[Samba] Access denied editing DNS using RSAT
Daniel Carrasco
d.carrasco at i2tic.com
Tue Sep 12 14:04:00 UTC 2017
2017-09-12 11:32 GMT+02:00 Andrew Bartlett <abartlet at samba.org>:
> On Tue, 2017-09-12 at 11:21 +0200, Daniel Carrasco via samba wrote:
> > Hello,
> >
> > I'm trying to replace an old Windows Server 2003 with Samba 4 and I've
> got
> > a problem trying to add some DNS entries. When I open the RSAT DNS
> manager
> > I got an Access Denied error and I can't edit the zones.
> >
> > My config file is the generated by samba-tool and I'm using Samba
> 4.7.0rc5
> > compiled on a Debian 8 amd64:
> > [global]
> > netbios name = DC1
> > realm = DOMAIN.DOM
> > workgroup = DOMAIN
> > server role = active directory domain controller
> > idmap_ldb:use rfc2307 = yes
> > dns forwarder = 8.8.8.8
> >
> > [netlogon]
> > path = /server/samba/bin/var/locks/sysvol/domain.dom/scripts
> > read only = No
> >
> > [sysvol]
> > path = /server/samba/bin/var/locks/sysvol
> > read only = No
> >
> > All seems to be working fine, because I'm able to join the domain, login
> on
> > that computer and manage other things like Users and Groups, Policies...
> > but DNS just drops me an Acces Denied message.
> >
> > The log shows this:
> > [2017/09/12 11:17:01.416939, 2]
> > ../source4/rpc_server/dcerpc_server.c:1804(dcesrv_request)
> > dcesrv_request: restrict auth_level_connect access to [dnsserver] with
> > auth[type=0xa,level=0x2] on [ncacn_ip_tcp] from [ipv4:192.168.0.52:65013
> ]
> > [2017/09/12 11:17:01.444307, 2]
> > ../source4/rpc_server/dcerpc_server.c:1804(dcesrv_request)
> > dcesrv_request: restrict auth_level_connect access to [dnsserver] with
> > auth[type=0xa,level=0x2] on [ncacn_ip_tcp] from [ipv4:192.168.0.52:65015
> ]
> > [2017/09/12 11:17:01.469071, 2]
> > ../source4/rpc_server/dcerpc_server.c:1804(dcesrv_request)
> > dcesrv_request: restrict auth_level_connect access to [dnsserver] with
> > auth[type=0xa,level=0x2] on [ncacn_ip_tcp] from [ipv4:192.168.0.52:65017
> ]
> > [2017/09/12 11:17:01.494096, 2]
> > ../source4/rpc_server/dcerpc_server.c:1804(dcesrv_request)
> > dcesrv_request: restrict auth_level_connect access to [dnsserver] with
> > auth[type=0xa,level=0x2] on [ncacn_ip_tcp] from [ipv4:192.168.0.52:65019
> ]
> >
> >
> > Is there any way to fix this?, Maybe I forgot something like add the
> > computer to a group for example... I'm using the Administrator user, so
> it
> > should have access to all.
> >
> > Thanks, and greetings!!
>
> We have a restriction to disallow un-protected dce/rpc sessions, as
> they are just too each to hijack. You can use samba-tool or set
>
> allow dcerpc auth level connect = yes
>
> I hope this helps,
>
> Andrew Bartlett
>
> --
> Andrew Bartlett http://samba.org/~abartlet/
> Authentication Developer, Samba Team http://samba.org
> Samba Developer, Catalyst IT http://catalyst.net.nz/
> services/samba
>
>
Thanks, but I still getting the same error. I'll try to do it with
samba-tool.
Greetings!
--
_________________________________________
Daniel Carrasco Marín
Ingeniería para la Innovación i2TIC, S.L.
Tlf: +34 911 12 32 84 Ext: 223
www.i2tic.com
_________________________________________
More information about the samba
mailing list