samba4 from BDC to PDC

Gémes Géza geza at kzsdabas.hu
Thu Oct 20 06:53:01 MDT 2011 

2011-10-20 13:43 keltezéssel, Gémes Géza írta:
> 2011-10-20 09:22 keltezéssel, Daniele Dario írta:
>> Hi all,
>> in my simple network I have:
>> - MS SBS2003 server which is PDC and master DNS (allow zone transfer to
>> other DNSs of the zone)
>> - Ubuntu 10.04 32b server VM on XEN server with samba Version
>> 4.0.0alpha17-GIT-ccaab14 joined to the AD domain as DC plus dhcpd
>> configured for ddns updates (currently to the SBS DNS) plus BIND
>> 9.8.0-P4 configured as slave DNS for the local domain zones
>> - Ubuntu 10.04 32b server with samba Version 3.4.7 joined to the AD
>> domain which acts as file server (for the network shares)
>>
>> My goal is to remove the SBS server so as first step I'll disable zone
>> transfer from the MS DNS and change the zones in BIND to master to check
>> if samba4 DDNS and ISC DHCPD DDNS still works but as per the samba4
>> how-to I need to add the tkey-gssapi-keytab
>> "/usr/local/samba/private/dns.keytab"; statement in named.conf.
>>
>> If I run provision on samba4 (for a new domain) at the end of the
>> provision the dns.keytab file is created in the samba/private directory.
>> Running the domain join command instead of the provision the dns.keytab
>> file is not created so how am I supposed to proceed?
>>
>> Thanks in advance,
>> Daniele.
>>
>>
>>
Sorry, some typos corrected bellow:
> Hi,
>
> IMHO you should check if you have
> /usr/local/samba/modules/bind9/dlz_bind9.so, if not check if you can
> find libdlz_bind9.so in the source (where you have compiled samba4), if
> there is one copy it to the right place. Then edit (being on Ubuntu I
> suppose the standard Ubuntu path) /etc/bind/named.conf.local and add the
> following:
> dlz "AD DNS Zone" {
>     database "dlopen /usr/local/samba/modules/bind9/dlz_bind9.so";
> };
With samba-tool user add (or the windows tools) create a
dns-YOURLINUXHOSTNAMEWITHOUTYOURDOMAINPART
> account with password never expiring
> with samba-tool spn add (or ktpass on windows) associate the principal
> names "DNS/your-ubuntu-server.your.domain" and "DNS/your.domain"
> with samba-tool domain exportkeytab dump the keys to a keytab (with
> ktutil -k keytab list you can verify the keys in it if there is any
> unneeded you can also delete them).
> Set up the tkey-gssapi-keytab option.
> Comment out the slave zones in bind.
> After a bind restart it should be able to read the rr-s directly from
> samba4's ad.
>
> Good luck!
>
> Cheers
>
> Geza

More information about the samba-technical mailing list