[Samba] Can't access DNS from RSAT

Rowland penny rpenny at samba.org
Wed Jun 19 06:55:24 UTC 2019 

On 19/06/2019 00:10, André Luiz via samba wrote:
> Hello all,
>
> My Server is CentOS 7 and I'm running Samba 4.10.4 compiled from scratch.
>
> When I try to open DNS in RSAT I receive this message: Access was denied.
> Would you like to add it anyway?
>
> In my log.samba file I see this message:
>
> [2019/06/18 19:48:26.176994,  3]
> ../../lib/ldb-samba/ldb_wrap.c:332(ldb_wrap_connect)
>    ldb_wrap open of secrets.ldb
> [2019/06/18 19:48:26.202329,  3]
> ../../lib/ldb-samba/ldb_wrap.c:332(ldb_wrap_connect)
>    ldb_wrap open of privilege.ldb
> [2019/06/18 19:48:26.209150,  2]
> ../../source4/rpc_server/dcerpc_server.c:1936(dcesrv_request)
>    dcesrv_request: restrict access by min_auth_level[0x4] to [dnsserver]
> with auth[type=0x9,level=0x2] on [ncacn_ip_tcp] from [ipv4:192.168.1.10:1662
> ]
> [2019/06/18 19:48:26.209623,  3]
> ../../source4/smbd/service_stream.c:67(stream_terminate_connection)
>    stream_terminate_connection: Terminating connection - 'dcesrv:
> NT_STATUS_CONNECTION_DISCONNECTED'
>
> When I put  the option allow dcerpc auth level connect:dnsserver = yes on
> my smb.conf file I receive:
>
> dcesrv_request: restrict access by min_auth_level[0x4] to [dnsserver] with
> auth[type=0x9,level=0x2] on [ncacn_ip_tcp] from [ipv4:192.168.1.10:1662]
>
> When I not put that option on smb.conf file I receive this message:
>
> dcesrv_request: restrict auth_level_connect access to [dnsserver] with
> auth[type=0x9,level=0x2] on [ncacn_ip_tcp] from [ipv4:192.168.1.10:1670]
>
> My smb.conf
>
> [global]
>          netbios name = PDC
>          realm = DOMAIN.LOCAL
>          server role = active directory domain controller
>          server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc, drepl,
> winbindd, ntp_signd, kcc, dnsupdate
You appear to be using Bind9
>          workgroup = DOMAIN
>          idmap_ldb:use rfc2307 = yes
>          dns forwarder = 1.1.1.1 8.8.8.8 208.67.222.22
Yet you have a dns forwarder line
>          log level = 3
>          allow dcerpc auth level connect:dnsserver = yes
>          interfaces = 127.0.0.1 192.168.1.10
>          bind interfaces only = yes
>          interfaces = lo enp21s0
You also have two 'interfaces' lines, you can only have one
>          ntlm auth = yes
>
> My Samba is fully functional. I can create users, join computers, resolve
> names, but I cannot access DNS via RSAT to edit my zones. Via CLI I can
> edit DNS zones.
>
> Thanks
>
> Andre

Can you post your named.conf file.

Rowland

More information about the samba mailing list