samba4 domain problem

Keresztes Péter-Zoltán zozo at z0z0.tk
Sat Apr 20 13:53:00 MDT 2013 

Hi,

As far as I understand if I use as a dns-backend SAMBA_INTERNAL or I don't mention about it it will use samba4's internal DNS server. If I run everything else like BIND9_DLZ or BIND9_FLATFILE option I need to use a bind on the same server as the samba4 dc would be running. For the moment I think the samba's internal stuff would be much simpler since for the moment I want to get used to it and it would not have any extra configuration files. 
Good taking in consideration that I am using google's public dns as a dns server what IP should I put in dns forwarders?

if I start my samba with -i -M single -d2 option I get the following:

# samba -i -M single -d2
lpcfg_load: refreshing parameters from /etc/samba/smb.conf
samba version 4.0.5 started.
Copyright Andrew Tridgell and the Samba Team 1992-2012
samba: using 'single' process model
dreplsrv_partition[CN=Configuration,DC=demo,DC=local] loaded
dreplsrv_partition[CN=Schema,CN=Configuration,DC=demo,DC=local] loaded
dreplsrv_partition[DC=demo,DC=local] loaded
dreplsrv_partition[DC=DomainDnsZones,DC=demo,DC=local] loaded
dreplsrv_partition[DC=ForestDnsZones,DC=demo,DC=local] loaded
kccsrv_partition[DC=demo,DC=local] loaded
kccsrv_partition[CN=Configuration,DC=demo,DC=local] loaded
kccsrv_partition[CN=Schema,CN=Configuration,DC=demo,DC=local] loaded
kccsrv_partition[DC=DomainDnsZones,DC=demo,DC=local] loaded
kccsrv_partition[DC=ForestDnsZones,DC=demo,DC=local] loaded
Loading new DNS update grant rules
/usr/sbin/smbd: smbd version 4.0.5 started.
/usr/sbin/smbd: Copyright Andrew Tridgell and the Samba Team 1992-2012
/usr/sbin/smbd: standard input is not a socket, assuming -D option
/usr/sbin/smbd: Unable to connect to CUPS server localhost:631 - Connection refused
/usr/sbin/smbd: failed to retrieve printer list: NT_STATUS_UNSUCCESSFUL
/usr/sbin/samba_dnsupdate: Traceback (most recent call last):
/usr/sbin/samba_dnsupdate:   File "/usr/sbin/samba_dnsupdate", line 506, in <module>
/usr/sbin/samba_dnsupdate:     get_credentials(lp)
/usr/sbin/samba_dnsupdate:   File "/usr/sbin/samba_dnsupdate", line 119, in get_credentials
/usr/sbin/samba_dnsupdate:     creds.get_named_ccache(lp, ccachename)
/usr/sbin/samba_dnsupdate: RuntimeError: kinit for DEM$@DEMO.LOCAL failed (Cannot contact any KDC for requested realm)
/usr/sbin/samba_dnsupdate: 
../source4/dsdb/dns/dns_update.c:294: Failed DNS update - NT_STATUS_ACCESS_DENIED

my smb.conf look like this: 
global]
	workgroup = DEMO
	realm = demo.local
	server role = active directory domain controller
	passdb backend = samba_dsdb
	dns forwarder = 10.0.0.1
	rpc_server:tcpip = no
	rpc_daemon:spoolssd = embedded
	rpc_server:spoolss = embedded
	rpc_server:winreg = embedded
	rpc_server:ntsvcs = embedded
	rpc_server:eventlog = embedded
	rpc_server:srvsvc = embedded
	rpc_server:svcctl = embedded
	rpc_server:default = external
	idmap config * : backend = tdb
	map archive = No
	map readonly = no
	store dos attributes = Yes
	vfs objects = dfs_samba4, acl_xattr

[netlogon]
	path = /var/lib/samba/sysvol/demo.local/scripts
	read only = No

[sysvol]
	path = /var/lib/samba/sysvol
	read only = No

thanks for you help.

Peter




On 2013.04.20., at 17:23, Rowland Penny <repenny at f2s.com> wrote:

> On 20/04/13 14:57, Ricky Nance wrote:
>> 
>> Rowland, according to his info that file does exist. That being said, Keresztes, you should only run one DNS server, there is much more configuration involved if you try to run 2 on the same machine, and to be honest I am not even 100% sure its possible to do so. For right now you need to decide if you want to run named or internal DNS, after you decide that, we can help more.
>> 
>> Keep us posted,
>> Ricky
>> 
>> On Apr 20, 2013 4:22 AM, "Rowland Penny" <repenny at f2s.com <mailto:repenny at f2s.com>> wrote:
>> 
>>    On 20/04/13 09:55, Keresztes Péter-Zoltán wrote:
>> 
>>        I am using an internal dns server. In fact the dns server is
>>        running on the same machine as the samba4. That is why it was
>>        provisioned like this. I have tried also with BIND9_DLZ and I
>>        haven't went farther then this.
>> 
>> 
>>        On 2013.04.20., at 11:49, Rowland Penny <repenny at f2s.com
>>        <mailto:repenny at f2s.com>> wrote:
>> 
>>            On 20/04/13 09:28, Keresztes Péter-Zoltán wrote:
>> 
>>                Hi,
>>                when I have provisioned it I did not mentioned
>>                anything about dns, I have used this command line:
>>                samba-tool domain provision --realm=demo.local
>>                --domain=DEMO --adminpass=P at ssw0rd --server-role=dc
>>                --host-ip=10.0.0.102
>>                I have took the command line from the first tutorial
>>                video (the one with the adding windows 7 to a domain)
>> 
>>                Peter
>>                On 2013.04.20., at 11:24, Rowland Penny
>>                <repenny at f2s.com <mailto:repenny at f2s.com>> wrote:
>> 
>>                    On 20/04/13 08:45, Keresztes Péter-Zoltán wrote:
>> 
>>                        ls -alh /var/lib/samba/private/named.conf.update
>> 
>>                    Hi, I hope you don't mind me jumping in here
>>                    whilst waiting for Ricky, but just how did you
>>                    provision Samba 4 because I am sure you only get
>>                    the line 'dns forwarder = 10.0.0.102' with the
>>                    internal dns server.
>> 
>>                    Rowland
>> 
>> 
>> 
>>                    --                     This message has been scanned for viruses and
>>                    dangerous content by MailScanner, and is
>>                    believed to be clean.
>> 
>> 
>>            OK, I suggest that you go back to
>>            https://wiki.samba.org/index.php/Samba4/HOWTO ( I presume
>>            that is where you started) and read the rest of that page,
>>            you have provisioned to use the internal dns server.
>> 
>>            Rowland
>> 
>>            --             This message has been scanned for viruses and
>>            dangerous content by MailScanner, and is
>>            believed to be clean.
>> 
>> 
>> 
>>    Then why are you trying to start named? it will try to run on port
>>    53, the same port that the internal samba 4 dns server runs on.
>>    Also the reason why you are getting denied permission to
>>    '/var/lib/samba/private/named.conf.update' is because it probably
>>    doesn't exist.
>> 
>>    Rowland
>> 
>> 
>>    --     This message has been scanned for viruses and
>>    dangerous content by MailScanner, and is
>>    believed to be clean.
>> 
>> 
>> -- 
>> This message has been scanned for viruses and
>> dangerous content by *MailScanner* <http://www.mailscanner.info/>, and is
>> believed to be clean. 
> 
> Hi Ricky, yes you are right, he does have the file in question, my mistake, should have read & understand the posts fully, but having said that my conclusion was correct, he was trying to run bind with the internal dns and this will never work. The OP has now posted that he accepts this and has now provisioned to use bind instead of the internal dns server and as you say if he requires help,  we are all here to help him.
> 
> Just one further thing, can you please try to stop top posting, it breaks the flow of the thread.
> 
> Rowland
> 
> -- 
> This message has been scanned for viruses and
> dangerous content by MailScanner, and is
> believed to be clean.
>

More information about the samba-technical mailing list