# samba, kerberos, dyn dns update problem with permissions

## blubberbaer

Dear forum,

i'm setting up samba as an ADDC. A lot of things are already up and running  :Wink:  I'm following a mixture of "Samba 4" Handbook from Stefan Kania, ArchWiki and GentooWiki. Right now I'm in trouble with updating the dns server  dynamically, if a windows client connects using dhcp. The script i've copied and modified is from https://aur.archlinux.org/packages/samba-dhcpd-update/. Calling it manually as user root, I can add and remove my entries to the dns server. If it is called from isc-dhcp-daemon, it fails because the dhcpd-daemon is running under user dhcp. The scripts checks for a valid TGT-ticket, but it fails. Here is the output:

 *Quote:*   

> klist: krb5_cc_get_principal: get-principal open(/tmp/krb5cc_0): Permission denied

 

The script calls klist like this

 *Quote:*   

> klist -v -c /tmp/krb5cc_0 -t

 

I've been following the guide from https://wiki.archlinux.org/index.php/Samba/Active_Directory_domain_controller#NTPD, section "DHCP with dynamic DNS updates".

How can I solve this dhcp-user/root-user issue with kerberos ..... ?

Many thanks and have fun,

blubberbaer

UPS: I should mention that I'm using the internal samba dns.

----------

