[Samba] Can't access DNS from RSAT

André Luiz andreluizpr at gmail.com
Tue Jun 18 23:10:35 UTC 2019 

Hello all,

My Server is CentOS 7 and I'm running Samba 4.10.4 compiled from scratch.

When I try to open DNS in RSAT I receive this message: Access was denied.
Would you like to add it anyway?

In my log.samba file I see this message:

[2019/06/18 19:48:26.176994,  3]
../../lib/ldb-samba/ldb_wrap.c:332(ldb_wrap_connect)
  ldb_wrap open of secrets.ldb
[2019/06/18 19:48:26.202329,  3]
../../lib/ldb-samba/ldb_wrap.c:332(ldb_wrap_connect)
  ldb_wrap open of privilege.ldb
[2019/06/18 19:48:26.209150,  2]
../../source4/rpc_server/dcerpc_server.c:1936(dcesrv_request)
  dcesrv_request: restrict access by min_auth_level[0x4] to [dnsserver]
with auth[type=0x9,level=0x2] on [ncacn_ip_tcp] from [ipv4:192.168.1.10:1662
]
[2019/06/18 19:48:26.209623,  3]
../../source4/smbd/service_stream.c:67(stream_terminate_connection)
  stream_terminate_connection: Terminating connection - 'dcesrv:
NT_STATUS_CONNECTION_DISCONNECTED'

When I put  the option allow dcerpc auth level connect:dnsserver = yes on
my smb.conf file I receive:

dcesrv_request: restrict access by min_auth_level[0x4] to [dnsserver] with
auth[type=0x9,level=0x2] on [ncacn_ip_tcp] from [ipv4:192.168.1.10:1662]

When I not put that option on smb.conf file I receive this message:

dcesrv_request: restrict auth_level_connect access to [dnsserver] with
auth[type=0x9,level=0x2] on [ncacn_ip_tcp] from [ipv4:192.168.1.10:1670]

My smb.conf

[global]
        netbios name = PDC
        realm = DOMAIN.LOCAL
        server role = active directory domain controller
        server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc, drepl,
winbindd, ntp_signd, kcc, dnsupdate
        workgroup = DOMAIN
        idmap_ldb:use rfc2307 = yes
        dns forwarder = 1.1.1.1 8.8.8.8 208.67.222.22
        log level = 3
        allow dcerpc auth level connect:dnsserver = yes
        interfaces = 127.0.0.1 192.168.1.10
        bind interfaces only = yes
        interfaces = lo enp21s0
        ntlm auth = yes

My Samba is fully functional. I can create users, join computers, resolve
names, but I cannot access DNS via RSAT to edit my zones. Via CLI I can
edit DNS zones.

Thanks

Andre

More information about the samba mailing list