Unable to alter DNS in Samba4
Niklas Andersson
niklas.andersson at openforce.se
Wed Aug 20 04:46:48 MDT 2014
Feel free to look at my stuff on Github. There are still some
simplifications I can do. The issue I had below was related to me using
external bind, and I "solved" it by using SAMBA_INTERNAL instead.
Also thanks to that, the whole package become a lot simpler. Due to the
added complexity with bind9 I decided to package it its own package:
dcpromo, to get neater integration, but now I might do entirely without it.
Here is the code to the Samba4 AD DC [1], and here is a container where
you can join with Realmd/sssd [2]. It is cool. In the second, the
realmd-client, I have enabled ssh in sssd, so you can login to the
container with the credentials stored in Samba4.
I still have work left to do to get a nicer User eXperience though...
And if you are interested in OpenLDAP, here is a container for that as
well [3]. My next step there will be to set up a "Dockerized"
Certificate Authority that can start sign certs issued by the servers. I
would also like to enable OpenLDAP for GSSAPI.
[1] https://github.com/xnandersson/docker-dc
[2] https://github.com/xnandersson/docker-realmd
[3] https://github.com/xnandersson/docker-openldap
Regards,
Niklas
On 20/08/14 12:32, Clement Wong wrote:
> Official docker container would be really cool.
>
> Clement
>
>> On 17 Aug 2014, at 03:52, Niklas Andersson <niklas.andersson at openforce.se> wrote:
>>
>> Hi,
>>
>> Installed Samba4 as DC in a Docker container. Using Utopic and Samba
>> 4.1.11 as a base.
>>
>> The install and provisioning goes smooth - I have also confirmed I can
>> join using realmd from another client :)
>>
>> But, the problem is that you want this containerized, and the ip address
>> to your DC in your new containers are not valid.
>>
>> So, I tried to alter it, but I got errors. I have tried several dns
>> operations and everything that has to do with update/new records fail.
>> Queries works nicely. I can add users to the directory, so it seems limited
>> to dns..
>>
>> Here is the log: (Old IP is 172.17.0.37, and I want to change it to
>> 172.17.0.41)
>>
>> root at dc:/# samba-tool dns update 172.17.0.41 openforce.org dc.openforce.org
>> A 172.17.0.37 172.17.0.41 -d 10
>> INFO: Current debug levels:
>> all: 10
>> tdb: 10
>> printdrivers: 10
>> lanman: 10
>> smb: 10
>> rpc_parse: 10
>> rpc_srv: 10
>> rpc_cli: 10
>> passdb: 10
>> sam: 10
>> auth: 10
>> winbind: 10
>> vfs: 10
>> idmap: 10
>> quota: 10
>> acls: 10
>> locking: 10
>> msdfs: 10
>> dmapi: 10
>> registry: 10
>> scavenger: 10
>> dns: 10
>> ldb: 10
>> lpcfg_load: refreshing parameters from /etc/samba/smb.conf
>> params.c:pm_process() - Processing configuration file "/etc/samba/smb.conf"
>> Processing section "[global]"
>> Processing section "[netlogon]"
>> Processing section "[sysvol]"
>> pm_process() returned Yes
>> GENSEC backend 'gssapi_spnego' registered
>> GENSEC backend 'gssapi_krb5' registered
>> GENSEC backend 'gssapi_krb5_sasl' registered
>> GENSEC backend 'schannel' registered
>> GENSEC backend 'spnego' registered
>> GENSEC backend 'ntlmssp' registered
>> GENSEC backend 'krb5' registered
>> GENSEC backend 'fake_gssapi_krb5' registered
>> Using binding ncacn_ip_tcp:172.17.0.41[,sign]
>> Mapped to DCERPC endpoint 135
>> added interface eth0 ip=172.17.0.41 bcast=172.17.255.255 netmask=255.255.0.0
>> added interface eth0 ip=172.17.0.41 bcast=172.17.255.255 netmask=255.255.0.0
>> rpc request data:
>> [0000] 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........
>> [0010] 00 00 00 00 02 00 00 00 4B 00 00 00 4B 00 00 00 ........ K...K...
>> [0020] 05 00 13 00 0D A4 C2 AB 50 4D 57 B3 40 9D 66 EE ........ PMW. at .f.
>> [0030] 4F D5 FB A0 76 05 00 02 00 00 00 13 00 0D 04 5D O...v... .......]
>> [0040] 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 60 02 00 ........ ..+.H`..
>> [0050] 02 00 00 00 01 00 0B 02 00 00 00 01 00 07 02 00 ........ ........
>> [0060] 00 00 01 00 09 04 00 AC 11 00 29 00 00 00 00 00 ........ ..).....
>> [0070] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........
>> [0080] 01 00 00 00 ....
>> rpc reply data:
>> [0000] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........
>> [0010] 00 00 00 00 01 00 00 00 01 00 00 00 00 00 00 00 ........ ........
>> [0020] 01 00 00 00 03 00 00 00 4B 00 00 00 4B 00 00 00 ........ K...K...
>> [0030] 05 00 13 00 0D A4 C2 AB 50 4D 57 B3 40 9D 66 EE ........ PMW. at .f.
>> [0040] 4F D5 FB A0 76 05 00 02 00 00 00 13 00 0D 04 5D O...v... .......]
>> [0050] 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 60 02 00 ........ ..+.H`..
>> [0060] 02 00 00 00 01 00 0B 02 00 00 00 01 00 07 02 00 ........ ........
>> [0070] 04 00 01 00 09 04 00 00 00 00 00 00 00 00 00 00 ........ ........
>> Mapped to DCERPC endpoint 1024
>> added interface eth0 ip=172.17.0.41 bcast=172.17.255.255 netmask=255.255.0.0
>> added interface eth0 ip=172.17.0.41 bcast=172.17.255.255 netmask=255.255.0.0
>> rpc request data:
>> [0000] 00 00 07 00 00 00 00 00 00 00 02 00 0C 00 00 00 ........ ........
>> [0010] 00 00 00 00 0C 00 00 00 31 00 37 00 32 00 2E 00 ........ 1.7.2...
>> [0020] 31 00 37 00 2E 00 30 00 2E 00 34 00 31 00 00 00 1.7...0. ..4.1...
>> [0030] 04 00 02 00 0E 00 00 00 00 00 00 00 0E 00 00 00 ........ ........
>> [0040] 6F 70 65 6E 66 6F 72 63 65 2E 6F 72 67 00 00 00 openforc e.org...
>> [0050] 08 00 02 00 11 00 00 00 00 00 00 00 11 00 00 00 ........ ........
>> [0060] 64 63 2E 6F 70 65 6E 66 6F 72 63 65 2E 6F 72 67 dc.openf orce.org
>> [0070] 00 00 00 00 00 00 00 00 01 00 00 00 01 00 00 00 ........ ........
>> [0080] 00 00 00 00 00 00 00 00 ........
>> rpc reply data:
>> [0000] 2C 00 00 00 0C 00 02 00 2C 00 00 00 10 00 01 00 ,....... ,.......
>> [0010] 00 00 00 00 00 00 00 00 00 00 00 00 04 00 01 00 ........ ........
>> [0020] F0 00 00 00 01 00 00 00 84 03 00 00 00 00 00 00 ........ ........
>> [0030] 00 00 00 00 AC 11 00 25 00 00 00 00 .......% ....
>> rpc request data:
>> [0000] 00 00 07 00 00 00 00 00 00 00 02 00 0C 00 00 00 ........ ........
>> [0010] 00 00 00 00 0C 00 00 00 31 00 37 00 32 00 2E 00 ........ 1.7.2...
>> [0020] 31 00 37 00 2E 00 30 00 2E 00 34 00 31 00 00 00 1.7...0. ..4.1...
>> [0030] 04 00 02 00 0E 00 00 00 00 00 00 00 0E 00 00 00 ........ ........
>> [0040] 6F 70 65 6E 66 6F 72 63 65 2E 6F 72 67 00 00 00 openforc e.org...
>> [0050] 11 00 00 00 00 00 00 00 11 00 00 00 64 63 2E 6F ........ ....dc.o
>> [0060] 70 65 6E 66 6F 72 63 65 2E 6F 72 67 00 00 00 00 penforce .org....
>> [0070] 08 00 02 00 04 00 00 00 04 00 01 00 F0 00 00 00 ........ ........
>> [0080] 01 00 00 00 84 03 00 00 00 00 00 00 00 00 00 00 ........ ........
>> [0090] AC 11 00 29 0C 00 02 00 04 00 00 00 04 00 01 00 ...).... ........
>> [00A0] F0 00 00 00 01 00 00 00 84 03 00 00 00 00 00 00 ........ ........
>> [00B0] 00 00 00 00 AC 11 00 25 .......%
>> rpc reply data:
>> [0000] 67 05 00 00 g...
>> ERROR(runtime): uncaught exception - (1383, 'WERR_INTERNAL_DB_ERROR')
>> File "/usr/lib/python2.7/dist-packages/samba/netcmd/__init__.py", line
>> 175, in _run
>> return self.run(*args, **kwargs)
>> File "/usr/lib/python2.7/dist-packages/samba/netcmd/dns.py", line 1132,
>> in run
>>
>> Regards,
>> Niklas
More information about the samba-technical
mailing list