Web lists-archives.com

Re: [Samba] Provision new domain keeping users and passwords (mike)




29.03.2017 18:13, L.P.H. van Belle via samba пишет:
Hai Mike,

Are you running samba internal DNS or bind9_DLZ.

internal

In your case, can you give an example of "undeletable" item?
And did you check the rights on the dns object before trying to remove it.

# net rpc group members "Domain Admins" -U lmy
Enter lmy's password:
SAMGES\Administrator
SAMGES\lmy
SAMGES\bee

For "Domain Admins" to the record rights is "Full control" (i don't know how to show object rights in console, I using DNS MMC from RSAT)

AD domain zone is dc.samges.ru
and I have a hand-created (via RSAT - DNS - create new zone) zone samges.ru.

Any object in this zone is undeletable.

# samba-tool dns delete ad51.samges.ru samges.ru vjud A 213.156.210.216 -U lmy
GENSEC backend 'gssapi_spnego' registered
GENSEC backend 'gssapi_krb5' registered
GENSEC backend 'gssapi_krb5_sasl' registered
GENSEC backend 'schannel' registered
GENSEC backend 'spnego' registered
GENSEC backend 'ntlmssp' registered
GENSEC backend 'krb5' registered
GENSEC backend 'fake_gssapi_krb5' registered
Using binding ncacn_ip_tcp:ad51.samges.ru[,sign]
Password for [SAMGES\lmy]:
ERROR(runtime): uncaught exception - (1383, 'WERR_INTERNAL_DB_ERROR')
File "/usr/lib/python2.7/dist-packages/samba/netcmd/__init__.py", line 175, in _run
    return self.run(*args, **kwargs)
File "/usr/lib/python2.7/dist-packages/samba/netcmd/dns.py", line 1184, in run
    del_rec_buf)


But after creating zone (a month later) we accidentally delete some machine accounts, and after trying to restore it in LDAP we have a errors in DomainDNSZones like this:

samba-tool dbcheck --fix
(.... many similar errors ...)

---------------------------
ERROR: parent object not found for DC=SAMG62\0ADEL:ccc70e60-4086-49b0-86f0-e5b4af86666d,CN=Deleted Objects,DC=DomainDnsZones,DC=dc,DC=samges,DC=ru Move object DC=SAMG62\0ADEL:ccc70e60-4086-49b0-86f0-e5b4af86666d,CN=Deleted Objects,DC=DomainDnsZones,DC=dc,DC=samg
es,DC=ru into LostAndFound? [YES]

Renamed object DC=SAMG62\0ADEL:ccc70e60-4086-49b0-86f0-e5b4af86666d,CN=Deleted Objects,DC=DomainDnsZones,DC=dc,DC=s amges,DC=ru into lostAndFound at DC=SAMG62\0ADEL:ccc70e60-4086-49b0-86f0-e5b4af86666d,CN=LostAndFound,DC=DomainDnsZones,DC=dc,DC=samges,DC=ru

Set lastKnownParent on lostAndFound object at DC=SAMG62\0ADEL:ccc70e60-4086-49b0-86f0-e5b4af86666d,CN=LostAndFound,
DC=DomainDnsZones,DC=dc,DC=samges,DC=ru

ERROR: missing GUID component for lastKnownParent in object DC=SAMG146\0ADEL:c1531dae-eb09-4d2b-8270-4e91b73a6cad,C N=LostAndFound,DC=DomainDnsZones,DC=dc,DC=samges,DC=ru - CN=Deleted Objects,DC=DomainDnsZones,DC=dc,DC=samges,DC=ru unable to find object for DN CN=Deleted Objects,DC=DomainDnsZones,DC=dc,DC=samges,DC=ru - (No such Base DN: CN=Deleted Objects,DC=DomainDnsZones,DC=dc,DC=samges,DC=ru)

Not removing dangling forward link
Segmentation fault
-------------------------------



--
Mike Lykov, system administrator

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba