[HELP WANTED] Samba DNS Corruption: any examples?
Daniele Dario
d.dario76 at gmail.com
Wed Nov 2 08:12:25 UTC 2016
G'Day,
On mar, 2016-11-01 at 22:16 +1300, Andrew Bartlett wrote:
> G'Day,
>
> I'm chasing down an issue of DNS corruption for a customer, where an A
> record coudln't be deleted with Samba's normal tools, and had to be
> removed with ldbdel.
>
> Sadly however we no longer have access to the corrupt record (oops),
> but there is nothing new under the sun, and if it happening for one
> customer it is probably happening elsewhere. And in any case, the more
> examples the better with these things.
>
> I'm aware of the ability of TXT records to be miss-parsed (it even got
> as far as a security hole), but if anybody has other records that get
> 'stuck' in our internal or BIND9 DLZ DNS servers, and can share those
> with me (in private is fine), that would be most helpful.
>
> I'm looking for output from commands like:
>
> bin/ldbsearch -H ldap://$SERVER -Uadministrator%$PASSWORD -b
> "DC=773eed91-5cc6-4745-94c9-
> 1c1796e377d0,DC=_msdcs.samba.example.com,CN=MicrosoftDNS,DC=forestDnsZo
> nes,DC=samba,DC=example,DC=com"
>
> and
>
> bin/ldbsearch -H ldap://$SERVER -Uadministrator%$PASSWORD -b
> "DC=773eed91-5cc6-4745-94c9-
> 1c1796e377d0,DC=_msdcs.samba.example.com,CN=MicrosoftDNS,DC=forestDnsZo
> nes,DC=samba,DC=example,DC=com" --show-binary
>
> Thanks!
>
> Andrew Bartlett
I'm using samba 4.4.3 and tried the above searchs.
I'm not familiar with ldbsearch so I copied the posted command and just
replaced $SERVER/$PASSWORD, samba.example.com with my realm name
saitel.loc and DC=samba,DC=example,DC=com with DC=saitel,DC=loc but the
only thing I get is
search error - LDAP error 32 LDAP_NO_SUCH_OBJECT - <acl_read: Error
retrieving instanceType for base.
at ../source4/dsdb/samdb/ldb_modules/acl_read.c:362> <>
Am I missing something in the replacements or just search can't find any
record matching what asked for?
Daniele.
More information about the samba-technical
mailing list