[Samba] samba4+bind on centos

Rowland Penny rpenny at f2s.com
Tue Jun 11 04:15:04 MDT 2013 

Have you created the reverse zone? Samba, for some reason, does not
automatically create it. If I run your command, I get:

IPs: ['192.168.0.2']
Calling nsupdate for A domain.lan 192.168.0.2
Outgoing update query:
;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id:      0
;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0
;; UPDATE SECTION:
domain.lan.        900    IN    A    192.168.0.2

and so on ~~~~~

Rowland


On 11 June 2013 10:54, NOC <noc at nieuwland.nl> wrote:

> Hi All
>
> I've started again from scratch, following the wikipage at
> https://wiki.samba.org/index.**php/Dns-backend_bind#Bind_9.8_**.2F_9.9<https://wiki.samba.org/index.php/Dns-backend_bind#Bind_9.8_.2F_9.9>
>
> I'm using bind 9.8.5-P1 and samba4 master (from yesterday I guess)
>
> compiling from scratch:
> bind: ./configure --with-gssapi=/usr/include/**gssapi --with-dlopen=yes
>
> And the given named.conf in /etc/bind/ (as this is where I want the config
> to reside)
>
> I've include the local zones as provided and I modified the named in a few
> places:
>  diff orig-named.conf /etc/bind/named.conf
> 6c6
> <        directory "/var/named";
> ---
> >        directory "/etc/bind";
> 8c8
> <        forwarders { 8.8.8.8; 8.8.4.4; };
> ---
> >        forwarders { 172.16.1.12; 172.16.1.18; };
> 16,17c16,18
> <                10.1.1.0/24;
> <                ...other networks you want to allow to query your DNS...;
> ---
> >                192.168.6.0/24;
> >               127.0.0.0/8;
> >                #...other networks you want to allow to query your DNS...;
> 21,22c22,24
> <                10.1.1.0/24;
> <                ...other networks you want to allow to do recursive
> queries...;
> ---
> >                192.168.6.0/24;
> >               127.0.0.0/8;
> >                #...other networks you want to allow to do recursive
> queries...;
> 24a27,28
> >       tkey-gssapi-keytab "/usr/local/samba/private/dns.**keytab";
> >
> 26a31
> > include "/usr/local/samba/private/**named.conf";
>
>
> This is just so bind actually works and the files created by provision are
> included
>
> Provision was done using:
> samba-tool domain provision
> Realm: example
>  Domain [example]: example.com
>  Server Role (dc, member, standalone) [dc]: dc
>  DNS backend (SAMBA_INTERNAL, BIND9_FLATFILE, BIND9_DLZ, NONE)
> [SAMBA_INTERNAL]: BIND9_DLZ
> Administrator password:
> Retype password:
> Looking up IPv4 addresses
> Looking up IPv6 addresses
> No IPv6 address will be assigned
> Setting up share.ldb
> Setting up secrets.ldb
> Setting up the registry
> Setting up the privileges database
> Setting up idmap db
> Setting up SAM db
> Setting up sam.ldb partitions and settings
> Setting up sam.ldb rootDSE
> Pre-loading the Samba 4 and AD schema
> Adding DomainDN: DC=example
> Adding configuration container
> Setting up sam.ldb schema
> Setting up sam.ldb configuration data
> Setting up display specifiers
> Modifying display specifiers
> Adding users container
> Modifying users container
> Adding computers container
> Modifying computers container
> Setting up sam.ldb data
> Setting up well known security principals
> Setting up sam.ldb users and groups
> Setting up self join
> Adding DNS accounts
> Creating CN=MicrosoftDNS,CN=System,DC=**example
> Creating DomainDnsZones and ForestDnsZones partitions
> Populating DomainDnsZones and ForestDnsZones partitions
> See /usr/local/samba/private/**named.conf for an example configuration
> include file for BIND
> and /usr/local/samba/private/**named.txt for further documentation
> required for secure DNS updates
> Setting up sam.ldb rootDSE marking as synchronized
> Fixing provision GUIDs
> A Kerberos configuration suitable for Samba 4 has been generated at
> /usr/local/samba/private/krb5.**conf
> Once the above files are installed, your Samba4 server will be ready to use
> Server Role:           active directory domain controller
> Hostname:              sambabind02
> NetBIOS Domain:        EXAMPLE.COM
> DNS Domain:            example
> DOMAIN SID:            S-1-5-21-294307859-3325552197-**969134079
>
>
> stopped/started bind using the new config file
>
> Then I started /usr/local/samba/sbin/samba -D
>
> Then command:
> # /usr/local/samba/sbin/samba_**dnsupdate --verbose --all-names
> IPs: ['192.168.6.86']
>
> Traceback (most recent call last):
>   File "/usr/local/samba/sbin/samba_**dnsupdate", line 511, in <module>
>     get_credentials(lp)
>   File "/usr/local/samba/sbin/samba_**dnsupdate", line 124, in
> get_credentials
>     raise e
> RuntimeError: kinit for SAMBABIND02$@EXAMPLE failed (Cannot contact any
> KDC for requested realm)
>
> It appears that samba_dnsupdate tries to get a ticket from the KDC that it
> tries to find using DNS, but the record isn't yet inserted in the bind dns
> database. Is it a chicken/egg problem?
>
> Now either the wiki hasn't been fully tested or it's missing a obvious step
>
> Any clues?
>
> /Simon
>
>
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/**mailman/options/samba<https://lists.samba.org/mailman/options/samba>
>

More information about the samba mailing list