[Samba] AD DC DynDns update problem

Rowland Penny rpenny at samba.org
Thu Jun 24 18:57:15 UTC 2021

On Thu, 2021-06-24 at 12:42 -0400, Tom Diehl via samba wrote:
> Hi Louis,
> On Thu, 24 Jun 2021, L.P.H. van Belle via samba wrote:
> > Lookup how owns the DNS A record in the DNS.
> OK, how do I do that?
> > And, did you add dhcp-user into the windows groups DnsAdmins and
> > DnsUpdateProxy for the servers running DHCP.
> The dhcpduser is part of the DnsAdmins group but was not a member of
> the DnsUpdateProxy.
> I added it to the DnsUpdateProxy group but no change.
> > This > >>>>>> exception - (5, 'WERR_ACCESS_DENIED')
> > Is just the message that, the user your using, doesnt have rights
> > on that A record.
> I did not know there was an actual owner of a DNS record. Am I not
> understanding something?
> > > >  Pre-authentication failed: Permission denied while getting
> > Did you enable "Delegate to all service (only kerberos)" on the
> > computer object running the DHCP
> "Delegate to all service (only kerberos)" was enabled on the DC which
> is where dhcpd
> is running. I think that is the default.
> Regards,

I think I might have found the problem, do you actually have the keytab
/etc/dhcpduser.keytab ?

Note: not 'did you create it', does it exist. I ask this because I have
got to this point on an almalinux8 DC and I cannot create it. The
samba-tool command appears to work, but no keytab is created.


More information about the samba mailing list