[Samba] attempt to join WIN7 to 4.1 DC fails

Rowland Penny rowlandpenny at googlemail.com
Fri Apr 18 10:40:04 MDT 2014


On 18/04/14 16:52, Brandon Lake wrote:
> Here is the "HowTo"
> http://www.golinuxhub.com/2013/06/samba-41-as-active-directory.html
>
> I had a bit of trouble translating the example named.conf from
> RH/Fedora/CentOS to Slackware conventions.  I believe that the dlz "AD DNS
> Zone" is needed, but rc.bind errors out with it uncommented.
>
> Here is the stdout when I restart bind:
>
> ------------------
>
> root at garcon:~# /etc/rc.d/rc.bind restart
> Stopping BIND:  /usr/sbin/rndc  stop
> Starting BIND:  /usr/sbin/named
> root at garcon:~#
>
> ------------------
>
> And here is my named.conf:
>
> ------------------
>
> // named.conf
>
> options {
>          auth-nxdomain yes;
>          datasize default;
>          directory "/var/named";
>          empty-zones-enable no;
>          notify no;
>          forwarders { 8.8.8.8; 8.8.4.4; };
>          query-source address * port 53;
>          recursion yes;
>          allow-query { 127.0.0.1; 192.168.1.0/24; };
>          dump-file "/var/named/data/cache_dump.db";
>          statistics-file "/var/named/data/named_stats.txt";
>          memstatistics-file "/var/named/data/named_mem_stats.txt";
>          dnssec-enable yes;
>          dnssec-validation yes;
>          dnssec-lookaside auto;
>          tkey-gssapi-keytab "/etc/samba/private/dns.keytab";
>          bindkeys-file "/etc/named.iscdlv.key";
>          listen-on port 53 { localhost; 192.168.1.1; };
>          listen-on-v6 port 53 { ::1; };
> };
>
> include "/etc/samba/private/named.conf";
> include "/etc/rndc.key";
>
> controls {
>          inet 127.0.0.1 port 953
>                  allow { 127.0.0.1; } keys { "rndc-key"; };
> };
>
> logging {
>          channel default_debug {
>                  file "/var/named/data/named.run";
>                  severity dynamic;
>          };
> };
>
> zone "." IN {
>          type hint;
>          file "caching-example/named.root";
> };
>
> zone "localhost" IN {
>          type master;
>          file "caching-example/localhost.zone";
>          allow-update { none; };
> };
>
> zone "0.0.127.in-addr-arpa" IN {
>          type master;
>          file "caching-example/named.local";
>          allow-update { none; };
> };
>
> //dlz "AD DNS Zone" {
> //      database "dlopen /usr/lib/bind9/dlz_bind9_9.so";
> //};

Adding the "AD DNS Zone" here would be an error, try opening 
'/etc/samba/private/named.conf' in your favourite editor (this is a file 
you 'included' earlier) and make sure that it is set to the same as the 
above, or uncomment the above and remove the include line. Make sure 
that dlz_bind9_9.so is in /usr/lib/bind9/

> // End of named.conf
>
> ------------------
>
> Here is a an excerpt from my bind logs
>
> ------------------
>
> managed-keys-zone: loaded serial 0
> zone 0.0.127.in-addr-arpa/IN: loaded serial 2011032500
> zone localhost/IN: loaded serial 42
> zone lac.internal/IN: loaded serial 2014033106
> all zones loaded
> running

Here is an excerpt from my logs when bind starts:

Loading 'AD DNS Zone' using driver dlopen
samba_dlz: started for DN DC=example,DC=com
samba_dlz: starting configure
samba_dlz: configured writeable zone '0.168.192.in-addr.arpa'
samba_dlz: configured writeable zone 'example.com'
samba_dlz: configured writeable zone '_msdcs.example.com'
...........
zone 255.in-addr.arpa/IN: loaded serial 1
zone 0.in-addr.arpa/IN: loaded serial 1
zone 127.in-addr.arpa/IN: loaded serial 1
zone localhost/IN: loaded serial 2
all zones loaded
> error (host unreachable) resolving './NS/IN': 8.8.8.8#53
> error (host unreachable) resolving 'www.google.com/A/IN': 8.8.4.4#53

Hmm, you do not seem to be able to contact the outside world ;-)
Is /etc/resolv.conf set correctly, i.e. pointing to itself ?
Is dnsmasq running ?

Rowland

> error (host unreachable) resolving './NS/IN': 8.8.8.8#53
>    validating @0xb4216b48: com.cn SOA: no valid signature found
>    validating @0xb421c5e8: . SOA: no valid signature found
>    validating @0xb4e02888: . NSEC: no valid signature found
>    validating @0xb4e02888: la NSEC: no valid signature found
> error (host unreachable) resolving './NS/IN': 8.8.4.4#53
>    validating @0xb42120b0: com.cn SOA: no valid signature found
>    validating @0xb4216b48: . SOA: no valid signature found
>    validating @0xb4216b48: . NSEC: no valid signature found
>    validating @0xb4216b48: la NSEC: no valid signature found
>    validating @0xb46d02a8: . SOA: no valid signature found
>    validating @0xb46d02a8: . NSEC: no valid signature found
>    validating @0xb46d02a8: la NSEC: no valid signature found
> error (host unreachable) resolving './NS/IN': 8.8.8.8#53
> error (host unreachable) resolving 'www.google.com/A/IN': 8.8.8.8#53
> error (host unreachable) resolving './NS/IN': 8.8.4.4#53
> error (host unreachable) resolving 'www.google.com/A/IN': 8.8.8.8#53
> error (host unreachable) resolving './NS/IN': 8.8.4.4#53
> lame server resolving '250.17.62.42.in-addr.arpa' (in
> '17.62.42.in-addr.arpa'?): 118.26.194.13#53
> lame server resolving '250.17.62.42.in-addr.arpa' (in
> '17.62.42.in-addr.arpa'?): 118.26.194.14#53
>
> ------------------
>
> Thanks for all the help thus far.
>
> ~Brand
>
>
> -----Original Message-----
> From: samba-bounces at lists.samba.org [mailto:samba-bounces at lists.samba.org]
> On Behalf Of Rowland Penny
> Sent: Friday, April 18, 2014 7:28 AM
> Cc: samba at lists.samba.org
> Subject: Re: [Samba] attempt to join WIN7 to 4.1 DC fails
>
> Of course you do not need to use bind, but the OP was following an Howto
> (from what he wrote) that did use bind and is seems that he either missed
> something, or the howto did, in the bind setup. It might help if he posted
> the url of the howto he is following.
>
> Rowland
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
>
>
>



More information about the samba mailing list