Fwd: Error start bind9 samba4 BIND9_DLZ

Rowland Penny repenny241155 at gmail.com
Tue Sep 24 17:42:01 CEST 2013 

On 24/09/13 16:04, Jacó Ramos wrote:
> No,
>
> I run for resolves:
>
> samba_updatedns --dns-backend=BIND9_DLZ, but not run .
>
> 255 root at samba /usr/local/samba/private/dns # samba_upgradedns
> --dns-backend=BIND9_DLZ
> Reading domain information
> Cannot create AD based DNS for OS level < 2003
> 1 root at samba /usr/local/samba/private/dns #
>
> Grato.
> Jacó Ramos
>
>
> 2013/9/24 Taylor, Jonn <jonnt at taylortelephone.com>
>
>> On 09/24/2013 09:58 AM, Jacó Ramos wrote:
>>
>>> Bind9 is finding sam.ldb in /usr/local/samba/private/dns but file is in
>>> /usr/local/samba/private.
>>>
>>> Grato.
>>> Jacó Ramos
>>>
>>>
>>>
>>>
>>> 2013/9/24 Taylor, Jonn <jonnt at taylortelephone.com <mailto:
>>> jonnt at taylortelephone.**com <jonnt at taylortelephone.com>>>
>>>
>>>
>>>      On 09/24/2013 09:11 AM, Daniele Dario wrote:
>>>
>>>          On Tue, 2013-09-24 at 08:10 -0300, Jacó Ramos wrote:
>>>
>>>              When run :
>>>
>>>
>>>              samba-upgradedns --dns-backend=BIND9_DLZ
>>>              Cannot create AD based DNS for OS Level < 2003
>>>              and now ?
>>>
>>>              Grato.
>>>
>>>              Jacó Ramos
>>>              2013/9/24 Rowland Penny <repenny241155 at gmail.com
>>>              <mailto:repenny241155 at gmail.**com <repenny241155 at gmail.com>>>
>>>
>>>                       On 24/09/13 11:38, Jacó Ramos wrote:
>>>                               Hi Dario,
>>>                                                cp
>>>              /usr/local/samba/private/sam.**ldb
>>> /usr/local/samba/private/dns
>>>                               cp /usr/local/samba/private/sam.**ldb.d
>>>              /usr/local/samba/private/dns
>>>               and
>>>                                                chmod 777
>>>              /usr/local/samba/private/dns/*
>>>                                                and dns works fine!
>>>                                                Grato.
>>>                               Jacó Ramos
>>>                                                         Hi, sorry but
>>>              you have got it wrong, it needs to be hard
>>>                       linked, see here:
>>>              https://wiki.samba.org/index.**php/Samba4/HOWTO/Join_a_**
>>> domain_as_a_DC<https://wiki.samba.org/index.php/Samba4/HOWTO/Join_a_domain_as_a_DC>
>>>                                and here:
>>>              https://wiki.samba.org/index.**php/Dns-backend_bind#New_**
>>> added_DNS_entries_are_not_**resolvable<https://wiki.samba.org/index.php/Dns-backend_bind#New_added_DNS_entries_are_not_resolvable>
>>>                                Rowland
>>>
>>>          Hi Jacó,
>>>          could it be that your domain/forest level is < 2003?
>>>
>>>          try to run
>>>          # samba-tool domain level show
>>>          to see the domain/forest levels.
>>>
>>>          Did you provision the domain on samba AD DC or did you join it
>>>          to an
>>>          existing domain?
>>>
>>>          BTW as Rowland said the private/dns content has to be hard
>>>          linked and
>>>          not a simple copy. Samba updates it's private/sam.ldb and
>>>          private/sam.ldb.d/* files. Files on private/dns won't be
>>>          updated that's
>>>          why they have to be links to the original ones.
>>>
>>>          A side note about permissions: it would be safer to restrict
>>>          permissions
>>>          to bind/named so as stated in the wiki you can
>>>
>>>          # chown named:named /usr/local/samba/private/dns
>>>          # chgrp named /usr/local/samba/private/dns.**keytab
>>>          # chmod g+r /usr/local/samba/private/dns.**keytab
>>>          # chmod 775 /usr/local/samba/private/dns
>>>
>>>          Daniele.
>>>
>>>
>>>      If your domain level is 2003 you will not be able to join samba4
>>>      with bind backend. There is a bug open for this. It duplicates
>>>      your dns zone and bind will not start.
>>>
>>>      https://bugzilla.samba.org/**show_bug.cgi?id=9210<https://bugzilla.samba.org/show_bug.cgi?id=9210>
>>>
>>>      Jonn
>>>
>>>
>>>
>>>
>>> --
>>>
>>> /"O homem não foi criado para ser feliz nem para vencer, mas para viver
>>> para Deus. Quando vive para Deus é feliz e vence." Isaltino Gomes
>>> /
>>> *
>>> $whoami*
>>>
>>>    * Perito Forense Computacional
>>>    * Pentester
>>>    * Esp. em Segurança de Redes de Computadores com enfâse a Perícia
>>>      Forense Computacional - FACID
>>>    * Bacharel em Ciência da Computação - UESPI
>>>    * Administrador de Redes de Computadores
>>>    * CCNA Modulo II
>>>    * Lattes: /http://lattes.cnpq.br/**1591329268136905/<http://lattes.cnpq.br/1591329268136905/>
>>>
>>>
>>>
>>> Esta mensagem pode conter informações confidenciais e/ou privilegiadas.
>>> Se você não for o destinatário ou a pessoa autorizada a receber esta
>>> mensagem, não deve usar, copiar ou divulgar as informações nela contida ou
>>> tomar qualquer ação baseada nessas informações.
>>>
>> Did you create the links as per the wiki?
>>
>> Jonn
>>
>>
>
HI, what are you trying to join the DC to? is it another samba4 machine 
or a windows server, if a windows server, what version of windows. Also 
what versions of samba4?

Rowland

More information about the samba-technical mailing list