[Samba] Question about domain name with BIND9_DLZ
Rowland Penny
rowlandpenny at googlemail.com
Sat Apr 18 06:31:24 MDT 2015
On 18/04/15 13:03, Daniel Carrasco Marín wrote:
> Thanks for you answer.
>
> My OS are Debian 7u8 as server, and Windows 7 as client.
If you enable wheezy backports, you can install bind9.9.5 and will not
have to compile it yourself.
> I'm doing the test on virtual machines and the dhcp server is a simple
> router. Anyway i'm using a static IP:
> iface eth0 inet static
> address 192.168.1.100
> netmask 255.255.255.0
> network 192.168.1.0
> broadcast 192.168.1.255
> gateway 192.168.1.1
> dns-nameservers 192.168.1.100 8.8.8.8
> dns-search home.red
Yes, but what are the windows clients being given by dhcp ?
>
> and /etc/resolv.conf
> domain HOME
> search HOME
> nameserver 192.168.1.100
> nameserver 8.8.8.8
>
>
And there is one of of your problems (well several actually)
remove the domain line, 'domain' & 'search' are mutually exclusive in
resolv.conf, the last one wins.
Your dns domain name is not 'HOME', that is your windows
workgroup/domain name, replace it with 'home.red'
remove the 'nameserver 8.8.8.8' line, it belongs in
/etc/bind/named.conf.options as a forwarder.
> The bind9 config is not setted, because i did some tests on my work
> with a configured bind9 server and the result was the same, then i've
> not tried to set a better configuration:
> include "/usr/local/samba/private/named.conf";
> include "/etc/bind/rndc.key";
>
> controls {
> inet 127.0.0.1 port 953
> allow { 127.0.0.1; 192.168.1.100; } keys { "rndc-key"; };
> };
>
> options {
> directory "/var/local/cache/bind";
> allow-new-zones yes;
> transfers-in 500;
> empty-zones-enable yes;
> //forwarders { 8.8.8.8; 8.8.4.4; };
> recursion yes;
> //allow-transfer {"none";};
> allow-query { any; };
> allow-recursion { any; };
>
> dnssec-validation auto;
>
> auth-nxdomain no; # conform to RFC1035
> listen-on-v6 { any; };
>
> rate-limit {
> responses-per-second 5;
> #window 5;
> #log-only yes;
> };
> };
>
> zone "." {
> type hint;
> file "/etc/bind/db.root";
> };
>
OK, put the bind9 config files back to what they were.
change /etc/bind/named.conf to match this:
include "/etc/bind/named.conf.options";
include "/etc/bind/named.conf.local";
include "/etc/bind/named.conf.default-zones";
include "/var/lib/samba/private/named.conf";
NOTE: you will probably have to change the last line because you have
compiled samba4 yourself
change /etc/bind/named.conf.options to match this:
options {
directory "/var/cache/bind";
// If there is a firewall between you and nameservers you want
// to talk to, you may need to fix the firewall to allow multiple
// ports to talk. See http://www.kb.cert.org/vuls/id/800113
// If your ISP provided one or more IP addresses for stable
// nameservers, you probably want to use them as forwarders.
// Uncomment the following block, and insert the addresses
replacing
// the all-0's placeholder.
forwarders { 8.8.8.8; 8.8.4.4; };
// 0.0.0.0;
// };
//========================================================================
// If BIND logs error messages about the root key being expired,
// you will need to update your keys. See
https://www.isc.org/bind-keys
//========================================================================
dnssec-validation no;
auth-nxdomain no; # conform to RFC1035
listen-on-v6 { any; };
tkey-gssapi-keytab "/var/lib/samba/private/dns.keytab";
};
Again, you will have to change the 'tkey-gssapi-keytab' line.
The above is taken from my working machine.
> In the client machine i've configured as DNS the Samba server
>
Good
> Greetings!!
>
>
> 2015-04-18 13:25 GMT+02:00 Rowland Penny <rowlandpenny at googlemail.com
> <mailto:rowlandpenny at googlemail.com>>:
>
> On 18/04/15 12:11, Daniel Carrasco Marín wrote:
>
> Hi, first of all i'm sorry for my english.
>
> I'm doing some tests to migrate a Samba3 domain to Samba4 with
> BIND9_DLZ,
> but the Domain name in Windows information is not correct. Is
> not a problem
> because all works as expected, but i wan't to know if i'm
> doing something
> wrong that can cause problems in future.
>
> I've done the tests with this command:
>
> samba-tool domain provision --use-rfc2307 --realm=home.red
> --domain=HOME
> --adminpass="Pass" --server-role=dc --dns-backend=BIND9_DLZ
> If i use the samba internal backend then the Domain Name in
> Windows is
> right (HOME) and machine don't change (machine), but if I use
> the BIND9_DLZ
> backend then the domain name is changed (home.red) and the
> machine name too
> (machine.home.red).
>
> Samba version is 4.2.1 stable compiled from git, and bind is
> the 9.9.7
> compiled from source.
> I've used this options to compile:
> Samba
> ./configure --sysconfdir=/etc/samba --bindir=/usr/bin
> --sbindir=/usr/sbin
> --with-winbind
>
> Bind:
> ./configure --with-gssapi=/usr/include/gssapi --with-openssl=/usr
> --enable-largefile --with-dlopen=yes --sysconfdir=/etc/bind
> --bindir=/usr/bin --sbindir=/usr/sbin --enable-threads
> --enable-rrl
>
> and of course i've included the link to "include
> "/usr/local/samba/private/named.conf";" in BIND9 named.conf,
> and i've
> uncommented the right version in that file.
> The command "smbclient -L localhost -U%" shows the right info.
>
> I'm doing something wrong?.
> Can be problematic on future?.
> Is there any way to fix it?.
>
> Thanks!!
>
>
> What OS ?
>
> Do your windows clients get their ipaddresses via dhcp ?
> and if so, is the dhcp server supplying the domain name ?
>
> How have you set up bind9 ?
>
> Rowland
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
>
>
More information about the samba
mailing list