[Samba] DNS reverse zones creation locked down.

[denis bonnenfant@sambaedu.org]

Le 22/11/2024 à 11:29, Rowland Penny via samba a écrit :
> On Thu, 21 Nov 2024 15:09:49 +0100
> denis bonnenfant--- via samba<samba at lists.samba.org> wrote:
>
>> Hello, I'm resending my old message, as despite of lots of tests and
>> checks, I still have the same problem.
>>
>> I'm facing a big problem with my Samba AD configuration :
>>
>> When trying to create a new reverse DNS zone on a DC, it fails with
>> error :
>>
>>
>> root at se4ad2:~# samba-tool dns zonecreate se4ad2
>> 54.19.172.in-addr.arpa -Uadmin
>> Password for [XXXXX\admin]:
>> ERROR(runtime): uncaught exception - (1383, 'WERR_INTERNAL_DB_ERROR')
>>     File "/usr/lib/python3/dist-packages/samba/netcmd/__init__.py",
>> line 285, in _run
>>       return self.run(*args, **kwargs)
>>              ^^^^^^^^^^^^^^^^^^^^^^^^^
>>     File "/usr/lib/python3/dist-packages/samba/netcmd/dns.py", line
>> 973, in run
>>       dns_conn.DnssrvOperation2(client_version, 0, server, None,
>>     File "/usr/lib/python3/dist-packages/samba/netcmd/dns.py", line
>> 119, in f
>>       return attr(*args)
>>
> I seem to vaguely remember this, but I will need reminding of the
> details.
> In the mean time, if you are still using 4.20.0 , then can I suggest
> you upgrade, there have been quite a few changes in the code area that
> you are hitting.
Hi Rowland

Thanks for your reply. Finally I found the problem by runinng dbcheck 
with |--reset-well-known-acls|  option : one of the ACE was related to 
"DnsAdmins" group and this group has been deleted, and it raised an 
exception in python script. Recreating the group solves this issue.

And you are right, it is time to upgrade to 4.21, as it is available in 
debian-backports !

Regards,

Denis