Web lists-archives.com

Re: [Samba] Find/delete bad DNS Entry




Hi Robb,

We added a DNS entry to Samba via the Windows DNS Manager which apparently
was invalid. Now we can't see the list of forward lookup in the Window DNS
Manager because it immediately errors and we have to restart the Samba
service.

Running Samba 4.3.11-Ubuntu on Ubuntu 16.04

that's a quite old Samba version and it is EOL'ed. You really should upgrade to latest 4.7, there are tons of bugfix since 4.3.


Additionally, a samba-tool dns query fails with the following error:

$ samba-tool dns query dc1.mydomain.com mydomain.com @ ALL

I have seen issues with corrupted DNS entries in earlier Samba version. You could compare the zone between RSAT DNS console and Apache Directory Studio connection (look in CN=MicrosoftDNS,DC=DomainDNSZone,DC=,DC=) and see what extra spurious entry could lay in your DNS zone.

A more expeditive way is to delete and recreate the zone using the samba-tool dns zonedelete / zonecreate. The SRV entries are recreated when the server restart. You should just be careful about having your kerberos configuration properly so it does not needs DNS to find its KDC (you can take a look at krb5.conf file in [1] for inspiration). Then you'll have to recreate your DNS entries in that clean'ed up zone.

Cheers,

Denis

[1] https://dev.tranquil.it/wiki/SAMBA_-_Installation_samba4_comme_DC_secondaire


ERROR(runtime): uncaught exception - (-1073741300, 'The transport

connection is now disconnected.')   File

"/usr/lib/python2.7/dist-packages/samba/netcmd/__init__.py", line 175,

in _run

    return self.run(*args, **kwargs)   File
"/usr/lib/python2.7/dist-packages/samba/netcmd/dns.py", line 994, in

run

    None, record_type, select_flags, None, None)



This samba-tool command works if I search for a specific entry instead of
"@".

How do we find/delete the bad DNS entry?

Here is the full debug output -

INFO: Current debug levels:

  all: 10

  tdb: 10

  printdrivers: 10

  lanman: 10

  smb: 10

  rpc_parse: 10

  rpc_srv: 10

  rpc_cli: 10

  passdb: 10

  sam: 10

  auth: 10

  winbind: 10

  vfs: 10

  idmap: 10

  quota: 10

  acls: 10

  locking: 10

  msdfs: 10

  dmapi: 10

  registry: 10

  scavenger: 10

  dns: 10

  ldb: 10

  tevent: 10

lpcfg_load: refreshing parameters from /etc/samba/smb.conf

Processing section "[global]"

Processing section "[netlogon]"

Processing section "[sysvol]"

pm_process() returned Yes

GENSEC backend 'gssapi_spnego' registered

GENSEC backend 'gssapi_krb5' registered

GENSEC backend 'gssapi_krb5_sasl' registered

GENSEC backend 'spnego' registered

GENSEC backend 'schannel' registered

GENSEC backend 'naclrpc_as_system' registered

GENSEC backend 'sasl-EXTERNAL' registered

GENSEC backend 'ntlmssp' registered

GENSEC backend 'ntlmssp_resume_ccache' registered

GENSEC backend 'http_basic' registered

GENSEC backend 'http_ntlm' registered

GENSEC backend 'krb5' registered

GENSEC backend 'fake_gssapi_krb5' registered

Using binding ncacn_ip_tcp:dc1.acme.com[,sign]

Mapped to DCERPC endpoint 135

added interface eth0 ip=11.55.3.22 bcast=11.55.3.255 netmask=255.255.255.0

added interface eth0 ip=11.55.3.22 bcast=11.55.3.255 netmask=255.255.255.0

resolve_lmhosts: Attempting lmhosts lookup for name dc1.acme.com<0x20>

startlmhosts: Can't open lmhosts file /etc/samba/lmhosts. Error was No such
file or directory

rpc request data:

[0000] 01 00 00 00 00 00 00 00   00 00 00 00 00 00 00 00   ........ ........

rpc reply data:

[0000] 00 00 00 00 00 00 00 00   00 00 00 00 00 00 00 00   ........ ........

Mapped to DCERPC endpoint 1024

added interface eth0 ip=11.55.3.22 bcast=11.55.3.255 netmask=255.255.255.0

added interface eth0 ip=11.55.3.22 bcast=11.55.3.255 netmask=255.255.255.0

resolve_lmhosts: Attempting lmhosts lookup for name dc1.acme.com<0x20>

startlmhosts: Can't open lmhosts file /etc/samba/lmhosts. Error was No such
file or directory

Starting GENSEC mechanism spnego

Starting GENSEC submechanism gssapi_krb5

Password for [acme\my-admin]:

Received smb_krb5 packet of length 275

Received smb_krb5 packet of length 1373

../librpc/rpc/dcerpc_util.c:173: auth_pad_length 0

gensec_gssapi: NO credentials were delegated

GSSAPI Connection will be cryptographically signed

../librpc/rpc/dcerpc_util.c:173: auth_pad_length 0

rpc request data:

[0000] 00 00 07 00 00 00 00 00   00 00 02 00 16 00 00 00   ........ ........

     t: struct dcerpc_sec_verification_trailer

        _pad                     : DATA_BLOB length=0

        magic                    : 0000000000000000

        count: struct dcerpc_sec_vt_count

            count                    : 0x0002 (2)

        commands: ARRAY(2)

            commands: struct dcerpc_sec_vt

                command                  : 0x0001 (1)

                    0x01: DCERPC_SEC_VT_COMMAND_ENUM (1)

                       0: DCERPC_SEC_VT_COMMAND_END

                       0: DCERPC_SEC_VT_MUST_PROCESS

                u                        : union dcerpc_sec_vt_union(case
0x1)

                bitmask1                 : 0x00000001 (1)

                       1: DCERPC_SEC_VT_CLIENT_SUPPORTS_HEADER_SIGNING

            commands: struct dcerpc_sec_vt

                command                  : 0x4002 (16386)

                    0x02: DCERPC_SEC_VT_COMMAND_ENUM (2)

                       1: DCERPC_SEC_VT_COMMAND_END

                       0: DCERPC_SEC_VT_MUST_PROCESS

                u                        : union dcerpc_sec_vt_union(case
0x2)

                pcontext: struct dcerpc_sec_vt_pcontext

                    abstract_syntax: struct ndr_syntax_id

                        uuid                     :
50abc2a4-574d-40b3-9d66-ee4fd5fba076

                        if_version               : 0x00000005 (5)

                    transfer_syntax: struct ndr_syntax_id

                        uuid                     :
8a885d04-1ceb-11c9-9fe8-08002b104860

                        if_version               : 0x00000002 (2)

ERROR(runtime): uncaught exception - (-1073741300, 'The transport connection
is now disconnected.')

  File "/usr/lib/python2.7/dist-packages/samba/netcmd/__init__.py", line
175, in _run

    return self.run(*args, **kwargs)

  File "/usr/lib/python2.7/dist-packages/samba/netcmd/dns.py", line 994, in
run

    None, record_type, select_flags, None, None)









Thanks,



Robb Schiefer

Director of Engineering

Suture Health, Inc.




--
Denis Cardon
Tranquil IT Systems
Les Espaces Jules Verne, bâtiment A
12 avenue Jules Verne
44230 Saint Sébastien sur Loire
tel : +33 (0) 2.40.97.57.55
http://www.tranquil.it

Samba install wiki for Frenchies : https://dev.tranquil.it
WAPT, software deployment made easy : https://wapt.fr

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba