17 07:12 UTC
[Samba] Error update ddnc with static ips and samba 4.4.5
On Sun, 16 Oct 2016 21:55:12 +0200 Trenta sis via samba <samba at lists.samba.org> wrote:> hi, > > thanks for your information, we have dhcp (configured as wiki samba > example) and is working perfect only fails with machines with static > ip. I have tried to disable option update dns record and then this > errors is not showed but seems that with pure active directory this > doesn't fail... It is normal? > > > thanks> Hi, > > > > With samba 4.4.5 with bind DLZ we have detected an error message > > with machines that has static ip > > > > Oct 8 16:52:47 server named[4247]: samba_dlz: starting transaction > > on zone domain.com > > Oct 8 16:52:47 server named[4247]: client 172.22.187.193#55746: > > update ' domain.com/IN' denied > > Oct 8 16:52:47 server named[4247]: samba_dlz: cancelling > > transaction on zone domain.com > > Oct 8 16:52:47 server named[4247]: samba_dlz: starting transaction > > on zone domain.com > > Oct 8 16:52:47 server named[4247]: samba_dlz: disallowing update of > > signer=SERVER\$\@domain.com name=SERVER.domain.com type=AAAA > > error=insufficient access rights > > Oct 8 16:52:47 server named[4247]: client 172.22.187.193#54706/key > > SERVER\$\@domain.com: updating zone 'domain.com/NONE': update > > failed: rejected by secure update (REFUSED) > > Oct 8 16:52:47 server named[4247]: samba_dlz: cancelling > > transaction on zone domain.com > > > > We have detected that machines with dhcp (It was configured as is > > described in samba wiki dhcp and samba 4) are updating correclty and > > any message with error is reported, only with static ips > > > > I have found some messages win samba list describing this error > > after a samba upgrade, and suggest recreate inverse zone, but our > > environment is a new environment with 4.4.5, migrated from samba 3 > > > > Where is the problem? > > Are these windows clients, if so, you need to stop any windows clients > from trying to update their own dns records. You can do this on a > machine by machine basis, or there is a GPO. > > Rowland > > > > 2016-10-10 19:18 GMT+02:00 Trenta sis <trenta.sis at gmail.com>: > > > > > Hi, > > > > With samba 4.4.5 with bind DLZ we have detected an error message > > with machines that has static ip > > > > Oct 8 16:52:47 server named[4247]: samba_dlz: starting transaction > > on zone domain.com > > Oct 8 16:52:47 server named[4247]: client 172.22.187.193#55746: > > update ' domain.com/IN' denied > > Oct 8 16:52:47 server named[4247]: samba_dlz: cancelling > > transaction on zone domain.com > > Oct 8 16:52:47 server named[4247]: samba_dlz: starting transaction > > on zone domain.com > > Oct 8 16:52:47 server named[4247]: samba_dlz: disallowing update of > > signer=SERVER\$\@domain.com name=SERVER.domain.com type=AAAA > > error=insufficient access rights > > Oct 8 16:52:47 server named[4247]: client 172.22.187.193#54706/key > > SERVER\$\@domain.com: updating zone 'domain.com/NONE': update > > failed: rejected by secure update (REFUSED) > > Oct 8 16:52:47 server named[4247]: samba_dlz: cancelling > > transaction on zone domain.com > > > > We have detected that machines with dhcp (It was configured as is > > described in samba wiki dhcp and samba 4) are updating correclty > > and any message with error is reported, only with static ips > > > > I have found some messages win samba list describing this error > > after a samba upgrade, and suggest recreate inverse zone, but our > > environment is a new environment with 4.4.5, migrated from samba 3 > > > > Where is the problem? > > > >It is trying to update an ipv6 address, do you use these ? and have you stopped windows trying to update ipv6 records ? Rowland
Mark Nienberg
2016-Oct-17 17:24 UTC
[Samba] Error update ddnc with static ips and samba 4.4.5
On Mon, Oct 10, 2016 at 10:18 AM, Trenta sis via samba < samba at lists.samba.org> wrote:> We have detected that machines with dhcp (It was configured as is described > in samba wiki dhcp and samba 4) are updating correclty and any message with > error is reported, only with static ips >I see the same error message for two of my machines that have fixed addresses that I manually added to DNS using the DNS Manager. I don't know if it matters, but both of these machines are running Windows Server 2008. All of my Win 7 workstations use dhcp and they update correctly without any error messages. I don't think this is a problem, everything works. Someday I may try removing the DNS entries to see if the machines will then add themselves back in. I had to add the DNS entries for these two servers manually before the machines were actually part of the domain as part of my migration to AD.
Mark Nienberg
2016-Oct-19 17:29 UTC
[Samba] Error update ddnc with static ips and samba 4.4.5
On Mon, Oct 17, 2016 at 10:24 AM, Mark Nienberg < mnlists at tippingstructural.com> wrote:> > On Mon, Oct 10, 2016 at 10:18 AM, Trenta sis via samba < > samba at lists.samba.org> wrote: > >> We have detected that machines with dhcp (It was configured as is >> described >> in samba wiki dhcp and samba 4) are updating correclty and any message >> with >> error is reported, only with static ips >> > > I see the same error message for two of my machines that have fixed > addresses that I manually added to DNS using the DNS Manager. I don't know > if it matters, but both of these machines are running Windows Server 2008. > All of my Win 7 workstations use dhcp and they update correctly without any > error messages. > > I don't think this is a problem, everything works. Someday I may try > removing the DNS entries to see if the machines will then add themselves > back in. I had to add the DNS entries for these two servers manually before > the machines were actually part of the domain as part of my migration to AD. >I removed the entry that I had manually created in DNS for one of the windows machines with a static IP. Then I rebooted the windows machine. The DNS entry was re-created in DNS and the samba_dlz error no longer occurs. I guess there must be some difference between a DNS entry that is manually configured and one that is dynamically configured by AD even though they look the same in DNS Manager. Mark