[Samba] Looking for Python docs/examples to modify DNS via keytab
christian baltini
christian.baltini at gmail.com
Sun Jun 30 23:19:14 UTC 2024
Thank you David, this is a very helpful start.
I have altered the zonelist function in the example you linked like so:
def zonelist(server): # Username and password arguments have been removed
parser = OptionParser()
sambaopts = SambaOptions(parser)
credopts = CredentialsOptions(parser)
credopts.creds.set_kerberos_state(MUST_USE_KERBEROS)
credopts.ask_for_password = False
credopts.creds.set_named_ccache("/tmp/kk_bak")
credopts.machine_pass = False
lp = sambaopts.get_loadparm()
lp.set('realm', __domain_name(server))
lp.set('debug level', '3')
output = StringIO()
cmd = dns.cmd_zonelist()
cmd.outf = output
When calling it, I’m getting this error:
Failed to get kerberos credentials (kerberos required): kinit_to_ccache: No password available for kinit
Cannot obtain client GSS credentials we need to contact (null) : kinit_to_ccache: No password available for kinit
gensec_spnego_create_negTokenInit_step: gssapi_krb5: creating NEG_TOKEN_INIT for host/UBU1.SAMBA1.MYDOMAIN.COM failed (next[(null)]): NT_STATUS_INVALID_PARAMETER
Could not find GENSEC backend for auth_type=10
Failed to start GENSEC client mechanism (null): NT_STATUS_INVALID_PARAMETER
Failed to bind to uuid 50abc2a4-574d-40b3-9d66-ee4fd5fba076 for ncacn_ip_tcp:172.16.191.131[49153,sign,target_hostname=UBU1.SAMBA1.MYDOMAIN.COM,abstract_syntax=50abc2a4-574d-40b3-9d66-ee4fd5fba076/0x00000005,localaddress=172.16.191.131] NT_STATUS_INVALID_PARAMETER
My krb5 cache at /tmp/kk_bak is valid as it works with "samba-tool dns zonelist ubu1.samba1.mydomain.com --use-krb5-ccache /tmp/kk_bak”
Thanks in advance to anybody with any advice!
CB
> On Jun 29, 2024, at 1:11 AM, David Mulder via samba <samba at lists.samba.org> wrote:
>
> On 6/28/24 10:07 PM, christian baltini via samba wrote:
>> Hello all,
>>
>> I am looking to rewrite the shell script here (https://wiki.samba.org/index.php/Configure_DHCP_to_update_DNS_records) in Python.
>>
>> Is anyone aware of any resources (docs, existing code, etc.) that may be useful in doing so? I’m not finding any introductory docs or simple code examples that show things like instantiating a DNS server connection with a keytab.
> It's a bit awkward, but you can import and call the samba-tool commands directly within Python (samba-tool of course is written in Python). See an example of this hack here:
> https://github.com/yast/yast2-dns-manager/blob/master/src/modules/SambaToolDnsAPI.py
>
> This example uses username/password for auth, but the CredentialsOptions parser can be instructed to use the keytab, IIUC: https://gitlab.com/samba-team/samba/-/blob/master/python/samba/getopt.py?ref_type=heads#L384
>
> If you don't like this hacky approach, you could re-implement something using the same calls made by samba-tool: https://gitlab.com/samba-team/samba/-/blob/master/python/samba/netcmd/dns.py?ref_type=heads
>
> This is probably a more appropriate approach, but a bit more work.
>
> --
> David Mulder
> Labs Software Engineer, Samba
> SUSE
> 1221 S Valley Grove Way, Suite 500
> Pleasant Grove, UT 84062
> (P)+1 385.208.2989
> dmulder at suse.com
> http://www.suse.com
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
More information about the samba
mailing list