[Samba] Question about domain name with BIND9_DLZ

Rowland Penny rowlandpenny at googlemail.com
Sat Apr 18 07:54:25 MDT 2015


On 18/04/15 14:42, Daniel Carrasco Marín wrote:
> Thanks!!
>
> I've restored the server, i've installed all from backports to start 
> in a clean configuration, and I've tried the suggestions but i've got 
> the same result. The Windows machine is using the router dhcp server, 
> but dns are configured manually to use the server as dns.

If the windows machines are setup to use the router for dhcp, but you 
are overriding the dns server on each windows box, I have to ask, why 
bother with dhcp at all ? just set an ipaddress etc on each window box 
and forget dhcp.

>
> Anyway I can live with that because I can log using HOME\User and 
> works fine. Only was curiosity.

AD depends on DNS, if this gets out of sync, you are in trouble, it 
would be better to choose one system, either set all machines etc as 
static dns, or use dhcp and  set it up correctly. You could always do 
what I do, turn off dhcp on the router and run dhcp on the AD server.

Rowland
>
> Greetings!!
>
> 2015-04-18 14:31 GMT+02:00 Rowland Penny <rowlandpenny at googlemail.com 
> <mailto:rowlandpenny at googlemail.com>>:
>
>     On 18/04/15 13:03, Daniel Carrasco Marín wrote:
>
>         Thanks for you answer.
>
>         My OS are Debian 7u8 as server, and Windows 7 as client.
>
>
>     If you enable wheezy backports, you can install bind9.9.5 and will
>     not have to compile it yourself.
>
>
>         I'm doing the test on virtual machines and the dhcp server is
>         a simple router. Anyway i'm using a static IP:
>         iface eth0 inet static
>                 address 192.168.1.100
>                 netmask 255.255.255.0
>                 network 192.168.1.0
>                 broadcast 192.168.1.255
>                 gateway 192.168.1.1
>                 dns-nameservers 192.168.1.100 8.8.8.8
>                 dns-search home.red
>
>
>     Yes, but what are the windows clients being given by dhcp ?
>
>
>         and /etc/resolv.conf
>         domain HOME
>         search HOME
>         nameserver 192.168.1.100
>         nameserver 8.8.8.8
>
>
>
>     And there is one of of your problems (well several actually)
>     remove the domain line, 'domain' & 'search' are mutually exclusive
>     in resolv.conf, the last one wins.
>     Your dns domain name is not 'HOME', that is your windows
>     workgroup/domain name, replace it with 'home.red'
>     remove the 'nameserver 8.8.8.8' line, it belongs in
>     /etc/bind/named.conf.options as a forwarder.
>
>
>         The bind9 config is not setted, because i did some tests on my
>         work with a configured bind9 server and the result was the
>         same, then i've not tried to set a better configuration:
>         include "/usr/local/samba/private/named.conf";
>         include "/etc/bind/rndc.key";
>
>         controls {
>                 inet 127.0.0.1 port 953
>                 allow { 127.0.0.1; 192.168.1.100; } keys { "rndc-key"; };
>         };
>
>         options {
>                 directory "/var/local/cache/bind";
>                 allow-new-zones yes;
>                 transfers-in 500;
>                 empty-zones-enable yes;
>                 //forwarders { 8.8.8.8; 8.8.4.4; };
>                 recursion yes;
>                 //allow-transfer {"none";};
>                 allow-query { any; };
>                 allow-recursion { any; };
>
>                 dnssec-validation auto;
>
>                 auth-nxdomain no;    # conform to RFC1035
>                 listen-on-v6 { any; };
>
>                 rate-limit {
>                         responses-per-second 5;
>                         #window 5;
>                         #log-only yes;
>                 };
>         };
>
>         zone "." {
>                 type hint;
>                 file "/etc/bind/db.root";
>         };
>
>
>     OK, put the bind9 config files back to what they were.
>     change /etc/bind/named.conf to match this:
>
>     include "/etc/bind/named.conf.options";
>     include "/etc/bind/named.conf.local";
>     include "/etc/bind/named.conf.default-zones";
>     include "/var/lib/samba/private/named.conf";
>
>     NOTE: you will probably have to change the last line because you
>     have compiled samba4 yourself
>
>     change /etc/bind/named.conf.options to match this:
>
>     options {
>             directory "/var/cache/bind";
>
>             // If there is a firewall between you and nameservers you want
>             // to talk to, you may need to fix the firewall to allow
>     multiple
>             // ports to talk.  See http://www.kb.cert.org/vuls/id/800113
>
>             // If your ISP provided one or more IP addresses for stable
>             // nameservers, you probably want to use them as forwarders.
>             // Uncomment the following block, and insert the addresses
>     replacing
>             // the all-0's placeholder.
>
>             forwarders { 8.8.8.8; 8.8.4.4; };
>             //      0.0.0.0;
>             // };
>
>     //========================================================================
>             // If BIND logs error messages about the root key being
>     expired,
>             // you will need to update your keys.  See
>     https://www.isc.org/bind-keys
>     //========================================================================
>             dnssec-validation no;
>
>             auth-nxdomain no;    # conform to RFC1035
>             listen-on-v6 { any; };
>             tkey-gssapi-keytab "/var/lib/samba/private/dns.keytab";
>     };
>
>     Again, you will have to change the 'tkey-gssapi-keytab' line.
>
>     The above is taken from my working machine.
>
>         In the client machine i've configured as DNS the Samba server
>
>
>     Good
>
>
>         Greetings!!
>
>
>         2015-04-18 13:25 GMT+02:00 Rowland Penny
>         <rowlandpenny at googlemail.com
>         <mailto:rowlandpenny at googlemail.com>
>         <mailto:rowlandpenny at googlemail.com
>         <mailto:rowlandpenny at googlemail.com>>>:
>
>
>             On 18/04/15 12:11, Daniel Carrasco Marín wrote:
>
>                 Hi, first of all i'm sorry for my english.
>
>                 I'm doing some tests to migrate a Samba3 domain to
>         Samba4 with
>                 BIND9_DLZ,
>                 but the Domain name in Windows information is not
>         correct. Is
>                 not a problem
>                 because all works as expected, but i wan't to know if i'm
>                 doing something
>                 wrong that can cause problems in future.
>
>                 I've done the tests with this command:
>
>                 samba-tool domain provision --use-rfc2307 --realm=home.red
>                 --domain=HOME
>                 --adminpass="Pass" --server-role=dc
>         --dns-backend=BIND9_DLZ
>                 If i use the samba internal backend then the Domain
>         Name in
>                 Windows is
>                 right (HOME) and machine don't change (machine), but
>         if I use
>                 the BIND9_DLZ
>                 backend then the domain name is changed (home.red) and the
>                 machine name too
>                 (machine.home.red).
>
>                 Samba version is 4.2.1 stable compiled from git, and
>         bind is
>                 the 9.9.7
>                 compiled from source.
>                 I've used this options to compile:
>                 Samba
>                 ./configure --sysconfdir=/etc/samba --bindir=/usr/bin
>                 --sbindir=/usr/sbin
>                 --with-winbind
>
>                 Bind:
>                 ./configure --with-gssapi=/usr/include/gssapi
>         --with-openssl=/usr
>                 --enable-largefile --with-dlopen=yes
>         --sysconfdir=/etc/bind
>                 --bindir=/usr/bin --sbindir=/usr/sbin --enable-threads
>                 --enable-rrl
>
>                 and of course i've included the link to "include
>                 "/usr/local/samba/private/named.conf";" in BIND9
>         named.conf,
>                 and i've
>                 uncommented the right version in that file.
>                 The command "smbclient -L localhost -U%" shows the
>         right info.
>
>                 I'm doing something wrong?.
>                 Can be problematic on future?.
>                 Is there any way to fix it?.
>
>                 Thanks!!
>
>
>             What OS ?
>
>             Do your windows clients get their ipaddresses via dhcp ?
>             and if so, is the dhcp server supplying the domain name ?
>
>             How have you set up bind9 ?
>
>             Rowland
>
>             --     To unsubscribe from this list go to the following
>         URL and read the
>             instructions: https://lists.samba.org/mailman/options/samba
>
>
>
>     -- 
>     To unsubscribe from this list go to the following URL and read the
>     instructions: https://lists.samba.org/mailman/options/samba
>
>



More information about the samba mailing list