[Samba] Looking for Python docs/examples to modify DNS via keytab

christian baltini christian.baltini at gmail.com
Sun Jun 30 07:22:57 UTC 2024 


> On Jun 30, 2024, at 12:11 AM, Rowland Penny via samba <samba at lists.samba.org> wrote:
> 
> On Sat, 29 Jun 2024 22:10:12 -0700
> christian baltini <christian.baltini at gmail.com> wrote:
> 
>> Hello Rowland, I see that and an trying to recreate the script logic
>> line-by line in the terminal as a proof of understanding, but I am
>> having some trouble.
>> 
>> Here is what I am trying:
>> 
>> “kinit administrator” - I then provide username and password,
> 
> You should just get prompted for the Administrator password, are you
> doing this as root or with sudo ?
Sorry, you are correct, it is just a password prompt

> 
>> and get
>> /tmp/krb5cc_0
> 
> That suggests it is being created by 'root', but what is in the ticket
> ? Have you run 'klist -c /tmp/krb5cc_0' ?

This is the output of the above:

Ticket cache: FILE:/tmp/krb5cc_0
Default principal: administrator at SAMBA1.MYDOMAIN.COM

Valid starting       Expires              Service principal
06/30/2024 00:16:09  06/30/2024 10:16:09  krbtgt/SAMBA1.MYDOMAIN.COM at SAMBA1.MYDOMAIN.COM
        renew until 07/01/2024 00:16:01

> 
>> – I understand this is equivalent what the script is
>> generating with the exported keytab file, is this correct?
> 
> Very similar, just a different user.
> 
>> 
>> I then try this just as a test command:
>> 
>> "samba-tool dns zonelist localhost --use-krb5-ccache=/tmp/krbcc_0”.
>> (I get the same result with my server’s FQDN instead of “localhost”)
> 
> If you cut & pasted that command, there is a typo, it is '/tmp/krb5cc_0'
> 
Sorry, that was a typo in my email, that is what I am typing

>> 
>> I have also tried setting the environment variable in the script like
>> so “EXPORT KRB5CCNAME=/tmp/krb5cc_0"
> 
> But then, you seem to have got it right there.
> 
>> 
>> Do you have any advice on what might not be working?
> 
> Your command works for myself.

This is the output I get:

(venv) root at ubu1:~/py_krb# samba-tool dns zonelist localhost --use-krb5-ccache=/tmp/krb5cc_0
Failed to bind to uuid 50abc2a4-574d-40b3-9d66-ee4fd5fba076 for ncacn_ip_tcp:127.0.0.1[49153,sign,abstract_syntax=50abc2a4-574d-40b3-9d66-ee4fd5fba076/0x00000005,localaddress=127.0.0.1] NT_STATUS_INVALID_PARAMETER
ERROR: Connecting to DNS RPC server 127.0.0.1 failed with (3221225485, 'An invalid parameter was passed to a service or function.')

Am I wrong in thinking this is necessarily some type of kerberos auth issue?

> 
>> 
>> I have confirmed everything working without the —use-krb5-ccache and
>> supplying username and password does work
>> 
>> As for your question, I have not gotten that far yet : )
> 
> I would really think about this, there is no point in porting the
> script unless you have something to trigger it. As far as I can see,
> there are two options, use kea, but that is, in my opinion, like using
> the worlds largest hydraulic press to crack a nut, or use dnsmasq just
> as a dhcp server.
> 
> Rowland
> 

I see a few a number of uses for a script like this in Python, not just DHCP.  If anything I would like to figure it out to learn something.

Thank you very much for your responses!

Christian

> 
> -- 
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba

More information about the samba mailing list