samba - Jun 2024 - Looking for Python docs/examples to modify DNS via keytab

Hello Rowland, I see that and an trying to recreate the script logic line-by
line in the terminal as a proof of understanding, but I am having some trouble.

Here is what I am trying:

?kinit administrator? - I then provide username and password, and get
/tmp/krb5cc_0 ? I understand this is equivalent what the script is generating
with the exported keytab file, is this correct?

I then try this just as a test command:

"samba-tool dns zonelist localhost --use-krb5-ccache=/tmp/krbcc_0?. (I get
the same result with my server?s FQDN instead of ?localhost?)

I have also tried setting the environment variable in the script like so ?EXPORT
KRB5CCNAME=/tmp/krb5cc_0"

Do you have any advice on what might not be working?

I have confirmed everything working without the ?use-krb5-ccache and supplying
username and password does work

As for your question, I have not gotten that far yet : )

Thank you.
> On Jun 29, 2024, at 1:29?AM, Rowland Penny via samba <samba at
lists.samba.org> wrote:
> 
> On Fri, 28 Jun 2024 13:07:06 -0700
> christian baltini via samba <samba at lists.samba.org> wrote:
> 
>> Hello all,
>> 
>> I am looking to rewrite the shell script here
>> (https://wiki.samba.org/index.php/Configure_DHCP_to_update_DNS_records)
>> in Python.
> 
> Basically most of that script is written to check if a kerberos ticket
> exists and is current and then the ticket is used with samba-tool to
> carry out deletions/additions, so it might be worth while examining the
> relevant samba-tool code.
> 
> Your main problem is going to be is that the isc-dhcp-server (that
> triggers the bash script) is now EOL, what were you thinking of
> replacing it with ?
> 
> Rowland
> 
> 
> 
> -- 
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba

On Sat, 29 Jun 2024 22:10:12 -0700
christian baltini <christian.baltini at gmail.com> wrote:
> Hello Rowland, I see that and an trying to recreate the script logic
> line-by line in the terminal as a proof of understanding, but I am
> having some trouble.
> 
> Here is what I am trying:
> 
> ?kinit administrator? - I then provide username and password,
You should just get prompted for the Administrator password, are you
doing this as root or with sudo ?
> and get
> /tmp/krb5cc_0 
That suggests it is being created by 'root', but what is in the ticket
? Have you run 'klist -c /tmp/krb5cc_0' ?
> ? I understand this is equivalent what the script is
> generating with the exported keytab file, is this correct?
Very similar, just a different user.
> 
> I then try this just as a test command:
> 
> "samba-tool dns zonelist localhost --use-krb5-ccache=/tmp/krbcc_0?.
> (I get the same result with my server?s FQDN instead of ?localhost?)
If you cut & pasted that command, there is a typo, it is
'/tmp/krb5cc_0'
> 
> I have also tried setting the environment variable in the script like
> so ?EXPORT KRB5CCNAME=/tmp/krb5cc_0"
But then, you seem to have got it right there.
> 
> Do you have any advice on what might not be working?
Your command works for myself.
> 
> I have confirmed everything working without the ?use-krb5-ccache and
> supplying username and password does work
> 
> As for your question, I have not gotten that far yet : )
I would really think about this, there is no point in porting the
script unless you have something to trigger it. As far as I can see,
there are two options, use kea, but that is, in my opinion, like using
the worlds largest hydraulic press to crack a nut, or use dnsmasq just
as a dhcp server.

Rowland