[Samba] Find/delete bad DNS Entry

rschiefer at suturehealth.com rschiefer at suturehealth.com
Mon Apr 23 15:35:49 UTC 2018 

We added a DNS entry to Samba via the Windows DNS Manager which apparently
was invalid. Now we can't see the list of forward lookup in the Window DNS
Manager because it immediately errors and we have to restart the Samba
service.

Running Samba 4.3.11-Ubuntu on Ubuntu 16.04

Additionally, a samba-tool dns query fails with the following error:

> $ samba-tool dns query dc1.mydomain.com mydomain.com @ ALL

> ERROR(runtime): uncaught exception - (-1073741300, 'The transport

> connection is now disconnected.')   File

> "/usr/lib/python2.7/dist-packages/samba/netcmd/__init__.py", line 175,

> in _run

>     return self.run(*args, **kwargs)   File
"/usr/lib/python2.7/dist-packages/samba/netcmd/dns.py", line 994, in

> run

>     None, record_type, select_flags, None, None)

 

This samba-tool command works if I search for a specific entry instead of
"@".

How do we find/delete the bad DNS entry?

Here is the full debug output -

INFO: Current debug levels:

  all: 10

  tdb: 10

  printdrivers: 10

  lanman: 10

  smb: 10

  rpc_parse: 10

  rpc_srv: 10

  rpc_cli: 10

  passdb: 10

  sam: 10

  auth: 10

  winbind: 10

  vfs: 10

  idmap: 10

  quota: 10

  acls: 10

  locking: 10

  msdfs: 10

  dmapi: 10

  registry: 10

  scavenger: 10

  dns: 10

  ldb: 10

  tevent: 10

lpcfg_load: refreshing parameters from /etc/samba/smb.conf

Processing section "[global]"

Processing section "[netlogon]"

Processing section "[sysvol]"

pm_process() returned Yes

GENSEC backend 'gssapi_spnego' registered

GENSEC backend 'gssapi_krb5' registered

GENSEC backend 'gssapi_krb5_sasl' registered

GENSEC backend 'spnego' registered

GENSEC backend 'schannel' registered

GENSEC backend 'naclrpc_as_system' registered

GENSEC backend 'sasl-EXTERNAL' registered

GENSEC backend 'ntlmssp' registered

GENSEC backend 'ntlmssp_resume_ccache' registered

GENSEC backend 'http_basic' registered

GENSEC backend 'http_ntlm' registered

GENSEC backend 'krb5' registered

GENSEC backend 'fake_gssapi_krb5' registered

Using binding ncacn_ip_tcp:dc1.acme.com[,sign]

Mapped to DCERPC endpoint 135

added interface eth0 ip=11.55.3.22 bcast=11.55.3.255 netmask=255.255.255.0

added interface eth0 ip=11.55.3.22 bcast=11.55.3.255 netmask=255.255.255.0

resolve_lmhosts: Attempting lmhosts lookup for name dc1.acme.com<0x20>

startlmhosts: Can't open lmhosts file /etc/samba/lmhosts. Error was No such
file or directory

rpc request data:

[0000] 01 00 00 00 00 00 00 00   00 00 00 00 00 00 00 00   ........ ........

rpc reply data:

[0000] 00 00 00 00 00 00 00 00   00 00 00 00 00 00 00 00   ........ ........

Mapped to DCERPC endpoint 1024

added interface eth0 ip=11.55.3.22 bcast=11.55.3.255 netmask=255.255.255.0

added interface eth0 ip=11.55.3.22 bcast=11.55.3.255 netmask=255.255.255.0

resolve_lmhosts: Attempting lmhosts lookup for name dc1.acme.com<0x20>

startlmhosts: Can't open lmhosts file /etc/samba/lmhosts. Error was No such
file or directory

Starting GENSEC mechanism spnego

Starting GENSEC submechanism gssapi_krb5

Password for [acme\my-admin]:

Received smb_krb5 packet of length 275

Received smb_krb5 packet of length 1373

../librpc/rpc/dcerpc_util.c:173: auth_pad_length 0

gensec_gssapi: NO credentials were delegated

GSSAPI Connection will be cryptographically signed

../librpc/rpc/dcerpc_util.c:173: auth_pad_length 0

rpc request data:

[0000] 00 00 07 00 00 00 00 00   00 00 02 00 16 00 00 00   ........ ........

     t: struct dcerpc_sec_verification_trailer

        _pad                     : DATA_BLOB length=0

        magic                    : 0000000000000000

        count: struct dcerpc_sec_vt_count

            count                    : 0x0002 (2)

        commands: ARRAY(2)

            commands: struct dcerpc_sec_vt

                command                  : 0x0001 (1)

                    0x01: DCERPC_SEC_VT_COMMAND_ENUM (1)

                       0: DCERPC_SEC_VT_COMMAND_END

                       0: DCERPC_SEC_VT_MUST_PROCESS

                u                        : union dcerpc_sec_vt_union(case
0x1)

                bitmask1                 : 0x00000001 (1)

                       1: DCERPC_SEC_VT_CLIENT_SUPPORTS_HEADER_SIGNING

            commands: struct dcerpc_sec_vt

                command                  : 0x4002 (16386)

                    0x02: DCERPC_SEC_VT_COMMAND_ENUM (2)

                       1: DCERPC_SEC_VT_COMMAND_END

                       0: DCERPC_SEC_VT_MUST_PROCESS

                u                        : union dcerpc_sec_vt_union(case
0x2)

                pcontext: struct dcerpc_sec_vt_pcontext

                    abstract_syntax: struct ndr_syntax_id

                        uuid                     :
50abc2a4-574d-40b3-9d66-ee4fd5fba076

                        if_version               : 0x00000005 (5)

                    transfer_syntax: struct ndr_syntax_id

                        uuid                     :
8a885d04-1ceb-11c9-9fe8-08002b104860

                        if_version               : 0x00000002 (2)

ERROR(runtime): uncaught exception - (-1073741300, 'The transport connection
is now disconnected.')

  File "/usr/lib/python2.7/dist-packages/samba/netcmd/__init__.py", line
175, in _run

    return self.run(*args, **kwargs)

  File "/usr/lib/python2.7/dist-packages/samba/netcmd/dns.py", line 994, in
run

    None, record_type, select_flags, None, None)

 

 

 

 

Thanks,

 

Robb Schiefer

Director of Engineering

Suture Health, Inc.

More information about the samba mailing list