[Samba] Can't access DNS from RSAT
thammerling at tcsbasys.com
Tue Dec 12 16:24:08 UTC 2017
I found this page https://bugzilla.samba.org/show_bug.cgi?id=12807 which
seemed to have someone experiencing the same issue I am.
I tried adding "allow dcerpc auth level connect:dnsserver = yes" to my
smb.conf, rebooted the server, but still I get the an access denied message
However, what is logged in the log.samba files has changed since adding
this option to my smb.conf. it now shows
[2017/12/12 10:21:02.936834, 2]
dcesrv_request: restrict access by min_auth_level[0x4] to [dnsserver]
with auth[type=0xa,level=0x2] on [ncacn_ip_tcp] from [ipv4:
when I try to open the DNS Management RSAT
On Tue, Dec 12, 2017 at 10:04 AM, Taylor Hammerling <
thammerling at tcsbasys.com> wrote:
> I cranked up the log level to 3 and found this in the log.samba file when
> trying to open the DNS Manager RSAT from my client machine (which is joined
> to the same domain as the DCs)
> [2017/12/12 09:59:30.601170, 2] ../source4/rpc_server/dcerpc_
> dcesrv_request: restrict auth_level_connect access to [dnsserver] with
> auth[type=0xa,level=0x2] on [ncacn_ip_tcp] from [ipv4:172.28.9.100:49960]
> On Tue, Dec 12, 2017 at 9:47 AM, Taylor Hammerling <
> thammerling at tcsbasys.com> wrote:
>> Good morning all!
>> I have two DCs, both running Samba 4.7.3. I have just joined the second
>> DC to the domain. The second DC is replicating AD objects perfectly, I
>> verified this by running "samba-tool drs showrepl" as well as using the
>> ADUC RSAT snapin and adding a user to one DC, then switching the DC that
>> ADUC connects to and verifying that the user was properly replicated.
>> The DNS objects are alos replicating properly. I checked this by running
>> "samba-dnsupdate" as well as by running nslookup, switching the server to
>> the new DC and doing a couple of lookups.
>> Unfortunately, I can't access the DNS on the new DC thru the DNS Manager
>> RSAT snapin. I get an "access denied" error. There are no entries in any
>> of the samba logs when I attempt to open the DNS Manager snapin either.
>> I CAN access the DNS on the original DC using the DNS Manager RSAT snapin.
>> I'm hoping (and suspecting) this will just be an easy fix of
>> chmodding/chowing something...
>> I've spent the last hour googling and have come up with nada.
>> Any help you can provide would be VERY appreciated!
>> *Taylor Hammerling* | *IT Manager*
>> 2800 Laura Lane | Middleton, WI 53562
>> *O *(608) 669-9070 *| C *(608) 512-7849
>> tcsbasys.com | ubiquistat.com
> *Taylor Hammerling* | *IT Manager*
> 2800 Laura Lane | Middleton, WI 53562
> *O *(608) 669-9070 *| C *(608) 512-7849
> tcsbasys.com | ubiquistat.com
*Taylor Hammerling* | *IT Manager*
2800 Laura Lane | Middleton, WI 53562
*O *(608) 669-9070 *| C *(608) 512-7849
tcsbasys.com | ubiquistat.com
More information about the samba