[Samba] Can't access DNS from RSAT

Taylor Hammerling thammerling at tcsbasys.com
Tue Dec 12 16:24:08 UTC 2017 

I found this page https://bugzilla.samba.org/show_bug.cgi?id=12807 which
seemed to have someone experiencing the same issue I am.
I tried adding "allow dcerpc auth level connect:dnsserver = yes" to my
smb.conf, rebooted the server, but still I get the an access denied message
in windows.
However, what is logged in the log.samba files has changed since adding
this option to my smb.conf.  it now shows

[2017/12/12 10:21:02.936834,  2]
../source4/rpc_server/dcerpc_server.c:1824(dcesrv_request)
  dcesrv_request: restrict access by min_auth_level[0x4] to [dnsserver]
with auth[type=0xa,level=0x2] on [ncacn_ip_tcp] from [ipv4:
172.28.9.100:49994]

when I try to open the DNS Management RSAT

On Tue, Dec 12, 2017 at 10:04 AM, Taylor Hammerling <
thammerling at tcsbasys.com> wrote:

> I cranked up the log level to 3 and found this in the log.samba file when
> trying to open the DNS Manager RSAT from my client machine (which is joined
> to the same domain as the DCs)
>
> [2017/12/12 09:59:30.601170,  2] ../source4/rpc_server/dcerpc_
> server.c:1804(dcesrv_request)
>   dcesrv_request: restrict auth_level_connect access to [dnsserver] with
> auth[type=0xa,level=0x2] on [ncacn_ip_tcp] from [ipv4:172.28.9.100:49960]
>
> On Tue, Dec 12, 2017 at 9:47 AM, Taylor Hammerling <
> thammerling at tcsbasys.com> wrote:
>
>> Good morning all!
>>
>> I have two DCs, both running Samba 4.7.3.  I have just joined the second
>> DC to the domain.  The second DC is replicating AD objects perfectly, I
>> verified this by running "samba-tool drs showrepl" as well as using the
>> ADUC RSAT snapin and adding a user to one DC, then switching the DC that
>> ADUC connects to and verifying that the user was properly replicated.
>>
>> The DNS objects are alos replicating properly.  I checked this by running
>> "samba-dnsupdate" as well as by running nslookup, switching the server to
>> the new DC and doing a couple of lookups.
>>
>> Unfortunately, I can't access the DNS on the new DC thru the DNS Manager
>> RSAT snapin.  I get an "access denied" error.  There are no entries in any
>> of the samba logs when I attempt to open the DNS Manager snapin either.
>>
>> I CAN access the DNS on the original DC using the DNS Manager RSAT snapin.
>>
>> I'm hoping (and suspecting) this will just be an easy fix of
>> chmodding/chowing something...
>> I've spent the last hour googling and have come up with nada.
>>
>> Any help you can provide would be VERY appreciated!
>>
>> --
>> *Taylor Hammerling* |  *IT Manager*
>> 2800 Laura Lane | Middleton, WI 53562
>> *O *(608) 669-9070 *| C *(608) 512-7849
>> tcsbasys.com | ubiquistat.com
>>
>
>
>
> --
> *Taylor Hammerling* |  *IT Manager*
> 2800 Laura Lane | Middleton, WI 53562
> *O *(608) 669-9070 *| C *(608) 512-7849
> tcsbasys.com | ubiquistat.com
>



-- 
*Taylor Hammerling* |  *IT Manager*
2800 Laura Lane | Middleton, WI 53562
*O *(608) 669-9070 *| C *(608) 512-7849
tcsbasys.com | ubiquistat.com

More information about the samba mailing list