[Samba] Provision new domain keeping users and passwords (mike)

Mike Lykov combr at samges.ru
Thu Mar 30 04:38:48 UTC 2017 

29.03.2017 18:13, L.P.H. van Belle via samba пишет:
> Hai Mike,
>
> Are you running samba internal DNS or bind9_DLZ.

internal

> In your case, can you give an example of "undeletable" item?
> And did you check the rights on the dns object before trying to remove it.

# net rpc group members "Domain Admins" -U lmy
Enter lmy's password:
SAMGES\Administrator
SAMGES\lmy
SAMGES\bee

For "Domain Admins" to the record rights is "Full control" (i don't know 
how to show object rights in console, I using DNS MMC from RSAT)

AD domain zone is dc.samges.ru
and I have a hand-created (via RSAT - DNS - create new zone) zone samges.ru.

Any object in this zone is undeletable.

# samba-tool dns delete ad51.samges.ru samges.ru vjud A 213.156.210.216 
-U lmy
GENSEC backend 'gssapi_spnego' registered
GENSEC backend 'gssapi_krb5' registered
GENSEC backend 'gssapi_krb5_sasl' registered
GENSEC backend 'schannel' registered
GENSEC backend 'spnego' registered
GENSEC backend 'ntlmssp' registered
GENSEC backend 'krb5' registered
GENSEC backend 'fake_gssapi_krb5' registered
Using binding ncacn_ip_tcp:ad51.samges.ru[,sign]
Password for [SAMGES\lmy]:
ERROR(runtime): uncaught exception - (1383, 'WERR_INTERNAL_DB_ERROR')
   File "/usr/lib/python2.7/dist-packages/samba/netcmd/__init__.py", 
line 175, in _run
     return self.run(*args, **kwargs)
   File "/usr/lib/python2.7/dist-packages/samba/netcmd/dns.py", line 
1184, in run
     del_rec_buf)


But after creating zone (a month later) we accidentally delete some 
machine accounts, and after trying to restore it in LDAP we have a 
errors in DomainDNSZones like this:

samba-tool dbcheck --fix
(.... many similar errors ...)

---------------------------
ERROR: parent object not found for 
DC=SAMG62\0ADEL:ccc70e60-4086-49b0-86f0-e5b4af86666d,CN=Deleted 
Objects,DC=DomainDnsZones,DC=dc,DC=samges,DC=ru
Move object 
DC=SAMG62\0ADEL:ccc70e60-4086-49b0-86f0-e5b4af86666d,CN=Deleted 
Objects,DC=DomainDnsZones,DC=dc,DC=samg
es,DC=ru into LostAndFound? [YES]

Renamed object 
DC=SAMG62\0ADEL:ccc70e60-4086-49b0-86f0-e5b4af86666d,CN=Deleted 
Objects,DC=DomainDnsZones,DC=dc,DC=s
amges,DC=ru into lostAndFound at 
DC=SAMG62\0ADEL:ccc70e60-4086-49b0-86f0-e5b4af86666d,CN=LostAndFound,DC=DomainDnsZones,DC=dc,DC=samges,DC=ru

Set lastKnownParent on lostAndFound object at 
DC=SAMG62\0ADEL:ccc70e60-4086-49b0-86f0-e5b4af86666d,CN=LostAndFound,
DC=DomainDnsZones,DC=dc,DC=samges,DC=ru

ERROR: missing GUID component for lastKnownParent in object 
DC=SAMG146\0ADEL:c1531dae-eb09-4d2b-8270-4e91b73a6cad,C
N=LostAndFound,DC=DomainDnsZones,DC=dc,DC=samges,DC=ru - CN=Deleted 
Objects,DC=DomainDnsZones,DC=dc,DC=samges,DC=ru
unable to find object for DN CN=Deleted 
Objects,DC=DomainDnsZones,DC=dc,DC=samges,DC=ru - (No such Base DN: 
CN=Deleted Objects,DC=DomainDnsZones,DC=dc,DC=samges,DC=ru)

Not removing dangling forward link
Segmentation fault
-------------------------------



-- 
Mike Lykov, system administrator

More information about the samba mailing list