[Samba] AD DC DynDns update problem
Rowland Penny
rpenny at samba.org
Wed Jun 23 20:15:39 UTC 2021
On Wed, 2021-06-23 at 15:49 -0400, me at tdiehl.org wrote:
> Hi Rowland,
>
> On Wed, 23 Jun 2021, Rowland Penny via samba wrote:
>
> > On Wed, 2021-06-23 at 12:33 -0400, Tom Diehl via samba wrote:
> > > Hi,
> > >
> > > I have an AD domain running a 4.12.15 DC that I am trying to get
> > > the
> > > dyndns update
> > > script working on. I have it configured as per
> > > https://wiki.samba.org/index.php/Configure_DHCP_to_update_DNS_records_with_BIND9
> > >
> > > Kerberos appears to be working as the script does not complain
> > > that
> > > it cannot get
> > > a ticket but when the script try's to run samba-tool I get the
> > > following:
> > >
> > > Jun 23 11:49:27 pht-vdc1 dhcpd[1397671]: samba-tool dns add pht-
> > > vdc1
> > > mydomain.com DESKTOP-9L3AOBC A 192.168.1.194 -k yes
> > > Jun 23 11:49:27 pht-vdc1 dhcpd[1397671]: ERROR(runtime): uncaught
> > > exception - (5, 'WERR_ACCESS_DENIED')
> >
> > What OS are you using ?
>
> RHEL 8. It is a new vm with self compiled instance of Samba and I am
> not running
> sssd. :-)
>
> > Who does 'dhcpd' run as ?
>
> It runs as dhcpd.
>
> For completeness here are the permissions on the related files:
>
> (pht-vdc1 pts8) # ll /etc/dhcpduser.keytab
> -r--------. 1 dhcpd dhcpd 216 Jun 18 11:48 /etc/dhcpduser.keytab
> pht-vdc1 pts8) # la /etc/dhcp/scripts/
> total 100
> drwxr-x---. 2 dhcpd dhcpd 239 Jun 23 10:27 .
> drwxr-x---. 4 dhcpd dhcpd 190 Jun 22 15:31 ..
> -rwxr-xr-x. 1 dhcpd dhcpd 13569 Jun 23 10:27 dhcp-dyndns.sh
> (pht-vdc1 pts8) #
>
> Hopefully you can spot what I am missing.
>
> Regards,
I use Raspbian (but was using Devuan) and whilst isc-dhcp-server runs
as dhcpd, it runs the script as root. I also have same permissions as
you on the keytab and script, but they belong to root:root, so try
changing the ownership of your keytab.
Rowland
More information about the samba
mailing list