[Samba] samba-tool passwordless
Sergio Belkin
sebelk at gmail.com
Tue Aug 21 20:29:57 UTC 2018
El mar., 21 ago. 2018 a las 17:01, Rowland Penny via samba (<
samba at lists.samba.org>) escribió:
> On Tue, 21 Aug 2018 16:41:09 -0300
> Sergio Belkin <sebelk at gmail.com> wrote:
>
> > El vie., 17 ago. 2018 a las 16:06, Rowland Penny via samba (<
> > samba at lists.samba.org>) escribió:
> >
> > > On Fri, 17 Aug 2018 15:55:09 -0300
> > > Sergio Belkin via samba <samba at lists.samba.org> wrote:
> > >
> > > > Hi,
> > > >
> > > > I'm adding a few DNS RR's using samba-tool. I've tried to use
> > > > kerberos but I don't know that to append after -k, I mean:
> > > >
> > > > samba-tool dns add 192.168.50.40 ejemplo.com samba4 A
> > > > 192.168.50.40 -k "something"
> > > >
> > > > No clue after something, I've tried with Kerberos, KERBEROS,
> > > > EXAMPLE.COM
> > > >
> > > > Is it that possible?
> > > >
> > > > Thanks in advance
> > >
> > > The 'something' is 'yes'
> > >
> > > You need to kinit as Administrator or a member of an administrative
> > > group (Administrators, Domain Admins, etc), then run the commaind as
> > > the user.
> > >
> > > Rowland
> > >
> > > --
> > > To unsubscribe from this list go to the following URL and read the
> > > instructions: https://lists.samba.org/mailman/options/samba
> > >
> >
> >
> > Thanks, now it outputs this error:
> >
> > samba-tool dns zonelist 192.168.50.40 -k yes
> > Failed to bind to uuid 50abc2a4-574d-40b3-9d66-ee4fd5fba076 for
> >
> ncacn_ip_tcp:192.168.50.40[49152,sign,abstract_syntax=50abc2a4-574d-40b3-9d66-ee4fd5fba076/0x00000005,localaddress=192.168.50.40]
> > NT_STATUS_INVALID_PARAMETER
> > ERROR: Connecting to DNS RPC server 192.168.50.40 failed with
> > (-1073741811, 'An invalid parameter was passed to a service or
> > function.')
> >
> > And klist -A:
> >
> > Credentials cache: FILE:/tmp/krb5cc_0
> > Principal: Administrator at EXAMPLE.COM
> > Cache version: 4
> >
> > Server: krbtgt/EXAMPLE.COM at EXAMPLE.COM
> > Client: Administrator at EXAMPLE.COM
> > Ticket etype: aes256-cts-hmac-sha1-96, kvno 1
> > Ticket length: 1132
> > Auth time: Aug 21 16:12:43 2018
> > End time: Aug 22 02:12:43 2018
> > Ticket flags: pre-authent, initial, forwardable
> > Addresses: addressless
> >
> >
> > If I omit "-k yes" it prompts for the password, and works but I'd
> > like to do the same with kerberos.
> >
> > Am I doing something wrong?
> >
> > Thanks in advance
>
> The syntax is 'samba-tool dns zonelist <server>' not 'samba-tool dns
> zonelist <ipaddress>
>
> So, after running kinit as the user, running:
>
> samba-tool dns zonelist dc4 -k yes
>
> Should get you something like this:
>
> 3 zone(s) found
>
> pszZoneName : samdom.example.com
> Flags : DNS_RPC_ZONE_DSINTEGRATED
> DNS_RPC_ZONE_UPDATE_SECURE
> ZoneType : DNS_ZONE_TYPE_PRIMARY
> Version : 50
> dwDpFlags : DNS_DP_AUTOCREATED DNS_DP_DOMAIN_DEFAULT
> DNS_DP_ENLISTED
> pszDpFqdn : DomainDnsZones.samdom.example.com
>
> pszZoneName : 0.168.192.in-addr.arpa
> Flags : DNS_RPC_ZONE_DSINTEGRATED
> DNS_RPC_ZONE_UPDATE_SECURE
> ZoneType : DNS_ZONE_TYPE_PRIMARY
> Version : 50
> dwDpFlags : DNS_DP_AUTOCREATED DNS_DP_DOMAIN_DEFAULT
> DNS_DP_ENLISTED
> pszDpFqdn : DomainDnsZones.samdom.example.com
>
> pszZoneName : _msdcs.samdom.example.com
> Flags : DNS_RPC_ZONE_DSINTEGRATED
> DNS_RPC_ZONE_UPDATE_SECURE
> ZoneType : DNS_ZONE_TYPE_PRIMARY
> Version : 50
> dwDpFlags : DNS_DP_AUTOCREATED DNS_DP_FOREST_DEFAULT
> DNS_DP_ENLISTED
> pszDpFqdn : ForestDnsZones.samdom.example.com
>
> Rowland
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
>
Thanks that made the trick. I wonder why does it work with IP address using
password :-)
--
--
Sergio Belkin
LPIC-2 Certified - http://www.lpi.org
More information about the samba
mailing list