[Samba] Question about domain name with BIND9_DLZ
Daniel Carrasco Marín
danielmadrid19 at gmail.com
Sat Apr 18 07:42:59 MDT 2015
Thanks!!
I've restored the server, i've installed all from backports to start in a
clean configuration, and I've tried the suggestions but i've got the same
result. The Windows machine is using the router dhcp server, but dns are
configured manually to use the server as dns.
Anyway I can live with that because I can log using HOME\User and works
fine. Only was curiosity.
Greetings!!
2015-04-18 14:31 GMT+02:00 Rowland Penny <rowlandpenny at googlemail.com>:
> On 18/04/15 13:03, Daniel Carrasco Marín wrote:
>
>> Thanks for you answer.
>>
>> My OS are Debian 7u8 as server, and Windows 7 as client.
>>
>
> If you enable wheezy backports, you can install bind9.9.5 and will not
> have to compile it yourself.
>
>
> I'm doing the test on virtual machines and the dhcp server is a simple
>> router. Anyway i'm using a static IP:
>> iface eth0 inet static
>> address 192.168.1.100
>> netmask 255.255.255.0
>> network 192.168.1.0
>> broadcast 192.168.1.255
>> gateway 192.168.1.1
>> dns-nameservers 192.168.1.100 8.8.8.8
>> dns-search home.red
>>
>
> Yes, but what are the windows clients being given by dhcp ?
>
>
>> and /etc/resolv.conf
>> domain HOME
>> search HOME
>> nameserver 192.168.1.100
>> nameserver 8.8.8.8
>>
>>
>>
> And there is one of of your problems (well several actually)
> remove the domain line, 'domain' & 'search' are mutually exclusive in
> resolv.conf, the last one wins.
> Your dns domain name is not 'HOME', that is your windows workgroup/domain
> name, replace it with 'home.red'
> remove the 'nameserver 8.8.8.8' line, it belongs in
> /etc/bind/named.conf.options as a forwarder.
>
>
> The bind9 config is not setted, because i did some tests on my work with
>> a configured bind9 server and the result was the same, then i've not tried
>> to set a better configuration:
>> include "/usr/local/samba/private/named.conf";
>> include "/etc/bind/rndc.key";
>>
>> controls {
>> inet 127.0.0.1 port 953
>> allow { 127.0.0.1; 192.168.1.100; } keys { "rndc-key"; };
>> };
>>
>> options {
>> directory "/var/local/cache/bind";
>> allow-new-zones yes;
>> transfers-in 500;
>> empty-zones-enable yes;
>> //forwarders { 8.8.8.8; 8.8.4.4; };
>> recursion yes;
>> //allow-transfer {"none";};
>> allow-query { any; };
>> allow-recursion { any; };
>>
>> dnssec-validation auto;
>>
>> auth-nxdomain no; # conform to RFC1035
>> listen-on-v6 { any; };
>>
>> rate-limit {
>> responses-per-second 5;
>> #window 5;
>> #log-only yes;
>> };
>> };
>>
>> zone "." {
>> type hint;
>> file "/etc/bind/db.root";
>> };
>>
>>
> OK, put the bind9 config files back to what they were.
> change /etc/bind/named.conf to match this:
>
> include "/etc/bind/named.conf.options";
> include "/etc/bind/named.conf.local";
> include "/etc/bind/named.conf.default-zones";
> include "/var/lib/samba/private/named.conf";
>
> NOTE: you will probably have to change the last line because you have
> compiled samba4 yourself
>
> change /etc/bind/named.conf.options to match this:
>
> options {
> directory "/var/cache/bind";
>
> // If there is a firewall between you and nameservers you want
> // to talk to, you may need to fix the firewall to allow multiple
> // ports to talk. See http://www.kb.cert.org/vuls/id/800113
>
> // If your ISP provided one or more IP addresses for stable
> // nameservers, you probably want to use them as forwarders.
> // Uncomment the following block, and insert the addresses
> replacing
> // the all-0's placeholder.
>
> forwarders { 8.8.8.8; 8.8.4.4; };
> // 0.0.0.0;
> // };
>
> //========================================================================
> // If BIND logs error messages about the root key being expired,
> // you will need to update your keys. See
> https://www.isc.org/bind-keys
> //========================================================================
> dnssec-validation no;
>
> auth-nxdomain no; # conform to RFC1035
> listen-on-v6 { any; };
> tkey-gssapi-keytab "/var/lib/samba/private/dns.keytab";
> };
>
> Again, you will have to change the 'tkey-gssapi-keytab' line.
>
> The above is taken from my working machine.
>
> In the client machine i've configured as DNS the Samba server
>>
>>
> Good
>
>
> Greetings!!
>>
>>
>> 2015-04-18 13:25 GMT+02:00 Rowland Penny <rowlandpenny at googlemail.com
>> <mailto:rowlandpenny at googlemail.com>>:
>>
>>
>> On 18/04/15 12:11, Daniel Carrasco Marín wrote:
>>
>> Hi, first of all i'm sorry for my english.
>>
>> I'm doing some tests to migrate a Samba3 domain to Samba4 with
>> BIND9_DLZ,
>> but the Domain name in Windows information is not correct. Is
>> not a problem
>> because all works as expected, but i wan't to know if i'm
>> doing something
>> wrong that can cause problems in future.
>>
>> I've done the tests with this command:
>>
>> samba-tool domain provision --use-rfc2307 --realm=home.red
>> --domain=HOME
>> --adminpass="Pass" --server-role=dc --dns-backend=BIND9_DLZ
>> If i use the samba internal backend then the Domain Name in
>> Windows is
>> right (HOME) and machine don't change (machine), but if I use
>> the BIND9_DLZ
>> backend then the domain name is changed (home.red) and the
>> machine name too
>> (machine.home.red).
>>
>> Samba version is 4.2.1 stable compiled from git, and bind is
>> the 9.9.7
>> compiled from source.
>> I've used this options to compile:
>> Samba
>> ./configure --sysconfdir=/etc/samba --bindir=/usr/bin
>> --sbindir=/usr/sbin
>> --with-winbind
>>
>> Bind:
>> ./configure --with-gssapi=/usr/include/gssapi --with-openssl=/usr
>> --enable-largefile --with-dlopen=yes --sysconfdir=/etc/bind
>> --bindir=/usr/bin --sbindir=/usr/sbin --enable-threads
>> --enable-rrl
>>
>> and of course i've included the link to "include
>> "/usr/local/samba/private/named.conf";" in BIND9 named.conf,
>> and i've
>> uncommented the right version in that file.
>> The command "smbclient -L localhost -U%" shows the right info.
>>
>> I'm doing something wrong?.
>> Can be problematic on future?.
>> Is there any way to fix it?.
>>
>> Thanks!!
>>
>>
>> What OS ?
>>
>> Do your windows clients get their ipaddresses via dhcp ?
>> and if so, is the dhcp server supplying the domain name ?
>>
>> How have you set up bind9 ?
>>
>> Rowland
>>
>> -- To unsubscribe from this list go to the following URL and read
>> the
>> instructions: https://lists.samba.org/mailman/options/samba
>>
>>
>>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
>
More information about the samba
mailing list