[Samba] Problems with Samba as an AD and named

Fri Sep 15 15:23:40 UTC 2023

On Fri, 15 Sep 2023 15:07:53 +0000 (UTC)
"compeilermail-openbc at yahoo.de" <compeilermail-openbc at yahoo.de> wrote:

>  Hi Rowland,
> I am administrating Solaris and AIX machines, but from samba and
> active directory server I do not understand much. So perhaps
> something is wrong. This samba DC is just because of my kids, as in
> times of corona each one received its own PC and so we have now with
> the parents ones and the laptops about 8 PCs. And I was tired
> changing passwords on different systems. So I installed the free
> version of zentyal, because I did not want to make all the samba
> configuration from scratch with my little knowledge in samba and
> AD...So - until yesterday all run fine, just a reboot and perhaps the
> updates broke the running system. Now the children want to play, but
> as the Samba is the nameserver they can't connect to the internet
> without reconfiguration. So I have the urge of repairing it, as also
> the mother is on her side... :-( I do not think, that the named Error
> is a real error. Found some indications in the web showing that it is
> a warning and not indicating that it has problems with root, but with
> the -u bind Option it should start as user bind (whó exists and
> works). Nevertheless I will look for this also, thanks.I think the
> problem is the "'_msdcs.compeiler.windows" --- I do not know if he
> needed that before. It's the first time I had this. In the named is
> just the compeiler.windows. But can be that this is part of the AD
> thing... I changed the /etc/hosts as to your advice
> to:127.0.0.1       localhost.localdomain localhost 192.168.178.205
> bombadil.compeiler.windows bombadilbut this  was not made by me. This
> seems the default of the zentyal thing. Nothing changed here before
> The resolv.conf was changed by me and I did not notice to change it
> back before I sent my questions. As DNS not worked I have put the
> real DNS server of my network (which is configured as forwarder in
> the DC machine). So I could do package updates etc.zentyal rewrites
> that file every reboot - so my changes are not permanent. It is
> normally "nameserver 127.0.1.1"
> 
> Also did not actively configure the /etc/krb5.conf. So if you advise
> to do also reverse lookups I will put them to yes. But first it seems
> necessary to me that it is possible to start named again... what do
> you think? The same with 'server role check: inhibit = yes' -- seems
> also to be done by the zentyal application. Can change it if you
> think that would be better. Hope only that the zentyal thing is not
> overwritting it next reboot. I do not need nmbd and dont think I want
> it to be started. My suspicion is now:You said various times that the
> DNS I have should be in AD. Could it be, that they are really in the
> AD. Then I installed something on that Linux that had dependencies on
> named and installed and activated named. Then on next reboot it
> wanted to start named and it did not start well and as I read those
> things about samba_upgradedns and so on and some of this made it
> worse and copied my internal AD zones to named? Is that possible? If
> so just stopping the named would be fine for me. Just do not know
> what to put in the resolv.conf then to ask the AD? Or can I still put
> my firewall which is the real DNS Server in the resolv.conf without
> having problems with AD? Thank you solong... Matthias
> 

I wish you had asked before you setup zentyal, because from the sound
of it, you are running a small home domain and you probably do not need
to run bind9, you would have been okay with the internal Samba dns
server.

Your dns records probably are in AD, but before we go down the path of
checking, are you used to running ldapsearch commands and are you aware
of samba-tool ?

Rowland

PS, please do not 'CC' me, just reply to the list ;-)