[Samba] Can't access DNS from RSAT
lingpanda101 at gmail.com
Tue Dec 12 17:01:48 UTC 2017
On 12/12/2017 11:24 AM, Taylor Hammerling via samba wrote:
> I found this page https://bugzilla.samba.org/show_bug.cgi?id=12807 which
> seemed to have someone experiencing the same issue I am.
> I tried adding "allow dcerpc auth level connect:dnsserver = yes" to my
> smb.conf, rebooted the server, but still I get the an access denied message
> in windows.
> However, what is logged in the log.samba files has changed since adding
> this option to my smb.conf. it now shows
> [2017/12/12 10:21:02.936834, 2]
> dcesrv_request: restrict access by min_auth_level[0x4] to [dnsserver]
> with auth[type=0xa,level=0x2] on [ncacn_ip_tcp] from [ipv4:
> when I try to open the DNS Management RSAT
> On Tue, Dec 12, 2017 at 10:04 AM, Taylor Hammerling <
> thammerling at tcsbasys.com> wrote:
>> I cranked up the log level to 3 and found this in the log.samba file when
>> trying to open the DNS Manager RSAT from my client machine (which is joined
>> to the same domain as the DCs)
>> [2017/12/12 09:59:30.601170, 2] ../source4/rpc_server/dcerpc_
>> dcesrv_request: restrict auth_level_connect access to [dnsserver] with
>> auth[type=0xa,level=0x2] on [ncacn_ip_tcp] from [ipv4:172.28.9.100:49960]
>> On Tue, Dec 12, 2017 at 9:47 AM, Taylor Hammerling <
>> thammerling at tcsbasys.com> wrote:
>>> Good morning all!
>>> I have two DCs, both running Samba 4.7.3. I have just joined the second
>>> DC to the domain. The second DC is replicating AD objects perfectly, I
>>> verified this by running "samba-tool drs showrepl" as well as using the
>>> ADUC RSAT snapin and adding a user to one DC, then switching the DC that
>>> ADUC connects to and verifying that the user was properly replicated.
>>> The DNS objects are alos replicating properly. I checked this by running
>>> "samba-dnsupdate" as well as by running nslookup, switching the server to
>>> the new DC and doing a couple of lookups.
>>> Unfortunately, I can't access the DNS on the new DC thru the DNS Manager
>>> RSAT snapin. I get an "access denied" error. There are no entries in any
>>> of the samba logs when I attempt to open the DNS Manager snapin either.
>>> I CAN access the DNS on the original DC using the DNS Manager RSAT snapin.
>>> I'm hoping (and suspecting) this will just be an easy fix of
>>> chmodding/chowing something...
>>> I've spent the last hour googling and have come up with nada.
>>> Any help you can provide would be VERY appreciated!
>>> *Taylor Hammerling* | *IT Manager*
>>> 2800 Laura Lane | Middleton, WI 53562
>>> *O *(608) 669-9070 *| C *(608) 512-7849
>>> tcsbasys.com | ubiquistat.com
>> *Taylor Hammerling* | *IT Manager*
>> 2800 Laura Lane | Middleton, WI 53562
>> *O *(608) 669-9070 *| C *(608) 512-7849
>> tcsbasys.com | ubiquistat.com
Is your user part of the DNS admins group?
More information about the samba