Hi, If you want to delete the TXT record my suggestion would be to use nsupdate. This tool is part of BIND. My advice would be to avoid samba-tool, or at least the dns part of it. When I tried to use it I just got errors. I think it's still rather experimental. But nsupdate works.
One catch. DNS update requests to AD must be kerberos authenticated. This means you need the krb5 tool kinit. I use CentOS, and this is part of the krb5-workstation package. I don't know what you are using so I can't advise there. Run kinit and authenticate as the domain administrator: # kinit Administrator Response: Password for Administrator at MYDOMAIN.LOCAL: mypassword Then launch nsupdate: # nsupdate -g To delete the TXT record: update delete mydomain.local TXT send If you still have problems you could use nsupdate to update all the main zone entry records for the AD domain. To update a record just enter it again with the new values. Therefore: update add mydomain.local 3600 SOA server.mydomain.local hostmaster.mydomain.local serial-no 900 600 86400 3600 update add mydomain.local 3600 NS server.mydomain.local update add mydomain.local 3600 A 192.168.0.1 update add server.mydomain.local 3600 A 192.168.0.1 send These are the records created by Samba when provisioning the domain. Obviously adjust values to suit your hostname and IP address and increment the serial. You can use dig to report everything you currently have: # dig -t ANY mydomain.local For the record, I have a TXT record in my AD domain and it doesn't cause a problem. I can't recall whether I added it with nsupdate or the Windows DNS Manager, but I think it was the latter. Good luck. Regards, Stephen Jones Lloyd Systems Engineering On Thu, Nov 29, 2012, at 10:59 AM, Johannes Schmid wrote: > On 11/27/2012 08:32 PM, Matthieu Patou wrote: > >On 11/27/2012 02:56 PM, Johannes Schmid wrote: > >> > >> # samba-tool dns query sambapdc.mydomain.local mydomain.local @ ALL > >> > >> ERROR(runtime): uncaught exception - (1383, 'WERR_INTERNAL_DB_ERROR') > >> File "/usr/lib/python2.7/dist-packages/samba/netcmd/__init__.py", > >> line 162, in _run > >> return self.run(*args, **kwargs) > >> File "/usr/lib/python2.7/dist-packages/samba/netcmd/dns.py", line > >> 925, in run > > > > Can you restart samba ? > > Also can you rerun this command with -d 10 and post the log on the > > list ? > > Restarting samba did not help (I already tried that multiple times). > > But thanks for the hint. I should have tried that myself! Anyway, I > found what the problem is. Basically the problem cannot be seen in the > samba-tool dns query debug output, but it can be seen on the samba > *server* debug output. It look like the problem is an invalid record in > the DNS zone: > > [2012/11/29 00:30:46, 2] > ../source4/rpc_server/dnsserver/dnsdb.c:136(dnsserver_db_enumerate_zones) > dnsserver: Found DNS zone . > [2012/11/29 00:30:46, 2] > ../source4/rpc_server/dnsserver/dnsdb.c:136(dnsserver_db_enumerate_zones) > dnsserver: Found DNS zone mydomain.local > [2012/11/29 00:30:46, 2] > ../source4/rpc_server/dnsserver/dnsdb.c:136(dnsserver_db_enumerate_zones) > dnsserver: Found DNS zone 122.168.192.in-addr.arpa > [2012/11/29 00:30:46, 2] > ../source4/rpc_server/dnsserver/dnsdb.c:136(dnsserver_db_enumerate_zones) > dnsserver: Found DNS zone _msdcs.mydomain.local > [2012/11/29 00:30:46, 1] ../librpc/ndr/ndr.c:411(ndr_pull_error) > ndr_pull_error(11): Pull bytes 10 (../librpc/ndr/ndr_basic.c:420) > [2012/11/29 00:30:46, 0] > ../source4/rpc_server/dnsserver/dnsdata.c:782(dns_fill_records_array) > dnsserver: Unable to parse dns record > (DC=_kerberos,DC=mydomain.local,CN=MicrosoftDNS,DC=DomainDnsZones,DC=mydomain,DC=local)Terminating > > connection - 'NT_STATUS_CONNECTION_DISCONNECTED' > [2012/11/29 00:30:46, 5] > ../source4/lib/messaging/messaging.c:554(imessaging_cleanup) > imessaging: cleaning up /var/lib/samba/private/smbd.tmp/msg/msg.0:0.43 > [2012/11/29 00:30:46, 3] > ../source4/smbd/process_single.c:104(single_terminate) > single_terminate: reason[NT_STATUS_CONNECTION_DISCONNECTED] > > I now remember that I added the _kerberos.mydomain.local TXT record in > the Windows DNS administration MSC GUI. I now know that it is not > necessary at all and that it shouldn't be there :) > > But I get an error when trying to delete the record: > > # samba-tool dns delete sambapdc.mydomain.local mydomain.local _kerberos > TXT MYDOMAIN.LOCAL > ERROR: Deleting record of type TXT is not supported > > Looks like samba isn't ready for handling TXT records in DNS :-( > Unfortunately, I somehow got my TXT record into the zone and I have no > idea how to remove it again. > > Again, any help is really appreciated! > > > > ----- > > PS: For completeness, here is the requested output: > > # samba-tool dns query sambapdc.mydomain.local mydomain.local @ ALL -d 10 > INFO: Current debug levels: > all: 10 > tdb: 10 > printdrivers: 10 > lanman: 10 > smb: 10 > rpc_parse: 10 > rpc_srv: 10 > rpc_cli: 10 > passdb: 10 > sam: 10 > auth: 10 > winbind: 10 > vfs: 10 > idmap: 10 > quota: 10 > acls: 10 > locking: 10 > msdfs: 10 > dmapi: 10 > registry: 10 > lpcfg_load: refreshing parameters from /etc/samba/smb.conf > params.c:pm_process() - Processing configuration file > "/etc/samba/smb.conf" > Processing section "[global]" > Processing section "[netlogon]" > Processing section "[sysvol]" > pm_process() returned Yes > GENSEC backend 'gssapi_spnego' registered > GENSEC backend 'gssapi_krb5' registered > GENSEC backend 'gssapi_krb5_sasl' registered > GENSEC backend 'schannel' registered > GENSEC backend 'spnego' registered > GENSEC backend 'ntlmssp' registered > GENSEC backend 'krb5' registered > GENSEC backend 'fake_gssapi_krb5' registered > Using binding ncacn_ip_tcp:sambapdc.mydomain.local[,sign] > Mapped to DCERPC endpoint 135 > added interface br0 ip=fe80::ea40:f2ff:fe3e:4e04%br0 > bcast=fe80::ffff:ffff:ffff:ffff%br0 netmask=ffff:ffff:ffff:ffff:: > added interface vnet0 ip=fe80::fc54:ff:fe13:2bb1%vnet0 > bcast=fe80::ffff:ffff:ffff:ffff%vnet0 netmask=ffff:ffff:ffff:ffff:: > added interface br0 ip=192.168.35.30 bcast=192.168.35.255 > netmask=255.255.255.0 > added interface br0 ip=fe80::ea40:f2ff:fe3e:4e04%br0 > bcast=fe80::ffff:ffff:ffff:ffff%br0 netmask=ffff:ffff:ffff:ffff:: > added interface vnet0 ip=fe80::fc54:ff:fe13:2bb1%vnet0 > bcast=fe80::ffff:ffff:ffff:ffff%vnet0 netmask=ffff:ffff:ffff:ffff:: > added interface br0 ip=192.168.35.30 bcast=192.168.35.255 > netmask=255.255.255.0 > rpc request data: > [0000] 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ > ........ > [0010] 00 00 00 00 02 00 00 00 4B 00 00 00 4B 00 00 00 ........ > K...K... > [0020] 05 00 13 00 0D A4 C2 AB 50 4D 57 B3 40 9D 66 EE ........ > [email protected]. > [0030] 4F D5 FB A0 76 05 00 02 00 00 00 13 00 0D 04 5D O...v... > .......] > [0040] 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 60 02 00 ........ > ..+.H`.. > [0050] 02 00 00 00 01 00 0B 02 00 00 00 01 00 07 02 00 ........ > ........ > [0060] 00 00 01 00 09 04 00 00 00 00 00 00 00 00 00 00 ........ > ........ > [0070] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ > ........ > [0080] 01 00 00 00 .... > rpc reply data: > [0000] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ > ........ > [0010] 00 00 00 00 01 00 00 00 01 00 00 00 00 00 00 00 ........ > ........ > [0020] 01 00 00 00 03 00 00 00 4B 00 00 00 4B 00 00 00 ........ > K...K... > [0030] 05 00 13 00 0D A4 C2 AB 50 4D 57 B3 40 9D 66 EE ........ > [email protected]. > [0040] 4F D5 FB A0 76 05 00 02 00 00 00 13 00 0D 04 5D O...v... > .......] > [0050] 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 60 02 00 ........ > ..+.H`.. > [0060] 02 00 00 00 01 00 0B 02 00 00 00 01 00 07 02 00 ........ > ........ > [0070] 04 00 01 00 09 04 00 00 00 00 00 00 00 00 00 00 ........ > ........ > Mapped to DCERPC endpoint 1024 > added interface br0 ip=fe80::ea40:f2ff:fe3e:4e04%br0 > bcast=fe80::ffff:ffff:ffff:ffff%br0 netmask=ffff:ffff:ffff:ffff:: > added interface vnet0 ip=fe80::fc54:ff:fe13:2bb1%vnet0 > bcast=fe80::ffff:ffff:ffff:ffff%vnet0 netmask=ffff:ffff:ffff:ffff:: > added interface br0 ip=192.168.35.30 bcast=192.168.35.255 > netmask=255.255.255.0 > added interface br0 ip=fe80::ea40:f2ff:fe3e:4e04%br0 > bcast=fe80::ffff:ffff:ffff:ffff%br0 netmask=ffff:ffff:ffff:ffff:: > added interface vnet0 ip=fe80::fc54:ff:fe13:2bb1%vnet0 > bcast=fe80::ffff:ffff:ffff:ffff%vnet0 netmask=ffff:ffff:ffff:ffff:: > added interface br0 ip=192.168.35.30 bcast=192.168.35.255 > netmask=255.255.255.0 > Starting GENSEC mechanism spnego > Starting GENSEC submechanism gssapi_krb5 > Ticket in credentials cache for [email protected] will expire > in 35471 secs > Received smb_krb5 packet of length 1286 > ../librpc/rpc/dcerpc_util.c:140: auth_pad_length 0 > gensec_gssapi: credentials were delegated > GSSAPI Connection will be cryptographically signed > ../librpc/rpc/dcerpc_util.c:140: auth_pad_length 0 > [0000] 00 00 07 00 00 00 00 00 00 00 02 00 18 00 00 00 ........ > ........ > [0010] 00 00 00 00 18 00 00 00 73 00 61 00 6D 00 62 00 ........ > s.a.m.b. > [0020] 61 00 70 00 64 00 63 00 2E 00 6D 00 79 00 64 00 a.p.d.c. > ..m.y.d. > [0030] 6F 00 6D 00 61 00 69 00 6E 00 2E 00 6C 00 6F 00 o.m.a.i. > n...l.o. > [0040] 63 00 61 00 6C 00 00 00 04 00 02 00 0F 00 00 00 c.a.l... > ........ > [0050] 00 00 00 00 0F 00 00 00 6D 79 64 6F 6D 61 69 6E ........ > mydomain > [0060] 2E 6C 6F 63 61 6C 00 00 08 00 02 00 02 00 00 00 .local.. > ........ > [0070] 00 00 00 00 02 00 00 00 40 00 00 00 00 00 00 00 ........ > @....... > [0080] FF 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 ........ > ........ > ../librpc/rpc/dcerpc_util.c:140: auth_pad_length 4 > rpc reply data: > [0000] 00 00 00 00 00 00 00 00 67 05 00 00 ........ g... > ERROR(runtime): uncaught exception - (1383, 'WERR_INTERNAL_DB_ERROR') > File "/usr/lib/python2.7/dist-packages/samba/netcmd/__init__.py", > line 162, in _run > return self.run(*args, **kwargs) > File "/usr/lib/python2.7/dist-packages/samba/netcmd/dns.py", line > 925, in run > None) > > > -- > Best regards, > -Johannes. > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba -- Stephen Jones [email protected] -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
