[Samba] More on bind_dlz - documentation I have not found

Robert Moskowitz rgm at htt-consult.com
Fri Aug 28 16:10:18 UTC 2015 

Progress...

On 08/28/2015 11:59 AM, Rowland Penny wrote:
> On 28/08/15 16:45, Robert Moskowitz wrote:
>>
>>
>> On 08/28/2015 11:04 AM, Rowland Penny wrote:
>>> On 28/08/15 15:56, Robert Moskowitz wrote:
>>>>
>>>>
>>>> On 08/28/2015 10:42 AM, L.P.H. van Belle wrote:
>>>>> Are you setting up a AD DC or old style NT PDC ?
>>>>>
>>>>> see :
>>>>> /etc/default/sernet-samba to "classic". for NT PDC
>>>>> /etc/default/sernet-samba to "ad". for AD DC.
>>>> More:
>>>>
>>>> # service sernet-samba-ad status
>>>> Checking for SAMBA AD services : [FAILED]
>>>>
>>>> # service sernet-samba-ad start
>>>> Starting SAMBA AD services : [  OK  ]
>>>> # [ 4529.028579] nf_conntrack: automatic helper assignment is 
>>>> deprecated and it will be removed soon. Use the iptables CT target 
>>>> to attach helpers instead.
>>>>
>>>> # service sernet-samba-ad status
>>>> Checking for SAMBA AD services : [  OK  ]
>>>>
>>>> # samba-tool dns zonelist localhost
>>>> Password for [HOME\root]:  <- had to figure out what password to use!
>>>> Password for [HOME\root]:  <- got it the second try...
>>>> Failed to bind to uuid 50abc2a4-574d-40b3-9d66-ee4fd5fba076 for 
>>>> ncacn_ip_tcp:127.0.0.1[1024,sign,abstract_syntax=50abc2a4-574d-40b3-9d66-ee4fd5fba076/0x00000005,localaddress=127.0.0.1] 
>>>> NT_STATUS_LOGON_FAILURE
>>>> ERROR(runtime): uncaught exception - (-1073741715, 'Logon failure')
>>>>   File "/usr/lib/python2.7/site-packages/samba/netcmd/__init__.py", 
>>>> line 175, in _run
>>>>     return self.run(*args, **kwargs)
>>>>   File "/usr/lib/python2.7/site-packages/samba/netcmd/dns.py", line 
>>>> 809, in run
>>>>     dns_conn = dns_connect(server, self.lp, self.creds)
>>>>   File "/usr/lib/python2.7/site-packages/samba/netcmd/dns.py", line 
>>>> 40, in dns_connect
>>>>     dns_conn = dnsserver.dnsserver(binding_str, lp, creds
>>>
>>> [snip]
>>>
>>> and try this:
>>>
>>> samba-tool dns zonelist localhost -U Administrator
>>
>> # samba-tool dns zonelist localhost -U Administrator
>> Password for [HOME\Administrator]:
>> Password for [HOME\Administrator]:
>> Failed to bind to uuid 50abc2a4-574d-40b3-9d66-ee4fd5fba076 for 
>> ncacn_ip_tcp:127.0.0.1[1024,sign,abstract_syntax=50abc2a4-574d-40b3-9d66-ee4fd5fba076/0x00000005,localaddress=127.0.0.1] 
>> NT_STATUS_LOGON_FAILURE
>> ERROR(runtime): uncaught exception - (-1073741715, 'Logon failure')
>>   File "/usr/lib/python2.7/site-packages/samba/netcmd/__init__.py", 
>> line 175, in _run
>>     return self.run(*args, **kwargs)
>>   File "/usr/lib/python2.7/site-packages/samba/netcmd/dns.py", line 
>> 809, in run
>>     dns_conn = dns_connect(server, self.lp, self.creds)
>>   File "/usr/lib/python2.7/site-packages/samba/netcmd/dns.py", line 
>> 40, in dns_connect
>>     dns_conn = dnsserver.dnsserver(binding_str, lp, creds)
>>
>>
>> I am wondering if I know what passwords are for HOME\root or 
>> HOME\Administrator!
>>
>> How were these set?
>>
>>
>
> Well, you can forget HOME\root, this doesn't exist :-)

See above.  That is what I got prompted with when I left off the -U; I 
suspect as I am logged in as root.

> HOME\Administrator is set when you provision (you supply the password) 
> or when you carry out the classicupgrade, 

AH that complex password, that I forgot to copy down  :(

> not sure if it uses the password of the old admin user or not, but it 
> doesn't matter, you can reset it:
>
> samba-tool user setpassword Administrator --newpassword=P4ssW0rd*
>
> Note that the password must be complex (and no, don't use the one above)

worked:

# samba-tool dns zonelist localhost -U AdministratorPassword for 
[HOME\Administrator]:
   2 zone(s) found

   pszZoneName                 : home.htt
   Flags                       : DNS_RPC_ZONE_DSINTEGRATED 
DNS_RPC_ZONE_UPDATE_SECURE
   ZoneType                    : DNS_ZONE_TYPE_PRIMARY
   Version                     : 50
   dwDpFlags                   : DNS_DP_AUTOCREATED 
DNS_DP_DOMAIN_DEFAULT DNS_DP_ENLISTED
   pszDpFqdn                   : DomainDnsZones.home.htt

   pszZoneName                 : _msdcs.home.htt
   Flags                       : DNS_RPC_ZONE_DSINTEGRATED 
DNS_RPC_ZONE_UPDATE_SECURE
   ZoneType                    : DNS_ZONE_TYPE_PRIMARY
   Version                     : 50
   dwDpFlags                   : DNS_DP_AUTOCREATED 
DNS_DP_FOREST_DEFAULT DNS_DP_ENLISTED
   pszDpFqdn                   : ForestDnsZones.home.htt

Is there a command to dump the zone?

More information about the samba mailing list