christian baltini
2024-Jun-30 05:10 UTC
[Samba] Looking for Python docs/examples to modify DNS via keytab
Hello Rowland, I see that and an trying to recreate the script logic line-by line in the terminal as a proof of understanding, but I am having some trouble. Here is what I am trying: ?kinit administrator? - I then provide username and password, and get /tmp/krb5cc_0 ? I understand this is equivalent what the script is generating with the exported keytab file, is this correct? I then try this just as a test command: "samba-tool dns zonelist localhost --use-krb5-ccache=/tmp/krbcc_0?. (I get the same result with my server?s FQDN instead of ?localhost?) I have also tried setting the environment variable in the script like so ?EXPORT KRB5CCNAME=/tmp/krb5cc_0" Do you have any advice on what might not be working? I have confirmed everything working without the ?use-krb5-ccache and supplying username and password does work As for your question, I have not gotten that far yet : ) Thank you.> On Jun 29, 2024, at 1:29?AM, Rowland Penny via samba <samba at lists.samba.org> wrote: > > On Fri, 28 Jun 2024 13:07:06 -0700 > christian baltini via samba <samba at lists.samba.org> wrote: > >> Hello all, >> >> I am looking to rewrite the shell script here >> (https://wiki.samba.org/index.php/Configure_DHCP_to_update_DNS_records) >> in Python. > > Basically most of that script is written to check if a kerberos ticket > exists and is current and then the ticket is used with samba-tool to > carry out deletions/additions, so it might be worth while examining the > relevant samba-tool code. > > Your main problem is going to be is that the isc-dhcp-server (that > triggers the bash script) is now EOL, what were you thinking of > replacing it with ? > > Rowland > > > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba
Rowland Penny
2024-Jun-30 07:11 UTC
[Samba] Looking for Python docs/examples to modify DNS via keytab
On Sat, 29 Jun 2024 22:10:12 -0700 christian baltini <christian.baltini at gmail.com> wrote:> Hello Rowland, I see that and an trying to recreate the script logic > line-by line in the terminal as a proof of understanding, but I am > having some trouble. > > Here is what I am trying: > > ?kinit administrator? - I then provide username and password,You should just get prompted for the Administrator password, are you doing this as root or with sudo ?> and get > /tmp/krb5cc_0That suggests it is being created by 'root', but what is in the ticket ? Have you run 'klist -c /tmp/krb5cc_0' ?> ? I understand this is equivalent what the script is > generating with the exported keytab file, is this correct?Very similar, just a different user.> > I then try this just as a test command: > > "samba-tool dns zonelist localhost --use-krb5-ccache=/tmp/krbcc_0?. > (I get the same result with my server?s FQDN instead of ?localhost?)If you cut & pasted that command, there is a typo, it is '/tmp/krb5cc_0'> > I have also tried setting the environment variable in the script like > so ?EXPORT KRB5CCNAME=/tmp/krb5cc_0"But then, you seem to have got it right there.> > Do you have any advice on what might not be working?Your command works for myself.> > I have confirmed everything working without the ?use-krb5-ccache and > supplying username and password does work > > As for your question, I have not gotten that far yet : )I would really think about this, there is no point in porting the script unless you have something to trigger it. As far as I can see, there are two options, use kea, but that is, in my opinion, like using the worlds largest hydraulic press to crack a nut, or use dnsmasq just as a dhcp server. Rowland