[Samba] named wont start

Rowland Penny rpenny at samba.org
Wed May 1 15:34:03 UTC 2024 

On Wed, 1 May 2024 08:21:25 -0700
Peter Carlson via samba <samba at lists.samba.org> wrote:

> > I think your problems could be all down to the way that your dns is
> > set up, I do not think the Samba bind_dlz module knows anything
> > about 'views'.
> ugg...ok

I didn't think you would like that fact :-(

> >
> > In an ideal world, the Samba dns server (be it the internal or
> > Bind9) should just be responsible for the AD domain and forward
> > anything unknown to another dns server (which is how dns servers
> > generally work).
> >
> > One of the reasons that people try to use a setup like yours, is
> > that they have a registered dns domain (lets say 'example.com') and
> > then use that domain for AD instead of something like
> > 'ad.example.com'. This is definitely not a good idea and isn't best
> > practice.
> >
> > If your AD is using something like 'ad.example.com' and your
> > registered dns domain is 'example.com', then I suggest you setup a
> > dns server on a non domain machine to work with your 'view' and
> > forward everything for 'ad.example.com' to a DC.
> >
> > If your external and AD dns domains are both the same, then you
> > either put up with the problems you are having or you rebuild your
> > AD using a supported dns domain.
> >
> > As I said, it works for myself using the Debian Bookworm Bind9
> > package and Samba 4.19.5 from BookWorm-backports (which from my
> > understanding is built exactly like the 4.20.0 mjt package),
> > however, I do not use a 'view'
> >
> > Rowland
> >
> This is an inherited scenario and some changes would be hard to do at 
> the moment.  Good news is that the public domain and internal domain
> are different.  Bad news is that it was set up as <company>.com and 
> <company>.local...sigh...but that can't be changed at the moment.

Well at least they are different, just turn off Avahi everywhere and
ban MAC machines from your AD domain.

> 
> The current configuration, and imo is something strong to be
> considered, is a unified network controller...network boss, small
> business server, whatever you want to call it that is responsible for
> dhcp, dns and AD. A small business sometimes needs some of the
> capabilities of a larger network but cant afford multiple servers.
> No one should have to put up with crashing or hanging services.

That idea is a bit old now, using VMs is what would be used now.

> 
> Good news is that I can easily spin up another server (thanks to
> running everything on proxmox) to split out AD from the rest of the
> network controller.  If I have no other choice I will do that.

See my comment above.

> 
> However another point of reference is that I can launch both named
> and smbd without it immediately crashing using versions:
> 
>     administrator at nc1:~$ smbd --version
>     Version 4.20.0-Ubuntu
>     administrator at nc1:~$ named -version
>     BIND 9.18.18-0ubuntu0.22.04.2-Ubuntu (Extended Support Version)
> <id:>
> 
> However that combination creates an occasional 100% utilization hung 
> named process

I thought we were discussing using Bind9 with a Samba AD DC, if so, you
shouldn't be starting the 'smbd' daemon manually, the 'samba' daemon
should be doing it for you.

Rowland

More information about the samba mailing list