[Samba] Upgrading BIND DNS Backend
Anantha Raghava
raghav at exzatechconsulting.com
Thu May 11 17:49:54 UTC 2017
Hello Marc,
The problem is solved. BIND DNS was not listening to 192.168.100.17 on
53 port. I corrected the named.conf to listen on 192.168.100.17 and now
kinit is working properly.
Now all dynamic updates should work.
--
Thanks & Regards,
Anantha Raghava
DISCLAIMER:
This e-mail communication and any attachments may be privileged and
confidential to eXza Technology Consulting & Services, and are intended
only for the use of the recipients named above If you are not the
addressee you may not copy, forward, disclose or use any part of it. If
you have received this message in error, please delete it and all copies
from your system and notify the sender immediately by return e-mail.
Internet communications cannot be guaranteed to be timely, secure, error
or virus-free. The sender does not accept liability for any errors or
omissions.
Do not print this e-mail unless required. Save Paper & trees.
On Thursday 11 May 2017 10:59 PM, Anantha Raghava wrote:
>
> Hello Marc,
>
> Upgrade DNS worked properly as you can see below.
>
> ---------
>
> samba_upgradedns --dns-backend=BIND9_DLZ
> Reading domain information
> DNS accounts already exist
> No zone file /usr/local/samba/private/dns/EXZA.LOCAL.zone
> # is this the culprit?
> DNS records will be automatically created
> DNS partitions already exist
> dns-dc account already exists
> See /usr/local/samba/private/named.conf for an example configuration
> include file for BIND
> and /usr/local/samba/private/named.txt for further documentation
> required for secure DNS updates
>
> ------
>
> My /etc/resolv.conf reads as below.
>
> domain exza.local
> nameserver 192.168.100.17
>
> ping exza.local timesout, nslookup also times out. Whereas ping
> dc.exza.local responds properly and points to 192.168.100.17
>
> smb.conf is shown below.
>
> ---------------
>
> # Global parameters
> [global]
> netbios name = DC
> realm = EXZA.LOCAL
> workgroup = EXZA
> # dns forwarder = 192.168.100.1
> server role = active directory domain controller
> idmap_ldb:use rfc2307 = yes
> server services = -dns
>
> [netlogon]
> path = /usr/local/samba/var/locks/sysvol/exza.local/scripts
> read only = No
>
> [sysvol]
> path = /usr/local/samba/var/locks/sysvol
> read only = No
>
> ------------------------------------
>
> --
>
> Thanks & Regards,
>
>
> Anantha Raghava
>
> eXzaTech Consulting And Services Pvt. Ltd.
>
> Ph: +91-9538849179, E-mail: raghav at exzatechconsulting.com
> <mailto:raghav at exzatechconsulting.com>
>
> URL: http://www.exzatechconsulting.com
> <http://www.exzatechconsulting.com/>
>
>
>
> DISCLAIMER:
> This e-mail communication and any attachments may be privileged and
> confidential to eXza Technology Consulting & Services, and are
> intended only for the use of the recipients named above If you are not
> the addressee you may not copy, forward, disclose or use any part of
> it. If you have received this message in error, please delete it and
> all copies from your system and notify the sender immediately by
> return e-mail. Internet communications cannot be guaranteed to be
> timely, secure, error or virus-free. The sender does not accept
> liability for any errors or omissions.
>
>
> Do not print this e-mail unless required. Save Paper & trees.
>
> On Thursday 11 May 2017 09:25 PM, Marc Muehlfeld wrote:
>> Hi Anantha,
>>
>> Am 11.05.2017 um 17:28 schrieb Anantha Raghava via samba:
>>> [root at dc ~]# samba_dnsupdate --verbose --all-names
>>> ...
>>> Failed to get Kerberos credentials, falling back to samba-tool:
>>> kinit for DC$@EXZA.LOCAL failed (Cannot contact any KDC for
>>> requested realm)
>> > ...
>> > How to fix this issue?
>>
>> Does this Samba DC use an AD DNS server in /etc/resolv.conf to
>> resolve the AD zone? The KDC is located using DNS.
>>
>> Since your previous problem was SELinux related: Have you tested if
>> DNS updates succeed if you temporarily switch to "permissive" mode?
>>
>>
>>
>> Regards,
>> Marc
>
More information about the samba
mailing list