[Samba] recreate/re-provision DNS db from scratch?

Rowland Penny rowlandpenny at googlemail.com
Tue Feb 24 15:11:27 MST 2015 

On 24/02/15 21:04, Bram Matthys wrote:
> Hi Marc,
>
> Thanks for getting back to me.
>
> Marc Muehlfeld wrote on 24-2-2015 21:12:
>> Hello Bram,
>>
>> Am 24.02.2015 um 12:37 schrieb Bram Matthys:
>>> Is there a way to re-initialize/re-provision DNS?
>> No.
>>
> That would be a pitty.
>
>>> well.. I suppose since I started with 4.0.6 (migrated from Samba 3.x) but
>>> from a users' point of view everything worked fine.. it was mostly the DNS
>>> management from group policy that wasn't working.
>>> ...
>>> Today I wanted to install 4.1.17 but after the upgrade things go bad. On one
>>> hand DNS seems to work fine (can resolve the DC, etc).
>> You did an update from an old version. There were some changes
>> meanwhile, you have to pay attention:
>> https://wiki.samba.org/index.php/Updating_Samba#Other_changes_you_should_pay_attention_to.2C_when_updating
> Right.. The first two, the pem files and LDAP DNS Entries are fixed by Samba
> when it starts/runs, right.
>
> Then the 3rd one "Fixing dynamic DNS update problems (updating from <
> 4.0.7)" refers to this URL:
> https://wiki.samba.org/index.php/Fix_DNS_dynamic_updates_in_Samba_versions_prior_4.0.7
> This is what I attempted. As you can see in my original e-mail it resulted
> in a mysterious Memory allocation error (with X gb free, so must be
> something else). Let me paste a bit more context of the error:
>
> # dns query 192.168.2.4 jnet.hermanjordan.nl @ ALL
> INFO: Current debug levels:
>    all: 9
>    tdb: 9
>    printdrivers: 9
>    lanman: 9
>    smb: 9
>    rpc_parse: 9
>    rpc_srv: 9
>    rpc_cli: 9
>    passdb: 9
>    sam: 9
>    auth: 9
>    winbind: 9
>    vfs: 9
>    idmap: 9
>    quota: 9
>    acls: 9
>    locking: 9
>    msdfs: 9
>    dmapi: 9
>    registry: 9
>    scavenger: 9
>    dns: 9
>    ldb: 9
> params.c:pm_process() - Processing configuration file "/etc/smb_shares.conf"
> ..
> pm_process() returned Yes
> GENSEC backend 'gssapi_spnego' registered
> GENSEC backend 'gssapi_krb5' registered
> GENSEC backend 'gssapi_krb5_sasl' registered
> GENSEC backend 'schannel' registered
> GENSEC backend 'spnego' registered
> GENSEC backend 'ntlmssp' registered
> GENSEC backend 'krb5' registered
> GENSEC backend 'fake_gssapi_krb5' registered
> Using binding ncacn_ip_tcp:192.168.2.4[,sign]
> Mapped to DCERPC endpoint 135
> added interface jnet ip=192.168.2.4 bcast=192.168.7.255 netmask=255.255.248.0
> added interface wifi ip=10.0.0.2 bcast=10.255.255.255 netmask=255.0.0.0
> added interface jnet ip=192.168.2.4 bcast=192.168.7.255 netmask=255.255.248.0
> added interface wifi ip=10.0.0.2 bcast=10.255.255.255 netmask=255.0.0.0
> ERROR(runtime): uncaught exception - (-1073741801, 'Memory allocation error')
>    File
> "/usr/local/samba/lib/python2.7/site-packages/samba/netcmd/__init__.py",
> line 175, in _run
>      return self.run(*args, **kwargs)
>    File "/usr/local/samba/lib/python2.7/site-packages/samba/netcmd/dns.py",
> line 987, in run
>      dns_conn = dns_connect(server, self.lp, self.creds)
>    File "/usr/local/samba/lib/python2.7/site-packages/samba/netcmd/dns.py",
> line 40, in dns_connect
>      dns_conn = dnsserver.dnsserver(binding_str, lp, creds)
>
> and
>
> # /usr/local/samba/bin/samba-tool dns zonelist 192.168.2.4
> ..
> Using binding ncacn_ip_tcp:192.168.2.4[,sign]
> Mapped to DCERPC endpoint 135
> added interface jnet ip=192.168.2.4 bcast=192.168.7.255 netmask=255.255.248.0
> added interface wifi ip=10.0.0.2 bcast=10.255.255.255 netmask=255.0.0.0
> added interface jnet ip=192.168.2.4 bcast=192.168.7.255 netmask=255.255.248.0
> added interface wifi ip=10.0.0.2 bcast=10.255.255.255 netmask=255.0.0.0
> ERROR(runtime): uncaught exception - (-1073741801, 'Memory allocation error')
>    File
> "/usr/local/samba/lib/python2.7/site-packages/samba/netcmd/__init__.py",
> line 175, in _run
>      return self.run(*args, **kwargs)
>    File "/usr/local/samba/lib/python2.7/site-packages/samba/netcmd/dns.py",
> line 809, in run
>      dns_conn = dns_connect(server, self.lp, self.creds)
>    File "/usr/local/samba/lib/python2.7/site-packages/samba/netcmd/dns.py",
> line 40, in dns_connect
>      dns_conn = dnsserver.dnsserver(binding_str, lp, creds)
>
> I also ran all the commands mentioned in the section called "Updates of
> early Samba 4 version on Samba Active Directory DCs ". So I ran the dbcheck,
> the ntacl sysvolreset, etc.
>
>> - How many DCs do you have?
>> - What Samba versions do your DCs run?
>> - Does replication works?
> One Samba server (DC & file server), no replication, 4.0.6 and this is my
> Xth attempt to upgrade the #@$^ thing. Each time it ends up broken and I
> have to rollback, unfortunately. And each time I hope a new version fixes
> the issue or that I can find the cause. As you can imagine this is quite a
> problem, not in the least with regards to security.
>
> The machine is a virtualized host on KVM, Linux, fully up to date Debian 7.8
> (wheezy), 64 bit. Not sure what else to say about it.
>
>> - Do you use the internal DNS or BIND_DLZ?
> Internal.
>
> Also, I'm using './configure' without any arguments. All pretty standard I
> would say.
>
>> - Is Samba/BIND listening on port 53 (netstat -taunp|grep :53)
>> - Does DNS entries resolve on the server (try
>> https://wiki.samba.org/index.php/Samba_AD_DC_HOWTO#Testing_DNS)
> Resolving works fine both on the box itself (I tested 'host
> jnet.hermanjordan.nl 127.0.0.1' and on the 192.168.2.4 lan IP) and from the
> Windows client. I must confess I did not check the two SRV records at that
> time (but see next).
>
> I can login from a Windows client, but in eventlog and with gpupdate I get
> strange errors about not finding the logon server or unable to lookup the
> computer name or account name (well, what I wrote earlier).
> Similarly, on Windows the DNS MMC tool sometimes gave an error after
> connecting to the DC about DNS not being available for management (so to
> say). Then a minute later or after a restart it worked, then a little later
> it broke again and after F5 it's completely broken again. Broken as in: the
> UI says there's a problem with the zone file. That's on 4.1.17 and that's
> why I think there must be something broken... it shouldn't flip/flop.
>
> I would tend to think that all the issues I'm seeing, 1) the samba-tool dns
> giving a mysterious error, 2) the DNS MMC/RSAT tool giving strange results,
> and 3) the errors on the client with regards to group policy, are all
> related / caused by the same thing. But I'm stuck as to.. how to proceed.
>
> If there's no way to re-provision/re-create all the DNS stuff, then do you
> have any ideas on the "samba-tool dns" issues? If it's all the same issue
> then that one may be the best entry to debug my issue? (Samba speaking to
> Samba after all)
> The command works on 4.0.6 (.. but.. again.. I don't want to be stuck with
> such an old version), but not on 4.1.17.
> Unless, of course, that issue is completely unrelated. I kinda hope it's
> related, though.
>
> Thanks a lot for taking the time to look into this!
>
> Bram.
>
>

Have you by any chance modified the files in the sam.ldb.d directory ??

Rowland

More information about the samba mailing list