Fwd: Error start bind9 samba4 BIND9_DLZ

Taylor, Jonn jonnt at taylortelephone.com
Tue Sep 24 16:46:02 CEST 2013 

On 09/24/2013 09:11 AM, Daniele Dario wrote:
> On Tue, 2013-09-24 at 08:10 -0300, Jacó Ramos wrote:
>> When run :
>>
>>
>> samba-upgradedns --dns-backend=BIND9_DLZ
>> Cannot create AD based DNS for OS Level < 2003
>> and now ?
>>
>> Grato.
>>
>> Jacó Ramos
>> 2013/9/24 Rowland Penny <repenny241155 at gmail.com>
>>          On 24/09/13 11:38, Jacó Ramos wrote:
>>                  Hi Dario,
>>                  
>>                  cp /usr/local/samba/private/sam.ldb /usr/local/samba/private/dns
>>                  cp /usr/local/samba/private/sam.ldb.d /usr/local/samba/private/dns
>>                  
>>                  
>>                  and
>>                  
>>                  chmod 777 /usr/local/samba/private/dns/*
>>                  
>>                  and dns works fine!
>>                  
>>                  Grato.
>>                  Jacó Ramos
>>                  
>>                  
>>          Hi, sorry but you have got it wrong, it needs to be hard
>>          linked, see here:
>>          https://wiki.samba.org/index.php/Samba4/HOWTO/Join_a_domain_as_a_DC
>>          
>>          and here:
>>          https://wiki.samba.org/index.php/Dns-backend_bind#New_added_DNS_entries_are_not_resolvable
>>          
>>          Rowland
>>          
> Hi Jacó,
> could it be that your domain/forest level is < 2003?
>
> try to run
> # samba-tool domain level show
> to see the domain/forest levels.
>
> Did you provision the domain on samba AD DC or did you join it to an
> existing domain?
>
> BTW as Rowland said the private/dns content has to be hard linked and
> not a simple copy. Samba updates it's private/sam.ldb and
> private/sam.ldb.d/* files. Files on private/dns won't be updated that's
> why they have to be links to the original ones.
>
> A side note about permissions: it would be safer to restrict permissions
> to bind/named so as stated in the wiki you can
>
> # chown named:named /usr/local/samba/private/dns
> # chgrp named /usr/local/samba/private/dns.keytab
> # chmod g+r /usr/local/samba/private/dns.keytab
> # chmod 775 /usr/local/samba/private/dns
>
> Daniele.
>
>
If your domain level is 2003 you will not be able to join samba4 with 
bind backend. There is a bug open for this. It duplicates your dns zone 
and bind will not start.

https://bugzilla.samba.org/show_bug.cgi?id=9210

Jonn

More information about the samba-technical mailing list