Querying DNS info samba4

classic Classic list List threaded Threaded
9 messages Options
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Querying DNS info samba4

Greg Dickie-2

Hi,

  Is the DNS DECRPC supposed to work yet? I'm getting
WERR_DNS_ERROR_DS_UNAVAILABLE.

Thanks,
Greg

[root@ads2 samba-master]# /usr/local/samba/bin/samba-tool dns serverinfo
192.168.169.47
Password for [[hidden email]]:
ERROR(runtime): uncaught exception - (9717,
'WERR_DNS_ERROR_DS_UNAVAILABLE')
  File
"/usr/local/samba/lib64/python2.6/site-packages/samba/netcmd/__init__.py", line 160, in _run
    return self.run(*args, **kwargs)
  File
"/usr/local/samba/lib64/python2.6/site-packages/samba/netcmd/dns.py",
line 681, in run
    'ServerInfo')


--
Greg Dickie
just a guy
514-983-5400

Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Querying DNS info samba4

Amitay Isaacs
On Tue, Apr 17, 2012 at 3:29 AM, Greg Dickie <[hidden email]> wrote:

>
> Hi,
>
>  Is the DNS DECRPC supposed to work yet? I'm getting
> WERR_DNS_ERROR_DS_UNAVAILABLE.
>
> Thanks,
> Greg
>
> [root@ads2 samba-master]# /usr/local/samba/bin/samba-tool dns serverinfo
> 192.168.169.47
> Password for [[hidden email]]:
> ERROR(runtime): uncaught exception - (9717,
> 'WERR_DNS_ERROR_DS_UNAVAILABLE')
>  File
> "/usr/local/samba/lib64/python2.6/site-packages/samba/netcmd/__init__.py", line 160, in _run
>    return self.run(*args, **kwargs)
>  File
> "/usr/local/samba/lib64/python2.6/site-packages/samba/netcmd/dns.py",
> line 681, in run
>    'ServerInfo')
>

It's definitely working. Can you check if you are seeing any output
from samba when you run samba-tool dns serverinfo command?

Amitay.
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Querying DNS info samba4

Greg Dickie-2

Oops, forgot the group

Hi Amitay,

  I don't see anything particularly interesting even bumping log level
to 2. It looks like it just won't respond to the DNS endpoint. I don't
think it's the client since if I run it again my Win2003 SBS server it
works (although I get an exception on missing MaxSa attribute).

Thanks for the response, I'll keep digging in the code.
Greg



On Wed, 2012-04-18 at 13:50 +1000, Amitay Isaacs wrote:

> On Tue, Apr 17, 2012 at 3:29 AM, Greg Dickie <[hidden email]> wrote:
> >
> > Hi,
> >
> >  Is the DNS DECRPC supposed to work yet? I'm getting
> > WERR_DNS_ERROR_DS_UNAVAILABLE.
> >
> > Thanks,
> > Greg
> >
> > [root@ads2 samba-master]# /usr/local/samba/bin/samba-tool dns serverinfo
> > 192.168.169.47
> > Password for [[hidden email]]:
> > ERROR(runtime): uncaught exception - (9717,
> > 'WERR_DNS_ERROR_DS_UNAVAILABLE')
> >  File
> > "/usr/local/samba/lib64/python2.6/site-packages/samba/netcmd/__init__.py", line 160, in _run
> >    return self.run(*args, **kwargs)
> >  File
> > "/usr/local/samba/lib64/python2.6/site-packages/samba/netcmd/dns.py",
> > line 681, in run
> >    'ServerInfo')
> >
>
> It's definitely working. Can you check if you are seeing any output
> from samba when you run samba-tool dns serverinfo command?
>
> Amitay.

--
Greg Dickie
just a guy
514-983-5400

Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Querying DNS info samba4

Amitay Isaacs
In reply to this post by Amitay Isaacs
On Fri, Apr 20, 2012 at 1:17 AM, Greg Dickie <[hidden email]> wrote:

>
> Hi Amitay,
>
>  I don't see anything particularly interesting even bumping log level
> to 2. It looks like it just won't respond to the DNS endpoint. I don't
> think it's the client since if I run it again my Win2003 SBS server it
> works (although I get an exception on missing MaxSa attribute).
>
> Thanks for the response, I'll keep digging in the code.
> Greg
>

Hi Greg,

Looks like dnsserver RPC endpoint server is not starting. Can you
check if you have a line in smb.conf for dcerpc_endpoint_servers?

Amitay.
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Querying DNS info samba4

Greg Dickie-2

Hi Amitay,

I did check that. No lines in the file, and testparm -v gives
dcerpc endpoint servers = epmapper, srvsvc, wkssvc, rpcecho, samr,
netlogon, lsarpc, spoolss, drsuapi, winreg, dssetup, unixinfo, browser,
eventlog6, backupkey, dnsserver

BTW: This is Version 4.0.0alpha20-GIT-e49efe9

thanks,
Greg

On Fri, 2012-04-20 at 08:16 +1000, Amitay Isaacs wrote:

> On Fri, Apr 20, 2012 at 1:17 AM, Greg Dickie <[hidden email]> wrote:
> >
> > Hi Amitay,
> >
> >  I don't see anything particularly interesting even bumping log level
> > to 2. It looks like it just won't respond to the DNS endpoint. I don't
> > think it's the client since if I run it again my Win2003 SBS server it
> > works (although I get an exception on missing MaxSa attribute).
> >
> > Thanks for the response, I'll keep digging in the code.
> > Greg
> >
>
> Hi Greg,
>
> Looks like dnsserver RPC endpoint server is not starting. Can you
> check if you have a line in smb.conf for dcerpc_endpoint_servers?
>
> Amitay.

--
Greg Dickie
just a guy
514-983-5400

Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Querying DNS info samba4

Greg Dickie-2
In reply to this post by Amitay Isaacs
Hi Amitay,

  I think I may have figured this out. My AD started out as a 2003 SBS
system so the schemas are a bit different. Looking in the rpcdce code
for DNS I see that dnsserver_init_serverinfo
(rpc_server/dnsserver/dnsutils.c ) is called and starts looking for

CN=MicrosoftDNS,DC=DomainDnsZones,...,

My schema does not have that, the closest I could find is something that
looks like this:

dn:
DC=DomainDnsZones,DC=example.local,CN=MicrosoftDNS,CN=System,DC=example,DC=local
objectClass: top
objectClass: dnsNode
instanceType: 4
whenCreated: 20060831201837.0Z
uSNCreated: 8166
showInAdvancedViewOnly: TRUE
name: DomainDnsZones
objectGUID: aee468f7-e2bd-457d-b15d-63572897fe62
objectCategory:
CN=Dns-Node,CN=Schema,CN=Configuration,DC=example,DC=local
dNSTombstoned: FALSE
dc: DomainDnsZones
whenChanged: 20120424001126.0Z
uSNChanged: 9014
dnsRecord:: BAABAAXwAABa3QYAAAACWAAAAADgAzcAwKipCw==
dnsRecord:: BAABAAXwAABa3QYAAAACWAAAAAC0aDYAwKhCAQ==
dnsRecord:: BAABAAXwAABa3QYAAAACWAAAAAC0aDYAwKhYAQ==
distinguishedName:
DC=DomainDnsZones,DC=example.local,CN=MicrosoftDNS,CN=Sy
 stem,DC=example,DC=local


So my question is shouldn't I get a different error or some other indication that samba doesn't
handle the schema? As a followup, should samba handle the schema? The client can talk to the SBS server just fine.

Thanks,
Greg


On Fri, 2012-04-20 at 08:16 +1000, Amitay Isaacs wrote:

> On Fri, Apr 20, 2012 at 1:17 AM, Greg Dickie <[hidden email]> wrote:
> >
> > Hi Amitay,
> >
> >  I don't see anything particularly interesting even bumping log level
> > to 2. It looks like it just won't respond to the DNS endpoint. I don't
> > think it's the client since if I run it again my Win2003 SBS server it
> > works (although I get an exception on missing MaxSa attribute).
> >
> > Thanks for the response, I'll keep digging in the code.
> > Greg
> >
>
> Hi Greg,
>
> Looks like dnsserver RPC endpoint server is not starting. Can you
> check if you have a line in smb.conf for dcerpc_endpoint_servers?
>
> Amitay.

--
Greg Dickie
just a guy
514-983-5400


Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Querying DNS info samba4

Amitay Isaacs
On Wed, Apr 25, 2012 at 5:35 AM, Greg Dickie <[hidden email]> wrote:

> Hi Amitay,
>
>  I think I may have figured this out. My AD started out as a 2003 SBS
> system so the schemas are a bit different. Looking in the rpcdce code
> for DNS I see that dnsserver_init_serverinfo
> (rpc_server/dnsserver/dnsutils.c ) is called and starts looking for
>
> CN=MicrosoftDNS,DC=DomainDnsZones,...,
>
> My schema does not have that, the closest I could find is something that
> looks like this:
>
> dn:
> DC=DomainDnsZones,DC=example.local,CN=MicrosoftDNS,CN=System,DC=example,DC=local
> objectClass: top
> objectClass: dnsNode
> instanceType: 4
> whenCreated: 20060831201837.0Z
> uSNCreated: 8166
> showInAdvancedViewOnly: TRUE
> name: DomainDnsZones
> objectGUID: aee468f7-e2bd-457d-b15d-63572897fe62
> objectCategory:
> CN=Dns-Node,CN=Schema,CN=Configuration,DC=example,DC=local
> dNSTombstoned: FALSE
> dc: DomainDnsZones
> whenChanged: 20120424001126.0Z
> uSNChanged: 9014
> dnsRecord:: BAABAAXwAABa3QYAAAACWAAAAADgAzcAwKipCw==
> dnsRecord:: BAABAAXwAABa3QYAAAACWAAAAAC0aDYAwKhCAQ==
> dnsRecord:: BAABAAXwAABa3QYAAAACWAAAAAC0aDYAwKhYAQ==
> distinguishedName:
> DC=DomainDnsZones,DC=example.local,CN=MicrosoftDNS,CN=Sy
>  stem,DC=example,DC=local
>
>
> So my question is shouldn't I get a different error or some other indication that samba doesn't
> handle the schema? As a followup, should samba handle the schema? The client can talk to the SBS server just fine.
>
> Thanks,
> Greg

Hi Greg,

The older versions of window server (2003 and older) created the DNS
containers under CN=System in the domain partition, whereas the newer
windows server (2008+) creates separate application partitions for
DNS. DNS RPC server uses DNS partitions to store the DNS zone
information. But for querying purposes, dlz_bind9 module and internal
DNS server both can read records from CN=System in domain partition.
DNS RPC server can be easily modified to support CN=System for DNS
information. Patches are welcome! ;-)

Amitay.
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Querying DNS info samba4

Greg Dickie-2
Thanks Amitay,

   I was working on a patch but I had some trouble detecting which
partition to use. I'll try and get back to it later.

I really appreciate the help.
Greg

On Thu, 2012-04-26 at 00:39 +1000, Amitay Isaacs wrote:

> On Wed, Apr 25, 2012 at 5:35 AM, Greg Dickie <[hidden email]> wrote:
> > Hi Amitay,
> >
> >  I think I may have figured this out. My AD started out as a 2003 SBS
> > system so the schemas are a bit different. Looking in the rpcdce code
> > for DNS I see that dnsserver_init_serverinfo
> > (rpc_server/dnsserver/dnsutils.c ) is called and starts looking for
> >
> > CN=MicrosoftDNS,DC=DomainDnsZones,...,
> >
> > My schema does not have that, the closest I could find is something that
> > looks like this:
> >
> > dn:
> > DC=DomainDnsZones,DC=example.local,CN=MicrosoftDNS,CN=System,DC=example,DC=local
> > objectClass: top
> > objectClass: dnsNode
> > instanceType: 4
> > whenCreated: 20060831201837.0Z
> > uSNCreated: 8166
> > showInAdvancedViewOnly: TRUE
> > name: DomainDnsZones
> > objectGUID: aee468f7-e2bd-457d-b15d-63572897fe62
> > objectCategory:
> > CN=Dns-Node,CN=Schema,CN=Configuration,DC=example,DC=local
> > dNSTombstoned: FALSE
> > dc: DomainDnsZones
> > whenChanged: 20120424001126.0Z
> > uSNChanged: 9014
> > dnsRecord:: BAABAAXwAABa3QYAAAACWAAAAADgAzcAwKipCw==
> > dnsRecord:: BAABAAXwAABa3QYAAAACWAAAAAC0aDYAwKhCAQ==
> > dnsRecord:: BAABAAXwAABa3QYAAAACWAAAAAC0aDYAwKhYAQ==
> > distinguishedName:
> > DC=DomainDnsZones,DC=example.local,CN=MicrosoftDNS,CN=Sy
> >  stem,DC=example,DC=local
> >
> >
> > So my question is shouldn't I get a different error or some other indication that samba doesn't
> > handle the schema? As a followup, should samba handle the schema? The client can talk to the SBS server just fine.
> >
> > Thanks,
> > Greg
>
> Hi Greg,
>
> The older versions of window server (2003 and older) created the DNS
> containers under CN=System in the domain partition, whereas the newer
> windows server (2008+) creates separate application partitions for
> DNS. DNS RPC server uses DNS partitions to store the DNS zone
> information. But for querying purposes, dlz_bind9 module and internal
> DNS server both can read records from CN=System in domain partition.
> DNS RPC server can be easily modified to support CN=System for DNS
> information. Patches are welcome! ;-)
>
> Amitay.

--
Greg Dickie
just a guy
514-983-5400

Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Querying DNS info samba4

pancyber
This post has NOT been accepted by the mailing list yet.
I know this is an old post, but as I have faced the very same problem in April 2017 - I want to pay a small contribution to this post that helped me very much.

Runing samba 4.6.2 compiled from source, on Ubuntu 16.04, I was able to overcome this problem by simply adding a dummy "_msdcs.mydomain.com" record in the ForestDnsZones partition, using the ADExplorer from sysinternals.

After that, samba-tool was able to check / update /add records as supposed - furthermore, RSAT DNS applet started working.

Thank you SAMBA
Loading...