thr3ads.net - samba - [Samba] samba-tool dns zoneoptions --mark-old-records-static [Nov 2023]

If this information is useful, please help other people find it:
Share via:

Sam R

2023-Nov-08 16:41 UTC

[Samba] samba-tool dns zoneoptions --mark-old-records-static

In short, I have my dns records in :
CN=MicrosoftDNS,DC=ForestDnsZones,DC=ariane,DC=intra

and I have root dns in :
CN=MicrosoftDNS,DC=DomainDnsZones,DC=ariane,DC=intra

but I don't have a "MicrosoftDNS" entry in DC=ariane,DC=intra

Samuel

Le mer. 8 nov. 2023 ? 17:27, Sam R <sr42354 at gmail.com> a ?crit :
> Yes
>
> Le mer. 8 nov. 2023 ? 17:22, Rowland Penny via samba <
> samba at lists.samba.org> a ?crit :
>
>> On Wed, 8 Nov 2023 17:11:45 +0100
>> Sam R via samba <samba at lists.samba.org> wrote:
>>
>> > Sorry for the 'CC', here is the result :
>> > search error - LDAP error 32 LDAP_NO_SUCH_OBJECT -  <acl_read:
Error
>> > retrieving instanceType for base. at
>> > ../../source4/dsdb/samdb/ldb_modules/acl_read.c:967> <>
>> >
>> >
>>
>> When I run it, I get every machine in the AD forward zone and that
>> command is what your original samba-tool command runs.
>>
>> Try this command:
>>
>> sudo samba-tool dns zonelist server1 -P
>>
>> Is 'example.com' listed ?
>>
>> Rowland
>>
>> --
>> To unsubscribe from this list go to the following URL and read the
>> instructions:  https://lists.samba.org/mailman/options/samba
>>
>

Rowland Penny

2023-Nov-08 16:58 UTC

head link

[Samba] samba-tool dns zoneoptions --mark-old-records-static

On Wed, 8 Nov 2023 17:41:04 +0100
Sam R via samba <samba at lists.samba.org> wrote:
> In short, I have my dns records in :
> CN=MicrosoftDNS,DC=ForestDnsZones,DC=ariane,DC=intra
That is your forest dns
> 
> and I have root dns in :
> CN=MicrosoftDNS,DC=DomainDnsZones,DC=ariane,DC=intra
That is your domain dns
> 
> but I don't have a "MicrosoftDNS" entry in DC=ariane,DC=intra
But I never asked to to search there, I asked you to search in this
base:

DC=example.com,CN=MicrosoftDNS,DC=DomainDNSZones,DC=example,DC=com

The first part is your dns forward zone and from what you posted above,
it should be 'DC=ariane.intra'

The last part is baseDN and again, it should be 'DC=ariane,DC=imtra'

So if you run the ldbsearch command I posted, with your dns data and it
returns the records, then as you have basically run the search that the
'samba-tool dns zoneoptions' command runs (and fails), then it looks
like a permissions problem.
Run (as root) 'kinit Administrator'
Then run your 'samba-tool dns zoneoptions' command again, but add
'--use-kerberos=required' and see if that works.

Rowland

samba - Nov 2023 - samba-tool dns zoneoptions --mark-old-records-static

[Samba] samba-tool dns zoneoptions --mark-old-records-static

[Samba] samba-tool dns zoneoptions --mark-old-records-static