samba4 from BDC to PDC

Gémes Géza geza at kzsdabas.hu
Fri Oct 21 23:53:37 MDT 2011 

2011-10-21 22:47 keltezéssel, Matthieu Patou írta:
> On 21/10/2011 19:15, Gémes Géza wrote:
>> 2011-10-21 13:49 keltezéssel, Matthieu Patou írta:
>>> On 21/10/2011 12:02, Daniele Dario wrote:
>>>> On Thu, 2011-10-20 at 19:01 +0200, Matthieu Patou wrote:
>>>>> On 20/10/2011 16:53, Daniele Dario wrote:
>>>>>
>>>>>> Hi Geza,
>>>>>> looking in my ubuntu I found that I have a libdlz_bind9.so
>>>>>> in /usr/local/samba/lib/samba. Are them the same modules (maybe the
>>>>>> module has changed location between releases)? If yes should I
>>>>>> use the
>>>>>> libdlz_bind9.so in /usr/local/samba/lib/samba/ instead
>>>>>> of /usr/local/samba/modules/bind9/dlz_bind9.so you told me?
>>>>> Yest it's ok, this is a bind9 plugin, we might have changed the
>>>>> location
>>>>> lately.
>>>>>> Anyway, just to better understand what I'm doing, what's the
>>>>>> difference
>>>>>> between provisioning a new domain which does not include the dlz
>>>>>> statement in the bind configuration and my case (removing the sbs dc
>>>>>> after a domain join)?
>>>>> So by default the provision use the file backend for bind, whereas
>>>>> the
>>>>> dlz_bind9  use a custom bind plugin so that bind can read directly
>>>>> DNS
>>>>> records in the AD database, maybe if you provide
>>>>> --dns-backend=BIND9_DLZ
>>>>> (got the information from provision --help) then it will generate
>>>>> other
>>>>> instructions (if not it's a bug feel free to fix it).
>>>>> For the domain join I guess we have to add an option to define the
>>>>> backend with the current valid backend as all of them can have their
>>>>> interest depending on the use case.
>>>>>
>>>>> In this case the spn for DNS/xxxx should also be generated.
>>>>>
>>>> Hi Matthieu,
>>>> thanks for the info.
>>>>
>>>> So if I catch it, if I use dlz_bind9 plugin it is used for the
>>>> _msdcs.mydom.com zone while the mydom.com zone and the reversed one
>>>> still remain the same or am I completely wrong?
>>> No normally the dlz_plugin will also take care of the mydom.com, for
>>> the reverse one I think it didn't take care of it right now and if it
>>> does you need to instruct bind to use this plugin for the reverse zone
>>> too.
>>>
>>> Matthieu.
>>>
>> Hi,
>>
>> According to (both post were at samba-technical at 13th and 17th of this
>> month)
>> http://article.gmane.org/gmane.network.samba.internals/57168/match=dlz_bind9+searching+writeable+zones
>>
>> and
>> http://article.gmane.org/gmane.network.samba.internals/57235/match=dlz_bind9+searching+writeable+zones
>>
>> the current git version should take care of the reverse zone as well.
> Ok I missed this thread, still I'm pretty sure you need to instruct
> bind to use dlz_bind9 in order for bind to use ldb database for the
> reverse zone. At least with my understanding of bind plugins.
>
> Matthieu.
>
I haven't try to load a reverse zone into AD yet, but shouldn't one
database definition suffice? If not , how could a database declaration like:
dlz "AD DNS Zone" {
     database "dlopen /usr/local/samba/modules/bind9/dlz_bind9.so";
};
be changed to point to a reverse domain?

Cheers

Geza

More information about the samba-technical mailing list