[Samba] Access denied editing DNS using RSAT

Daniel Carrasco d.carrasco at i2tic.com
Tue Sep 12 09:21:27 UTC 2017 

Hello,

I'm trying to replace an old Windows Server 2003 with Samba 4 and I've got
a problem trying to add some DNS entries. When I open the RSAT DNS manager
I got an Access Denied error and I can't edit the zones.

My config file is the generated by samba-tool and I'm using Samba 4.7.0rc5
compiled on a Debian 8 amd64:
[global]
        netbios name = DC1
        realm = DOMAIN.DOM
        workgroup = DOMAIN
        server role = active directory domain controller
        idmap_ldb:use rfc2307 = yes
        dns forwarder = 8.8.8.8

[netlogon]
        path = /server/samba/bin/var/locks/sysvol/domain.dom/scripts
        read only = No

[sysvol]
        path = /server/samba/bin/var/locks/sysvol
        read only = No

All seems to be working fine, because I'm able to join the domain, login on
that computer and manage other things like Users and Groups, Policies...
but DNS just drops me an Acces Denied message.

The log shows this:
[2017/09/12 11:17:01.416939,  2]
../source4/rpc_server/dcerpc_server.c:1804(dcesrv_request)
  dcesrv_request: restrict auth_level_connect access to [dnsserver] with
auth[type=0xa,level=0x2] on [ncacn_ip_tcp] from [ipv4:192.168.0.52:65013]
[2017/09/12 11:17:01.444307,  2]
../source4/rpc_server/dcerpc_server.c:1804(dcesrv_request)
  dcesrv_request: restrict auth_level_connect access to [dnsserver] with
auth[type=0xa,level=0x2] on [ncacn_ip_tcp] from [ipv4:192.168.0.52:65015]
[2017/09/12 11:17:01.469071,  2]
../source4/rpc_server/dcerpc_server.c:1804(dcesrv_request)
  dcesrv_request: restrict auth_level_connect access to [dnsserver] with
auth[type=0xa,level=0x2] on [ncacn_ip_tcp] from [ipv4:192.168.0.52:65017]
[2017/09/12 11:17:01.494096,  2]
../source4/rpc_server/dcerpc_server.c:1804(dcesrv_request)
  dcesrv_request: restrict auth_level_connect access to [dnsserver] with
auth[type=0xa,level=0x2] on [ncacn_ip_tcp] from [ipv4:192.168.0.52:65019]


Is there any way to fix this?, Maybe I forgot something like add the
computer to a group for example... I'm using the Administrator user, so it
should have access to all.

Thanks, and greetings!!

-- 
_________________________________________

      Daniel Carrasco Marín
      Ingeniería para la Innovación i2TIC, S.L.
      Tlf:  +34 911 12 32 84 Ext: 223
      www.i2tic.com
_________________________________________

More information about the samba mailing list