[Samba] samba4 AD DNS zone corrupted
Johannes Schmid
smbml at rotfl.org
Wed Nov 28 16:59:51 MST 2012
On 11/27/2012 08:32 PM, Matthieu Patou wrote:
>On 11/27/2012 02:56 PM, Johannes Schmid wrote:
>>
>> # samba-tool dns query sambapdc.mydomain.local mydomain.local @ ALL
>>
>> ERROR(runtime): uncaught exception - (1383, 'WERR_INTERNAL_DB_ERROR')
>> File "/usr/lib/python2.7/dist-packages/samba/netcmd/__init__.py",
>> line 162, in _run
>> return self.run(*args, **kwargs)
>> File "/usr/lib/python2.7/dist-packages/samba/netcmd/dns.py", line
>> 925, in run
>
> Can you restart samba ?
> Also can you rerun this command with -d 10 and post the log on the
> list ?
Restarting samba did not help (I already tried that multiple times).
But thanks for the hint. I should have tried that myself! Anyway, I
found what the problem is. Basically the problem cannot be seen in the
samba-tool dns query debug output, but it can be seen on the samba
*server* debug output. It look like the problem is an invalid record in
the DNS zone:
[2012/11/29 00:30:46, 2]
../source4/rpc_server/dnsserver/dnsdb.c:136(dnsserver_db_enumerate_zones)
dnsserver: Found DNS zone .
[2012/11/29 00:30:46, 2]
../source4/rpc_server/dnsserver/dnsdb.c:136(dnsserver_db_enumerate_zones)
dnsserver: Found DNS zone mydomain.local
[2012/11/29 00:30:46, 2]
../source4/rpc_server/dnsserver/dnsdb.c:136(dnsserver_db_enumerate_zones)
dnsserver: Found DNS zone 122.168.192.in-addr.arpa
[2012/11/29 00:30:46, 2]
../source4/rpc_server/dnsserver/dnsdb.c:136(dnsserver_db_enumerate_zones)
dnsserver: Found DNS zone _msdcs.mydomain.local
[2012/11/29 00:30:46, 1] ../librpc/ndr/ndr.c:411(ndr_pull_error)
ndr_pull_error(11): Pull bytes 10 (../librpc/ndr/ndr_basic.c:420)
[2012/11/29 00:30:46, 0]
../source4/rpc_server/dnsserver/dnsdata.c:782(dns_fill_records_array)
dnsserver: Unable to parse dns record
(DC=_kerberos,DC=mydomain.local,CN=MicrosoftDNS,DC=DomainDnsZones,DC=mydomain,DC=local)Terminating
connection - 'NT_STATUS_CONNECTION_DISCONNECTED'
[2012/11/29 00:30:46, 5]
../source4/lib/messaging/messaging.c:554(imessaging_cleanup)
imessaging: cleaning up /var/lib/samba/private/smbd.tmp/msg/msg.0:0.43
[2012/11/29 00:30:46, 3]
../source4/smbd/process_single.c:104(single_terminate)
single_terminate: reason[NT_STATUS_CONNECTION_DISCONNECTED]
I now remember that I added the _kerberos.mydomain.local TXT record in
the Windows DNS administration MSC GUI. I now know that it is not
necessary at all and that it shouldn't be there :)
But I get an error when trying to delete the record:
# samba-tool dns delete sambapdc.mydomain.local mydomain.local _kerberos
TXT MYDOMAIN.LOCAL
ERROR: Deleting record of type TXT is not supported
Looks like samba isn't ready for handling TXT records in DNS :-(
Unfortunately, I somehow got my TXT record into the zone and I have no
idea how to remove it again.
Again, any help is really appreciated!
-----
PS: For completeness, here is the requested output:
# samba-tool dns query sambapdc.mydomain.local mydomain.local @ ALL -d 10
INFO: Current debug levels:
all: 10
tdb: 10
printdrivers: 10
lanman: 10
smb: 10
rpc_parse: 10
rpc_srv: 10
rpc_cli: 10
passdb: 10
sam: 10
auth: 10
winbind: 10
vfs: 10
idmap: 10
quota: 10
acls: 10
locking: 10
msdfs: 10
dmapi: 10
registry: 10
lpcfg_load: refreshing parameters from /etc/samba/smb.conf
params.c:pm_process() - Processing configuration file "/etc/samba/smb.conf"
Processing section "[global]"
Processing section "[netlogon]"
Processing section "[sysvol]"
pm_process() returned Yes
GENSEC backend 'gssapi_spnego' registered
GENSEC backend 'gssapi_krb5' registered
GENSEC backend 'gssapi_krb5_sasl' registered
GENSEC backend 'schannel' registered
GENSEC backend 'spnego' registered
GENSEC backend 'ntlmssp' registered
GENSEC backend 'krb5' registered
GENSEC backend 'fake_gssapi_krb5' registered
Using binding ncacn_ip_tcp:sambapdc.mydomain.local[,sign]
Mapped to DCERPC endpoint 135
added interface br0 ip=fe80::ea40:f2ff:fe3e:4e04%br0
bcast=fe80::ffff:ffff:ffff:ffff%br0 netmask=ffff:ffff:ffff:ffff::
added interface vnet0 ip=fe80::fc54:ff:fe13:2bb1%vnet0
bcast=fe80::ffff:ffff:ffff:ffff%vnet0 netmask=ffff:ffff:ffff:ffff::
added interface br0 ip=192.168.35.30 bcast=192.168.35.255
netmask=255.255.255.0
added interface br0 ip=fe80::ea40:f2ff:fe3e:4e04%br0
bcast=fe80::ffff:ffff:ffff:ffff%br0 netmask=ffff:ffff:ffff:ffff::
added interface vnet0 ip=fe80::fc54:ff:fe13:2bb1%vnet0
bcast=fe80::ffff:ffff:ffff:ffff%vnet0 netmask=ffff:ffff:ffff:ffff::
added interface br0 ip=192.168.35.30 bcast=192.168.35.255
netmask=255.255.255.0
rpc request data:
[0000] 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........
[0010] 00 00 00 00 02 00 00 00 4B 00 00 00 4B 00 00 00 ........ K...K...
[0020] 05 00 13 00 0D A4 C2 AB 50 4D 57 B3 40 9D 66 EE ........ PMW. at .f.
[0030] 4F D5 FB A0 76 05 00 02 00 00 00 13 00 0D 04 5D O...v... .......]
[0040] 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 60 02 00 ........ ..+.H`..
[0050] 02 00 00 00 01 00 0B 02 00 00 00 01 00 07 02 00 ........ ........
[0060] 00 00 01 00 09 04 00 00 00 00 00 00 00 00 00 00 ........ ........
[0070] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........
[0080] 01 00 00 00 ....
rpc reply data:
[0000] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........
[0010] 00 00 00 00 01 00 00 00 01 00 00 00 00 00 00 00 ........ ........
[0020] 01 00 00 00 03 00 00 00 4B 00 00 00 4B 00 00 00 ........ K...K...
[0030] 05 00 13 00 0D A4 C2 AB 50 4D 57 B3 40 9D 66 EE ........ PMW. at .f.
[0040] 4F D5 FB A0 76 05 00 02 00 00 00 13 00 0D 04 5D O...v... .......]
[0050] 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 60 02 00 ........ ..+.H`..
[0060] 02 00 00 00 01 00 0B 02 00 00 00 01 00 07 02 00 ........ ........
[0070] 04 00 01 00 09 04 00 00 00 00 00 00 00 00 00 00 ........ ........
Mapped to DCERPC endpoint 1024
added interface br0 ip=fe80::ea40:f2ff:fe3e:4e04%br0
bcast=fe80::ffff:ffff:ffff:ffff%br0 netmask=ffff:ffff:ffff:ffff::
added interface vnet0 ip=fe80::fc54:ff:fe13:2bb1%vnet0
bcast=fe80::ffff:ffff:ffff:ffff%vnet0 netmask=ffff:ffff:ffff:ffff::
added interface br0 ip=192.168.35.30 bcast=192.168.35.255
netmask=255.255.255.0
added interface br0 ip=fe80::ea40:f2ff:fe3e:4e04%br0
bcast=fe80::ffff:ffff:ffff:ffff%br0 netmask=ffff:ffff:ffff:ffff::
added interface vnet0 ip=fe80::fc54:ff:fe13:2bb1%vnet0
bcast=fe80::ffff:ffff:ffff:ffff%vnet0 netmask=ffff:ffff:ffff:ffff::
added interface br0 ip=192.168.35.30 bcast=192.168.35.255
netmask=255.255.255.0
Starting GENSEC mechanism spnego
Starting GENSEC submechanism gssapi_krb5
Ticket in credentials cache for administrator at mydomain.local will expire
in 35471 secs
Received smb_krb5 packet of length 1286
../librpc/rpc/dcerpc_util.c:140: auth_pad_length 0
gensec_gssapi: credentials were delegated
GSSAPI Connection will be cryptographically signed
../librpc/rpc/dcerpc_util.c:140: auth_pad_length 0
[0000] 00 00 07 00 00 00 00 00 00 00 02 00 18 00 00 00 ........ ........
[0010] 00 00 00 00 18 00 00 00 73 00 61 00 6D 00 62 00 ........ s.a.m.b.
[0020] 61 00 70 00 64 00 63 00 2E 00 6D 00 79 00 64 00 a.p.d.c. ..m.y.d.
[0030] 6F 00 6D 00 61 00 69 00 6E 00 2E 00 6C 00 6F 00 o.m.a.i. n...l.o.
[0040] 63 00 61 00 6C 00 00 00 04 00 02 00 0F 00 00 00 c.a.l... ........
[0050] 00 00 00 00 0F 00 00 00 6D 79 64 6F 6D 61 69 6E ........ mydomain
[0060] 2E 6C 6F 63 61 6C 00 00 08 00 02 00 02 00 00 00 .local.. ........
[0070] 00 00 00 00 02 00 00 00 40 00 00 00 00 00 00 00 ........ @.......
[0080] FF 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 ........ ........
../librpc/rpc/dcerpc_util.c:140: auth_pad_length 4
rpc reply data:
[0000] 00 00 00 00 00 00 00 00 67 05 00 00 ........ g...
ERROR(runtime): uncaught exception - (1383, 'WERR_INTERNAL_DB_ERROR')
File "/usr/lib/python2.7/dist-packages/samba/netcmd/__init__.py",
line 162, in _run
return self.run(*args, **kwargs)
File "/usr/lib/python2.7/dist-packages/samba/netcmd/dns.py", line
925, in run
None)
--
Best regards,
-Johannes.
More information about the samba
mailing list