[Samba] That domain could not be found

Data Control Systems - Mike Elkevizth mike at datacontrolsystems.com
Mon Aug 1 19:34:17 UTC 2016 

On Mon, Aug 1, 2016 at 12:55 PM, Rowland penny <rpenny at samba.org> wrote:

> On 01/08/16 17:48, Jeff Sadowski wrote:
>
>> I just installed ubuntu-16.04 and followed the instructions I found for
>> it.
>> problems I ran into that way
>> I removed apparmer and I had to use bindflatfile as dlz was not working
>> for
>> me
>>
>
My Samba DCs use the BIND_DLZ backend using the standard Ubuntu packages
with Apparmor enabled.  The relevant config options should be as follows:


/etc/apparmor.d/usr.sbin.named (I think this strays slightly from the
default Ubuntu installation.  I think there is a bug report about it, if I
remember correctly)


...
# /etc/bind should be read-only for bind
# /var/lib/bind is for dynamically updated zone (and journal) files.
# /var/cache/bind is for slave/stub data, since we're not the origin of it.
# See /usr/share/doc/bind9/README.Debian.gz
/etc/bind/** r,
/var/lib/bind/** lrw,
/var/lib/bind/ rw,
/var/cache/bind/** lrw,
/var/cache/bind/ rw,
...



/etc/apparmor.d/local/usr.sbin.named (complete file)


# Site-specific additions and overrides for usr.sbin.named.
# For more details, please see /etc/apparmor.d/local/README.
/usr/lib/x86_64-linux-gnu/ldb/** rwmk,
/usr/lib/x86_64-linux-gnu/samba/** rwmk,
/var/lib/samba/private/dns.keytab r,
/var/lib/samba/private/named.conf r,
/var/lib/samba/private/dns/** rwk,
/run/samba/** rw,
/var/tmp/* rwmk,
/dev/urandom rw,



/etc/bind/named.conf.options

...
include "/var/lib/samba/private/named.conf";
...

options {
...
tkey-gssapi-keytab "/var/lib/samba/private/dns.keytab";
...


/etc/samba/smb.conf
...
server role = active directory domain controller
server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc, drepl, winbindd,
ntp_signd, kcc, dnsupdate
...

And /var/lib/samba/private/dns.keytab should have the following permissions

-rw-r----- 1 root bind 982 May  6 11:07 /var/lib/samba/private/dns.keytab


Hopefully this helps you get it configured properly.

Mike E.



> I got my machine connected. I'll figure out fedora later.
>>
>> I would figure out why dlz doesn't work first, why didn't it work ? what
> error messages did you get ?
>
> Rowland
>
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
>

More information about the samba mailing list