[Samba] Samba4 AD with bind DNS / TKEY is unacceptable

Stefan Schäfer ml at fsproductions.de
Mon Sep 16 03:21:22 MDT 2013 

Hello,

after resolving my problem (more or less), i try to migrate an W2k3 SBS. 
Here i found new but similar problems. It seems that the LDAP Structure 
for the DNS Zones of a SBS is different from w2k3 standard or enterprise.

It seems that the BIND9_DLZ  driver, samba-tool and samba_dnsupdate have 
problems with this structure. We switched the DNS to samba internal. 
After this resolving names is possible:

s4ad:~ # dig @localhost  s4ad.xxxx.local

; <<>> DiG 9.9.3-P2 <<>> @localhost s4ad.xxxx.local
; (2 servers found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 61943
;; flags: qr aa rd ad; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
;; WARNING: recursion requested but not available

;; QUESTION SECTION:
;s4ad.xxxx.local.      IN      A

;; ANSWER SECTION:
s4ad.xxxx.local. 900   IN      A       192.168.1.10

...but using samba-tool didn't work:

samba-tool dns zonelist s4ad.xxxx.local
GENSEC backend 'gssapi_spnego' registered
GENSEC backend 'gssapi_krb5' registered
GENSEC backend 'gssapi_krb5_sasl' registered
GENSEC backend 'sasl-DIGEST-MD5' registered
GENSEC backend 'schannel' registered
GENSEC backend 'spnego' registered
GENSEC backend 'ntlmssp' registered
GENSEC backend 'krb5' registered
GENSEC backend 'fake_gssapi_krb5' registered
Using binding ncacn_ip_tcp:s4ad.xxxx.local[,sign]
Ticket in credentials cache for administrator at XXXX.LOCAL expired, will 
refresh
Password for [administrator at XXXX.LOCAL]:
ERROR(runtime): uncaught exception - (9717, 'WERR_DNS_ERROR_DS_UNAVAILABLE')
   File "/usr/lib64/python2.6/site-packages/samba/netcmd/__init__.py", 
line 175, in _run
     return self.run(*args, **kwargs)
   File "/usr/lib64/python2.6/site-packages/samba/netcmd/dns.py", line 
812, in run
     request_filter)

The Samba Logfile shows:

[2013/09/16 11:12:30.197554,  3] 
../source4/smbd/service_stream.c:66(stream_terminate_connection)
   Terminating connection - 'dcesrv: NT_STATUS_CONNECTION_DISCONNECTED'
[2013/09/16 11:12:30.197757,  3] 
../source4/smbd/process_single.c:114(single_terminate)
   single_terminate: reason[dcesrv: NT_STATUS_CONNECTION_DISCONNECTED]
[2013/09/16 11:12:39.875479,  3] 
../lib/ldb-samba/ldb_wrap.c:320(ldb_wrap_connect)
   ldb_wrap open of secrets.ldb
[2013/09/16 11:12:39.903960,  2] 
../source4/rpc_server/dnsserver/dnsdb.c:140(dnsserver_db_enumerate_zones)
   dnsserver: Found DNS zone .
[2013/09/16 11:12:39.908238,  3] 
../source4/smbd/service_stream.c:66(stream_terminate_connection)
   Terminating connection - 'dcesrv: NT_STATUS_CONNECTION_DISCONNECTED'
[2013/09/16 11:12:39.908471,  3] 
../source4/smbd/process_single.c:114(single_terminate)
   single_terminate: reason[dcesrv: NT_STATUS_CONNECTION_DISCONNECTED]

It seems, that samba-tool and samba_dnsupdate didn't know where to find 
the DNS Zones in the LDAP DID of the SBS LDAP-Structure.

Does anybody knows this behavior or any workarounds?

Stefan

More information about the samba mailing list