Web lists-archives.com

Re: [Samba] client @0x7f6ed800bc20 172.16.5.86#62582: update 'campus.company.intra/IN' denied




On Mon, 2 Jul 2018 22:56:39 -0300
Elias Pereira via samba <samba@xxxxxxxxxxxxxxx> wrote:

> >
> > I don't know what error you are getting, even if you have posted it,
> > can you post the full error. Can you please post all the lines from
> > syslog around the error and not just the error.
> 
> 
> The only logs that show is below.
> 
> ./daemon.log.1:33430:Jul  2 06:16:28 dc3 named[9754]: client
> 10.10.4.3#52074: update 'campus.company.intra/IN' denied
> ./daemon.log.1:33432:Jul  2 06:17:03 dc3 named[9754]: client
> 10.10.1.2#58780: update 'campus. company.intra /IN' denied
> ./daemon.log.1:33433:Jul  2 06:17:03 dc3 named[9754]: client
> 10.10.1.2#56611: update 'campus. company.intra /IN' denied
> ./daemon.log.1:33436:Jul  2 06:18:53 dc3 named[9754]: client
> 10.10.5.12#60664: update 'campus. company.intra /IN' denied
> ./daemon.log.1:33442:Jul  2 06:24:43 dc3 named[9754]: client
> 10.10.5.12#55716: update 'campus. company.intra /IN' denied
> 
> Maybe execute dlz_bind9_11.so in *debug*
> <https://wiki.samba.org/index.php/BIND9_DLZ_DNS_Back_End#Debugging_the_BIND9_DLZ_Module>mode
> for more information?
> 

You could try that, but that log fragment looks a bit different from
mine. Okay, I do not have any lines similar to yours, but if I did, I
feel they would look like this:

Jul  2 06:16:28 dc3 named[9754]: client 10.10.4.3#52074: update 'campus.company.intra/IN' denied
Jul  2 06:17:03 dc3 named[9754]: client 10.10.1.2#58780: update 'campus. company.intra /IN' denied
Jul  2 06:17:03 dc3 named[9754]: client 10.10.1.2#56611: update 'campus. company.intra /IN' denied
Jul  2 06:18:53 dc3 named[9754]: client 10.10.5.12#60664: update 'campus. company.intra /IN' denied
Jul  2 06:24:43 dc3 named[9754]: client 10.10.5.12#55716: update 'campus. company.intra /IN' denied

Note the lack of './daemon.log.1:33430:'. I have '/var/log/deamon.log'
and it contains lines in the format above, they all start with the date.

The lines show that various clients are being denied updating a record,
this may be perfectly okay, they may not own the record. Do you have
anything else updating the records, DHCP for instance. If so, the
problem does not lie on the DC, it lies on the clients and they need to
be told to stop trying to update their own records.

Rowland

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba