[Samba] samba-tool passwordless
Rowland Penny
rpenny at samba.org
Tue Aug 21 20:00:43 UTC 2018
On Tue, 21 Aug 2018 16:41:09 -0300
Sergio Belkin <sebelk at gmail.com> wrote:
> El vie., 17 ago. 2018 a las 16:06, Rowland Penny via samba (<
> samba at lists.samba.org>) escribió:
>
> > On Fri, 17 Aug 2018 15:55:09 -0300
> > Sergio Belkin via samba <samba at lists.samba.org> wrote:
> >
> > > Hi,
> > >
> > > I'm adding a few DNS RR's using samba-tool. I've tried to use
> > > kerberos but I don't know that to append after -k, I mean:
> > >
> > > samba-tool dns add 192.168.50.40 ejemplo.com samba4 A
> > > 192.168.50.40 -k "something"
> > >
> > > No clue after something, I've tried with Kerberos, KERBEROS,
> > > EXAMPLE.COM
> > >
> > > Is it that possible?
> > >
> > > Thanks in advance
> >
> > The 'something' is 'yes'
> >
> > You need to kinit as Administrator or a member of an administrative
> > group (Administrators, Domain Admins, etc), then run the commaind as
> > the user.
> >
> > Rowland
> >
> > --
> > To unsubscribe from this list go to the following URL and read the
> > instructions: https://lists.samba.org/mailman/options/samba
> >
>
>
> Thanks, now it outputs this error:
>
> samba-tool dns zonelist 192.168.50.40 -k yes
> Failed to bind to uuid 50abc2a4-574d-40b3-9d66-ee4fd5fba076 for
> ncacn_ip_tcp:192.168.50.40[49152,sign,abstract_syntax=50abc2a4-574d-40b3-9d66-ee4fd5fba076/0x00000005,localaddress=192.168.50.40]
> NT_STATUS_INVALID_PARAMETER
> ERROR: Connecting to DNS RPC server 192.168.50.40 failed with
> (-1073741811, 'An invalid parameter was passed to a service or
> function.')
>
> And klist -A:
>
> Credentials cache: FILE:/tmp/krb5cc_0
> Principal: Administrator at EXAMPLE.COM
> Cache version: 4
>
> Server: krbtgt/EXAMPLE.COM at EXAMPLE.COM
> Client: Administrator at EXAMPLE.COM
> Ticket etype: aes256-cts-hmac-sha1-96, kvno 1
> Ticket length: 1132
> Auth time: Aug 21 16:12:43 2018
> End time: Aug 22 02:12:43 2018
> Ticket flags: pre-authent, initial, forwardable
> Addresses: addressless
>
>
> If I omit "-k yes" it prompts for the password, and works but I'd
> like to do the same with kerberos.
>
> Am I doing something wrong?
>
> Thanks in advance
The syntax is 'samba-tool dns zonelist <server>' not 'samba-tool dns
zonelist <ipaddress>
So, after running kinit as the user, running:
samba-tool dns zonelist dc4 -k yes
Should get you something like this:
3 zone(s) found
pszZoneName : samdom.example.com
Flags : DNS_RPC_ZONE_DSINTEGRATED DNS_RPC_ZONE_UPDATE_SECURE
ZoneType : DNS_ZONE_TYPE_PRIMARY
Version : 50
dwDpFlags : DNS_DP_AUTOCREATED DNS_DP_DOMAIN_DEFAULT DNS_DP_ENLISTED
pszDpFqdn : DomainDnsZones.samdom.example.com
pszZoneName : 0.168.192.in-addr.arpa
Flags : DNS_RPC_ZONE_DSINTEGRATED DNS_RPC_ZONE_UPDATE_SECURE
ZoneType : DNS_ZONE_TYPE_PRIMARY
Version : 50
dwDpFlags : DNS_DP_AUTOCREATED DNS_DP_DOMAIN_DEFAULT DNS_DP_ENLISTED
pszDpFqdn : DomainDnsZones.samdom.example.com
pszZoneName : _msdcs.samdom.example.com
Flags : DNS_RPC_ZONE_DSINTEGRATED DNS_RPC_ZONE_UPDATE_SECURE
ZoneType : DNS_ZONE_TYPE_PRIMARY
Version : 50
dwDpFlags : DNS_DP_AUTOCREATED DNS_DP_FOREST_DEFAULT DNS_DP_ENLISTED
pszDpFqdn : ForestDnsZones.samdom.example.com
Rowland
More information about the samba
mailing list