Rowland Penny
2024-Jun-30 07:11 UTC
[Samba] Looking for Python docs/examples to modify DNS via keytab
On Sat, 29 Jun 2024 22:10:12 -0700 christian baltini <christian.baltini at gmail.com> wrote:> Hello Rowland, I see that and an trying to recreate the script logic > line-by line in the terminal as a proof of understanding, but I am > having some trouble. > > Here is what I am trying: > > ?kinit administrator? - I then provide username and password,You should just get prompted for the Administrator password, are you doing this as root or with sudo ?> and get > /tmp/krb5cc_0That suggests it is being created by 'root', but what is in the ticket ? Have you run 'klist -c /tmp/krb5cc_0' ?> ? I understand this is equivalent what the script is > generating with the exported keytab file, is this correct?Very similar, just a different user.> > I then try this just as a test command: > > "samba-tool dns zonelist localhost --use-krb5-ccache=/tmp/krbcc_0?. > (I get the same result with my server?s FQDN instead of ?localhost?)If you cut & pasted that command, there is a typo, it is '/tmp/krb5cc_0'> > I have also tried setting the environment variable in the script like > so ?EXPORT KRB5CCNAME=/tmp/krb5cc_0"But then, you seem to have got it right there.> > Do you have any advice on what might not be working?Your command works for myself.> > I have confirmed everything working without the ?use-krb5-ccache and > supplying username and password does work > > As for your question, I have not gotten that far yet : )I would really think about this, there is no point in porting the script unless you have something to trigger it. As far as I can see, there are two options, use kea, but that is, in my opinion, like using the worlds largest hydraulic press to crack a nut, or use dnsmasq just as a dhcp server. Rowland
christian baltini
2024-Jun-30 07:22 UTC
[Samba] Looking for Python docs/examples to modify DNS via keytab
> On Jun 30, 2024, at 12:11?AM, Rowland Penny via samba <samba at lists.samba.org> wrote: > > On Sat, 29 Jun 2024 22:10:12 -0700 > christian baltini <christian.baltini at gmail.com> wrote: > >> Hello Rowland, I see that and an trying to recreate the script logic >> line-by line in the terminal as a proof of understanding, but I am >> having some trouble. >> >> Here is what I am trying: >> >> ?kinit administrator? - I then provide username and password, > > You should just get prompted for the Administrator password, are you > doing this as root or with sudo ?Sorry, you are correct, it is just a password prompt> >> and get >> /tmp/krb5cc_0 > > That suggests it is being created by 'root', but what is in the ticket > ? Have you run 'klist -c /tmp/krb5cc_0' ?This is the output of the above: Ticket cache: FILE:/tmp/krb5cc_0 Default principal: administrator at SAMBA1.MYDOMAIN.COM Valid starting Expires Service principal 06/30/2024 00:16:09 06/30/2024 10:16:09 krbtgt/SAMBA1.MYDOMAIN.COM at SAMBA1.MYDOMAIN.COM renew until 07/01/2024 00:16:01> >> ? I understand this is equivalent what the script is >> generating with the exported keytab file, is this correct? > > Very similar, just a different user. > >> >> I then try this just as a test command: >> >> "samba-tool dns zonelist localhost --use-krb5-ccache=/tmp/krbcc_0?. >> (I get the same result with my server?s FQDN instead of ?localhost?) > > If you cut & pasted that command, there is a typo, it is '/tmp/krb5cc_0' >Sorry, that was a typo in my email, that is what I am typing>> >> I have also tried setting the environment variable in the script like >> so ?EXPORT KRB5CCNAME=/tmp/krb5cc_0" > > But then, you seem to have got it right there. > >> >> Do you have any advice on what might not be working? > > Your command works for myself.This is the output I get: (venv) root at ubu1:~/py_krb# samba-tool dns zonelist localhost --use-krb5-ccache=/tmp/krb5cc_0 Failed to bind to uuid 50abc2a4-574d-40b3-9d66-ee4fd5fba076 for ncacn_ip_tcp:127.0.0.1[49153,sign,abstract_syntax=50abc2a4-574d-40b3-9d66-ee4fd5fba076/0x00000005,localaddress=127.0.0.1] NT_STATUS_INVALID_PARAMETER ERROR: Connecting to DNS RPC server 127.0.0.1 failed with (3221225485, 'An invalid parameter was passed to a service or function.') Am I wrong in thinking this is necessarily some type of kerberos auth issue?> >> >> I have confirmed everything working without the ?use-krb5-ccache and >> supplying username and password does work >> >> As for your question, I have not gotten that far yet : ) > > I would really think about this, there is no point in porting the > script unless you have something to trigger it. As far as I can see, > there are two options, use kea, but that is, in my opinion, like using > the worlds largest hydraulic press to crack a nut, or use dnsmasq just > as a dhcp server. > > Rowland >I see a few a number of uses for a script like this in Python, not just DHCP. If anything I would like to figure it out to learn something. Thank you very much for your responses! Christian> > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba