Cannot manage DNS through Windows ADUC or samba-tool

Bram Matthys syzop at vulnscan.org
Mon Feb 17 14:09:00 MST 2014


Hi,

I recently migrated from Windows 2003 + 2008 R2 to Samba 4 (and ditched the
Windows servers). Unfortunately managing DNS from Windows doesn't seem to be
working, and neither does samba-tool dns serverinfo 127.0.0.1 work:
ERROR(runtime): uncaught exception - (9717, 'WERR_DNS_ERROR_DS_UNAVAILABLE')

Just to be clear: DNS itself is working fine, I can ping my workstation from
my server by name, etc.

I found this post, which seems to find the source of the problem:
https://lists.samba.org/archive/samba-technical/2012-April/083081.html
Quoting:
> On Wed, Apr 25, 2012 at 5:35 AM, Greg Dickie <greg at justaguy.ca> wrote:
>> Hi Amitay,
>>
>>  I think I may have figured this out. My AD started out as a 2003 SBS
>> system so the schemas are a bit different. Looking in the rpcdce code
>> for DNS I see that dnsserver_init_serverinfo
>> (rpc_server/dnsserver/dnsutils.c ) is called and starts looking for
>>
>> CN=MicrosoftDNS,DC=DomainDnsZones,...,
>>
>> My schema does not have that, the closest I could find is something that
>> looks like this:
>>
>> dn:
>> DC=DomainDnsZones,DC=example.local,CN=MicrosoftDNS,CN=System,DC=example,DC=local

I think I have the same setup.
In CN=MicrosoftDNS,DC=DomainDnsZones,DC=COMPANY,DC=NET I only have
DC=RootDNSServers.
My DNS zones are under CN=MicrosoftDNS,CN=System,DC=COMPANY,DC=NET
With host entries like:
DC=D-99,DC=company.net,CN=MicrosoftDNS,CN=System,DC=COMPANY,DC=NET

In this post Amitay suggests:
> The older versions of window server (2003 and older) created the DNS
> containers under CN=System in the domain partition, whereas the newer
> windows server (2008+) creates separate application partitions for
> DNS. DNS RPC server uses DNS partitions to store the DNS zone
> information. But for querying purposes, dlz_bind9 module and internal
> DNS server both can read records from CN=System in domain partition.
> DNS RPC server can be easily modified to support CN=System for DNS
> information. Patches are welcome! ;-)
> 
> Amitay.

Did such a patch fail to get in (yet)?

I use samba 4.1.4 with it's internal DNS server.

I checked dnsserver_init_serverinfo in
source4/rpc_server/dnsserver/dnsutils.c and if I read the code well then
this is all good:
serverinfo->pszDsContainer = talloc_asprintf(mem_ctx,
"CN=MicrosoftDNS,DC=DomainDnsZones,%s", ldb_dn_get_linearized(domain_dn));

But later in the code it shows:
serverinfo->pszDomainDirectoryPartition = talloc_asprintf(mem_ctx,
"DC=DomainDnsZones,%s", ldb_dn_get_linearized(domain_dn));
serverinfo->pszForestDirectoryPartition = talloc_asprintf(mem_ctx,
"DC=ForestDnsZones,%s", ldb_dn_get_linearized(forest_dn));
Is this the part I should get rid of or change?

Thanks,

Bram.

-- 
Bram Matthys
Software developer/IT consultant        syzop at vulnscan.org
Website:                                  www.vulnscan.org
PGP key:                       www.vulnscan.org/pubkey.asc
PGP fp: EBCA 8977 FCA6 0AB0 6EDB  04A7 6E67 6D45 7FE1 99A6


More information about the samba-technical mailing list