[Samba] How to delete an unwanted NS record

Rowland penny rpenny at samba.org
Wed Jul 8 13:46:41 UTC 2020 

On 08/07/2020 14:43, James B. Byrne wrote:
>
> On Wed, July 8, 2020 04:23, Rowland penny wrote:
>> On 08/07/2020 08:50, Mani Wieser via samba wrote:
>>> On 07.07.2020 22:14, Mani Wieser via samba wrote:
>>> Found it (while having my morning walk with the dog): same as with
>>> SOA: this is a zone/domain thing and not record
>>>
>>> Usage: samba-tool dns delete <server> <zone> <name>
>>> <A|AAAA|PTR|CNAME|NS|MX|SRV|TXT> <data>
>>> zone=domain
>>> name=domain
>>> data= FQDN of the server you want to delete
>>>
>>> Usage: samba-tool dns add <server> <zone> <name>
>>> <A|AAAA|PTR|CNAME|NS|MX|SRV|TXT> <data>
>>> same as above
>>>
>>> Mani
>>>
>>>
>>>
>> Close, but not quite correct, 'name=domain' should be 'name=@'
>>
>> Rowland
> The source of this problem arises from having multiple IPv4 addresses on a
> samba_server and not configuring smb.conf to only listen on the desired one.
> When this sever is joined to an existing domain all its address are added.  I
> have not been able to remove the unwanted NS record using samba-tool.
>
> samba-tool dns delete localhost brockley.harte-lyne.ca. @ NS
> 192.168.216.162Password for [administrator at BROCKLEY.HARTE-LYNE.CA]:
> ERROR(runtime): uncaught exception - (9701,
> 'WERR_DNS_ERROR_RECORD_DOES_NOT_EXIST')
>    File "/usr/local/lib/python3.7/site-packages/samba/netcmd/__init__.py", line
> 185, in _run
>      return self.run(*args, **kwargs)
>    File "/usr/local/lib/python3.7/site-packages/samba/netcmd/dns.py", line 1071,
> in run
>      raise e
>    File "/usr/local/lib/python3.7/site-packages/samba/netcmd/dns.py", line 1067,
> in run
>      del_rec_buf)
>
> I thought that by demoting the second server that this would remove the
> offending address 192.168.216.162 but I had already corrected the smb.conf on
> smb4-2 and when it was demoted it removed 192.168.18.162 but not
> 192.168.216.162.
>
> So, I changed smb.conf on smb4-2 to not bind to specified interfaces and tried
> to rejoin the domain. I would then demote smb4-2 again in anticipation that
> this time both addresses would be removed. I intended then to reapply the
> bindings n smb.conf on smb4-2 and finally rejoin with 192.168.216.162 gone.  I
> hope all that is clear to somebody.
>
> Of course, nothing is ever that simple.  When I attempted to rejoin the domain
> I got this:
>
> ERROR(<class 'samba.join.DCJoinException'>): uncaught exception - Can't join,
> error: Not removing account SMB4-2$ which looks like a Samba DC account
> matching the password we already have.  To override, remove secrets.ldb and
> secrets.tdb
>
> So, naturally, taking the utility at is word I did this:
>
> rm -f /var/db/samba4/private/secrets.ldb /var/db/samba4/private/secrets.tdb
>
> And now, when I try to start smab_server on smb4-2 I get this:
>
> Jul  8 09:22:27 smb4-2 samba[19755]:   samba version 4.10.15 started.
> Jul  8 09:22:27 smb4-2 samba[19755]:   Copyright Andrew Tridgell and the Samba
> Team 1992-2019
> Jul  8 09:22:28 smb4-2 samba[19756]: [2020/07/08 09:22:28.259645,  0]
> ../../source4/smbd/server.c:773(binary_smbd_main)
> Jul  8 09:22:28 smb4-2 samba[19756]:   binary_smbd_main: samba: using
> 'standard' process model
> Jul  8 09:22:28 smb4-2 samba[19761]: [2020/07/08 09:22:28.271651,  0]
> ../../source4/rpc_server/dcerpc_server.c:3221(add_socket_rpc_tcp_iface)
> Jul  8 09:22:28 smb4-2 samba[19766]: [2020/07/08 09:22:28.291909,  0]
> ../../source4/cldap_server/cldap_server.c:130(cldapd_add_socket)
> Jul  8 09:22:28 smb4-2 samba[19766]:   Failed to bind to ipv6::::389 -
> NT_STATUS_UNSUCCESSFUL
> Jul  8 09:22:28 smb4-2 samba[19756]: [2020/07/08 09:22:28.315742,  0]
> ../../lib/util/become_daemon.c:136(daemon_ready)
> Jul  8 09:22:28 smb4-2 samba[19756]:   daemon_ready: daemon 'samba' finished
> starting up and ready to serve connections
> Jul  8 09:22:28 smb4-2 samba[19767]: [2020/07/08 09:22:28.320486,  0]
> ../../source4/kdc/kdc-server.c:585(kdc_add_socket)
> Jul  8 09:22:28 smb4-2 samba[19767]:   Failed to bind to :::88 TCP -
> NT_STATUS_UNSUCCESSFUL
> Jul  8 09:22:28 smb4-2 samba[19767]: [2020/07/08 09:22:28.326224,  0]
> ../../source4/kdc/kdc-server.c:585(kdc_add_socket)
> Jul  8 09:22:28 smb4-2 samba[19767]:   Failed to bind to :::464 TCP -
> NT_STATUS_UNSUCCESSFUL
> Jul  8 09:22:28 smb4-2 samba[19773]: [2020/07/08 09:22:28.335088,  0]
> ../../source4/smbd/service_task.c:36(task_server_terminate)
> Jul  8 09:22:28 smb4-2 samba[19773]:   task_server_terminate:
> task_server_terminate: [Failed to obtain server credentials, perhaps a
> standalone server?: NT_STATUS_CANT_ACCESS_DOMAIN_INFO
> Jul  8 09:22:28 smb4-2 samba[19773]:   ]
> Jul  8 09:22:28 smb4-2 samba[19756]: [2020/07/08 09:22:28.342972,  0]
> ../../source4/smbd/server.c:371(samba_terminate)
> Jul  8 09:22:28 smb4-2 samba[19756]:   samba_terminate: samba_terminate of
> samba 19756: Failed to obtain server credentials, perhaps a standalone server?:
> NT_STATUS_CANT_ACCESS_DOMAIN_INFO
> Jul  8 09:22:28 smb4-2 samba[19756]:
> Jul  8 09:22:31 smb4-2 samba[19765]: [2020/07/08 09:22:31.745567,  0]
> ../../source4/ldap_server/ldap_server.c:1074(add_socket)
> Jul  8 09:22:31 smb4-2 samba[19765]:   ldapsrv failed to bind to :::389 -
> NT_STATUS_UNSUCCESSFUL
>
> So, why is this happening and how is it fixed.
>
This is because it is an 'A' record and not an 'NS' record.

Rowland

More information about the samba mailing list