[Samba] How to delete an unwanted NS record

James B. Byrne byrnejb at harte-lyne.ca
Wed Jul 8 13:43:32 UTC 2020 


On Wed, July 8, 2020 04:23, Rowland penny wrote:
> On 08/07/2020 08:50, Mani Wieser via samba wrote:
>>
>> On 07.07.2020 22:14, Mani Wieser via samba wrote:
>> Found it (while having my morning walk with the dog): same as with
>> SOA: this is a zone/domain thing and not record
>>
>> Usage: samba-tool dns delete <server> <zone> <name>
>> <A|AAAA|PTR|CNAME|NS|MX|SRV|TXT> <data>
>> zone=domain
>> name=domain
>> data= FQDN of the server you want to delete
>>
>> Usage: samba-tool dns add <server> <zone> <name>
>> <A|AAAA|PTR|CNAME|NS|MX|SRV|TXT> <data>
>> same as above
>>
>> Mani
>>
>>
>>
> Close, but not quite correct, 'name=domain' should be 'name=@'
>
> Rowland

The source of this problem arises from having multiple IPv4 addresses on a
samba_server and not configuring smb.conf to only listen on the desired one. 
When this sever is joined to an existing domain all its address are added.  I
have not been able to remove the unwanted NS record using samba-tool.

samba-tool dns delete localhost brockley.harte-lyne.ca. @ NS
192.168.216.162Password for [administrator at BROCKLEY.HARTE-LYNE.CA]:
ERROR(runtime): uncaught exception - (9701,
'WERR_DNS_ERROR_RECORD_DOES_NOT_EXIST')
  File "/usr/local/lib/python3.7/site-packages/samba/netcmd/__init__.py", line
185, in _run
    return self.run(*args, **kwargs)
  File "/usr/local/lib/python3.7/site-packages/samba/netcmd/dns.py", line 1071,
in run
    raise e
  File "/usr/local/lib/python3.7/site-packages/samba/netcmd/dns.py", line 1067,
in run
    del_rec_buf)

I thought that by demoting the second server that this would remove the
offending address 192.168.216.162 but I had already corrected the smb.conf on
smb4-2 and when it was demoted it removed 192.168.18.162 but not
192.168.216.162.

So, I changed smb.conf on smb4-2 to not bind to specified interfaces and tried
to rejoin the domain. I would then demote smb4-2 again in anticipation that
this time both addresses would be removed. I intended then to reapply the
bindings n smb.conf on smb4-2 and finally rejoin with 192.168.216.162 gone.  I
hope all that is clear to somebody.

Of course, nothing is ever that simple.  When I attempted to rejoin the domain
I got this:

ERROR(<class 'samba.join.DCJoinException'>): uncaught exception - Can't join,
error: Not removing account SMB4-2$ which looks like a Samba DC account
matching the password we already have.  To override, remove secrets.ldb and
secrets.tdb

So, naturally, taking the utility at is word I did this:

rm -f /var/db/samba4/private/secrets.ldb /var/db/samba4/private/secrets.tdb

And now, when I try to start smab_server on smb4-2 I get this:

Jul  8 09:22:27 smb4-2 samba[19755]:   samba version 4.10.15 started.
Jul  8 09:22:27 smb4-2 samba[19755]:   Copyright Andrew Tridgell and the Samba
Team 1992-2019
Jul  8 09:22:28 smb4-2 samba[19756]: [2020/07/08 09:22:28.259645,  0]
../../source4/smbd/server.c:773(binary_smbd_main)
Jul  8 09:22:28 smb4-2 samba[19756]:   binary_smbd_main: samba: using
'standard' process model
Jul  8 09:22:28 smb4-2 samba[19761]: [2020/07/08 09:22:28.271651,  0]
../../source4/rpc_server/dcerpc_server.c:3221(add_socket_rpc_tcp_iface)
Jul  8 09:22:28 smb4-2 samba[19766]: [2020/07/08 09:22:28.291909,  0]
../../source4/cldap_server/cldap_server.c:130(cldapd_add_socket)
Jul  8 09:22:28 smb4-2 samba[19766]:   Failed to bind to ipv6::::389 -
NT_STATUS_UNSUCCESSFUL
Jul  8 09:22:28 smb4-2 samba[19756]: [2020/07/08 09:22:28.315742,  0]
../../lib/util/become_daemon.c:136(daemon_ready)
Jul  8 09:22:28 smb4-2 samba[19756]:   daemon_ready: daemon 'samba' finished
starting up and ready to serve connections
Jul  8 09:22:28 smb4-2 samba[19767]: [2020/07/08 09:22:28.320486,  0]
../../source4/kdc/kdc-server.c:585(kdc_add_socket)
Jul  8 09:22:28 smb4-2 samba[19767]:   Failed to bind to :::88 TCP -
NT_STATUS_UNSUCCESSFUL
Jul  8 09:22:28 smb4-2 samba[19767]: [2020/07/08 09:22:28.326224,  0]
../../source4/kdc/kdc-server.c:585(kdc_add_socket)
Jul  8 09:22:28 smb4-2 samba[19767]:   Failed to bind to :::464 TCP -
NT_STATUS_UNSUCCESSFUL
Jul  8 09:22:28 smb4-2 samba[19773]: [2020/07/08 09:22:28.335088,  0]
../../source4/smbd/service_task.c:36(task_server_terminate)
Jul  8 09:22:28 smb4-2 samba[19773]:   task_server_terminate:
task_server_terminate: [Failed to obtain server credentials, perhaps a
standalone server?: NT_STATUS_CANT_ACCESS_DOMAIN_INFO
Jul  8 09:22:28 smb4-2 samba[19773]:   ]
Jul  8 09:22:28 smb4-2 samba[19756]: [2020/07/08 09:22:28.342972,  0]
../../source4/smbd/server.c:371(samba_terminate)
Jul  8 09:22:28 smb4-2 samba[19756]:   samba_terminate: samba_terminate of
samba 19756: Failed to obtain server credentials, perhaps a standalone server?:
NT_STATUS_CANT_ACCESS_DOMAIN_INFO
Jul  8 09:22:28 smb4-2 samba[19756]:
Jul  8 09:22:31 smb4-2 samba[19765]: [2020/07/08 09:22:31.745567,  0]
../../source4/ldap_server/ldap_server.c:1074(add_socket)
Jul  8 09:22:31 smb4-2 samba[19765]:   ldapsrv failed to bind to :::389 -
NT_STATUS_UNSUCCESSFUL

So, why is this happening and how is it fixed.

-- 
***          e-Mail is NOT a SECURE channel          ***
        Do NOT transmit sensitive data via e-Mail
   Unencrypted messages have no legal claim to privacy
 Do NOT open attachments nor follow links sent by e-Mail

James B. Byrne                mailto:ByrneJB at Harte-Lyne.ca
Harte & Lyne Limited          http://www.harte-lyne.ca
9 Brockley Drive              vox: +1 905 561 1241
Hamilton, Ontario             fax: +1 905 561 0757
Canada  L8E 3C3

More information about the samba mailing list