[Samba] Can't access DNS from RSAT

lingpanda101 lingpanda101 at gmail.com
Tue Dec 12 17:01:48 UTC 2017


On 12/12/2017 11:24 AM, Taylor Hammerling via samba wrote:
> I found this page https://bugzilla.samba.org/show_bug.cgi?id=12807 which
> seemed to have someone experiencing the same issue I am.
> I tried adding "allow dcerpc auth level connect:dnsserver = yes" to my
> smb.conf, rebooted the server, but still I get the an access denied message
> in windows.
> However, what is logged in the log.samba files has changed since adding
> this option to my smb.conf.  it now shows
>
> [2017/12/12 10:21:02.936834,  2]
> ../source4/rpc_server/dcerpc_server.c:1824(dcesrv_request)
>    dcesrv_request: restrict access by min_auth_level[0x4] to [dnsserver]
> with auth[type=0xa,level=0x2] on [ncacn_ip_tcp] from [ipv4:
> 172.28.9.100:49994]
>
> when I try to open the DNS Management RSAT
>
> On Tue, Dec 12, 2017 at 10:04 AM, Taylor Hammerling <
> thammerling at tcsbasys.com> wrote:
>
>> I cranked up the log level to 3 and found this in the log.samba file when
>> trying to open the DNS Manager RSAT from my client machine (which is joined
>> to the same domain as the DCs)
>>
>> [2017/12/12 09:59:30.601170,  2] ../source4/rpc_server/dcerpc_
>> server.c:1804(dcesrv_request)
>>    dcesrv_request: restrict auth_level_connect access to [dnsserver] with
>> auth[type=0xa,level=0x2] on [ncacn_ip_tcp] from [ipv4:172.28.9.100:49960]
>>
>> On Tue, Dec 12, 2017 at 9:47 AM, Taylor Hammerling <
>> thammerling at tcsbasys.com> wrote:
>>
>>> Good morning all!
>>>
>>> I have two DCs, both running Samba 4.7.3.  I have just joined the second
>>> DC to the domain.  The second DC is replicating AD objects perfectly, I
>>> verified this by running "samba-tool drs showrepl" as well as using the
>>> ADUC RSAT snapin and adding a user to one DC, then switching the DC that
>>> ADUC connects to and verifying that the user was properly replicated.
>>>
>>> The DNS objects are alos replicating properly.  I checked this by running
>>> "samba-dnsupdate" as well as by running nslookup, switching the server to
>>> the new DC and doing a couple of lookups.
>>>
>>> Unfortunately, I can't access the DNS on the new DC thru the DNS Manager
>>> RSAT snapin.  I get an "access denied" error.  There are no entries in any
>>> of the samba logs when I attempt to open the DNS Manager snapin either.
>>>
>>> I CAN access the DNS on the original DC using the DNS Manager RSAT snapin.
>>>
>>> I'm hoping (and suspecting) this will just be an easy fix of
>>> chmodding/chowing something...
>>> I've spent the last hour googling and have come up with nada.
>>>
>>> Any help you can provide would be VERY appreciated!
>>>
>>> --
>>> *Taylor Hammerling* |  *IT Manager*
>>> 2800 Laura Lane | Middleton, WI 53562
>>> *O *(608) 669-9070 *| C *(608) 512-7849
>>> tcsbasys.com | ubiquistat.com
>>>
>>
>>
>> --
>> *Taylor Hammerling* |  *IT Manager*
>> 2800 Laura Lane | Middleton, WI 53562
>> *O *(608) 669-9070 *| C *(608) 512-7849
>> tcsbasys.com | ubiquistat.com
>>
>
>
Is your user part of the DNS admins group?

-- 
--
James




More information about the samba mailing list