Tuesday, January 14, 2014

Utilities: addns and adsmb

addns


This utility is allows the register and update of the system DNS resource record either automatically or manually.  It is very handy especially for UNIX administrators that may not have access to the DNS management snap-in.  addns uses secure DNS dynamic updates.

For example, to update my computer (ubu1), in the corp.contoso.com using jessie's account:

$ ifconfig eth0
eth0      Link encap:Ethernet  HWaddr 00:0c:29:1f:2c:0a
          inet addr:10.0.0.154  

$ addns -U -u jmatthews  -d corp.contoso.com -n ubu1 -i 10.0.0.154
jmatthews@CORP.CONTOSO.COM's password:
Updating host records for ubu1.corp.contoso.com on 10.0.0.1.
Updated host records ubu1.corp.contoso.com.
Updating reverse lookup records for ubu1.corp.contoso.com on 10.0.0.1.
Updated reverse lookup record  154.0.0.10.in-addr.arpa.

In DNS Manager, I can see my updated record


addns Usage


    addns -U [-u <user> -p <pwd>] [-d <dom>] [-s <svr>] [-n <host>] [(-i <ip>)+]
Or:
    addns -D [-u <user> -p <pwd>] [-d <dom>] [-s <svr>] [-n <host>]
Or:
    addns -A [-u <user> -p <pwd>] [-d <dom>] [-s <svr>] [-n <host>] [(-i <ip>)+]
Or:
    addns -L [-d <dom>] [-s <svr>] [-n <host>] [(-i <ip>)+]
With:
  -U, --update        create or update host's DNS records
  -D, --delete        delete host's DNS records
  -A, --add           just add host's DNS records
  -L, --list          lists DNS record details
  -N, --nocreds       no credential is to be supplied or prompted for (only works when the DNS server is configured for non-secured updates)
  -m, --machine       Use machine credentials (must be root)
  -u, --user          AD user name
  -p, --password      pwd password string, prompts if absent
  -s, --server        svr DNS server to contact. Legal formats include: host<@REALM>, host.domain.com<@REALM>
  -d, --domain        dmn DNS domain name
  -n, --name          hst Host Name
  -i, --ipaddr        ipa IP address
  -f, --force         force update DNS records even if they have not changed
  -r, --refresh       updates unchanged records to refresh TTL
  -t, --ttl           val specify a time to live value in seconds
  -v, --version       print version information and exit
  -V, --verbose       print debug information for each operation
  -h, --help          print this help information and exit
Examples:
    addns -U
    addns -D
    addns -U -d acme.com -s dnssvr@ACME_REALM.COM -n myhost -i 192.168.1.155
    addns -L


adsmb


This is a very cool tool that allows to access windows shares via the command line.  It allows to copy, read and even print!! files from the command line interface to windows shares.  adsmb can use the current machine credentials and even a kerberos keytab to authenticate (great for scripts!)

Folder listing example:  To list the files in the files folder in APP1  (\\APP1\files)

$ adsmb dir -h app1.corp.contoso.com -s files
  10 Sat Dec 14 14:39:38 2013, Wed Dec 18 06:27:39 2013,  Wed Dec 18 06:27:39 2013,  Wed Dec 18 06:27:39 2013,               0 .
  10 Sat Dec 14 14:39:38 2013, Wed Dec 18 06:27:39 2013,  Wed Dec 18 06:27:39 2013,  Wed Dec 18 06:27:39 2013,               0 ..
  10 Sun Dec 15 19:30:14 2013, Sun Dec 15 19:32:08 2013,  Sun Dec 15 19:32:08 2013,  Sun Dec 15 19:32:08 2013,               0 Centrify-Suite-2013.3-mgmt-ent-win64
  20 Wed Dec 18 06:27:39 2013, Wed Dec 18 06:26:06 2013,  Tue Jan 14 18:06:55 2014,  Wed Dec 18 06:27:39 2013,        39118052 centrify-suite-2013.3-rhel3-x86_64.tgz
  20 Wed Dec 18 06:27:39 2013, Wed Dec 18 06:26:22 2013,  Tue Jan 14 18:06:55 2014,  Wed Dec 18 06:27:39 2013,        30561472 centrify-suite-2013.3-sol9-x86.tgz
  20 Wed Dec 18 06:27:39 2013, Wed Dec 18 06:26:38 2013,  Tue Jan 14 18:06:55 2014,  Wed Dec 18 06:27:39 2013,        31055871 centrify-suite-2013.3-suse9-x86_64.tgz
  20 Sat Dec 14 14:40:51 2013, Sat Dec 14 14:40:51 2013,  Tue Jan 14 18:06:55 2014,  Sat Dec 14 14:40:51 2013,              21 example.txt

File get example: to copy example.txt to the Files shared folder in APP1

$ adsmb get -h app1.corp.contoso.com -s files -r example.txt -l example.txt
$ ls -l
total 4
-rw------- 1 jmatthews jmatthews 21 Dec 14 14:40 example.txt
-rw-rw-r-- 1 jmatthews jmatthews  0 Jan 14 17:59 myfile.txt
$ cat example.txt
This is a shared file
jmatthews@ubu1:~$


adsmb Usage


Usage: adsmb <action> [-c credentials] [-d domain] [-h host] -s share [-r file] [-l file ] [-n pattern] [-CmTV]
        action = get, getnew, getmod, put, putnew, print, dir, mkdir, rename, rmdir, delete
        -c credentials = credentials to use
        -h host   = host to connect to. If not given it is the 'best' domain controller
        -d domain = domain to connect to. If not given it is using current joined domain or the domain part from the host
        -s share  = share name
        -r file   = the remote file or remote directory to dir
        -n pattern= pattern to list when listing directory, default is *
        -l file   = the local file
        -C = convert CRLF to LF
        -m = use machine credentials. Requires access to krb5.keytab, typically root
        -T = Machine-readable timestamps
        -V = print debug message
Examples:
        adsmb get -h myserver -s test -r files\\my.txt -l foo.txt
        adsmb dir -s sysvol -mT
        adsmb dir -s homedrive -mT -r krusty\library -n *
        adsmb print -h myserver -s sharedPrinterName -l <-|foo.txt>

2 comments:

  1. Can addns be used to update/create TXT records, or only A-Records and C-Names? If so, can authentication be configured to use a machine kerberos ticket instead of supplying a username and password?

    ReplyDelete
  2. JBender,

    addns is designed to update host records in forward-lookup zones (A records) and reverse-lookup zones (PTR records).

    It can use the machine credential to update the record using the -m (or --machine) option, however for it to work:
    a) you must elevate with sudo (or dzdo) or be root
    b) the security properties of the forward (or reverse) lookup zone have to allow the target computer (or computers or AD group containing the computer) to update the records. This can be viewed in the security tab of the Windows DNS Management if using AD-integrated DNS or in the properties of the RFC 2136 compliant DNS server.

    I hope this helps
    R.P

    ReplyDelete