[Samba] Permission issue

Rowland Penny rpenny at samba.org
Wed Feb 13 09:28:33 UTC 2019

On Wed, 13 Feb 2019 09:11:43 +0000
Praveen Ghimire <PGhimire at sundata.com.au> wrote:

> Hi Rowland,
> Used the 2008R2 box as I already had done up a script a while ago.
> The problem I found is that I could update the DNS record on the
> Samba AD server using the script but not the Windows AD box. It came
> up with  permission denied. I checked the dns update setting and it
> was set to both secure and unsecure (in DNS and also in smb.conf). I
> was running the script as the Domain Administrator.

Try reading this:


> The Server B I mentioned is not joined to the domain (Samba Nt4 or
> AD), it's just a standalone Ubuntu box with bind/dhcp and some other
> application. This part of the project doesn’t cover the DNS and DHCP
> migration from ServerB to the AD box. 

Then it shouldn't hold any AD dns records, though it could be used as a
forwarder by the AD DC's

> Just a curiosity, how long before the classicupgrade, the clients
> starts seeing and joining the AD domain? I know there is no reverting
> back the changes once they do, if we gauge the time lapse, it might
> help us . The one way I have been testing is shutting down all
> windows VMs bar the Samba box and a Windows server. If I see some
> issues, then we just revert back the /var/lib/samba and etc files and
> stop the ad-dc service and restart the samba services, seems to work
> well , till now

If any of your existing clients 'see' the AD DC, that's it, they will
not connect to the old PDC again.


More information about the samba mailing list