Web lists-archives.com

Re: [Samba] Can't access DNS from RSAT




Are you using the default ssl certs in samba?.

I had a similar issue, and after create my own certificate with all common
names used on my domain (for example domain.com, dc1.domain.com and
dc2.domain.com), I'm able to manage the dns using RSAT using that named.
With ip address still failing.

Greetings!!

El 12 dic. 2017 6:13 p. m., "Taylor Hammerling via samba" <
samba@xxxxxxxxxxxxxxx> escribió:

> The user is a member of "Domain Admins" so they should be able to access
> the DNS (as is evident by the fact that they can access the DNS thru RSAT
> on the initial DC).
> But just to be thorough I have added "Domain Admins" to the group
> "DnsAdmins" and tested again, still get the "access denied" error from
> within windows.
>
> On Tue, Dec 12, 2017 at 11:01 AM, lingpanda101 via samba <
> samba@xxxxxxxxxxxxxxx> wrote:
>
> > On 12/12/2017 11:24 AM, Taylor Hammerling via samba wrote:
> >
> >> I found this page https://bugzilla.samba.org/show_bug.cgi?id=12807
> which
> >> seemed to have someone experiencing the same issue I am.
> >> I tried adding "allow dcerpc auth level connect:dnsserver = yes" to my
> >> smb.conf, rebooted the server, but still I get the an access denied
> >> message
> >> in windows.
> >> However, what is logged in the log.samba files has changed since adding
> >> this option to my smb.conf.  it now shows
> >>
> >> [2017/12/12 10:21:02.936834,  2]
> >> ../source4/rpc_server/dcerpc_server.c:1824(dcesrv_request)
> >>    dcesrv_request: restrict access by min_auth_level[0x4] to [dnsserver]
> >> with auth[type=0xa,level=0x2] on [ncacn_ip_tcp] from [ipv4:
> >> 172.28.9.100:49994]
> >>
> >> when I try to open the DNS Management RSAT
> >>
> >> On Tue, Dec 12, 2017 at 10:04 AM, Taylor Hammerling <
> >> thammerling@xxxxxxxxxxxx> wrote:
> >>
> >> I cranked up the log level to 3 and found this in the log.samba file
> when
> >>> trying to open the DNS Manager RSAT from my client machine (which is
> >>> joined
> >>> to the same domain as the DCs)
> >>>
> >>> [2017/12/12 09:59:30.601170,  2] ../source4/rpc_server/dcerpc_
> >>> server.c:1804(dcesrv_request)
> >>>    dcesrv_request: restrict auth_level_connect access to [dnsserver]
> with
> >>> auth[type=0xa,level=0x2] on [ncacn_ip_tcp] from [ipv4:
> 172.28.9.100:49960
> >>> ]
> >>>
> >>> On Tue, Dec 12, 2017 at 9:47 AM, Taylor Hammerling <
> >>> thammerling@xxxxxxxxxxxx> wrote:
> >>>
> >>> Good morning all!
> >>>>
> >>>> I have two DCs, both running Samba 4.7.3.  I have just joined the
> second
> >>>> DC to the domain.  The second DC is replicating AD objects perfectly,
> I
> >>>> verified this by running "samba-tool drs showrepl" as well as using
> the
> >>>> ADUC RSAT snapin and adding a user to one DC, then switching the DC
> that
> >>>> ADUC connects to and verifying that the user was properly replicated.
> >>>>
> >>>> The DNS objects are alos replicating properly.  I checked this by
> >>>> running
> >>>> "samba-dnsupdate" as well as by running nslookup, switching the server
> >>>> to
> >>>> the new DC and doing a couple of lookups.
> >>>>
> >>>> Unfortunately, I can't access the DNS on the new DC thru the DNS
> Manager
> >>>> RSAT snapin.  I get an "access denied" error.  There are no entries in
> >>>> any
> >>>> of the samba logs when I attempt to open the DNS Manager snapin
> either.
> >>>>
> >>>> I CAN access the DNS on the original DC using the DNS Manager RSAT
> >>>> snapin.
> >>>>
> >>>> I'm hoping (and suspecting) this will just be an easy fix of
> >>>> chmodding/chowing something...
> >>>> I've spent the last hour googling and have come up with nada.
> >>>>
> >>>> Any help you can provide would be VERY appreciated!
> >>>>
> >>>> --
> >>>> *Taylor Hammerling* |  *IT Manager*
> >>>> 2800 Laura Lane | Middleton, WI 53562
> >>>> *O *(608) 669-9070 *| C *(608) 512-7849
> >>>> tcsbasys.com | ubiquistat.com
> >>>>
> >>>>
> >>>
> >>> --
> >>> *Taylor Hammerling* |  *IT Manager*
> >>> 2800 Laura Lane | Middleton, WI 53562
> >>> *O *(608) 669-9070 *| C *(608) 512-7849
> >>> tcsbasys.com | ubiquistat.com
> >>>
> >>>
> >>
> >> Is your user part of the DNS admins group?
> >
> > --
> > --
> > James
> >
> >
> > --
> > To unsubscribe from this list go to the following URL and read the
> > instructions:  https://lists.samba.org/mailman/options/samba
> >
>
>
>
> --
> *Taylor Hammerling* |  *IT Manager*
> 2800 Laura Lane | Middleton, WI 53562
> *O *(608) 669-9070 *| C *(608) 512-7849
> tcsbasys.com | ubiquistat.com
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
>
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba