[Samba] Cannot find invalid DNS entry

mathias dufresne infractory at gmail.com
Wed Jul 27 14:54:43 UTC 2016 

What would have better I reckon would have been to explain...

We should not _write_ directly into these files because, as Andrew
explained months ago, the change would not be replicated if applied
directly on these files. To have changes replicated the change MUST be
applied on sam.ldb file which is a wrapper.

Sharing or not sharing, that is the question : )

2016-07-27 14:51 GMT+02:00 Rowland penny <rpenny at samba.org>:

> On 27/07/16 13:40, mathias dufresne wrote:
>
>> Two files are hosting DNS data:
>> /path/to/private/sam.ldb.d/DC=DOMAINDNSZONES,DC=blabla.ldb and
>> /path/to/private/sam.ldb.d/DC=FORESTDNSZONES,DC=blabla.ldb
>>
>> DNS entries are sometimes (often? always?) base64 encoded. You should be
>> able to "grep" for string these files with:
>> ldbsearch --show-binary -H
>> /path/to/private/sam.ldb.d/DC=FORESTDNSZONES,DC=blabla.ldb | grep "what
>> you
>> want"
>>
>> 2016-07-27 13:35 GMT+02:00 Tim Dittler <tim.dittler at rosalux.org>:
>>
>> Hello,
>>>
>>> when I run
>>>
>>> samba_dnsupdate --verbose --all-names -d10
>>>>
>>> it gives me the following output:
>>>
>>> INFO: Current debug levels:
>>>>    all: 10
>>>>    tdb: 10
>>>>    printdrivers: 10
>>>>    lanman: 10
>>>>    smb: 10
>>>>    rpc_parse: 10
>>>>    rpc_srv: 10
>>>>    rpc_cli: 10
>>>>    passdb: 10
>>>>    sam: 10
>>>>    auth: 10
>>>>    winbind: 10
>>>>    vfs: 10
>>>>    idmap: 10
>>>>    quota: 10
>>>>    acls: 10
>>>>    locking: 10
>>>>    msdfs: 10
>>>>    dmapi: 10
>>>>    registry: 10
>>>>    scavenger: 10
>>>>    dns: 10
>>>>    ldb: 10
>>>> lpcfg_load: refreshing parameters from /etc/samba/smb.conf
>>>> Processing section [retained]
>>>> pm_process() returned Yes
>>>> added interface brem1 ip=10.10.1.10 bcast=10.10.1.127
>>>>
>>> netmask=255.255.255.128
>>>
>>>> added interface lo ip=127.0.0.1 bcast=127.255.255.255 netmask=255.0.0.0
>>>> IPs: ['10.10.1.10']
>>>> Security token SIDs (1):
>>>>    SID[  0]: S-1-5-18
>>>>   Privileges (0xFFFFFFFFFFFFFFFF):
>>>>    Privilege[  0]: SeMachineAccountPrivilege
>>>>    Privilege[  1]: SeTakeOwnershipPrivilege
>>>>    Privilege[  2]: SeBackupPrivilege
>>>>    Privilege[  3]: SeRestorePrivilege
>>>>    Privilege[  4]: SeRemoteShutdownPrivilege
>>>>    Privilege[  5]: SePrintOperatorPrivilege
>>>>    Privilege[  6]: SeAddUsersPrivilege
>>>>    Privilege[  7]: SeDiskOperatorPrivilege
>>>>    Privilege[  8]: SeSecurityPrivilege
>>>>    Privilege[  9]: SeSystemtimePrivilege
>>>>    Privilege[ 10]: SeShutdownPrivilege
>>>>    Privilege[ 11]: SeDebugPrivilege
>>>>    Privilege[ 12]: SeSystemEnvironmentPrivilege
>>>>    Privilege[ 13]: SeSystemProfilePrivilege
>>>>    Privilege[ 14]: SeProfileSingleProcessPrivilege
>>>>    Privilege[ 15]: SeIncreaseBasePriorityPrivilege
>>>>    Privilege[ 16]: SeLoadDriverPrivilege
>>>>    Privilege[ 17]: SeCreatePagefilePrivilege
>>>>    Privilege[ 18]: SeIncreaseQuotaPrivilege
>>>>    Privilege[ 19]: SeChangeNotifyPrivilege
>>>>    Privilege[ 20]: SeUndockPrivilege
>>>>    Privilege[ 21]: SeManageVolumePrivilege
>>>>    Privilege[ 22]: SeImpersonatePrivilege
>>>>    Privilege[ 23]: SeCreateGlobalPrivilege
>>>>    Privilege[ 24]: SeEnableDelegationPrivilege
>>>>   Rights (0x               0):
>>>> lpcfg_servicenumber: couldn't find ldb
>>>> schema_fsmo_init: we are master[yes] updates allowed[no]
>>>> schema_fsmo_init: we are master[yes] updates allowed[no]
>>>> Traceback (most recent call last):
>>>>    File "/usr/sbin/samba_dnsupdate", line 540, in <module>
>>>>      c = parse_dns_line(line, {})
>>>>    File "/usr/sbin/samba_dnsupdate", line 179, in parse_dns_line
>>>>      return dnsobj(subline)
>>>>    File "/usr/sbin/samba_dnsupdate", line 134, in __init__
>>>>      raise Exception("Invalid DNS entry %r" % string_form)
>>>> Exception: Invalid DNS entry 'TDB file'
>>>>
>>> However, I'm not able to find "TDB file" in any of the files in
>>> /var/lib/samba/private/sam.ldb.d.
>>>
>>> Am I looking in the wrong place? Or how can I delete this DNS entry?
>>>
>>> Thank you very much,
>>> Tim
>>>
>>>
>>>
>>> --
>>> To unsubscribe from this list go to the following URL and read the
>>> instructions:  https://lists.samba.org/mailman/options/samba
>>>
>>>
> I wouldn't suggest doing this, unless things have changed, you shouldn't
> directly act on the .ldb files stored in sam.ldb.d
>
> What you can do is:
>
> ldbsearch --show-binary --cross-ncs -H /path/to/sam.ldb | grep 'whatever'
>
> Rowland
>
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
>

More information about the samba mailing list