Hi, I'm adding a few DNS RR's using samba-tool. I've tried to use kerberos but I don't know that to append after -k, I mean: samba-tool dns add 192.168.50.40 ejemplo.com samba4 A 192.168.50.40 -k "something" No clue after something, I've tried with Kerberos, KERBEROS, EXAMPLE.COM Is it that possible? Thanks in advance -- -- Sergio Belkin LPIC-2 Certified - http://www.lpi.org
On Fri, 17 Aug 2018 15:55:09 -0300 Sergio Belkin via samba <samba at lists.samba.org> wrote:> Hi, > > I'm adding a few DNS RR's using samba-tool. I've tried to use > kerberos but I don't know that to append after -k, I mean: > > samba-tool dns add 192.168.50.40 ejemplo.com samba4 A 192.168.50.40 > -k "something" > > No clue after something, I've tried with Kerberos, KERBEROS, > EXAMPLE.COM > > Is it that possible? > > Thanks in advanceThe 'something' is 'yes' You need to kinit as Administrator or a member of an administrative group (Administrators, Domain Admins, etc), then run the commaind as the user. Rowland
On Tue, 21 Aug 2018 16:41:09 -0300 Sergio Belkin <sebelk at gmail.com> wrote:> El vie., 17 ago. 2018 a las 16:06, Rowland Penny via samba (< > samba at lists.samba.org>) escribió: > > > On Fri, 17 Aug 2018 15:55:09 -0300 > > Sergio Belkin via samba <samba at lists.samba.org> wrote: > > > > > Hi, > > > > > > I'm adding a few DNS RR's using samba-tool. I've tried to use > > > kerberos but I don't know that to append after -k, I mean: > > > > > > samba-tool dns add 192.168.50.40 ejemplo.com samba4 A > > > 192.168.50.40 -k "something" > > > > > > No clue after something, I've tried with Kerberos, KERBEROS, > > > EXAMPLE.COM > > > > > > Is it that possible? > > > > > > Thanks in advance > > > > The 'something' is 'yes' > > > > You need to kinit as Administrator or a member of an administrative > > group (Administrators, Domain Admins, etc), then run the commaind as > > the user. > > > > Rowland > > > > -- > > To unsubscribe from this list go to the following URL and read the > > instructions: https://lists.samba.org/mailman/options/samba > > > > > Thanks, now it outputs this error: > > samba-tool dns zonelist 192.168.50.40 -k yes > Failed to bind to uuid 50abc2a4-574d-40b3-9d66-ee4fd5fba076 for > ncacn_ip_tcp:192.168.50.40[49152,sign,abstract_syntax=50abc2a4-574d-40b3-9d66-ee4fd5fba076/0x00000005,localaddress=192.168.50.40] > NT_STATUS_INVALID_PARAMETER > ERROR: Connecting to DNS RPC server 192.168.50.40 failed with > (-1073741811, 'An invalid parameter was passed to a service or > function.') > > And klist -A: > > Credentials cache: FILE:/tmp/krb5cc_0 > Principal: Administrator at EXAMPLE.COM > Cache version: 4 > > Server: krbtgt/EXAMPLE.COM at EXAMPLE.COM > Client: Administrator at EXAMPLE.COM > Ticket etype: aes256-cts-hmac-sha1-96, kvno 1 > Ticket length: 1132 > Auth time: Aug 21 16:12:43 2018 > End time: Aug 22 02:12:43 2018 > Ticket flags: pre-authent, initial, forwardable > Addresses: addressless > > > If I omit "-k yes" it prompts for the password, and works but I'd > like to do the same with kerberos. > > Am I doing something wrong? > > Thanks in advanceThe syntax is 'samba-tool dns zonelist <server>' not 'samba-tool dns zonelist <ipaddress> So, after running kinit as the user, running: samba-tool dns zonelist dc4 -k yes Should get you something like this: 3 zone(s) found pszZoneName : samdom.example.com Flags : DNS_RPC_ZONE_DSINTEGRATED DNS_RPC_ZONE_UPDATE_SECURE ZoneType : DNS_ZONE_TYPE_PRIMARY Version : 50 dwDpFlags : DNS_DP_AUTOCREATED DNS_DP_DOMAIN_DEFAULT DNS_DP_ENLISTED pszDpFqdn : DomainDnsZones.samdom.example.com pszZoneName : 0.168.192.in-addr.arpa Flags : DNS_RPC_ZONE_DSINTEGRATED DNS_RPC_ZONE_UPDATE_SECURE ZoneType : DNS_ZONE_TYPE_PRIMARY Version : 50 dwDpFlags : DNS_DP_AUTOCREATED DNS_DP_DOMAIN_DEFAULT DNS_DP_ENLISTED pszDpFqdn : DomainDnsZones.samdom.example.com pszZoneName : _msdcs.samdom.example.com Flags : DNS_RPC_ZONE_DSINTEGRATED DNS_RPC_ZONE_UPDATE_SECURE ZoneType : DNS_ZONE_TYPE_PRIMARY Version : 50 dwDpFlags : DNS_DP_AUTOCREATED DNS_DP_FOREST_DEFAULT DNS_DP_ENLISTED pszDpFqdn : ForestDnsZones.samdom.example.com Rowland
El mar., 21 ago. 2018 a las 17:01, Rowland Penny via samba (< samba at lists.samba.org>) escribió:> On Tue, 21 Aug 2018 16:41:09 -0300 > Sergio Belkin <sebelk at gmail.com> wrote: > > > El vie., 17 ago. 2018 a las 16:06, Rowland Penny via samba (< > > samba at lists.samba.org>) escribió: > > > > > On Fri, 17 Aug 2018 15:55:09 -0300 > > > Sergio Belkin via samba <samba at lists.samba.org> wrote: > > > > > > > Hi, > > > > > > > > I'm adding a few DNS RR's using samba-tool. I've tried to use > > > > kerberos but I don't know that to append after -k, I mean: > > > > > > > > samba-tool dns add 192.168.50.40 ejemplo.com samba4 A > > > > 192.168.50.40 -k "something" > > > > > > > > No clue after something, I've tried with Kerberos, KERBEROS, > > > > EXAMPLE.COM > > > > > > > > Is it that possible? > > > > > > > > Thanks in advance > > > > > > The 'something' is 'yes' > > > > > > You need to kinit as Administrator or a member of an administrative > > > group (Administrators, Domain Admins, etc), then run the commaind as > > > the user. > > > > > > Rowland > > > > > > -- > > > To unsubscribe from this list go to the following URL and read the > > > instructions: https://lists.samba.org/mailman/options/samba > > > > > > > > > Thanks, now it outputs this error: > > > > samba-tool dns zonelist 192.168.50.40 -k yes > > Failed to bind to uuid 50abc2a4-574d-40b3-9d66-ee4fd5fba076 for > > > ncacn_ip_tcp:192.168.50.40[49152,sign,abstract_syntax=50abc2a4-574d-40b3-9d66-ee4fd5fba076/0x00000005,localaddress=192.168.50.40] > > NT_STATUS_INVALID_PARAMETER > > ERROR: Connecting to DNS RPC server 192.168.50.40 failed with > > (-1073741811, 'An invalid parameter was passed to a service or > > function.') > > > > And klist -A: > > > > Credentials cache: FILE:/tmp/krb5cc_0 > > Principal: Administrator at EXAMPLE.COM > > Cache version: 4 > > > > Server: krbtgt/EXAMPLE.COM at EXAMPLE.COM > > Client: Administrator at EXAMPLE.COM > > Ticket etype: aes256-cts-hmac-sha1-96, kvno 1 > > Ticket length: 1132 > > Auth time: Aug 21 16:12:43 2018 > > End time: Aug 22 02:12:43 2018 > > Ticket flags: pre-authent, initial, forwardable > > Addresses: addressless > > > > > > If I omit "-k yes" it prompts for the password, and works but I'd > > like to do the same with kerberos. > > > > Am I doing something wrong? > > > > Thanks in advance > > The syntax is 'samba-tool dns zonelist <server>' not 'samba-tool dns > zonelist <ipaddress> > > So, after running kinit as the user, running: > > samba-tool dns zonelist dc4 -k yes > > Should get you something like this: > > 3 zone(s) found > > pszZoneName : samdom.example.com > Flags : DNS_RPC_ZONE_DSINTEGRATED > DNS_RPC_ZONE_UPDATE_SECURE > ZoneType : DNS_ZONE_TYPE_PRIMARY > Version : 50 > dwDpFlags : DNS_DP_AUTOCREATED DNS_DP_DOMAIN_DEFAULT > DNS_DP_ENLISTED > pszDpFqdn : DomainDnsZones.samdom.example.com > > pszZoneName : 0.168.192.in-addr.arpa > Flags : DNS_RPC_ZONE_DSINTEGRATED > DNS_RPC_ZONE_UPDATE_SECURE > ZoneType : DNS_ZONE_TYPE_PRIMARY > Version : 50 > dwDpFlags : DNS_DP_AUTOCREATED DNS_DP_DOMAIN_DEFAULT > DNS_DP_ENLISTED > pszDpFqdn : DomainDnsZones.samdom.example.com > > pszZoneName : _msdcs.samdom.example.com > Flags : DNS_RPC_ZONE_DSINTEGRATED > DNS_RPC_ZONE_UPDATE_SECURE > ZoneType : DNS_ZONE_TYPE_PRIMARY > Version : 50 > dwDpFlags : DNS_DP_AUTOCREATED DNS_DP_FOREST_DEFAULT > DNS_DP_ENLISTED > pszDpFqdn : ForestDnsZones.samdom.example.com > > Rowland > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba >Thanks that made the trick. I wonder why does it work with IP address using password :-) -- -- Sergio Belkin LPIC-2 Certified - http://www.lpi.org