[Samba] AD DC DynDns update problem
L.P.H. van Belle
belle at bazuin.nl
Fri Jun 25 07:56:33 UTC 2021
> -----Oorspronkelijk bericht-----
> Van: me at tdiehl.org [mailto:me at tdiehl.org]
> Verzonden: donderdag 24 juni 2021 18:42
> Aan: L.P.H. van Belle
> CC: samba at lists.samba.org
> Onderwerp: Re: [Samba] AD DC DynDns update problem
>
> Hi Louis,
>
> On Thu, 24 Jun 2021, L.P.H. van Belle via samba wrote:
>
> > Lookup how owns the DNS A record in the DNS.
>
> OK, how do I do that?
Windows DNS Manager, goto the A record, (properties => Security Tab),
There you can see/lookup the permission (ACL) on the A record.
>
> > And, did you add dhcp-user into the windows groups
> DnsAdmins and DnsUpdateProxy for the servers running DHCP.
>
> The dhcpduser is part of the DnsAdmins group but was not a
> member of the DnsUpdateProxy.
> I added it to the DnsUpdateProxy group but no change.
>
> >
> > This > >>>>>> exception - (5, 'WERR_ACCESS_DENIED')
> > Is just the message that, the user your using, doesnt have
> rights on that A record.
>
> I did not know there was an actual owner of a DNS record. Am
> I not understanding something?
I think your understand most parts as you should.
But yes, even on DNS records there are ACL's.
A powershell example.
https://www.shellandco.net/update-acl-microsoft-dns-active-directory-record/
>
> >
> >>> Pre-authentication failed: Permission denied while getting
> > Did you enable "Delegate to all service (only kerberos)" on
> the computer object running the DHCP
>
> "Delegate to all service (only kerberos)" was enabled on the
> DC which is where dhcpd is running. I think that is the default.
Hmm, i cant recall if thats default but on the AD-DC's it should be imo.
Greetz,
Louis
More information about the samba
mailing list