Web lists-archives.com

Re: [Samba] Can't access DNS from RSAT




On 12/12/2017 11:24 AM, Taylor Hammerling via samba wrote:
I found this page https://bugzilla.samba.org/show_bug.cgi?id=12807 which
seemed to have someone experiencing the same issue I am.
I tried adding "allow dcerpc auth level connect:dnsserver = yes" to my
smb.conf, rebooted the server, but still I get the an access denied message
in windows.
However, what is logged in the log.samba files has changed since adding
this option to my smb.conf.  it now shows

[2017/12/12 10:21:02.936834,  2]
../source4/rpc_server/dcerpc_server.c:1824(dcesrv_request)
   dcesrv_request: restrict access by min_auth_level[0x4] to [dnsserver]
with auth[type=0xa,level=0x2] on [ncacn_ip_tcp] from [ipv4:
172.28.9.100:49994]

when I try to open the DNS Management RSAT

On Tue, Dec 12, 2017 at 10:04 AM, Taylor Hammerling <
thammerling@xxxxxxxxxxxx> wrote:

I cranked up the log level to 3 and found this in the log.samba file when
trying to open the DNS Manager RSAT from my client machine (which is joined
to the same domain as the DCs)

[2017/12/12 09:59:30.601170,  2] ../source4/rpc_server/dcerpc_
server.c:1804(dcesrv_request)
   dcesrv_request: restrict auth_level_connect access to [dnsserver] with
auth[type=0xa,level=0x2] on [ncacn_ip_tcp] from [ipv4:172.28.9.100:49960]

On Tue, Dec 12, 2017 at 9:47 AM, Taylor Hammerling <
thammerling@xxxxxxxxxxxx> wrote:

Good morning all!

I have two DCs, both running Samba 4.7.3.  I have just joined the second
DC to the domain.  The second DC is replicating AD objects perfectly, I
verified this by running "samba-tool drs showrepl" as well as using the
ADUC RSAT snapin and adding a user to one DC, then switching the DC that
ADUC connects to and verifying that the user was properly replicated.

The DNS objects are alos replicating properly.  I checked this by running
"samba-dnsupdate" as well as by running nslookup, switching the server to
the new DC and doing a couple of lookups.

Unfortunately, I can't access the DNS on the new DC thru the DNS Manager
RSAT snapin.  I get an "access denied" error.  There are no entries in any
of the samba logs when I attempt to open the DNS Manager snapin either.

I CAN access the DNS on the original DC using the DNS Manager RSAT snapin.

I'm hoping (and suspecting) this will just be an easy fix of
chmodding/chowing something...
I've spent the last hour googling and have come up with nada.

Any help you can provide would be VERY appreciated!

--
*Taylor Hammerling* |  *IT Manager*
2800 Laura Lane | Middleton, WI 53562
*O *(608) 669-9070 *| C *(608) 512-7849
tcsbasys.com | ubiquistat.com



--
*Taylor Hammerling* |  *IT Manager*
2800 Laura Lane | Middleton, WI 53562
*O *(608) 669-9070 *| C *(608) 512-7849
tcsbasys.com | ubiquistat.com



Is your user part of the DNS admins group?

--
--
James


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba