samba4 from BDC to PDC

Amitay Isaacs amitay at gmail.com
Sun Oct 23 23:16:59 MDT 2011 

On Sat, Oct 22, 2011 at 4:53 PM, Gémes Géza <geza at kzsdabas.hu> wrote:

> 2011-10-21 22:47 keltezéssel, Matthieu Patou írta:
> > On 21/10/2011 19:15, Gémes Géza wrote:
> >> 2011-10-21 13:49 keltezéssel, Matthieu Patou írta:
> >>> On 21/10/2011 12:02, Daniele Dario wrote:
> >>>> On Thu, 2011-10-20 at 19:01 +0200, Matthieu Patou wrote:
> >>>>> On 20/10/2011 16:53, Daniele Dario wrote:
> >>>>>
> >>>>>> Hi Geza,
> >>>>>> looking in my ubuntu I found that I have a libdlz_bind9.so
> >>>>>> in /usr/local/samba/lib/samba. Are them the same modules (maybe the
> >>>>>> module has changed location between releases)? If yes should I
> >>>>>> use the
> >>>>>> libdlz_bind9.so in /usr/local/samba/lib/samba/ instead
> >>>>>> of /usr/local/samba/modules/bind9/dlz_bind9.so you told me?
> >>>>> Yest it's ok, this is a bind9 plugin, we might have changed the
> >>>>> location
> >>>>> lately.
> >>>>>> Anyway, just to better understand what I'm doing, what's the
> >>>>>> difference
> >>>>>> between provisioning a new domain which does not include the dlz
> >>>>>> statement in the bind configuration and my case (removing the sbs dc
> >>>>>> after a domain join)?
> >>>>> So by default the provision use the file backend for bind, whereas
> >>>>> the
> >>>>> dlz_bind9  use a custom bind plugin so that bind can read directly
> >>>>> DNS
> >>>>> records in the AD database, maybe if you provide
> >>>>> --dns-backend=BIND9_DLZ
> >>>>> (got the information from provision --help) then it will generate
> >>>>> other
> >>>>> instructions (if not it's a bug feel free to fix it).
> >>>>> For the domain join I guess we have to add an option to define the
> >>>>> backend with the current valid backend as all of them can have their
> >>>>> interest depending on the use case.
> >>>>>
> >>>>> In this case the spn for DNS/xxxx should also be generated.
> >>>>>
> >>>> Hi Matthieu,
> >>>> thanks for the info.
> >>>>
> >>>> So if I catch it, if I use dlz_bind9 plugin it is used for the
> >>>> _msdcs.mydom.com zone while the mydom.com zone and the reversed one
> >>>> still remain the same or am I completely wrong?
> >>> No normally the dlz_plugin will also take care of the mydom.com, for
> >>> the reverse one I think it didn't take care of it right now and if it
> >>> does you need to instruct bind to use this plugin for the reverse zone
> >>> too.
> >>>
> >>> Matthieu.
> >>>
> >> Hi,
> >>
> >> According to (both post were at samba-technical at 13th and 17th of this
> >> month)
> >>
> http://article.gmane.org/gmane.network.samba.internals/57168/match=dlz_bind9+searching+writeable+zones
> >>
> >> and
> >>
> http://article.gmane.org/gmane.network.samba.internals/57235/match=dlz_bind9+searching+writeable+zones
> >>
> >> the current git version should take care of the reverse zone as well.
> > Ok I missed this thread, still I'm pretty sure you need to instruct
> > bind to use dlz_bind9 in order for bind to use ldb database for the
> > reverse zone. At least with my understanding of bind plugins.
> >
> > Matthieu.
> >
> I haven't try to load a reverse zone into AD yet, but shouldn't one
> database definition suffice? If not , how could a database declaration
> like:
> dlz "AD DNS Zone" {
>     database "dlopen /usr/local/samba/modules/bind9/dlz_bind9.so";
> };
> be changed to point to a reverse domain?
>
> Cheers
>
> Geza
>

dlz_bind9 will automatically register any reverse zones found in DNS
partitions.
You don't need to add another section for reverse zones. For all the zones
found
in DNS partitions,  dlz_bind9 calls a callback function to register the
zones with
bind9.

Amitay.

More information about the samba-technical mailing list