使用 samba-tool 从内部 samba PDC DNS 中删除 DNS A 记录

tag-icon tag-icon domain-name-system active-directory samba
使用 samba-tool 从内部 samba PDC DNS 中删除 DNS A 记录

我想从 samba PDC(samba 4.10)中删除一个接口(eno0s3、10.10.37.166)

我在 smb.conf 中添加了:

    bind interfaces only = yes
    interfaces = lo enp0s8

enp0s8 是 10.21.0.2。这是我现在拥有的:

[root@site-ad ~]# samba-tool dns query localhost site.example.pl @ ALL -U administrator
Password for [example\administrator]:
  Name=, Records=4, Children=0
    SOA: serial=64, refresh=900, retry=600, expire=86400, minttl=3600, ns=site-ad.site.example.pl., email=hostmaster.site.example.pl. (flags=600000f0, serial=64, ttl=3600)
    NS: site-ad.site.example.pl. (flags=600000f0, serial=110, ttl=900)
    A: 10.10.37.166 (flags=600000f0, serial=110, ttl=900)
    A: 10.21.0.2 (flags=600000f0, serial=110, ttl=900)
  Name=_msdcs, Records=0, Children=0
  Name=_sites, Records=0, Children=1
  Name=_tcp, Records=0, Children=4
  Name=_udp, Records=0, Children=2
  Name=DomainDnsZones, Records=0, Children=2
  Name=ForestDnsZones, Records=0, Children=2
  Name=site-ad, Records=2, Children=0
    A: 10.10.37.166 (flags=f0, serial=110, ttl=900)
    A: 10.21.0.2 (flags=f0, serial=110, ttl=900)

尝试过:

samba_dnsupdate --verbose --all-names --current-ip=10.21.0.2

并且效果是只有 10.21.0.2 被添加到 dns_update_cache:

Rebuilding cache at /var/lib/samba/private/dns_update_cache
Adding A site-ad.site.example.pl 10.21.0.2 to dns_update_cache
Adding NS site.example.pl site-ad.site.example.pl to dns_update_cache
Adding NS _msdcs.site.example.pl site-ad.site.example.pl to dns_update_cache
Adding A site.example.pl 10.21.0.2 to dns_update_cache
[lot of SRV records below....]

...但 samba-tool dns 查询仍然返回如上所述的 10.10.37.166 A 记录。

尝试使用 dns delete 并将区域设置为“。”。错误:

[root@site-ad ~]# samba-tool dns delete localhost . site-ad.example.pl A 10.10.37.166 -U administrator
Password for [example\administrator]:
ERROR(runtime): uncaught exception - (1383, 'WERR_INTERNAL_DB_ERROR')
  File "/usr/lib/python3.7/site-packages/samba/netcmd/__init__.py", line 185, in _run
    return self.run(*args, **kwargs)
  File "/usr/lib/python3.7/site-packages/samba/netcmd/dns.py", line 1070, in run
    raise e
  File "/usr/lib/python3.7/site-packages/samba/netcmd/dns.py", line 1066, in run
    del_rec_buf)

还有其他方法可以使用 samba 实用程序删除该记录吗?

答案1

刚刚明白了。区域应该设置为领域:

samba-tool dns delete localhost site.example.pl site-ad.site.example.pl A 10.10.37.166 -U administrator
samba-tool dns delete localhost site.example.pl site.example.pl A 10.10.37.166 -U administrator

答案2

这也可能是由于呼叫用户缺乏组成员身份造成的,可以通过以下方法轻松修复:

samba-tool group addmembers 'Domain Admins' <username from -U>

相关内容