[Samba] samba 4 and external dns(bind)

Fri Oct 18 13:04:18 MDT 2013

On 10/18/2013 12:40 PM, Amaury Viera Hernández wrote:
> On 10/18/2013 01:22 PM, Taylor, Jonn wrote:
>> On 10/18/2013 10:34 AM, Amaury Viera Hernández wrote:
>>> On 10/18/2013 10:23 AM, Taylor, Jonn wrote:
>>>> On 10/18/2013 09:10 AM, Amaury Viera Hernández wrote:
>>>>> Hi everyone,
>>>>> I need to use samba 4 server, but I need to install a server with a
>>>>> dns service(bind9.8) in other server.
>>>>> Is that possible?
>>>>> If yes, There is any documentation for it?
>>>> https://wiki.samba.org/index.php/Samba_AD_DC_HOWTO
>>>>
>>>> https://wiki.samba.org/index.php/Dns-backend_bind
>>>>
>>>
>>> Well,
>>> Yes, That's the tutorial for using bind with samba,
>>> but if I use samba in the server01.domain.anything and I need to use
>>> bind in the server02.domain.anything.
>>> There are some steps in the tutorial that I can't understand, for
>>> example:
>>>
>>>  Bind 9.8 / 9.9
>>>
>>> A DNS keytab file was automatically created during
>>> provisioning/updating. Add the following' tkey-gssapi-keytab' option
>>> to the 'options' section of your named.conf:
>>>
>>> options {
>>>      [...]
>>>      tkey-gssapi-keytab "/usr/local/samba/private/dns.keytab";
>>>      [...]
>>> };
>>>
>>> Note that /usr/local/samba/private/dns.keytab is in other server
>>>
>>> and
>>>
>>> During provisioning/upgrading, a file
>>> ('/usr/local/samba/private/named.conf') was created, that must be
>>> included in your Bind named.conf:
>>>
>>> include "/usr/local/samba/private/named.conf";
>>>
>>> Note that: /usr/local/samba/private/named.conf is in other server
>>>
>>> Besides, the content of include "/usr/local/samba/private/named.conf";
>>> is:
>>> database "dlopen  ...  dlz_bind9.so" and this is in other server
>>>
>> Need a little more info on what you are trying to do. If the second
>> server is a second domain controller the provision will create these for
>> you when you join the domain. If you are running a file server that is
>> part of domain you can setup bind and do zone transfers from the domain
>> controller.
>>
>> If you need help with the setup let me know and I can post configs 
>> for you.
>>
>> Jonn
>>
>> ________________________________________________________________________________________________ 
>>
>>
>> III Escuela Internacional de Invierno en la UCI del 17 al 28 de febrero
>> del 2014. Ver www.uci.cu
>
> Well, Yes, is a domain controller with bind
> The principal problem is that if I have a principal domain controller 
> (Active directory with dns OR samba4 + dns bind or internal dns) and 
> join samba4 as a domain controller,
> This new samba4 does not use a dns server and yes, the data 
> replication works fine but:
> When a transfer the five roles in active directory and demote the 
> principal domain controller(Active directory with dns OR samba4 + dns 
> bind or internal dns) the users that were using the principal active 
> directory domain controller can't login in this new domain controller, 
> but I think that the principal problem is that this new samba4 server 
> primary domain controller does not have a dns server.
>
> I don't speak english, Apologize me for it.
> Regards, Amaury.
Each samba4 AD server must have a dns server. When you you did the join 
if you did not specify that you wanted to use bind it will default to 
the internal one. This can be changed with out any problems. As for dns 
to the clients you need to make sure the dns they have point to both 
your AD servers. You will also need to make sure that your SOA records 
point to the new AD servers.

One more thing, you need to copy your sysvol directory from the old 
server to the new one and the run "samba-tool ntacl sysvolreset" to get 
the permissions correct. Samba 4 does not replicate the sysvol as of yet.

Jonn

FYI... your written english is fine.