On 27/07/16 13:40, mathias dufresne wrote:> Two files are hosting DNS data: > /path/to/private/sam.ldb.d/DC=DOMAINDNSZONES,DC=blabla.ldb and > /path/to/private/sam.ldb.d/DC=FORESTDNSZONES,DC=blabla.ldb > > DNS entries are sometimes (often? always?) base64 encoded. You should be > able to "grep" for string these files with: > ldbsearch --show-binary -H > /path/to/private/sam.ldb.d/DC=FORESTDNSZONES,DC=blabla.ldb | grep "what you > want" > > 2016-07-27 13:35 GMT+02:00 Tim Dittler <tim.dittler at rosalux.org>: > >> Hello, >> >> when I run >> >>> samba_dnsupdate --verbose --all-names -d10 >> it gives me the following output: >> >>> INFO: Current debug levels: >>> all: 10 >>> tdb: 10 >>> printdrivers: 10 >>> lanman: 10 >>> smb: 10 >>> rpc_parse: 10 >>> rpc_srv: 10 >>> rpc_cli: 10 >>> passdb: 10 >>> sam: 10 >>> auth: 10 >>> winbind: 10 >>> vfs: 10 >>> idmap: 10 >>> quota: 10 >>> acls: 10 >>> locking: 10 >>> msdfs: 10 >>> dmapi: 10 >>> registry: 10 >>> scavenger: 10 >>> dns: 10 >>> ldb: 10 >>> lpcfg_load: refreshing parameters from /etc/samba/smb.conf >>> Processing section [retained] >>> pm_process() returned Yes >>> added interface brem1 ip=10.10.1.10 bcast=10.10.1.127 >> netmask=255.255.255.128 >>> added interface lo ip=127.0.0.1 bcast=127.255.255.255 netmask=255.0.0.0 >>> IPs: ['10.10.1.10'] >>> Security token SIDs (1): >>> SID[ 0]: S-1-5-18 >>> Privileges (0xFFFFFFFFFFFFFFFF): >>> Privilege[ 0]: SeMachineAccountPrivilege >>> Privilege[ 1]: SeTakeOwnershipPrivilege >>> Privilege[ 2]: SeBackupPrivilege >>> Privilege[ 3]: SeRestorePrivilege >>> Privilege[ 4]: SeRemoteShutdownPrivilege >>> Privilege[ 5]: SePrintOperatorPrivilege >>> Privilege[ 6]: SeAddUsersPrivilege >>> Privilege[ 7]: SeDiskOperatorPrivilege >>> Privilege[ 8]: SeSecurityPrivilege >>> Privilege[ 9]: SeSystemtimePrivilege >>> Privilege[ 10]: SeShutdownPrivilege >>> Privilege[ 11]: SeDebugPrivilege >>> Privilege[ 12]: SeSystemEnvironmentPrivilege >>> Privilege[ 13]: SeSystemProfilePrivilege >>> Privilege[ 14]: SeProfileSingleProcessPrivilege >>> Privilege[ 15]: SeIncreaseBasePriorityPrivilege >>> Privilege[ 16]: SeLoadDriverPrivilege >>> Privilege[ 17]: SeCreatePagefilePrivilege >>> Privilege[ 18]: SeIncreaseQuotaPrivilege >>> Privilege[ 19]: SeChangeNotifyPrivilege >>> Privilege[ 20]: SeUndockPrivilege >>> Privilege[ 21]: SeManageVolumePrivilege >>> Privilege[ 22]: SeImpersonatePrivilege >>> Privilege[ 23]: SeCreateGlobalPrivilege >>> Privilege[ 24]: SeEnableDelegationPrivilege >>> Rights (0x 0): >>> lpcfg_servicenumber: couldn't find ldb >>> schema_fsmo_init: we are master[yes] updates allowed[no] >>> schema_fsmo_init: we are master[yes] updates allowed[no] >>> Traceback (most recent call last): >>> File "/usr/sbin/samba_dnsupdate", line 540, in <module> >>> c = parse_dns_line(line, {}) >>> File "/usr/sbin/samba_dnsupdate", line 179, in parse_dns_line >>> return dnsobj(subline) >>> File "/usr/sbin/samba_dnsupdate", line 134, in __init__ >>> raise Exception("Invalid DNS entry %r" % string_form) >>> Exception: Invalid DNS entry 'TDB file' >> However, I'm not able to find "TDB file" in any of the files in >> /var/lib/samba/private/sam.ldb.d. >> >> Am I looking in the wrong place? Or how can I delete this DNS entry? >> >> Thank you very much, >> Tim >> >> >> >> -- >> To unsubscribe from this list go to the following URL and read the >> instructions: https://lists.samba.org/mailman/options/samba >>I wouldn't suggest doing this, unless things have changed, you shouldn't directly act on the .ldb files stored in sam.ldb.d What you can do is: ldbsearch --show-binary --cross-ncs -H /path/to/sam.ldb | grep 'whatever' Rowland
What would have better I reckon would have been to explain... We should not _write_ directly into these files because, as Andrew explained months ago, the change would not be replicated if applied directly on these files. To have changes replicated the change MUST be applied on sam.ldb file which is a wrapper. Sharing or not sharing, that is the question : ) 2016-07-27 14:51 GMT+02:00 Rowland penny <rpenny at samba.org>:> On 27/07/16 13:40, mathias dufresne wrote: > >> Two files are hosting DNS data: >> /path/to/private/sam.ldb.d/DC=DOMAINDNSZONES,DC=blabla.ldb and >> /path/to/private/sam.ldb.d/DC=FORESTDNSZONES,DC=blabla.ldb >> >> DNS entries are sometimes (often? always?) base64 encoded. You should be >> able to "grep" for string these files with: >> ldbsearch --show-binary -H >> /path/to/private/sam.ldb.d/DC=FORESTDNSZONES,DC=blabla.ldb | grep "what >> you >> want" >> >> 2016-07-27 13:35 GMT+02:00 Tim Dittler <tim.dittler at rosalux.org>: >> >> Hello, >>> >>> when I run >>> >>> samba_dnsupdate --verbose --all-names -d10 >>>> >>> it gives me the following output: >>> >>> INFO: Current debug levels: >>>> all: 10 >>>> tdb: 10 >>>> printdrivers: 10 >>>> lanman: 10 >>>> smb: 10 >>>> rpc_parse: 10 >>>> rpc_srv: 10 >>>> rpc_cli: 10 >>>> passdb: 10 >>>> sam: 10 >>>> auth: 10 >>>> winbind: 10 >>>> vfs: 10 >>>> idmap: 10 >>>> quota: 10 >>>> acls: 10 >>>> locking: 10 >>>> msdfs: 10 >>>> dmapi: 10 >>>> registry: 10 >>>> scavenger: 10 >>>> dns: 10 >>>> ldb: 10 >>>> lpcfg_load: refreshing parameters from /etc/samba/smb.conf >>>> Processing section [retained] >>>> pm_process() returned Yes >>>> added interface brem1 ip=10.10.1.10 bcast=10.10.1.127 >>>> >>> netmask=255.255.255.128 >>> >>>> added interface lo ip=127.0.0.1 bcast=127.255.255.255 netmask=255.0.0.0 >>>> IPs: ['10.10.1.10'] >>>> Security token SIDs (1): >>>> SID[ 0]: S-1-5-18 >>>> Privileges (0xFFFFFFFFFFFFFFFF): >>>> Privilege[ 0]: SeMachineAccountPrivilege >>>> Privilege[ 1]: SeTakeOwnershipPrivilege >>>> Privilege[ 2]: SeBackupPrivilege >>>> Privilege[ 3]: SeRestorePrivilege >>>> Privilege[ 4]: SeRemoteShutdownPrivilege >>>> Privilege[ 5]: SePrintOperatorPrivilege >>>> Privilege[ 6]: SeAddUsersPrivilege >>>> Privilege[ 7]: SeDiskOperatorPrivilege >>>> Privilege[ 8]: SeSecurityPrivilege >>>> Privilege[ 9]: SeSystemtimePrivilege >>>> Privilege[ 10]: SeShutdownPrivilege >>>> Privilege[ 11]: SeDebugPrivilege >>>> Privilege[ 12]: SeSystemEnvironmentPrivilege >>>> Privilege[ 13]: SeSystemProfilePrivilege >>>> Privilege[ 14]: SeProfileSingleProcessPrivilege >>>> Privilege[ 15]: SeIncreaseBasePriorityPrivilege >>>> Privilege[ 16]: SeLoadDriverPrivilege >>>> Privilege[ 17]: SeCreatePagefilePrivilege >>>> Privilege[ 18]: SeIncreaseQuotaPrivilege >>>> Privilege[ 19]: SeChangeNotifyPrivilege >>>> Privilege[ 20]: SeUndockPrivilege >>>> Privilege[ 21]: SeManageVolumePrivilege >>>> Privilege[ 22]: SeImpersonatePrivilege >>>> Privilege[ 23]: SeCreateGlobalPrivilege >>>> Privilege[ 24]: SeEnableDelegationPrivilege >>>> Rights (0x 0): >>>> lpcfg_servicenumber: couldn't find ldb >>>> schema_fsmo_init: we are master[yes] updates allowed[no] >>>> schema_fsmo_init: we are master[yes] updates allowed[no] >>>> Traceback (most recent call last): >>>> File "/usr/sbin/samba_dnsupdate", line 540, in <module> >>>> c = parse_dns_line(line, {}) >>>> File "/usr/sbin/samba_dnsupdate", line 179, in parse_dns_line >>>> return dnsobj(subline) >>>> File "/usr/sbin/samba_dnsupdate", line 134, in __init__ >>>> raise Exception("Invalid DNS entry %r" % string_form) >>>> Exception: Invalid DNS entry 'TDB file' >>>> >>> However, I'm not able to find "TDB file" in any of the files in >>> /var/lib/samba/private/sam.ldb.d. >>> >>> Am I looking in the wrong place? Or how can I delete this DNS entry? >>> >>> Thank you very much, >>> Tim >>> >>> >>> >>> -- >>> To unsubscribe from this list go to the following URL and read the >>> instructions: https://lists.samba.org/mailman/options/samba >>> >>> > I wouldn't suggest doing this, unless things have changed, you shouldn't > directly act on the .ldb files stored in sam.ldb.d > > What you can do is: > > ldbsearch --show-binary --cross-ncs -H /path/to/sam.ldb | grep 'whatever' > > Rowland > > > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba >
So no one has an idea what I can try additionally? Thanks, Tim On 27.07.2016 16:54, mathias dufresne wrote:> What would have better I reckon would have been to explain... > > We should not _write_ directly into these files because, as Andrew > explained months ago, the change would not be replicated if applied > directly on these files. To have changes replicated the change MUST be > applied on sam.ldb file which is a wrapper. > > Sharing or not sharing, that is the question : ) > > 2016-07-27 14:51 GMT+02:00 Rowland penny <rpenny at samba.org>: > >> On 27/07/16 13:40, mathias dufresne wrote: >> >>> Two files are hosting DNS data: >>> /path/to/private/sam.ldb.d/DC=DOMAINDNSZONES,DC=blabla.ldb and >>> /path/to/private/sam.ldb.d/DC=FORESTDNSZONES,DC=blabla.ldb >>> >>> DNS entries are sometimes (often? always?) base64 encoded. You should be >>> able to "grep" for string these files with: >>> ldbsearch --show-binary -H >>> /path/to/private/sam.ldb.d/DC=FORESTDNSZONES,DC=blabla.ldb | grep "what >>> you >>> want" >>> >>> 2016-07-27 13:35 GMT+02:00 Tim Dittler <tim.dittler at rosalux.org>: >>> >>> Hello, >>>> when I run >>>> >>>> samba_dnsupdate --verbose --all-names -d10 >>>> it gives me the following output: >>>> >>>> INFO: Current debug levels: >>>>> all: 10 >>>>> tdb: 10 >>>>> printdrivers: 10 >>>>> lanman: 10 >>>>> smb: 10 >>>>> rpc_parse: 10 >>>>> rpc_srv: 10 >>>>> rpc_cli: 10 >>>>> passdb: 10 >>>>> sam: 10 >>>>> auth: 10 >>>>> winbind: 10 >>>>> vfs: 10 >>>>> idmap: 10 >>>>> quota: 10 >>>>> acls: 10 >>>>> locking: 10 >>>>> msdfs: 10 >>>>> dmapi: 10 >>>>> registry: 10 >>>>> scavenger: 10 >>>>> dns: 10 >>>>> ldb: 10 >>>>> lpcfg_load: refreshing parameters from /etc/samba/smb.conf >>>>> Processing section [retained] >>>>> pm_process() returned Yes >>>>> added interface brem1 ip=10.10.1.10 bcast=10.10.1.127 >>>>> >>>> netmask=255.255.255.128 >>>> >>>>> added interface lo ip=127.0.0.1 bcast=127.255.255.255 netmask=255.0.0.0 >>>>> IPs: ['10.10.1.10'] >>>>> Security token SIDs (1): >>>>> SID[ 0]: S-1-5-18 >>>>> Privileges (0xFFFFFFFFFFFFFFFF): >>>>> Privilege[ 0]: SeMachineAccountPrivilege >>>>> Privilege[ 1]: SeTakeOwnershipPrivilege >>>>> Privilege[ 2]: SeBackupPrivilege >>>>> Privilege[ 3]: SeRestorePrivilege >>>>> Privilege[ 4]: SeRemoteShutdownPrivilege >>>>> Privilege[ 5]: SePrintOperatorPrivilege >>>>> Privilege[ 6]: SeAddUsersPrivilege >>>>> Privilege[ 7]: SeDiskOperatorPrivilege >>>>> Privilege[ 8]: SeSecurityPrivilege >>>>> Privilege[ 9]: SeSystemtimePrivilege >>>>> Privilege[ 10]: SeShutdownPrivilege >>>>> Privilege[ 11]: SeDebugPrivilege >>>>> Privilege[ 12]: SeSystemEnvironmentPrivilege >>>>> Privilege[ 13]: SeSystemProfilePrivilege >>>>> Privilege[ 14]: SeProfileSingleProcessPrivilege >>>>> Privilege[ 15]: SeIncreaseBasePriorityPrivilege >>>>> Privilege[ 16]: SeLoadDriverPrivilege >>>>> Privilege[ 17]: SeCreatePagefilePrivilege >>>>> Privilege[ 18]: SeIncreaseQuotaPrivilege >>>>> Privilege[ 19]: SeChangeNotifyPrivilege >>>>> Privilege[ 20]: SeUndockPrivilege >>>>> Privilege[ 21]: SeManageVolumePrivilege >>>>> Privilege[ 22]: SeImpersonatePrivilege >>>>> Privilege[ 23]: SeCreateGlobalPrivilege >>>>> Privilege[ 24]: SeEnableDelegationPrivilege >>>>> Rights (0x 0): >>>>> lpcfg_servicenumber: couldn't find ldb >>>>> schema_fsmo_init: we are master[yes] updates allowed[no] >>>>> schema_fsmo_init: we are master[yes] updates allowed[no] >>>>> Traceback (most recent call last): >>>>> File "/usr/sbin/samba_dnsupdate", line 540, in <module> >>>>> c = parse_dns_line(line, {}) >>>>> File "/usr/sbin/samba_dnsupdate", line 179, in parse_dns_line >>>>> return dnsobj(subline) >>>>> File "/usr/sbin/samba_dnsupdate", line 134, in __init__ >>>>> raise Exception("Invalid DNS entry %r" % string_form) >>>>> Exception: Invalid DNS entry 'TDB file' >>>>> >>>> However, I'm not able to find "TDB file" in any of the files in >>>> /var/lib/samba/private/sam.ldb.d. >>>> >>>> Am I looking in the wrong place? Or how can I delete this DNS entry? >>>> >>>> Thank you very much, >>>> Tim >>>> >>>> >>>> >>>> -- >>>> To unsubscribe from this list go to the following URL and read the >>>> instructions: https://lists.samba.org/mailman/options/samba >>>> >>>> >> I wouldn't suggest doing this, unless things have changed, you shouldn't >> directly act on the .ldb files stored in sam.ldb.d >> >> What you can do is: >> >> ldbsearch --show-binary --cross-ncs -H /path/to/sam.ldb | grep 'whatever' >> >> Rowland >> >> >> >> -- >> To unsubscribe from this list go to the following URL and read the >> instructions: https://lists.samba.org/mailman/options/samba >>