Unable to alter DNS in Samba4

Niklas Andersson niklas.andersson at openforce.se
Wed Aug 20 04:46:48 MDT 2014 

Feel free to look at my stuff on Github. There are still some 
simplifications I can do. The issue I had below was related to me using 
external bind, and I "solved" it by using SAMBA_INTERNAL instead.

Also thanks to that, the whole package become a lot simpler. Due to the 
added complexity with bind9 I decided to package it its own package: 
dcpromo, to get neater integration, but now I might do entirely without it.

Here is the code to the Samba4 AD DC [1], and here is a container where 
you can join with Realmd/sssd [2]. It is cool. In the second, the 
realmd-client, I have enabled ssh in sssd, so you can login to the 
container with the credentials stored in Samba4.

  I still have work left to do to get a nicer User eXperience though... 
And if you are interested in OpenLDAP, here is a container for that as 
well [3]. My next step there will be to set up a "Dockerized" 
Certificate Authority that can start sign certs issued by the servers. I 
would also like to enable OpenLDAP for GSSAPI.

[1] https://github.com/xnandersson/docker-dc
[2] https://github.com/xnandersson/docker-realmd
[3] https://github.com/xnandersson/docker-openldap

Regards,
Niklas
On 20/08/14 12:32, Clement Wong wrote:
> Official docker container would be really cool.
>
> Clement
>
>> On 17 Aug 2014, at 03:52, Niklas Andersson <niklas.andersson at openforce.se> wrote:
>>
>> Hi,
>>
>> Installed Samba4 as DC in a Docker container. Using Utopic and Samba
>> 4.1.11 as a base.
>>
>> The install and provisioning goes smooth - I have also confirmed I can
>> join using realmd from another client :)
>>
>> But, the problem is that you want this containerized, and the ip address
>> to your DC in your new containers are not valid.
>>
>> So, I tried to alter it, but I got errors. I have tried several dns
>> operations and everything that has to do with update/new records fail.
>> Queries works nicely. I can add users to the directory, so it seems limited
>> to dns..
>>
>> Here is the log: (Old IP is 172.17.0.37, and I want to change it to
>> 172.17.0.41)
>>
>> root at dc:/# samba-tool dns update 172.17.0.41 openforce.org dc.openforce.org
>> A 172.17.0.37 172.17.0.41 -d 10
>> INFO: Current debug levels:
>>   all: 10
>>   tdb: 10
>>   printdrivers: 10
>>   lanman: 10
>>   smb: 10
>>   rpc_parse: 10
>>   rpc_srv: 10
>>   rpc_cli: 10
>>   passdb: 10
>>   sam: 10
>>   auth: 10
>>   winbind: 10
>>   vfs: 10
>>   idmap: 10
>>   quota: 10
>>   acls: 10
>>   locking: 10
>>   msdfs: 10
>>   dmapi: 10
>>   registry: 10
>>   scavenger: 10
>>   dns: 10
>>   ldb: 10
>> lpcfg_load: refreshing parameters from /etc/samba/smb.conf
>> params.c:pm_process() - Processing configuration file "/etc/samba/smb.conf"
>> Processing section "[global]"
>> Processing section "[netlogon]"
>> Processing section "[sysvol]"
>> pm_process() returned Yes
>> GENSEC backend 'gssapi_spnego' registered
>> GENSEC backend 'gssapi_krb5' registered
>> GENSEC backend 'gssapi_krb5_sasl' registered
>> GENSEC backend 'schannel' registered
>> GENSEC backend 'spnego' registered
>> GENSEC backend 'ntlmssp' registered
>> GENSEC backend 'krb5' registered
>> GENSEC backend 'fake_gssapi_krb5' registered
>> Using binding ncacn_ip_tcp:172.17.0.41[,sign]
>> Mapped to DCERPC endpoint 135
>> added interface eth0 ip=172.17.0.41 bcast=172.17.255.255 netmask=255.255.0.0
>> added interface eth0 ip=172.17.0.41 bcast=172.17.255.255 netmask=255.255.0.0
>> rpc request data:
>> [0000] 01 00 00 00 00 00 00 00   00 00 00 00 00 00 00 00   ........ ........
>> [0010] 00 00 00 00 02 00 00 00   4B 00 00 00 4B 00 00 00   ........ K...K...
>> [0020] 05 00 13 00 0D A4 C2 AB   50 4D 57 B3 40 9D 66 EE   ........ PMW. at .f.
>> [0030] 4F D5 FB A0 76 05 00 02   00 00 00 13 00 0D 04 5D   O...v... .......]
>> [0040] 88 8A EB 1C C9 11 9F E8   08 00 2B 10 48 60 02 00   ........ ..+.H`..
>> [0050] 02 00 00 00 01 00 0B 02   00 00 00 01 00 07 02 00   ........ ........
>> [0060] 00 00 01 00 09 04 00 AC   11 00 29 00 00 00 00 00   ........ ..).....
>> [0070] 00 00 00 00 00 00 00 00   00 00 00 00 00 00 00 00   ........ ........
>> [0080] 01 00 00 00                                       ....
>> rpc reply data:
>> [0000] 00 00 00 00 00 00 00 00   00 00 00 00 00 00 00 00   ........ ........
>> [0010] 00 00 00 00 01 00 00 00   01 00 00 00 00 00 00 00   ........ ........
>> [0020] 01 00 00 00 03 00 00 00   4B 00 00 00 4B 00 00 00   ........ K...K...
>> [0030] 05 00 13 00 0D A4 C2 AB   50 4D 57 B3 40 9D 66 EE   ........ PMW. at .f.
>> [0040] 4F D5 FB A0 76 05 00 02   00 00 00 13 00 0D 04 5D   O...v... .......]
>> [0050] 88 8A EB 1C C9 11 9F E8   08 00 2B 10 48 60 02 00   ........ ..+.H`..
>> [0060] 02 00 00 00 01 00 0B 02   00 00 00 01 00 07 02 00   ........ ........
>> [0070] 04 00 01 00 09 04 00 00   00 00 00 00 00 00 00 00   ........ ........
>> Mapped to DCERPC endpoint 1024
>> added interface eth0 ip=172.17.0.41 bcast=172.17.255.255 netmask=255.255.0.0
>> added interface eth0 ip=172.17.0.41 bcast=172.17.255.255 netmask=255.255.0.0
>> rpc request data:
>> [0000] 00 00 07 00 00 00 00 00   00 00 02 00 0C 00 00 00   ........ ........
>> [0010] 00 00 00 00 0C 00 00 00   31 00 37 00 32 00 2E 00   ........ 1.7.2...
>> [0020] 31 00 37 00 2E 00 30 00   2E 00 34 00 31 00 00 00   1.7...0. ..4.1...
>> [0030] 04 00 02 00 0E 00 00 00   00 00 00 00 0E 00 00 00   ........ ........
>> [0040] 6F 70 65 6E 66 6F 72 63   65 2E 6F 72 67 00 00 00   openforc e.org...
>> [0050] 08 00 02 00 11 00 00 00   00 00 00 00 11 00 00 00   ........ ........
>> [0060] 64 63 2E 6F 70 65 6E 66   6F 72 63 65 2E 6F 72 67   dc.openf orce.org
>> [0070] 00 00 00 00 00 00 00 00   01 00 00 00 01 00 00 00   ........ ........
>> [0080] 00 00 00 00 00 00 00 00                            ........
>> rpc reply data:
>> [0000] 2C 00 00 00 0C 00 02 00   2C 00 00 00 10 00 01 00   ,....... ,.......
>> [0010] 00 00 00 00 00 00 00 00   00 00 00 00 04 00 01 00   ........ ........
>> [0020] F0 00 00 00 01 00 00 00   84 03 00 00 00 00 00 00   ........ ........
>> [0030] 00 00 00 00 AC 11 00 25   00 00 00 00              .......% ....
>> rpc request data:
>> [0000] 00 00 07 00 00 00 00 00   00 00 02 00 0C 00 00 00   ........ ........
>> [0010] 00 00 00 00 0C 00 00 00   31 00 37 00 32 00 2E 00   ........ 1.7.2...
>> [0020] 31 00 37 00 2E 00 30 00   2E 00 34 00 31 00 00 00   1.7...0. ..4.1...
>> [0030] 04 00 02 00 0E 00 00 00   00 00 00 00 0E 00 00 00   ........ ........
>> [0040] 6F 70 65 6E 66 6F 72 63   65 2E 6F 72 67 00 00 00   openforc e.org...
>> [0050] 11 00 00 00 00 00 00 00   11 00 00 00 64 63 2E 6F   ........ ....dc.o
>> [0060] 70 65 6E 66 6F 72 63 65   2E 6F 72 67 00 00 00 00   penforce .org....
>> [0070] 08 00 02 00 04 00 00 00   04 00 01 00 F0 00 00 00   ........ ........
>> [0080] 01 00 00 00 84 03 00 00   00 00 00 00 00 00 00 00   ........ ........
>> [0090] AC 11 00 29 0C 00 02 00   04 00 00 00 04 00 01 00   ...).... ........
>> [00A0] F0 00 00 00 01 00 00 00   84 03 00 00 00 00 00 00   ........ ........
>> [00B0] 00 00 00 00 AC 11 00 25                            .......%
>> rpc reply data:
>> [0000] 67 05 00 00                                       g...
>> ERROR(runtime): uncaught exception - (1383, 'WERR_INTERNAL_DB_ERROR')
>>   File "/usr/lib/python2.7/dist-packages/samba/netcmd/__init__.py", line
>> 175, in _run
>>     return self.run(*args, **kwargs)
>>   File "/usr/lib/python2.7/dist-packages/samba/netcmd/dns.py", line 1132,
>> in run
>>
>> Regards,
>> Niklas

More information about the samba-technical mailing list