[Samba] samba 4 and external dns(bind)

Amaury Viera Hernández avhernandez at uci.cu
Fri Oct 18 11:40:39 MDT 2013 

On 10/18/2013 01:22 PM, Taylor, Jonn wrote:
> On 10/18/2013 10:34 AM, Amaury Viera Hernández wrote:
>> On 10/18/2013 10:23 AM, Taylor, Jonn wrote:
>>> On 10/18/2013 09:10 AM, Amaury Viera Hernández wrote:
>>>> Hi everyone,
>>>> I need to use samba 4 server, but I need to install a server with a
>>>> dns service(bind9.8) in other server.
>>>> Is that possible?
>>>> If yes, There is any documentation for it?
>>> https://wiki.samba.org/index.php/Samba_AD_DC_HOWTO
>>>
>>> https://wiki.samba.org/index.php/Dns-backend_bind
>>>
>>
>> Well,
>> Yes, That's the tutorial for using bind with samba,
>> but if I use samba in the server01.domain.anything and I need to use
>> bind in the server02.domain.anything.
>> There are some steps in the tutorial that I can't understand, for
>> example:
>>
>>  Bind 9.8 / 9.9
>>
>> A DNS keytab file was automatically created during
>> provisioning/updating. Add the following' tkey-gssapi-keytab' option
>> to the 'options' section of your named.conf:
>>
>> options {
>>      [...]
>>      tkey-gssapi-keytab "/usr/local/samba/private/dns.keytab";
>>      [...]
>> };
>>
>> Note that /usr/local/samba/private/dns.keytab is in other server
>>
>> and
>>
>> During provisioning/upgrading, a file
>> ('/usr/local/samba/private/named.conf') was created, that must be
>> included in your Bind named.conf:
>>
>> include "/usr/local/samba/private/named.conf";
>>
>> Note that: /usr/local/samba/private/named.conf is in other server
>>
>> Besides, the content of include "/usr/local/samba/private/named.conf";
>> is:
>> database "dlopen  ...  dlz_bind9.so" and this is in other server
>>
> Need a little more info on what you are trying to do. If the second
> server is a second domain controller the provision will create these for
> you when you join the domain. If you are running a file server that is
> part of domain you can setup bind and do zone transfers from the domain
> controller.
>
> If you need help with the setup let me know and I can post configs for you.
>
> Jonn
>
> ________________________________________________________________________________________________
>
> III Escuela Internacional de Invierno en la UCI del 17 al 28 de febrero
> del 2014. Ver www.uci.cu

Well, Yes, is a domain controller with bind
The principal problem is that if I have a principal domain controller 
(Active directory with dns OR samba4 + dns bind or internal dns) and 
join samba4 as a domain controller,
This new samba4 does not use a dns server and yes, the data replication 
works fine but:
When a transfer the five roles in active directory and demote the 
principal domain controller(Active directory with dns OR samba4 + dns 
bind or internal dns) the users that were using the principal active 
directory domain controller can't login in this new domain controller, 
but I think that the principal problem is that this new samba4 server 
primary domain controller does not have a dns server.

I don't speak english, Apologize me for it.
Regards, Amaury.
-- 
Atentamente, Amaury.
________________________________________________________________________________________________
III Escuela Internacional de Invierno en la UCI del 17 al 28 de febrero del 2014. Ver www.uci.cu

More information about the samba mailing list