Hi all!
I operate an AD domain on samba4, provisioned some years ago. At
provision some dns zones created, linked to my domain.
I name domain as subdomain of my internet domain:
AD dc.samges.ru, internet zone samges.ru
Forward zones:
dc.samges.ru
_msdcs.dc.samges.ru
All worked normal, but then my coworker create forward zone
samges.ru (using windows RSAT tools)
It serves some names, I can add names to it but not delete records from
it. When I try, I got this error:
root at ad51:~# samba-tool dns delete ad51.samges.ru samges.ru vjud A
213.156.210.216 -U lmy
GENSEC backend 'gssapi_spnego' registered
GENSEC backend 'gssapi_krb5' registered
GENSEC backend 'gssapi_krb5_sasl' registered
GENSEC backend 'schannel' registered
GENSEC backend 'spnego' registered
GENSEC backend 'ntlmssp' registered
GENSEC backend 'krb5' registered
GENSEC backend 'fake_gssapi_krb5' registered
Using binding ncacn_ip_tcp:ad51.samges.ru[,sign]
Password for [SAMGES\lmy]:
... (-d 10 debug level follows)
GSSAPI Connection will be cryptographically signed
../librpc/rpc/dcerpc_util.c:140: auth_pad_length 0
rpc request data:
[0000] 00 00 07 00 00 00 00 00 00 00 02 00 0F 00 00 00 ........ ........
[0010] 00 00 00 00 0F 00 00 00 61 00 64 00 35 00 31 00 ........ a.d.5.1.
[0020] 2E 00 73 00 61 00 6D 00 67 00 65 00 73 00 2E 00 ..s.a.m. g.e.s...
[0030] 72 00 75 00 00 00 00 00 04 00 02 00 0A 00 00 00 r.u..... ........
[0040] 00 00 00 00 0A 00 00 00 73 61 6D 67 65 73 2E 72 ........ samges.r
[0050] 75 00 00 00 08 00 02 00 0A 00 00 00 00 00 00 00 u....... ........
[0060] 0A 00 00 00 74 68 65 73 69 73 2D 63 74 00 00 00 ....thes is-ct...
[0070] 00 00 00 00 01 00 00 00 01 00 00 00 00 00 00 00 ........ ........
[0080] 00 00 00 00 ....
../librpc/rpc/dcerpc_util.c:140: auth_pad_length 4
rpc reply data:
[0000] 2C 00 00 00 0C 00 02 00 2C 00 00 00 10 00 01 00 ,....... ,.......
[0010] 00 00 00 00 00 00 00 00 00 00 00 00 04 00 01 00 ........ ........
[0020] F0 00 00 00 05 00 00 00 10 0E 00 00 5C 9A 37 00 ........ ....\.7.
[0030] 00 00 00 00 AC 10 D6 9F 00 00 00 00 ........ ....
rpc request data:
[0000] 00 00 07 00 00 00 00 00 00 00 02 00 0F 00 00 00 ........ ........
[0010] 00 00 00 00 0F 00 00 00 61 00 64 00 35 00 31 00 ........ a.d.5.1.
[0020] 2E 00 73 00 61 00 6D 00 67 00 65 00 73 00 2E 00 ..s.a.m. g.e.s...
[0030] 72 00 75 00 00 00 00 00 04 00 02 00 0A 00 00 00 r.u..... ........
[0040] 00 00 00 00 0A 00 00 00 73 61 6D 67 65 73 2E 72 ........ samges.r
[0050] 75 00 00 00 0A 00 00 00 00 00 00 00 0A 00 00 00 u....... ........
[0060] 74 68 65 73 69 73 2D 63 74 00 00 00 00 00 00 00 thesis-c t.......
[0070] 08 00 02 00 04 00 00 00 04 00 01 00 F0 00 00 00 ........ ........
[0080] 05 00 00 00 10 0E 00 00 5C 9A 37 00 00 00 00 00 ........ \.7.....
[0090] AC 10 D6 9F ....
../librpc/rpc/dcerpc_util.c:140: auth_pad_length 12
rpc reply data:
[0000] 67 05 00 00 g...
ERROR(runtime): uncaught exception - (1383, 'WERR_INTERNAL_DB_ERROR')
File "/usr/lib/python2.7/dist-packages/samba/netcmd/__init__.py",
line 175, in _run
return self.run(*args, **kwargs)
File "/usr/lib/python2.7/dist-packages/samba/netcmd/dns.py", line
1184, in run
del_rec_buf)
Windows RSAT tool also show this error. How to I can check internal DNS
DB and fix it? samba-tool dbcheck work only with LDAP catalog? It show
no errors on that DC (one of two).
I want completely delete zone samges.ru from DCs, forwarding to other
nameserver is configured and working.
But while this zone exist on DC it serves first, but not forwarded.
--
Mike Lykov, system administrator
On Tue, 8 Nov 2016 11:20:07 +0400 Mike Lykov via samba <samba at lists.samba.org> wrote:> Hi all! > > I operate an AD domain on samba4, provisioned some years ago. At > provision some dns zones created, linked to my domain. > > I name domain as subdomain of my internet domain: > AD dc.samges.ru, internet zone samges.ru > > Forward zones: > dc.samges.ru > _msdcs.dc.samges.ru > > All worked normal, but then my coworker create forward zone > samges.ru (using windows RSAT tools) > > It serves some names, I can add names to it but not delete records > from it. When I try, I got this error: > > root at ad51:~# samba-tool dns delete ad51.samges.ru samges.ru vjud A > 213.156.210.216 -U lmy > GENSEC backend 'gssapi_spnego' registered > GENSEC backend 'gssapi_krb5' registered > GENSEC backend 'gssapi_krb5_sasl' registered > GENSEC backend 'schannel' registered > GENSEC backend 'spnego' registered > GENSEC backend 'ntlmssp' registered > GENSEC backend 'krb5' registered > GENSEC backend 'fake_gssapi_krb5' registered > Using binding ncacn_ip_tcp:ad51.samges.ru[,sign] > Password for [SAMGES\lmy]: > ... (-d 10 debug level follows) > GSSAPI Connection will be cryptographically signed > ../librpc/rpc/dcerpc_util.c:140: auth_pad_length 0 > rpc request data: > [0000] 00 00 07 00 00 00 00 00 00 00 02 00 0F 00 00 > 00 ........ ........ [0010] 00 00 00 00 0F 00 00 00 61 00 64 00 > 35 00 31 00 ........ a.d.5.1. [0020] 2E 00 73 00 61 00 6D 00 67 > 00 65 00 73 00 2E 00 ..s.a.m. g.e.s... [0030] 72 00 75 00 00 00 00 > 00 04 00 02 00 0A 00 00 00 r.u..... ........ [0040] 00 00 00 00 > 0A 00 00 00 73 61 6D 67 65 73 2E 72 ........ samges.r [0050] 75 > 00 00 00 08 00 02 00 0A 00 00 00 00 00 00 00 u....... ........ > [0060] 0A 00 00 00 74 68 65 73 69 73 2D 63 74 00 00 00 ....thes > is-ct... [0070] 00 00 00 00 01 00 00 00 01 00 00 00 00 00 00 > 00 ........ ........ [0080] 00 00 00 > 00 .... ../librpc/rpc/dcerpc_util.c:140: > auth_pad_length 4 rpc reply data: [0000] 2C 00 00 00 0C 00 02 00 2C > 00 00 00 10 00 01 00 ,....... ,....... [0010] 00 00 00 00 00 00 00 > 00 00 00 00 00 04 00 01 00 ........ ........ [0020] F0 00 00 00 > 05 00 00 00 10 0E 00 00 5C 9A 37 00 ........ ....\.7. [0030] 00 > 00 00 00 AC 10 D6 9F 00 00 00 00 ........ .... rpc > request data: [0000] 00 00 07 00 00 00 00 00 00 00 02 00 0F 00 00 > 00 ........ ........ [0010] 00 00 00 00 0F 00 00 00 61 00 64 00 > 35 00 31 00 ........ a.d.5.1. [0020] 2E 00 73 00 61 00 6D 00 67 > 00 65 00 73 00 2E 00 ..s.a.m. g.e.s... [0030] 72 00 75 00 00 00 00 > 00 04 00 02 00 0A 00 00 00 r.u..... ........ [0040] 00 00 00 00 > 0A 00 00 00 73 61 6D 67 65 73 2E 72 ........ samges.r [0050] 75 > 00 00 00 0A 00 00 00 00 00 00 00 0A 00 00 00 u....... ........ > [0060] 74 68 65 73 69 73 2D 63 74 00 00 00 00 00 00 00 thesis-c > t....... [0070] 08 00 02 00 04 00 00 00 04 00 01 00 F0 00 00 > 00 ........ ........ [0080] 05 00 00 00 10 0E 00 00 5C 9A 37 00 > 00 00 00 00 ........ \.7..... [0090] AC 10 D6 > 9F .... ../librpc/rpc/dcerpc_util.c:140: > auth_pad_length 12 rpc reply data: [0000] 67 05 00 > 00 g... ERROR(runtime): > uncaught exception - (1383, 'WERR_INTERNAL_DB_ERROR') File > "/usr/lib/python2.7/dist-packages/samba/netcmd/__init__.py", line > 175, in _run return self.run(*args, **kwargs) > File "/usr/lib/python2.7/dist-packages/samba/netcmd/dns.py", line > 1184, in run > del_rec_buf) > > > Windows RSAT tool also show this error. How to I can check internal > DNS DB and fix it? samba-tool dbcheck work only with LDAP catalog? It > show no errors on that DC (one of two). > > I want completely delete zone samges.ru from DCs, forwarding to other > nameserver is configured and working. > But while this zone exist on DC it serves first, but not forwarded. >Have you tried doing the delete as Administrator ? Also try adding '--cross-ncs' to 'samba-tool dbcheck' Rowland
08.11.2016 12:02, Rowland Penny via samba пишет:>> I want completely delete zone samges.ru from DCs, forwarding to other >> nameserver is configured and working. >> But while this zone exist on DC it serves first, but not forwarded. >> > > Have you tried doing the delete as Administrator ?Same result. (lmy also in Domain Admins group)> Also try adding '--cross-ncs' to 'samba-tool dbcheck'It has an errors, but all about deleted computer objects (my early letter here). -- Mike Lykov, system administrator