[Samba] attempt to join WIN7 to 4.1 DC fails

Brandon Lake lakeb at sonic.net
Fri Apr 18 09:52:14 MDT 2014 

Here is the "HowTo"
http://www.golinuxhub.com/2013/06/samba-41-as-active-directory.html

I had a bit of trouble translating the example named.conf from
RH/Fedora/CentOS to Slackware conventions.  I believe that the dlz "AD DNS
Zone" is needed, but rc.bind errors out with it uncommented.  

Here is the stdout when I restart bind:

------------------

root at garcon:~# /etc/rc.d/rc.bind restart
Stopping BIND:  /usr/sbin/rndc  stop
Starting BIND:  /usr/sbin/named
root at garcon:~#

------------------

And here is my named.conf:

------------------

// named.conf

options {
        auth-nxdomain yes;
        datasize default;
        directory "/var/named";
        empty-zones-enable no;
        notify no;
        forwarders { 8.8.8.8; 8.8.4.4; };
        query-source address * port 53;
        recursion yes;
        allow-query { 127.0.0.1; 192.168.1.0/24; };
        dump-file "/var/named/data/cache_dump.db";
        statistics-file "/var/named/data/named_stats.txt";
        memstatistics-file "/var/named/data/named_mem_stats.txt";
        dnssec-enable yes;
        dnssec-validation yes;
        dnssec-lookaside auto;
        tkey-gssapi-keytab "/etc/samba/private/dns.keytab";
        bindkeys-file "/etc/named.iscdlv.key";
        listen-on port 53 { localhost; 192.168.1.1; };
        listen-on-v6 port 53 { ::1; };
};

include "/etc/samba/private/named.conf";
include "/etc/rndc.key";

controls {
        inet 127.0.0.1 port 953
                allow { 127.0.0.1; } keys { "rndc-key"; };
};

logging {
        channel default_debug {
                file "/var/named/data/named.run";
                severity dynamic;
        };
};

zone "." IN {
        type hint;
        file "caching-example/named.root";
};

zone "localhost" IN {
        type master;
        file "caching-example/localhost.zone";
        allow-update { none; };
};

zone "0.0.127.in-addr-arpa" IN {
        type master;
        file "caching-example/named.local";
        allow-update { none; };
};

//dlz "AD DNS Zone" {
//      database "dlopen /usr/lib/bind9/dlz_bind9_9.so";
//};

// End of named.conf

------------------

Here is a an excerpt from my bind logs

------------------

managed-keys-zone: loaded serial 0
zone 0.0.127.in-addr-arpa/IN: loaded serial 2011032500
zone localhost/IN: loaded serial 42
zone lac.internal/IN: loaded serial 2014033106
all zones loaded
running
error (host unreachable) resolving './NS/IN': 8.8.8.8#53
error (host unreachable) resolving 'www.google.com/A/IN': 8.8.4.4#53
error (host unreachable) resolving './NS/IN': 8.8.8.8#53
  validating @0xb4216b48: com.cn SOA: no valid signature found
  validating @0xb421c5e8: . SOA: no valid signature found
  validating @0xb4e02888: . NSEC: no valid signature found
  validating @0xb4e02888: la NSEC: no valid signature found
error (host unreachable) resolving './NS/IN': 8.8.4.4#53
  validating @0xb42120b0: com.cn SOA: no valid signature found
  validating @0xb4216b48: . SOA: no valid signature found
  validating @0xb4216b48: . NSEC: no valid signature found
  validating @0xb4216b48: la NSEC: no valid signature found
  validating @0xb46d02a8: . SOA: no valid signature found
  validating @0xb46d02a8: . NSEC: no valid signature found
  validating @0xb46d02a8: la NSEC: no valid signature found
error (host unreachable) resolving './NS/IN': 8.8.8.8#53
error (host unreachable) resolving 'www.google.com/A/IN': 8.8.8.8#53
error (host unreachable) resolving './NS/IN': 8.8.4.4#53
error (host unreachable) resolving 'www.google.com/A/IN': 8.8.8.8#53
error (host unreachable) resolving './NS/IN': 8.8.4.4#53
lame server resolving '250.17.62.42.in-addr.arpa' (in
'17.62.42.in-addr.arpa'?): 118.26.194.13#53
lame server resolving '250.17.62.42.in-addr.arpa' (in
'17.62.42.in-addr.arpa'?): 118.26.194.14#53

------------------

Thanks for all the help thus far.

~Brand


-----Original Message-----
From: samba-bounces at lists.samba.org [mailto:samba-bounces at lists.samba.org]
On Behalf Of Rowland Penny
Sent: Friday, April 18, 2014 7:28 AM
Cc: samba at lists.samba.org
Subject: Re: [Samba] attempt to join WIN7 to 4.1 DC fails

Of course you do not need to use bind, but the OP was following an Howto
(from what he wrote) that did use bind and is seems that he either missed
something, or the howto did, in the bind setup. It might help if he posted
the url of the howto he is following.

Rowland
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

More information about the samba mailing list