Web lists-archives.com

Re: [Samba] DHCP, DNS and non-domain members




On Tue, 28 Nov 2017 22:54:57 +1300
Andrew Bartlett via samba <samba@xxxxxxxxxxxxxxx> wrote:

> On Tue, 2017-11-28 at 10:46 +0100, Martin Renner via samba wrote:
> > But shortly after these messages, I can see messages which seem to
> > come from the client:
> > 
> >    samba_dlz: starting transaction on zone ad.company.com
> >    client 192.168.105.101#59890: update 'ad.company.com/IN' denied
> >    samba_dlz: cancelling transaction on zone ad.company.com
> >    samba_dlz: starting transaction on zone ad.company.com
> >    samba_dlz: disallowing update of
> > signer=TEST-PC\$\@AD.COMPANY.COM name=test-PC.ad.company.com type=A
> > error=insufficient access rights client 192.168.105.101#63148/key
> > TEST-PC\$\@AD.COMPANY.COM: updating zone 'ad.company.com/NONE':
> > update failed: rejected by secure update (REFUSED)
> > 
> > This looks to me like if the client is still trying to update its
> > DNS entry. Did I miss anything in the client configuration?
> 
> DNS entries are owned on a first-to-claim basis by the account that
> creates it, so if DHCP creates it, the PC will be denied. 

Correct ;-)

> 
> Long ago I remember a dhcp option to hint to the client that the
> server was doing the DNS updates, perhaps that might help.

No, you just need to stop the windows clients trying to update their
own records, this has nothing to do with DHCP.

Rowland


-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba