Startup errors when DNS/[primary-dc].[domain] on [primary-dc]$ spn exists
Michael Croes
mycroes at gmail.com
Mon Mar 25 15:53:48 MDT 2013
Hi Andrew,
Thanks for your response.
> [2013/03/25 12:38:52, 0] ../source4/smbd/server.c:475(binary_smbd_main)
> > samba: using 'standard' process model
> > [2013/03/25 12:38:52, 0]
> > ../source4/smbd/service_task.c:35(task_server_terminate)
> > task_server_terminate: [Failed to obtain server credentials for DNS,
> > despite finding it in the samdb! NT_STATUS_CANT_ACCESS_DOMAIN_INFO
> > ]
> > [2013/03/25 12:38:52, 0] ../source4/smbd/server.c:210(samba_terminate)
> > samba_terminate: Failed to obtain server credentials for DNS, despite
> > finding it in the samdb! NT_STATUS_CANT_ACCESS_DOMAIN_INFO
>
> This means that the DNS server found an account in the domain that it
> would expect to use, but not the matching values in secrets.ldb.
>
If I run with -d 2 I get the following output (see also the separate email
if you like):
Could not find DNS/adc.mijlweg.visser.eu principal in secrets database:
NT_STATUS_CANT_ACCESS_DOMAIN_
INFO: Could not find entry to match filter: '(&(|(realm=MIJLWEG.VISSER.EU
)(flatname=VISSER))(servicePrincipalName=DNS/adc.mijlweg.visser.eu))' base:
'cn=Principals': No such object: (null)
task_server_terminate: [Failed to obtain server credentials for DNS,
despite finding it in the samdb! NT_STATUS_CANT_ACCESS_DOMAIN_INFO
]
To me this seems as if it wants to load data from some object in
'cn=Principals'. However, source4/scripting/bin/samba_upgradedns starting
from line 424:
# Special stuff for DLZ backend
if opts.dns_backend == "BIND9_DLZ":
# Check if dns-HOSTNAME account exists and create it if required
try:
dn = 'samAccountName=dns-%s,CN=Principals' % hostname
msg = ldbs.secrets.search(expression='(dn=%s)' % dn,
attrs=['secret'])
dnssecret = msg[0]['secret'][0]
except Exception:
logger.info("Adding dns-%s account" % hostname)
try:
msg = ldbs.sam.search(base=domaindn,
scope=ldb.SCOPE_DEFAULT,
expression='(sAMAccountName=dns-%s)'
% (hostname),
attrs=['clearTextPassword'])
dn = msg[0].dn
ldbs.sam.delete(dn)
except Exception:
pass
dnspass = samba.generate_random_password(128, 255)
setup_add_ldif(ldbs.sam,
setup_path("provision_dns_add_samba.ldif"), {
"DNSDOMAIN": dnsdomain,
"DOMAINDN": domaindn,
"DNSPASS_B64": b64encode(dnspass.encode('utf-16-le')),
"HOSTNAME" : hostname,
"DNSNAME" : dnsname }
)
secretsdb_setup_dns(ldbs.secrets, names,
paths.private_dir, realm=names.realm,
dnsdomain=names.dnsdomain,
dns_keytab_path=paths.dns_keytab,
dnspass=dnspass)
else:
logger.info("dns-%s account already exists" % hostname)
Seems to me this should only be related to Bind DLZ (at least the file says
so).
I already ran 'samba_upgradedns --dns-backend=SAMBA_INTERNAL', and I also
tried samba_upgradeprovision because the original provision dates to over 2
years ago (but has been upgradeprovisioned in between), but that doesn't
help either.
I'm also not really sure about the secrets.ldb entry missing, what entry
would it be missing, and can I just check it with a ldbsearch?
Regards,
Michael
More information about the samba-technical
mailing list