Discussion:
[Samba] Cannot find invalid DNS entry
Tim Dittler
2016-07-27 11:35:40 UTC
Permalink
Hello,

when I run
samba_dnsupdate --verbose --all-names -d10
all: 10
tdb: 10
printdrivers: 10
lanman: 10
smb: 10
rpc_parse: 10
rpc_srv: 10
rpc_cli: 10
passdb: 10
sam: 10
auth: 10
winbind: 10
vfs: 10
idmap: 10
quota: 10
acls: 10
locking: 10
msdfs: 10
dmapi: 10
registry: 10
scavenger: 10
dns: 10
ldb: 10
lpcfg_load: refreshing parameters from /etc/samba/smb.conf
Processing section [retained]
pm_process() returned Yes
added interface brem1 ip=10.10.1.10 bcast=10.10.1.127 netmask=255.255.255.128
added interface lo ip=127.0.0.1 bcast=127.255.255.255 netmask=255.0.0.0
IPs: ['10.10.1.10']
SID[ 0]: S-1-5-18
Privilege[ 0]: SeMachineAccountPrivilege
Privilege[ 1]: SeTakeOwnershipPrivilege
Privilege[ 2]: SeBackupPrivilege
Privilege[ 3]: SeRestorePrivilege
Privilege[ 4]: SeRemoteShutdownPrivilege
Privilege[ 5]: SePrintOperatorPrivilege
Privilege[ 6]: SeAddUsersPrivilege
Privilege[ 7]: SeDiskOperatorPrivilege
Privilege[ 8]: SeSecurityPrivilege
Privilege[ 9]: SeSystemtimePrivilege
Privilege[ 10]: SeShutdownPrivilege
Privilege[ 11]: SeDebugPrivilege
Privilege[ 12]: SeSystemEnvironmentPrivilege
Privilege[ 13]: SeSystemProfilePrivilege
Privilege[ 14]: SeProfileSingleProcessPrivilege
Privilege[ 15]: SeIncreaseBasePriorityPrivilege
Privilege[ 16]: SeLoadDriverPrivilege
Privilege[ 17]: SeCreatePagefilePrivilege
Privilege[ 18]: SeIncreaseQuotaPrivilege
Privilege[ 19]: SeChangeNotifyPrivilege
Privilege[ 20]: SeUndockPrivilege
Privilege[ 21]: SeManageVolumePrivilege
Privilege[ 22]: SeImpersonatePrivilege
Privilege[ 23]: SeCreateGlobalPrivilege
Privilege[ 24]: SeEnableDelegationPrivilege
lpcfg_servicenumber: couldn't find ldb
schema_fsmo_init: we are master[yes] updates allowed[no]
schema_fsmo_init: we are master[yes] updates allowed[no]
File "/usr/sbin/samba_dnsupdate", line 540, in <module>
c = parse_dns_line(line, {})
File "/usr/sbin/samba_dnsupdate", line 179, in parse_dns_line
return dnsobj(subline)
File "/usr/sbin/samba_dnsupdate", line 134, in __init__
raise Exception("Invalid DNS entry %r" % string_form)
Exception: Invalid DNS entry 'TDB file'
However, I'm not able to find "TDB file" in any of the files in
/var/lib/samba/private/sam.ldb.d.

Am I looking in the wrong place? Or how can I delete this DNS entry?

Thank you very much,
Tim
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
mathias dufresne
2016-07-27 12:40:47 UTC
Permalink
Two files are hosting DNS data:
/path/to/private/sam.ldb.d/DC=DOMAINDNSZONES,DC=blabla.ldb and
/path/to/private/sam.ldb.d/DC=FORESTDNSZONES,DC=blabla.ldb

DNS entries are sometimes (often? always?) base64 encoded. You should be
able to "grep" for string these files with:
ldbsearch --show-binary -H
/path/to/private/sam.ldb.d/DC=FORESTDNSZONES,DC=blabla.ldb | grep "what you
want"
Post by Tim Dittler
Hello,
when I run
samba_dnsupdate --verbose --all-names -d10
all: 10
tdb: 10
printdrivers: 10
lanman: 10
smb: 10
rpc_parse: 10
rpc_srv: 10
rpc_cli: 10
passdb: 10
sam: 10
auth: 10
winbind: 10
vfs: 10
idmap: 10
quota: 10
acls: 10
locking: 10
msdfs: 10
dmapi: 10
registry: 10
scavenger: 10
dns: 10
ldb: 10
lpcfg_load: refreshing parameters from /etc/samba/smb.conf
Processing section [retained]
pm_process() returned Yes
added interface brem1 ip=10.10.1.10 bcast=10.10.1.127
netmask=255.255.255.128
added interface lo ip=127.0.0.1 bcast=127.255.255.255 netmask=255.0.0.0
IPs: ['10.10.1.10']
SID[ 0]: S-1-5-18
Privilege[ 0]: SeMachineAccountPrivilege
Privilege[ 1]: SeTakeOwnershipPrivilege
Privilege[ 2]: SeBackupPrivilege
Privilege[ 3]: SeRestorePrivilege
Privilege[ 4]: SeRemoteShutdownPrivilege
Privilege[ 5]: SePrintOperatorPrivilege
Privilege[ 6]: SeAddUsersPrivilege
Privilege[ 7]: SeDiskOperatorPrivilege
Privilege[ 8]: SeSecurityPrivilege
Privilege[ 9]: SeSystemtimePrivilege
Privilege[ 10]: SeShutdownPrivilege
Privilege[ 11]: SeDebugPrivilege
Privilege[ 12]: SeSystemEnvironmentPrivilege
Privilege[ 13]: SeSystemProfilePrivilege
Privilege[ 14]: SeProfileSingleProcessPrivilege
Privilege[ 15]: SeIncreaseBasePriorityPrivilege
Privilege[ 16]: SeLoadDriverPrivilege
Privilege[ 17]: SeCreatePagefilePrivilege
Privilege[ 18]: SeIncreaseQuotaPrivilege
Privilege[ 19]: SeChangeNotifyPrivilege
Privilege[ 20]: SeUndockPrivilege
Privilege[ 21]: SeManageVolumePrivilege
Privilege[ 22]: SeImpersonatePrivilege
Privilege[ 23]: SeCreateGlobalPrivilege
Privilege[ 24]: SeEnableDelegationPrivilege
lpcfg_servicenumber: couldn't find ldb
schema_fsmo_init: we are master[yes] updates allowed[no]
schema_fsmo_init: we are master[yes] updates allowed[no]
File "/usr/sbin/samba_dnsupdate", line 540, in <module>
c = parse_dns_line(line, {})
File "/usr/sbin/samba_dnsupdate", line 179, in parse_dns_line
return dnsobj(subline)
File "/usr/sbin/samba_dnsupdate", line 134, in __init__
raise Exception("Invalid DNS entry %r" % string_form)
Exception: Invalid DNS entry 'TDB file'
However, I'm not able to find "TDB file" in any of the files in
/var/lib/samba/private/sam.ldb.d.
Am I looking in the wrong place? Or how can I delete this DNS entry?
Thank you very much,
Tim
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
mathias dufresne
2016-07-27 14:54:43 UTC
Permalink
What would have better I reckon would have been to explain...

We should not _write_ directly into these files because, as Andrew
explained months ago, the change would not be replicated if applied
directly on these files. To have changes replicated the change MUST be
applied on sam.ldb file which is a wrapper.

Sharing or not sharing, that is the question : )
Post by mathias dufresne
/path/to/private/sam.ldb.d/DC=DOMAINDNSZONES,DC=blabla.ldb and
/path/to/private/sam.ldb.d/DC=FORESTDNSZONES,DC=blabla.ldb
DNS entries are sometimes (often? always?) base64 encoded. You should be
ldbsearch --show-binary -H
/path/to/private/sam.ldb.d/DC=FORESTDNSZONES,DC=blabla.ldb | grep "what you
want"
Hello,
Post by Tim Dittler
when I run
samba_dnsupdate --verbose --all-names -d10
all: 10
tdb: 10
printdrivers: 10
lanman: 10
smb: 10
rpc_parse: 10
rpc_srv: 10
rpc_cli: 10
passdb: 10
sam: 10
auth: 10
winbind: 10
vfs: 10
idmap: 10
quota: 10
acls: 10
locking: 10
msdfs: 10
dmapi: 10
registry: 10
scavenger: 10
dns: 10
ldb: 10
lpcfg_load: refreshing parameters from /etc/samba/smb.conf
Processing section [retained]
pm_process() returned Yes
added interface brem1 ip=10.10.1.10 bcast=10.10.1.127
netmask=255.255.255.128
added interface lo ip=127.0.0.1 bcast=127.255.255.255 netmask=255.0.0.0
IPs: ['10.10.1.10']
SID[ 0]: S-1-5-18
Privilege[ 0]: SeMachineAccountPrivilege
Privilege[ 1]: SeTakeOwnershipPrivilege
Privilege[ 2]: SeBackupPrivilege
Privilege[ 3]: SeRestorePrivilege
Privilege[ 4]: SeRemoteShutdownPrivilege
Privilege[ 5]: SePrintOperatorPrivilege
Privilege[ 6]: SeAddUsersPrivilege
Privilege[ 7]: SeDiskOperatorPrivilege
Privilege[ 8]: SeSecurityPrivilege
Privilege[ 9]: SeSystemtimePrivilege
Privilege[ 10]: SeShutdownPrivilege
Privilege[ 11]: SeDebugPrivilege
Privilege[ 12]: SeSystemEnvironmentPrivilege
Privilege[ 13]: SeSystemProfilePrivilege
Privilege[ 14]: SeProfileSingleProcessPrivilege
Privilege[ 15]: SeIncreaseBasePriorityPrivilege
Privilege[ 16]: SeLoadDriverPrivilege
Privilege[ 17]: SeCreatePagefilePrivilege
Privilege[ 18]: SeIncreaseQuotaPrivilege
Privilege[ 19]: SeChangeNotifyPrivilege
Privilege[ 20]: SeUndockPrivilege
Privilege[ 21]: SeManageVolumePrivilege
Privilege[ 22]: SeImpersonatePrivilege
Privilege[ 23]: SeCreateGlobalPrivilege
Privilege[ 24]: SeEnableDelegationPrivilege
lpcfg_servicenumber: couldn't find ldb
schema_fsmo_init: we are master[yes] updates allowed[no]
schema_fsmo_init: we are master[yes] updates allowed[no]
File "/usr/sbin/samba_dnsupdate", line 540, in <module>
c = parse_dns_line(line, {})
File "/usr/sbin/samba_dnsupdate", line 179, in parse_dns_line
return dnsobj(subline)
File "/usr/sbin/samba_dnsupdate", line 134, in __init__
raise Exception("Invalid DNS entry %r" % string_form)
Exception: Invalid DNS entry 'TDB file'
However, I'm not able to find "TDB file" in any of the files in
/var/lib/samba/private/sam.ldb.d.
Am I looking in the wrong place? Or how can I delete this DNS entry?
Thank you very much,
Tim
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
I wouldn't suggest doing this, unless things have changed, you shouldn't
directly act on the .ldb files stored in sam.ldb.d
ldbsearch --show-binary --cross-ncs -H /path/to/sam.ldb | grep 'whatever'
Rowland
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
Tim Dittler
2016-07-28 13:57:25 UTC
Permalink
So no one has an idea what I can try additionally?

Thanks,
Tim
Post by mathias dufresne
What would have better I reckon would have been to explain...
We should not _write_ directly into these files because, as Andrew
explained months ago, the change would not be replicated if applied
directly on these files. To have changes replicated the change MUST be
applied on sam.ldb file which is a wrapper.
Sharing or not sharing, that is the question : )
Post by mathias dufresne
/path/to/private/sam.ldb.d/DC=DOMAINDNSZONES,DC=blabla.ldb and
/path/to/private/sam.ldb.d/DC=FORESTDNSZONES,DC=blabla.ldb
DNS entries are sometimes (often? always?) base64 encoded. You should be
ldbsearch --show-binary -H
/path/to/private/sam.ldb.d/DC=FORESTDNSZONES,DC=blabla.ldb | grep "what you
want"
Hello,
Post by Tim Dittler
when I run
samba_dnsupdate --verbose --all-names -d10
all: 10
tdb: 10
printdrivers: 10
lanman: 10
smb: 10
rpc_parse: 10
rpc_srv: 10
rpc_cli: 10
passdb: 10
sam: 10
auth: 10
winbind: 10
vfs: 10
idmap: 10
quota: 10
acls: 10
locking: 10
msdfs: 10
dmapi: 10
registry: 10
scavenger: 10
dns: 10
ldb: 10
lpcfg_load: refreshing parameters from /etc/samba/smb.conf
Processing section [retained]
pm_process() returned Yes
added interface brem1 ip=10.10.1.10 bcast=10.10.1.127
netmask=255.255.255.128
added interface lo ip=127.0.0.1 bcast=127.255.255.255 netmask=255.0.0.0
IPs: ['10.10.1.10']
SID[ 0]: S-1-5-18
Privilege[ 0]: SeMachineAccountPrivilege
Privilege[ 1]: SeTakeOwnershipPrivilege
Privilege[ 2]: SeBackupPrivilege
Privilege[ 3]: SeRestorePrivilege
Privilege[ 4]: SeRemoteShutdownPrivilege
Privilege[ 5]: SePrintOperatorPrivilege
Privilege[ 6]: SeAddUsersPrivilege
Privilege[ 7]: SeDiskOperatorPrivilege
Privilege[ 8]: SeSecurityPrivilege
Privilege[ 9]: SeSystemtimePrivilege
Privilege[ 10]: SeShutdownPrivilege
Privilege[ 11]: SeDebugPrivilege
Privilege[ 12]: SeSystemEnvironmentPrivilege
Privilege[ 13]: SeSystemProfilePrivilege
Privilege[ 14]: SeProfileSingleProcessPrivilege
Privilege[ 15]: SeIncreaseBasePriorityPrivilege
Privilege[ 16]: SeLoadDriverPrivilege
Privilege[ 17]: SeCreatePagefilePrivilege
Privilege[ 18]: SeIncreaseQuotaPrivilege
Privilege[ 19]: SeChangeNotifyPrivilege
Privilege[ 20]: SeUndockPrivilege
Privilege[ 21]: SeManageVolumePrivilege
Privilege[ 22]: SeImpersonatePrivilege
Privilege[ 23]: SeCreateGlobalPrivilege
Privilege[ 24]: SeEnableDelegationPrivilege
lpcfg_servicenumber: couldn't find ldb
schema_fsmo_init: we are master[yes] updates allowed[no]
schema_fsmo_init: we are master[yes] updates allowed[no]
File "/usr/sbin/samba_dnsupdate", line 540, in <module>
c = parse_dns_line(line, {})
File "/usr/sbin/samba_dnsupdate", line 179, in parse_dns_line
return dnsobj(subline)
File "/usr/sbin/samba_dnsupdate", line 134, in __init__
raise Exception("Invalid DNS entry %r" % string_form)
Exception: Invalid DNS entry 'TDB file'
However, I'm not able to find "TDB file" in any of the files in
/var/lib/samba/private/sam.ldb.d.
Am I looking in the wrong place? Or how can I delete this DNS entry?
Thank you very much,
Tim
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
I wouldn't suggest doing this, unless things have changed, you shouldn't
directly act on the .ldb files stored in sam.ldb.d
ldbsearch --show-binary --cross-ncs -H /path/to/sam.ldb | grep 'whatever'
Rowland
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
Tim Dittler
2016-07-29 14:01:50 UTC
Permalink
Post by Tim Dittler
So no one has an idea what I can try additionally?
Thanks,
Tim
What OS
# lsb_release -a
No LSB modules are available.
Distributor ID: Ubuntu
Description: Ubuntu 14.04.4 LTS
Release: 14.04
Codename: trusty
What version of Samba
# samba-tool --version
4.2.14-SerNet-Ubuntu-10.trusty
What is in smb.conf
[global]
workgroup = example
realm = NIX1.example.IO
netbios name = DC01NIX1example
# cnames

netbios aliases = srv example

interfaces = brem1 lo
# leave 127.0.1.1 for dnsmasq
# without this option starting dnsmasq on 127.0.1.1 will not work
bind interfaces only = Yes
server role = active directory domain controller

# file access / rights stuff
vfs objects = acl_xattr
map acl inherit = yes
store dos attributes = yes
inherit acls = yes
inherit permissions = yes
acl group control = yes
create mask = 770
directory mask = 770


# dnsmasq
dns forwarder = 127.0.1.1

# lock handling
reset on zero vc = yes

# winbind related stuff
idmap_ldb:use rfc2307 = yes
template homedir = /srv/samba/home/%U

spoolss: architecture = Windows x64
#rpc_server:spoolss = external
#rpc_daemon:spoolssd = fork

allow dns updates = nonsecure

# feeded by shares module
include = /etc/samba/shares.conf

[netlogon]
path = /var/lib/samba/sysvol/nix1.example.io/scripts
read only = No

[sysvol]
path = /var/lib/samba/sysvol
read only = No
What is in /etc/krb5.conf
[libdefaults]
default_realm = NIX1.example.IO
dns_lookup_realm = false
dns_lookup_kdc = true
What is in /etc/hosts
127.0.0.1 localhost
127.0.0.1 dc01nix1example.nix1.example.io dc01nix1example
127.0.1.1 dc01nix1example.nix1.example.io dc01nix1example

# The following lines are desirable for IPv6 capable hosts
# ::1 localhost ip6-localhost ip6-loopback
# ff02::1 ip6-allnodes
# ff02::2 ip6-allrouters
#
What is in /etc/resolv.conf
nameserver 127.0.0.1
nameserver 10.10.1.1
nameserver 8.8.8.8
search nix1.example.io example.io abc0.example.io

Regards,
Tim
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
Data Control Systems - Mike Elkevizth
2016-07-29 16:38:10 UTC
Permalink
I would also stop Network Manager using dnsmasq.
Rowland
I've found the easiest way to do that is to edit the NetworkManager.conf
file:

sudo nano /etc/NetworkManager/NetworkManager.conf

Comment out the dns line of the file:

Change dns=dnsmasq to #dns=dnsmasq

Restart the Network Manager service:

sudo service network-manager restart



Mike E.
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
Tim Dittler
2016-08-03 08:47:10 UTC
Permalink
Dear Roland,

Thank you for your help and sorry for the late reply.

If I understand you correctly, you ask me to drop dnsmasq from the config.
I believe, dnsmasq is necessary for our setup, since it is used to
forward queries about different domains to different DNS servers.
Also, the exact same setup is working fine on similar networks, without
giving the "TDB file" error.

Do you have another idea?

Best regards,
Tim

PS: NetworkManager is not running on the Ubuntu Server system.
Does the DC have a fixed ip and if not, why not.
If it does have a fixed ip, what is it
Once you answer these, I will advise you how to fix your set up
Rowland
OK, this is what I would change on your setup, but I would also make
backups before changing anything.
[global]
workgroup = example
realm = NIX1.example.IO
netbios name = DC01NIX1example
interfaces = brem1 lo
bind interfaces only = Yes
server role = active directory domain controller
idmap_ldb:use rfc2307 = yes
template homedir = /srv/samba/home/%U
dns forwarder = 8.8.8.8
# lock handling
reset on zero vc = yes
spoolss: architecture = Windows x64
#rpc_server:spoolss = external
#rpc_daemon:spoolssd = fork
allow dns updates = nonsecure
# feeded by shares module
include = /etc/samba/shares.conf
[netlogon]
path = /var/lib/samba/sysvol/nix1.example.io/scripts
read only = No
[sysvol]
path = /var/lib/samba/sysvol
read only = No
/etc/hosts
127.0.0.1 localhost
10.10.1.10 dc01nix1example.nix1.example.io dc01nix1example
# The following lines are desirable for IPv6 capable hosts
# ::1 localhost ip6-localhost ip6-loopback
# ff02::1 ip6-allnodes
# ff02::2 ip6-allrouters
/etc/resolv.conf
nameserver 127.0.0.1
search nix1.example.io
I would also stop Network Manager using dnsmasq.
Rowland
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
Continue reading on narkive:
Loading...