Fwd: Error start bind9 samba4 BIND9_DLZ

Jacó Ramos j4c0r4m0s at gmail.com
Tue Sep 24 17:04:16 CEST 2013 

No,

I run for resolves:

samba_updatedns --dns-backend=BIND9_DLZ, but not run .

255 root at samba /usr/local/samba/private/dns # samba_upgradedns
--dns-backend=BIND9_DLZ
Reading domain information
Cannot create AD based DNS for OS level < 2003
1 root at samba /usr/local/samba/private/dns #

Grato.
Jacó Ramos


2013/9/24 Taylor, Jonn <jonnt at taylortelephone.com>

> On 09/24/2013 09:58 AM, Jacó Ramos wrote:
>
>> Bind9 is finding sam.ldb in /usr/local/samba/private/dns but file is in
>> /usr/local/samba/private.
>>
>> Grato.
>> Jacó Ramos
>>
>>
>>
>>
>> 2013/9/24 Taylor, Jonn <jonnt at taylortelephone.com <mailto:
>> jonnt at taylortelephone.**com <jonnt at taylortelephone.com>>>
>>
>>
>>     On 09/24/2013 09:11 AM, Daniele Dario wrote:
>>
>>         On Tue, 2013-09-24 at 08:10 -0300, Jacó Ramos wrote:
>>
>>             When run :
>>
>>
>>             samba-upgradedns --dns-backend=BIND9_DLZ
>>             Cannot create AD based DNS for OS Level < 2003
>>             and now ?
>>
>>             Grato.
>>
>>             Jacó Ramos
>>             2013/9/24 Rowland Penny <repenny241155 at gmail.com
>>             <mailto:repenny241155 at gmail.**com <repenny241155 at gmail.com>>>
>>
>>                      On 24/09/13 11:38, Jacó Ramos wrote:
>>                              Hi Dario,
>>                                               cp
>>             /usr/local/samba/private/sam.**ldb
>> /usr/local/samba/private/dns
>>                              cp /usr/local/samba/private/sam.**ldb.d
>>             /usr/local/samba/private/dns
>>              and
>>                                               chmod 777
>>             /usr/local/samba/private/dns/*
>>                                               and dns works fine!
>>                                               Grato.
>>                              Jacó Ramos
>>                                                        Hi, sorry but
>>             you have got it wrong, it needs to be hard
>>                      linked, see here:
>>             https://wiki.samba.org/index.**php/Samba4/HOWTO/Join_a_**
>> domain_as_a_DC<https://wiki.samba.org/index.php/Samba4/HOWTO/Join_a_domain_as_a_DC>
>>                               and here:
>>             https://wiki.samba.org/index.**php/Dns-backend_bind#New_**
>> added_DNS_entries_are_not_**resolvable<https://wiki.samba.org/index.php/Dns-backend_bind#New_added_DNS_entries_are_not_resolvable>
>>                               Rowland
>>
>>         Hi Jacó,
>>         could it be that your domain/forest level is < 2003?
>>
>>         try to run
>>         # samba-tool domain level show
>>         to see the domain/forest levels.
>>
>>         Did you provision the domain on samba AD DC or did you join it
>>         to an
>>         existing domain?
>>
>>         BTW as Rowland said the private/dns content has to be hard
>>         linked and
>>         not a simple copy. Samba updates it's private/sam.ldb and
>>         private/sam.ldb.d/* files. Files on private/dns won't be
>>         updated that's
>>         why they have to be links to the original ones.
>>
>>         A side note about permissions: it would be safer to restrict
>>         permissions
>>         to bind/named so as stated in the wiki you can
>>
>>         # chown named:named /usr/local/samba/private/dns
>>         # chgrp named /usr/local/samba/private/dns.**keytab
>>         # chmod g+r /usr/local/samba/private/dns.**keytab
>>         # chmod 775 /usr/local/samba/private/dns
>>
>>         Daniele.
>>
>>
>>     If your domain level is 2003 you will not be able to join samba4
>>     with bind backend. There is a bug open for this. It duplicates
>>     your dns zone and bind will not start.
>>
>>     https://bugzilla.samba.org/**show_bug.cgi?id=9210<https://bugzilla.samba.org/show_bug.cgi?id=9210>
>>
>>     Jonn
>>
>>
>>
>>
>> --
>>
>> /"O homem não foi criado para ser feliz nem para vencer, mas para viver
>> para Deus. Quando vive para Deus é feliz e vence." Isaltino Gomes
>> /
>> *
>> $whoami*
>>
>>   * Perito Forense Computacional
>>   * Pentester
>>   * Esp. em Segurança de Redes de Computadores com enfâse a Perícia
>>     Forense Computacional - FACID
>>   * Bacharel em Ciência da Computação - UESPI
>>   * Administrador de Redes de Computadores
>>   * CCNA Modulo II
>>   * Lattes: /http://lattes.cnpq.br/**1591329268136905/<http://lattes.cnpq.br/1591329268136905/>
>>
>>
>>
>> Esta mensagem pode conter informações confidenciais e/ou privilegiadas.
>> Se você não for o destinatário ou a pessoa autorizada a receber esta
>> mensagem, não deve usar, copiar ou divulgar as informações nela contida ou
>> tomar qualquer ação baseada nessas informações.
>>
> Did you create the links as per the wiki?
>
> Jonn
>
>


-- 

*"O homem não foi criado para ser feliz nem para vencer, mas para viver
para Deus. Quando vive para Deus é feliz e vence." Isaltino Gomes
*
*
$whoami*

   - Perito Forense Computacional
   - Pentester
   - Esp. em Segurança de Redes de Computadores com enfâse a Perícia
   Forense Computacional - FACID
   - Bacharel em Ciência da Computação - UESPI
   - Administrador de Redes de Computadores
   - CCNA Modulo II
   - Lattes: *http://lattes.cnpq.br/1591329268136905*


Esta mensagem pode conter informações confidenciais e/ou privilegiadas. Se
você não for o destinatário ou a pessoa autorizada a receber esta mensagem,
não deve usar, copiar ou divulgar as informações nela contida ou tomar
qualquer ação baseada nessas informações.

More information about the samba-technical mailing list