samba - Jul 2016 - Cannot find invalid DNS entry

So no one has an idea what I can try additionally?

Thanks,
Tim


On 27.07.2016 16:54, mathias dufresne wrote:
> What would have better I reckon would have been to explain...
>
> We should not _write_ directly into these files because, as Andrew
> explained months ago, the change would not be replicated if applied
> directly on these files. To have changes replicated the change MUST be
> applied on sam.ldb file which is a wrapper.
>
> Sharing or not sharing, that is the question : )
>
> 2016-07-27 14:51 GMT+02:00 Rowland penny <rpenny at samba.org>:
>
>> On 27/07/16 13:40, mathias dufresne wrote:
>>
>>> Two files are hosting DNS data:
>>> /path/to/private/sam.ldb.d/DC=DOMAINDNSZONES,DC=blabla.ldb and
>>> /path/to/private/sam.ldb.d/DC=FORESTDNSZONES,DC=blabla.ldb
>>>
>>> DNS entries are sometimes (often? always?) base64 encoded. You
should be
>>> able to "grep" for string these files with:
>>> ldbsearch --show-binary -H
>>> /path/to/private/sam.ldb.d/DC=FORESTDNSZONES,DC=blabla.ldb | grep
"what
>>> you
>>> want"
>>>
>>> 2016-07-27 13:35 GMT+02:00 Tim Dittler <tim.dittler at
rosalux.org>:
>>>
>>> Hello,
>>>> when I run
>>>>
>>>> samba_dnsupdate --verbose --all-names -d10
>>>> it gives me the following output:
>>>>
>>>> INFO: Current debug levels:
>>>>>    all: 10
>>>>>    tdb: 10
>>>>>    printdrivers: 10
>>>>>    lanman: 10
>>>>>    smb: 10
>>>>>    rpc_parse: 10
>>>>>    rpc_srv: 10
>>>>>    rpc_cli: 10
>>>>>    passdb: 10
>>>>>    sam: 10
>>>>>    auth: 10
>>>>>    winbind: 10
>>>>>    vfs: 10
>>>>>    idmap: 10
>>>>>    quota: 10
>>>>>    acls: 10
>>>>>    locking: 10
>>>>>    msdfs: 10
>>>>>    dmapi: 10
>>>>>    registry: 10
>>>>>    scavenger: 10
>>>>>    dns: 10
>>>>>    ldb: 10
>>>>> lpcfg_load: refreshing parameters from /etc/samba/smb.conf
>>>>> Processing section [retained]
>>>>> pm_process() returned Yes
>>>>> added interface brem1 ip=10.10.1.10 bcast=10.10.1.127
>>>>>
>>>> netmask=255.255.255.128
>>>>
>>>>> added interface lo ip=127.0.0.1 bcast=127.255.255.255
netmask=255.0.0.0
>>>>> IPs: ['10.10.1.10']
>>>>> Security token SIDs (1):
>>>>>    SID[  0]: S-1-5-18
>>>>>   Privileges (0xFFFFFFFFFFFFFFFF):
>>>>>    Privilege[  0]: SeMachineAccountPrivilege
>>>>>    Privilege[  1]: SeTakeOwnershipPrivilege
>>>>>    Privilege[  2]: SeBackupPrivilege
>>>>>    Privilege[  3]: SeRestorePrivilege
>>>>>    Privilege[  4]: SeRemoteShutdownPrivilege
>>>>>    Privilege[  5]: SePrintOperatorPrivilege
>>>>>    Privilege[  6]: SeAddUsersPrivilege
>>>>>    Privilege[  7]: SeDiskOperatorPrivilege
>>>>>    Privilege[  8]: SeSecurityPrivilege
>>>>>    Privilege[  9]: SeSystemtimePrivilege
>>>>>    Privilege[ 10]: SeShutdownPrivilege
>>>>>    Privilege[ 11]: SeDebugPrivilege
>>>>>    Privilege[ 12]: SeSystemEnvironmentPrivilege
>>>>>    Privilege[ 13]: SeSystemProfilePrivilege
>>>>>    Privilege[ 14]: SeProfileSingleProcessPrivilege
>>>>>    Privilege[ 15]: SeIncreaseBasePriorityPrivilege
>>>>>    Privilege[ 16]: SeLoadDriverPrivilege
>>>>>    Privilege[ 17]: SeCreatePagefilePrivilege
>>>>>    Privilege[ 18]: SeIncreaseQuotaPrivilege
>>>>>    Privilege[ 19]: SeChangeNotifyPrivilege
>>>>>    Privilege[ 20]: SeUndockPrivilege
>>>>>    Privilege[ 21]: SeManageVolumePrivilege
>>>>>    Privilege[ 22]: SeImpersonatePrivilege
>>>>>    Privilege[ 23]: SeCreateGlobalPrivilege
>>>>>    Privilege[ 24]: SeEnableDelegationPrivilege
>>>>>   Rights (0x               0):
>>>>> lpcfg_servicenumber: couldn't find ldb
>>>>> schema_fsmo_init: we are master[yes] updates allowed[no]
>>>>> schema_fsmo_init: we are master[yes] updates allowed[no]
>>>>> Traceback (most recent call last):
>>>>>    File "/usr/sbin/samba_dnsupdate", line 540, in
<module>
>>>>>      c = parse_dns_line(line, {})
>>>>>    File "/usr/sbin/samba_dnsupdate", line 179, in
parse_dns_line
>>>>>      return dnsobj(subline)
>>>>>    File "/usr/sbin/samba_dnsupdate", line 134, in
__init__
>>>>>      raise Exception("Invalid DNS entry %r" %
string_form)
>>>>> Exception: Invalid DNS entry 'TDB file'
>>>>>
>>>> However, I'm not able to find "TDB file" in any
of the files in
>>>> /var/lib/samba/private/sam.ldb.d.
>>>>
>>>> Am I looking in the wrong place? Or how can I delete this DNS
entry?
>>>>
>>>> Thank you very much,
>>>> Tim
>>>>
>>>>
>>>>
>>>> --
>>>> To unsubscribe from this list go to the following URL and read
the
>>>> instructions:  https://lists.samba.org/mailman/options/samba
>>>>
>>>>
>> I wouldn't suggest doing this, unless things have changed, you
shouldn't
>> directly act on the .ldb files stored in sam.ldb.d
>>
>> What you can do is:
>>
>> ldbsearch --show-binary --cross-ncs -H /path/to/sam.ldb | grep
'whatever'
>>
>> Rowland
>>
>>
>>
>> --
>> To unsubscribe from this list go to the following URL and read the
>> instructions:  https://lists.samba.org/mailman/options/samba
>>

On 28/07/16 14:57, Tim Dittler wrote:
> So no one has an idea what I can try additionally?
>
> Thanks,
> Tim
>
>
>
OK, lets start with the obvious:

What OS
What version of Samba
What is in smb.conf
What is in /etc/krb5.conf
What is in /etc/hosts
What is in /etc/resolv.conf

Rowland

On 28.07.2016 16:20, Rowland penny wrote:
> On 28/07/16 14:57, Tim Dittler wrote:
>> So no one has an idea what I can try additionally?
>>
>> Thanks,
>> Tim
>>
>>
>>
>
> OK, lets start with the obvious:
>
> What OS
# lsb_release -a
No LSB modules are available.
Distributor ID:    Ubuntu
Description:    Ubuntu 14.04.4 LTS
Release:    14.04
Codename:    trusty
> What version of Samba
# samba-tool --version
4.2.14-SerNet-Ubuntu-10.trusty
> What is in smb.conf
[global]
        workgroup = example
        realm = NIX1.example.IO
        netbios name = DC01NIX1example
    # cnames

    netbios aliases = srv example

        interfaces = brem1 lo
    # leave 127.0.1.1 for dnsmasq
    # without this option starting dnsmasq on 127.0.1.1 will not work
        bind interfaces only = Yes
        server role = active directory domain controller

    # file access / rights stuff
    vfs objects = acl_xattr
    map acl inherit = yes
    store dos attributes = yes
    inherit acls = yes
    inherit permissions = yes
    acl group control = yes
    create mask = 770
    directory mask = 770


    # dnsmasq
        dns forwarder = 127.0.1.1

    # lock handling
    reset on zero vc = yes

    # winbind related stuff
        idmap_ldb:use rfc2307 = yes
    template homedir = /srv/samba/home/%U

    spoolss: architecture = Windows x64
    #rpc_server:spoolss = external
    #rpc_daemon:spoolssd = fork

    allow dns updates = nonsecure

    # feeded by shares module
    include = /etc/samba/shares.conf

[netlogon]
        path = /var/lib/samba/sysvol/nix1.example.io/scripts
        read only = No

[sysvol]
        path = /var/lib/samba/sysvol
        read only = No
> What is in /etc/krb5.conf
[libdefaults]
    default_realm = NIX1.example.IO
    dns_lookup_realm = false
    dns_lookup_kdc = true
> What is in /etc/hosts
127.0.0.1    localhost
127.0.0.1    dc01nix1example.nix1.example.io dc01nix1example
127.0.1.1    dc01nix1example.nix1.example.io dc01nix1example

# The following lines are desirable for IPv6 capable hosts
# ::1     localhost ip6-localhost ip6-loopback
# ff02::1 ip6-allnodes
# ff02::2 ip6-allrouters
#
> What is in /etc/resolv.conf
nameserver 127.0.0.1
nameserver 10.10.1.1
nameserver 8.8.8.8
search nix1.example.io example.io abc0.example.io

Regards,
Tim