[Samba] AD DC DynDns update problem
Rowland Penny
rpenny at samba.org
Thu Jun 24 18:57:15 UTC 2021
On Thu, 2021-06-24 at 12:42 -0400, Tom Diehl via samba wrote:
> Hi Louis,
>
> On Thu, 24 Jun 2021, L.P.H. van Belle via samba wrote:
>
> > Lookup how owns the DNS A record in the DNS.
>
> OK, how do I do that?
>
> > And, did you add dhcp-user into the windows groups DnsAdmins and
> > DnsUpdateProxy for the servers running DHCP.
>
> The dhcpduser is part of the DnsAdmins group but was not a member of
> the DnsUpdateProxy.
> I added it to the DnsUpdateProxy group but no change.
>
> > This > >>>>>> exception - (5, 'WERR_ACCESS_DENIED')
> > Is just the message that, the user your using, doesnt have rights
> > on that A record.
>
> I did not know there was an actual owner of a DNS record. Am I not
> understanding something?
>
> > > > Pre-authentication failed: Permission denied while getting
> > Did you enable "Delegate to all service (only kerberos)" on the
> > computer object running the DHCP
>
> "Delegate to all service (only kerberos)" was enabled on the DC which
> is where dhcpd
> is running. I think that is the default.
>
> Regards,
>
>
I think I might have found the problem, do you actually have the keytab
/etc/dhcpduser.keytab ?
Note: not 'did you create it', does it exist. I ask this because I have
got to this point on an almalinux8 DC and I cannot create it. The
samba-tool command appears to work, but no keytab is created.
Rowland
More information about the samba
mailing list