[Samba] Find/delete bad DNS Entry

Denis Cardon dcardon at tranquil.it
Tue Apr 24 07:50:10 UTC 2018 

Hi Robb,

> We added a DNS entry to Samba via the Windows DNS Manager which apparently
> was invalid. Now we can't see the list of forward lookup in the Window DNS
> Manager because it immediately errors and we have to restart the Samba
> service.
>
> Running Samba 4.3.11-Ubuntu on Ubuntu 16.04

that's a quite old Samba version and it is EOL'ed. You really should 
upgrade to latest 4.7, there are tons of bugfix since 4.3.

>
> Additionally, a samba-tool dns query fails with the following error:
>
>> $ samba-tool dns query dc1.mydomain.com mydomain.com @ ALL

I have seen issues with corrupted DNS entries in earlier Samba version. 
You could compare the zone between RSAT DNS console and Apache Directory 
Studio connection (look in CN=MicrosoftDNS,DC=DomainDNSZone,DC=,DC=) and 
see what extra spurious entry could lay in your DNS zone.

A more expeditive way is to delete and recreate the zone using the 
samba-tool dns zonedelete / zonecreate. The SRV entries are recreated 
when the server restart. You should just be careful about having your 
kerberos configuration properly so it does not needs DNS to find its KDC 
(you can take a look at krb5.conf file in [1] for inspiration). Then 
you'll have to recreate your DNS entries in that clean'ed up zone.

Cheers,

Denis

[1] 
https://dev.tranquil.it/wiki/SAMBA_-_Installation_samba4_comme_DC_secondaire

>
>> ERROR(runtime): uncaught exception - (-1073741300, 'The transport
>
>> connection is now disconnected.')   File
>
>> "/usr/lib/python2.7/dist-packages/samba/netcmd/__init__.py", line 175,
>
>> in _run
>
>>     return self.run(*args, **kwargs)   File
> "/usr/lib/python2.7/dist-packages/samba/netcmd/dns.py", line 994, in
>
>> run
>
>>     None, record_type, select_flags, None, None)
>
>
>
> This samba-tool command works if I search for a specific entry instead of
> "@".
>
> How do we find/delete the bad DNS entry?
>
> Here is the full debug output -
>
> INFO: Current debug levels:
>
>   all: 10
>
>   tdb: 10
>
>   printdrivers: 10
>
>   lanman: 10
>
>   smb: 10
>
>   rpc_parse: 10
>
>   rpc_srv: 10
>
>   rpc_cli: 10
>
>   passdb: 10
>
>   sam: 10
>
>   auth: 10
>
>   winbind: 10
>
>   vfs: 10
>
>   idmap: 10
>
>   quota: 10
>
>   acls: 10
>
>   locking: 10
>
>   msdfs: 10
>
>   dmapi: 10
>
>   registry: 10
>
>   scavenger: 10
>
>   dns: 10
>
>   ldb: 10
>
>   tevent: 10
>
> lpcfg_load: refreshing parameters from /etc/samba/smb.conf
>
> Processing section "[global]"
>
> Processing section "[netlogon]"
>
> Processing section "[sysvol]"
>
> pm_process() returned Yes
>
> GENSEC backend 'gssapi_spnego' registered
>
> GENSEC backend 'gssapi_krb5' registered
>
> GENSEC backend 'gssapi_krb5_sasl' registered
>
> GENSEC backend 'spnego' registered
>
> GENSEC backend 'schannel' registered
>
> GENSEC backend 'naclrpc_as_system' registered
>
> GENSEC backend 'sasl-EXTERNAL' registered
>
> GENSEC backend 'ntlmssp' registered
>
> GENSEC backend 'ntlmssp_resume_ccache' registered
>
> GENSEC backend 'http_basic' registered
>
> GENSEC backend 'http_ntlm' registered
>
> GENSEC backend 'krb5' registered
>
> GENSEC backend 'fake_gssapi_krb5' registered
>
> Using binding ncacn_ip_tcp:dc1.acme.com[,sign]
>
> Mapped to DCERPC endpoint 135
>
> added interface eth0 ip=11.55.3.22 bcast=11.55.3.255 netmask=255.255.255.0
>
> added interface eth0 ip=11.55.3.22 bcast=11.55.3.255 netmask=255.255.255.0
>
> resolve_lmhosts: Attempting lmhosts lookup for name dc1.acme.com<0x20>
>
> startlmhosts: Can't open lmhosts file /etc/samba/lmhosts. Error was No such
> file or directory
>
> rpc request data:
>
> [0000] 01 00 00 00 00 00 00 00   00 00 00 00 00 00 00 00   ........ ........
>
> rpc reply data:
>
> [0000] 00 00 00 00 00 00 00 00   00 00 00 00 00 00 00 00   ........ ........
>
> Mapped to DCERPC endpoint 1024
>
> added interface eth0 ip=11.55.3.22 bcast=11.55.3.255 netmask=255.255.255.0
>
> added interface eth0 ip=11.55.3.22 bcast=11.55.3.255 netmask=255.255.255.0
>
> resolve_lmhosts: Attempting lmhosts lookup for name dc1.acme.com<0x20>
>
> startlmhosts: Can't open lmhosts file /etc/samba/lmhosts. Error was No such
> file or directory
>
> Starting GENSEC mechanism spnego
>
> Starting GENSEC submechanism gssapi_krb5
>
> Password for [acme\my-admin]:
>
> Received smb_krb5 packet of length 275
>
> Received smb_krb5 packet of length 1373
>
> ../librpc/rpc/dcerpc_util.c:173: auth_pad_length 0
>
> gensec_gssapi: NO credentials were delegated
>
> GSSAPI Connection will be cryptographically signed
>
> ../librpc/rpc/dcerpc_util.c:173: auth_pad_length 0
>
> rpc request data:
>
> [0000] 00 00 07 00 00 00 00 00   00 00 02 00 16 00 00 00   ........ ........
>
>      t: struct dcerpc_sec_verification_trailer
>
>         _pad                     : DATA_BLOB length=0
>
>         magic                    : 0000000000000000
>
>         count: struct dcerpc_sec_vt_count
>
>             count                    : 0x0002 (2)
>
>         commands: ARRAY(2)
>
>             commands: struct dcerpc_sec_vt
>
>                 command                  : 0x0001 (1)
>
>                     0x01: DCERPC_SEC_VT_COMMAND_ENUM (1)
>
>                        0: DCERPC_SEC_VT_COMMAND_END
>
>                        0: DCERPC_SEC_VT_MUST_PROCESS
>
>                 u                        : union dcerpc_sec_vt_union(case
> 0x1)
>
>                 bitmask1                 : 0x00000001 (1)
>
>                        1: DCERPC_SEC_VT_CLIENT_SUPPORTS_HEADER_SIGNING
>
>             commands: struct dcerpc_sec_vt
>
>                 command                  : 0x4002 (16386)
>
>                     0x02: DCERPC_SEC_VT_COMMAND_ENUM (2)
>
>                        1: DCERPC_SEC_VT_COMMAND_END
>
>                        0: DCERPC_SEC_VT_MUST_PROCESS
>
>                 u                        : union dcerpc_sec_vt_union(case
> 0x2)
>
>                 pcontext: struct dcerpc_sec_vt_pcontext
>
>                     abstract_syntax: struct ndr_syntax_id
>
>                         uuid                     :
> 50abc2a4-574d-40b3-9d66-ee4fd5fba076
>
>                         if_version               : 0x00000005 (5)
>
>                     transfer_syntax: struct ndr_syntax_id
>
>                         uuid                     :
> 8a885d04-1ceb-11c9-9fe8-08002b104860
>
>                         if_version               : 0x00000002 (2)
>
> ERROR(runtime): uncaught exception - (-1073741300, 'The transport connection
> is now disconnected.')
>
>   File "/usr/lib/python2.7/dist-packages/samba/netcmd/__init__.py", line
> 175, in _run
>
>     return self.run(*args, **kwargs)
>
>   File "/usr/lib/python2.7/dist-packages/samba/netcmd/dns.py", line 994, in
> run
>
>     None, record_type, select_flags, None, None)
>
>
>
>
>
>
>
>
>
> Thanks,
>
>
>
> Robb Schiefer
>
> Director of Engineering
>
> Suture Health, Inc.
>
>
>

-- 
Denis Cardon
Tranquil IT Systems
Les Espaces Jules Verne, bâtiment A
12 avenue Jules Verne
44230 Saint SĂ©bastien sur Loire
tel : +33 (0) 2.40.97.57.55
http://www.tranquil.it

Samba install wiki for Frenchies : https://dev.tranquil.it
WAPT, software deployment made easy : https://wapt.fr

More information about the samba mailing list