[Samba] Problems with Internal DNS Samba 4
Marcio Demetrio Bacci
marciobacci at gmail.com
Mon Sep 2 11:41:44 UTC 2019
Hi,
I believe it's all right now. I just changed the file paths.
samba_upgradedns --dns-backend=BIND9_DLZ
Reading domain information
DNS accounts already exist
No zone file /var/lib/samba/bind-dns/dns/EMPRESA.COM.BR.zone
DNS records will be automatically created
DNS partitions already exist
dns-samba4-dc1 account already exists
See /var/lib/samba/bind-dns/named.conf for an example configuration include
file for BIND
and /var/lib/samba/bind-dns/named.txt for further documentation required
for secure DNS updates
Finished upgrading DNS
You have switched to using BIND9_DLZ as your dns backend, but still have
the internal dns starting. Please make sure you add '-dns' to your server
services line in your smb.conf.
root at samba4-dc1:/var/lib/samba#
root at samba4-dc1:/var/lib/samba#
root at samba4-dc1:/var/lib/samba# mcedit /etc/samba/smb.conf
cat /etc/samba/smb.conf
# Global parameters
[global]
netbios name = SAMBA4-DC1
realm = EMPRESA.COM.BR
workgroup = EMPRESA
server role = active directory domain controller
server services = -dns
dns update command = /usr/sbin/samba_dnsupdate --use-samba-tool
ldap server require strong auth = no
[netlogon]
path = /var/lib/samba/sysvol/empresa.com.br/scripts
read only = No
[sysvol]
path = /var/lib/samba/sysvol
read only = No
/etc/init.d/bind9 status
● bind9.service - BIND Domain Name Server
Loaded: loaded (/lib/systemd/system/bind9.service; enabled; vendor
preset: enabled)
Active: active (running) since Mon 2019-09-02 08:28:13 -03; 3s ago
Docs: man:named(8)
Main PID: 13296 (named)
Tasks: 7 (limit: 4720)
CGroup: /system.slice/bind9.service
└─13296 /usr/sbin/named -f -u bind -4
set 02 08:28:13 samba4-dc1 named[13296]: set up managed keys zone for view
_default, file 'managed-keys.bind'
set 02 08:28:13 samba4-dc1 named[13296]: configuring command channel from
'/etc/bind/rndc.key'
set 02 08:28:13 samba4-dc1 named[13296]: command channel listening on
127.0.0.1#953
set 02 08:28:13 samba4-dc1 named[13296]: managed-keys-zone: loaded serial 0
set 02 08:28:13 samba4-dc1 named[13296]: zone 0.in-addr.arpa/IN: loaded
serial 1
set 02 08:28:13 samba4-dc1 named[13296]: zone localhost/IN: loaded serial 2
set 02 08:28:13 samba4-dc1 named[13296]: zone 255.in-addr.arpa/IN: loaded
serial 1
set 02 08:28:13 samba4-dc1 named[13296]: zone 127.in-addr.arpa/IN: loaded
serial 1
set 02 08:28:13 samba4-dc1 named[13296]: all zones loaded
set 02 08:28:13 samba4-dc1 named[13296]: running
root at samba4-dc1:ls -lai /var/lib/samba/private/sam.ldb.d/
total 162292
920703 drwx------ 2 root root 4096 set 2 08:16 .
920705 drwxr-xr-x 7 root root 4096 set 2 08:17 ..
920726 -rw------- 1 root root 40189952 set 2 08:29
CN=CONFIGURATION,DC=EMPRESA,DC=COM,DC=BR.ldb
920725 -rw------- 1 root root 26583040 set 2 08:29
CN=SCHEMA,CN=CONFIGURATION,DC=EMPRESA,DC=COM,DC=BR.ldb
920733 -rw-rw---- 2 root bind 14692352 set 2 08:29
DC=DOMAINDNSZONES,DC=EMPRESA,DC=COM,DC=BR.ldb
920734 -rw-rw---- 2 root bind 4210688 set 2 08:29
DC=FORESTDNSZONES,DC=EMPRESA,DC=COM,DC=BR.ldb
920731 -rw------- 1 root root 79663104 set 2 08:29
DC=EMPRESA,DC=COM,DC=BR.ldb
920708 -rw-rw---- 2 root bind 831488 set 2 08:16 metadata.tdb
root at samba4-dc1:/var/lib/samba# ls -lai
/var/lib/samba/bind-dns/dns/sam.ldb.d/
total 36220
920471 drwxrwx--- 2 root bind 4096 set 2 08:16 .
919793 drwxrwx--- 3 root bind 4096 set 2 08:16 ..
920736 -rw-rw---- 1 root bind 8601600 set 2 08:16
CN=CONFIGURATION,DC=EMPRESA,DC=COM,DC=BR.ldb
920732 -rw-rw---- 1 root bind 7446528 set 2 08:16
CN=SCHEMA,CN=CONFIGURATION,DC=EMPRESA,DC=COM,DC=BR.ldb
920733 -rw-rw---- 2 root bind 14692352 set 2 08:31
DC=DOMAINDNSZONES,DC=EMPRESA,DC=COM,DC=BR.ldb
920734 -rw-rw---- 2 root bind 4210688 set 2 08:31
DC=FORESTDNSZONES,DC=EMPRESA,DC=COM,DC=BR.ldb
920601 -rw-rw---- 1 root bind 1286144 set 2 08:16
DC=EMPRESA,DC=COM,DC=BR.ldb
920708 -rw-rw---- 2 root bind 831488 set 2 08:16 metadata.tdb
Do I do the same procedures on DC2 ?
Regards,
Márcio Bacci
Em seg, 2 de set de 2019 às 08:07, Marcio Demetrio Bacci <
marciobacci at gmail.com> escreveu:
> Hi,
>
> Failed to change DNS:
>
> samba_upgradedns --dns-backend=BIND9_DLZ
> Reading domain information
> DNS accounts already exist
> No zone file /var/lib/samba/bind-dns/dns/EMPRESA.COM.BR.zone
> DNS records will be automatically created
> DNS partitions already exist
> Adding dns-samba4-dc1 account
> Failed to create link /var/lib/samba/private/dns.keytab ->
> /var/lib/samba/bind-d
>
> ns/dns.keytab: No such file or directory
> Failed to chown /var/lib/samba/bind-dns to bind gid 121
> Failed to chown /var/lib/samba/bind-dns/dns.keytab to bind gid 121
> Traceback (most recent call last):
> File "/usr/sbin/samba_upgradedns", line 533, in <module>
> create_dns_dir(logger, paths)
> File "/usr/lib/python3/dist-packages/samba/provision/sambadns.py", line
> 704, i
> n create_dns_dir
> os.mkdir(dns_dir, 0o770)
> FileNotFoundError: [Errno 2] No such file or directory:
> '/var/lib/samba/bind-dns
>
> Regards,
>
> Márcio Bacci
>
> Em seg, 2 de set de 2019 às 07:31, Rowland penny via samba <
> samba at lists.samba.org> escreveu:
>
>> On 02/09/2019 11:11, Marcio Demetrio Bacci wrote:
>> >
>> > Hi,
>> >
>> > >No, you shouldn't have to, have you followed this first:
>> > I followed, but there are instructions in this tutorial to configure
>> > Bind9_DLZ first, as below:
>> >
>> > * Set up and configure the |BIND9_DLZ| back end. For details, see
>> > BIND9_DLZ Back End
>> > <https://wiki.samba.org/index.php/BIND9_DLZ_DNS_Back_End>.
>> >
>> I will have a look and alter it if required.
>> >
>> > > What version of Samba is this ?
>> > Samba 4.10.7
>> >
>> > >Yours will probably be '/var/lib/samba'
>> > No, there aren't in my DC (I have searched with find / -name <file>).
>> If you were running a DC using the internal dns server and haven't
>> upgraded to Bind9 yet, then there will be no Samba Bind9 related files &
>> directories yet, they get created by the dns server upgrade and they
>> will be created in /var/lib/samba/bind-dns
>> >
>> > Will files ( "/usr/local/samba/bind-dns/named.conf" and "dns.keytab"
>> > ) be created after I run the command samba_upgradedns
>> > --dns-backend=BIND9_DLZ ?
>>
>> Yes, but not at that path ;-)
>>
>> Rowland
>>
>>
>>
>> --
>> To unsubscribe from this list go to the following URL and read the
>> instructions: https://lists.samba.org/mailman/options/samba
>>
>
More information about the samba
mailing list