Fwd: Error start bind9 samba4 BIND9_DLZ
Jacó Ramos
j4c0r4m0s at gmail.com
Tue Sep 24 18:00:00 CEST 2013
I try to join the DC (Windows 2003 Server).
I am using samba 4.0.9.
Grato.
Jacó Ramos
2013/9/24 Rowland Penny <repenny241155 at gmail.com>
> On 24/09/13 16:04, Jacó Ramos wrote:
>
>> No,
>>
>> I run for resolves:
>>
>> samba_updatedns --dns-backend=BIND9_DLZ, but not run .
>>
>> 255 root at samba /usr/local/samba/private/dns # samba_upgradedns
>> --dns-backend=BIND9_DLZ
>> Reading domain information
>> Cannot create AD based DNS for OS level < 2003
>> 1 root at samba /usr/local/samba/private/dns #
>>
>> Grato.
>> Jacó Ramos
>>
>>
>> 2013/9/24 Taylor, Jonn <jonnt at taylortelephone.com>
>>
>> On 09/24/2013 09:58 AM, Jacó Ramos wrote:
>>>
>>> Bind9 is finding sam.ldb in /usr/local/samba/private/dns but file is in
>>>> /usr/local/samba/private.
>>>>
>>>> Grato.
>>>> Jacó Ramos
>>>>
>>>>
>>>>
>>>>
>>>> 2013/9/24 Taylor, Jonn <jonnt at taylortelephone.com <mailto:
>>>> jonnt at taylortelephone.**com <jonnt at taylortelephone.com>>>
>>>>
>>>>
>>>>
>>>> On 09/24/2013 09:11 AM, Daniele Dario wrote:
>>>>
>>>> On Tue, 2013-09-24 at 08:10 -0300, Jacó Ramos wrote:
>>>>
>>>> When run :
>>>>
>>>>
>>>> samba-upgradedns --dns-backend=BIND9_DLZ
>>>> Cannot create AD based DNS for OS Level < 2003
>>>> and now ?
>>>>
>>>> Grato.
>>>>
>>>> Jacó Ramos
>>>> 2013/9/24 Rowland Penny <repenny241155 at gmail.com
>>>> <mailto:repenny241155 at gmail.****com <
>>>> repenny241155 at gmail.com>>>
>>>>
>>>>
>>>> On 24/09/13 11:38, Jacó Ramos wrote:
>>>> Hi Dario,
>>>> cp
>>>> /usr/local/samba/private/sam.****ldb
>>>> /usr/local/samba/private/dns
>>>> cp /usr/local/samba/private/sam.****ldb.d
>>>>
>>>> /usr/local/samba/private/dns
>>>> and
>>>> chmod 777
>>>> /usr/local/samba/private/dns/*
>>>> and dns works fine!
>>>> Grato.
>>>> Jacó Ramos
>>>> Hi, sorry but
>>>> you have got it wrong, it needs to be hard
>>>> linked, see here:
>>>> https://wiki.samba.org/index.***
>>>> *php/Samba4/HOWTO/Join_a_**<https://wiki.samba.org/index.**php/Samba4/HOWTO/Join_a_**>
>>>> domain_as_a_DC<https://wiki.**samba.org/index.php/Samba4/**
>>>> HOWTO/Join_a_domain_as_a_DC<https://wiki.samba.org/index.php/Samba4/HOWTO/Join_a_domain_as_a_DC>
>>>> >
>>>> and here:
>>>> https://wiki.samba.org/index.***
>>>> *php/Dns-backend_bind#New_**<https://wiki.samba.org/index.**php/Dns-backend_bind#New_**>
>>>> added_DNS_entries_are_not_****resolvable<https://wiki.samba.**
>>>> org/index.php/Dns-backend_**bind#New_added_DNS_entries_**
>>>> are_not_resolvable<https://wiki.samba.org/index.php/Dns-backend_bind#New_added_DNS_entries_are_not_resolvable>
>>>> >
>>>>
>>>> Rowland
>>>>
>>>> Hi Jacó,
>>>> could it be that your domain/forest level is < 2003?
>>>>
>>>> try to run
>>>> # samba-tool domain level show
>>>> to see the domain/forest levels.
>>>>
>>>> Did you provision the domain on samba AD DC or did you join it
>>>> to an
>>>> existing domain?
>>>>
>>>> BTW as Rowland said the private/dns content has to be hard
>>>> linked and
>>>> not a simple copy. Samba updates it's private/sam.ldb and
>>>> private/sam.ldb.d/* files. Files on private/dns won't be
>>>> updated that's
>>>> why they have to be links to the original ones.
>>>>
>>>> A side note about permissions: it would be safer to restrict
>>>> permissions
>>>> to bind/named so as stated in the wiki you can
>>>>
>>>> # chown named:named /usr/local/samba/private/dns
>>>> # chgrp named /usr/local/samba/private/dns.****keytab
>>>> # chmod g+r /usr/local/samba/private/dns.****keytab
>>>>
>>>> # chmod 775 /usr/local/samba/private/dns
>>>>
>>>> Daniele.
>>>>
>>>>
>>>> If your domain level is 2003 you will not be able to join samba4
>>>> with bind backend. There is a bug open for this. It duplicates
>>>> your dns zone and bind will not start.
>>>>
>>>> https://bugzilla.samba.org/****show_bug.cgi?id=9210<https://bugzilla.samba.org/**show_bug.cgi?id=9210>
>>>> <https://**bugzilla.samba.org/show_bug.**cgi?id=9210<https://bugzilla.samba.org/show_bug.cgi?id=9210>
>>>> >
>>>>
>>>>
>>>> Jonn
>>>>
>>>>
>>>>
>>>>
>>>> --
>>>>
>>>> /"O homem não foi criado para ser feliz nem para vencer, mas para viver
>>>> para Deus. Quando vive para Deus é feliz e vence." Isaltino Gomes
>>>> /
>>>> *
>>>> $whoami*
>>>>
>>>> * Perito Forense Computacional
>>>> * Pentester
>>>> * Esp. em Segurança de Redes de Computadores com enfâse a Perícia
>>>> Forense Computacional - FACID
>>>> * Bacharel em Ciência da Computação - UESPI
>>>> * Administrador de Redes de Computadores
>>>> * CCNA Modulo II
>>>> * Lattes: /http://lattes.cnpq.br/****1591329268136905/<http://lattes.cnpq.br/**1591329268136905/>
>>>> <http://**lattes.cnpq.br/**1591329268136905/<http://lattes.cnpq.br/1591329268136905/>
>>>> >
>>>>
>>>>
>>>>
>>>>
>>>> Esta mensagem pode conter informações confidenciais e/ou privilegiadas.
>>>> Se você não for o destinatário ou a pessoa autorizada a receber esta
>>>> mensagem, não deve usar, copiar ou divulgar as informações nela contida
>>>> ou
>>>> tomar qualquer ação baseada nessas informações.
>>>>
>>>> Did you create the links as per the wiki?
>>>
>>> Jonn
>>>
>>>
>>>
>> HI, what are you trying to join the DC to? is it another samba4 machine
> or a windows server, if a windows server, what version of windows. Also
> what versions of samba4?
>
> Rowland
>
>
--
*"O homem não foi criado para ser feliz nem para vencer, mas para viver
para Deus. Quando vive para Deus é feliz e vence." Isaltino Gomes
*
*
$whoami*
- Perito Forense Computacional
- Pentester
- Esp. em Segurança de Redes de Computadores com enfâse a Perícia
Forense Computacional - FACID
- Bacharel em Ciência da Computação - UESPI
- Administrador de Redes de Computadores
- CCNA Modulo II
- Lattes: *http://lattes.cnpq.br/1591329268136905*
Esta mensagem pode conter informações confidenciais e/ou privilegiadas. Se
você não for o destinatário ou a pessoa autorizada a receber esta mensagem,
não deve usar, copiar ou divulgar as informações nela contida ou tomar
qualquer ação baseada nessas informações.
More information about the samba-technical
mailing list