[Samba] New DNS-Records not aviable
Christian Naumer
cn at brain-biotech.de
Tue Feb 11 08:22:39 UTC 2020
Hi Louis.
Am 10.02.20 um 16:44 schrieb L.P.H. van Belle via samba:
> Hai Christian,
>
>> Can someone reproduce this?
> No, tried, but sorry, works fine for me on my 4.11.6 server.
>
> And what is you try it like this.
>
> samba-tool dns add dc1.zone1.domain.de 0.168.192.in-addr.arpa 157 PTR zone1.domain.de -U Administrator
This creates this entry (output from host 192.168.2.157, host
192.168.0.157 returns NXDOMAIN):
157.2.168.192.in-addr.arpa domain name pointer zone1.hq.brain-biotech.de.
> samba-tool dns add dc1.zone1.domain.de 2.168.192.in-addr.arpa 157 PTR zone2.domain.de -U Administrator
This creates the right record:
157.2.168.192.in-addr.arpa domain name pointer zone2.hq.brain-biotech.de.
I tested some more. I have these zones:
0.168.192.in-addr.arpa
1.168.192.in-addr.arpa
2.168.192.in-addr.arpa
3.168.192.in-addr.arpa
4.168.192.in-addr.arpa
5.168.192.in-addr.arpa
6.168.192.in-addr.arpa
7.168.192.in-addr.arpa
I can create in all zone the right record except "0" where it is then
created in "2" (not in "1") only if there is already a record with the
same last digit. The zones 0,1 and 2 contain ~100-200 records the rest
only 10 or so.
In another attempt I deleted all the records I created in the test and
tried again. Strangely it only happens if in zone "2" there is a record
with the same last digit. Then the new record is created in zone "2"
although I want it in zone "0".
It also works if in zone "0" there is an entry and I try to create zone
in zone "2". The record is then created in zone "0".
Here is a sequence of commands used with a d10:
Add a record in zone "2":
samba-tool dns add dc1.domain.de 2.168.192.in-addr.arpa 157 PTR
zone0.domain.de -U Administrator
Password for [DOMAIN-02\Administrator]:
Record added successfully
Check record:
host 192.168.2.157
157.2.168.192.in-addr.arpa domain name pointer zone0.domain.de.
Add the record in zone "0" with d10:
samba-tool dns add dc1.domain.de 0.168.192.in-addr.arpa 157 PTR
zone0.domain.de -d10 -U Administrator
INFO: Current debug levels:
all: 10
tdb: 10
printdrivers: 10
lanman: 10
smb: 10
rpc_parse: 10
rpc_srv: 10
rpc_cli: 10
passdb: 10
sam: 10
auth: 10
winbind: 10
vfs: 10
idmap: 10
quota: 10
acls: 10
locking: 10
msdfs: 10
dmapi: 10
registry: 10
scavenger: 10
dns: 10
ldb: 10
tevent: 10
auth_audit: 10
auth_json_audit: 10
kerberos: 10
drs_repl: 10
smb2: 10
smb2_credits: 10
dsdb_audit: 10
dsdb_json_audit: 10
dsdb_password_audit: 10
dsdb_password_json_audit: 10
dsdb_transaction_audit: 10
dsdb_transaction_json_audit: 10
dsdb_group_audit: 10
dsdb_group_json_audit: 10
lpcfg_load: refreshing parameters from /etc/samba/smb.conf
Processing section "[global]"
Processing section "[netlogon]"
Processing section "[sysvol]"
pm_process() returned Yes
GENSEC backend 'gssapi_spnego' registered
GENSEC backend 'gssapi_krb5' registered
GENSEC backend 'gssapi_krb5_sasl' registered
GENSEC backend 'spnego' registered
GENSEC backend 'schannel' registered
GENSEC backend 'naclrpc_as_system' registered
GENSEC backend 'sasl-EXTERNAL' registered
GENSEC backend 'ntlmssp' registered
GENSEC backend 'ntlmssp_resume_ccache' registered
GENSEC backend 'http_basic' registered
GENSEC backend 'http_ntlm' registered
GENSEC backend 'http_negotiate' registered
GENSEC backend 'krb5' registered
GENSEC backend 'fake_gssapi_krb5' registered
Using binding ncacn_ip_tcp:dc1.domain.de[,sign]
Mapped to DCERPC endpoint 135
resolve_lmhosts: Attempting lmhosts lookup for name dc1.domain.de<0x20>
startlmhosts: Can't open lmhosts file /etc/samba/lmhosts. Error was No
such file or directory
rpc request data:
[0000] 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........
[0010] 00 00 00 00 02 00 00 00 4B 00 00 00 4B 00 00 00 ........ K...K...
[0020] 05 00 13 00 0D A4 C2 AB 50 4D 57 B3 40 9D 66 EE ........ PMW. at .f.
[0030] 4F D5 FB A0 76 05 00 02 00 00 00 13 00 0D 04 5D O...v... .......]
[0040] 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 60 02 00 ........ ..+.H`..
[0050] 02 00 00 00 01 00 0B 02 00 00 00 01 00 07 02 00 ........ ........
[0060] 00 00 01 00 09 04 00 00 00 00 00 00 00 00 00 00 ........ ........
[0070] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........
[0080] 01 00 00 00 ....
rpc reply data:
[0000] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........
[0010] 00 00 00 00 01 00 00 00 01 00 00 00 00 00 00 00 ........ ........
[0020] 01 00 00 00 03 00 00 00 4B 00 00 00 4B 00 00 00 ........ K...K...
[0030] 05 00 13 00 0D A4 C2 AB 50 4D 57 B3 40 9D 66 EE ........ PMW. at .f.
[0040] 4F D5 FB A0 76 05 00 02 00 00 00 13 00 0D 04 5D O...v... .......]
[0050] 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 60 02 00 ........ ..+.H`..
[0060] 02 00 00 00 01 00 0B 02 00 00 00 01 00 07 02 00 ........ ........
[0070] C0 01 01 00 09 04 00 00 00 00 00 00 00 00 00 00 ........ ........
Mapped to DCERPC endpoint 49153
resolve_lmhosts: Attempting lmhosts lookup for name dc1.domain.de<0x20>
startlmhosts: Can't open lmhosts file /etc/samba/lmhosts. Error was No
such file or directory
Starting GENSEC mechanism spnego
Starting GENSEC submechanism gssapi_krb5
Password for [DOMAIN-02\Administrator]:
Received smb_krb5 packet of length 313
Received smb_krb5 packet of length 189
kinit for Administrator at DOMAIN.DE succeeded
gensec_update_send: gssapi_krb5[0x20a1840]: subreq: 0x209f180
gensec_update_send: spnego[0x20a1450]: subreq: 0x208fe80
gensec_update_done: gssapi_krb5[0x20a1840]:
NT_STATUS_MORE_PROCESSING_REQUIRED
tevent_req[0x209f180/../../source4/auth/gensec/gensec_gssapi.c:1057]:
state[2] error[0 (0x0)] state[struct gensec_gssapi_update_state
(0x209f330)] timer[(nil)]
finish[../../source4/auth/gensec/gensec_gssapi.c:1067]
gensec_update_done: spnego[0x20a1450]:
NT_STATUS_MORE_PROCESSING_REQUIRED
tevent_req[0x208fe80/../../auth/gensec/spnego.c:1631]: state[2] error[0
(0x0)] state[struct gensec_spnego_update_state (0x2090030)]
timer[(nil)] finish[../../auth/gensec/spnego.c:2115]
dcerpc_pull_auth_trailer: auth_pad_length 0
gensec_gssapi: NO credentials were delegated
GSSAPI Connection will be cryptographically signed
gensec_update_send: gssapi_krb5[0x20a1840]: subreq: 0x20a2550
gensec_update_send: spnego[0x20a1450]: subreq: 0x2094480
gensec_update_done: gssapi_krb5[0x20a1840]: NT_STATUS_OK
tevent_req[0x20a2550/../../source4/auth/gensec/gensec_gssapi.c:1057]:
state[2] error[0 (0x0)] state[struct gensec_gssapi_update_state
(0x20a2700)] timer[(nil)]
finish[../../source4/auth/gensec/gensec_gssapi.c:1074]
gensec_update_done: spnego[0x20a1450]:
NT_STATUS_MORE_PROCESSING_REQUIRED
tevent_req[0x2094480/../../auth/gensec/spnego.c:1631]: state[2] error[0
(0x0)] state[struct gensec_spnego_update_state (0x2094630)]
timer[(nil)] finish[../../auth/gensec/spnego.c:2115]
dcerpc_pull_auth_trailer: auth_pad_length 0
gensec_update_send: spnego[0x20a1450]: subreq: 0x2094430
gensec_update_done: spnego[0x20a1450]: NT_STATUS_OK
tevent_req[0x2094430/../../auth/gensec/spnego.c:1631]: state[2] error[0
(0x0)] state[struct gensec_spnego_update_state (0x20945e0)]
timer[(nil)] finish[../../auth/gensec/spnego.c:2115]
rpc request data:
[0000] 00 00 07 00 00 00 00 00 00 00 02 00 18 00 00 00 ........ ........
[0010] 00 00 00 00 18 00 00 00 64 00 63 00 31 00 2E 00 ........ d.c.1...
[0020] 68 00 71 00 2E 00 62 00 72 00 61 00 69 00 6E 00 x.x...x. x.x.x.x.
[0030] 2D 00 62 00 69 00 6F 00 74 00 65 00 63 00 68 00 -.x.x.x. x.x.x.x.
[0040] 2E 00 64 00 65 00 00 00 04 00 02 00 17 00 00 00 ..d.e... ........
[0050] 00 00 00 00 17 00 00 00 30 2E 31 36 38 2E 31 39 ........ 0.168.19
[0060] 32 2E 69 6E 2D 61 64 64 72 2E 61 72 70 61 00 00 2.in-add r.arpa..
[0070] 04 00 00 00 00 00 00 00 04 00 00 00 31 35 37 00 ........ ....157.
[0080] 08 00 02 00 1A 00 00 00 1A 00 0C 00 F0 00 00 00 ........ ........
[0090] 01 00 00 00 84 03 00 00 00 00 00 00 00 00 00 00 ........ ........
[00A0] 19 7A 6F 6E 65 30 2E 68 71 2E 62 72 61 69 6E 2D .zone0.x x.xxxxx-
[00B0] 62 69 6F 74 65 63 68 2E 64 65 00 00 00 00 00 00 xxxxxxx. xx......
t: struct dcerpc_sec_verification_trailer
_pad : DATA_BLOB length=0
magic : 0000000000000000
count: struct dcerpc_sec_vt_count
count : 0x0002 (2)
commands: ARRAY(2)
commands: struct dcerpc_sec_vt
command : 0x0001 (1)
0x01: DCERPC_SEC_VT_COMMAND_ENUM (1)
0: DCERPC_SEC_VT_COMMAND_END
0: DCERPC_SEC_VT_MUST_PROCESS
u : union
dcerpc_sec_vt_union(case 0x1)
bitmask1 : 0x00000001 (1)
1: DCERPC_SEC_VT_CLIENT_SUPPORTS_HEADER_SIGNING
commands: struct dcerpc_sec_vt
command : 0x4002 (16386)
0x02: DCERPC_SEC_VT_COMMAND_ENUM (2)
1: DCERPC_SEC_VT_COMMAND_END
0: DCERPC_SEC_VT_MUST_PROCESS
u : union
dcerpc_sec_vt_union(case 0x2)
pcontext: struct dcerpc_sec_vt_pcontext
abstract_syntax: struct ndr_syntax_id
uuid :
50abc2a4-574d-40b3-9d66-ee4fd5fba076
if_version : 0x00000005 (5)
transfer_syntax: struct ndr_syntax_id
uuid :
8a885d04-1ceb-11c9-9fe8-08002b104860
if_version : 0x00000002 (2)
dcerpc_pull_auth_trailer: auth_pad_length 12
rpc reply data:
[0000] EF 25 00 00 .%..
ERROR(runtime): uncaught exception - (9711,
'WERR_DNS_ERROR_RECORD_ALREADY_EXISTS')
File "/usr/lib64/python3.6/site-packages/samba/netcmd/__init__.py",
line 186, in _run
return self.run(*args, **kwargs)
File "/usr/lib64/python3.6/site-packages/samba/netcmd/dns.py", line
945, in run
raise e
File "/usr/lib64/python3.6/site-packages/samba/netcmd/dns.py", line
941, in run
0, server, zone, name, add_rec_buf, None)
It says it already exists. But it does not exist in zone "0" only in "2".
Anything more I can do?
>
> I tested on my production where i have 6 forward/reverse zones in use.
>
> Is the hostname "dc1" also in other zones?
> Yes, use FQDN as i showed and test it.
> No, we need to investigate more most probely.
--
Dr. Christian Naumer
Unit Head Bioprocess Development
B.R.A.I.N Aktiengesellschaft
Darmstaedter Str. 34-36, D-64673 Zwingenberg
e-mail cn at brain-biotech.com, homepage www.brain-biotech.com
fon +49-6251-9331-30 / fax +49-6251-9331-11
Sitz der Gesellschaft: Zwingenberg/Bergstrasse
Registergericht AG Darmstadt, HRB 24758
Vorstand: Adriaan Moelker (Vorstandsvorsitzender),
Manfred Bender, Ludger Roedder
Aufsichtsratsvorsitzender: Dr. Georg Kellinghusen
More information about the samba
mailing list