[Samba] Samba 4.8.4 + BIND 9.9.4 - possibility of nonsecure DNS updates
Rowland Penny
rpenny at samba.org
Tue Aug 21 10:10:33 UTC 2018
On Tue, 21 Aug 2018 11:31:47 +0200
Jiří Černý via samba <samba at lists.samba.org> wrote:
> > It should work ;-)
> > Can you post your smb.conf and /etc/named.conf files
> > Rowland
>
> Hello Rowland. Of course I can:
> cat /etc/samba/smb.conf
> # Global parameters
> [global]
> workgroup = SVMETAL
> realm = samdom.svmetal.cz
> netbios name = DC01
> server services = -dns
> server role = active directory domain controller
> idmap_ldb:use rfc2307 = yes
> allow dns updates = nonsecure
> log level = 1 dns:3 auth_audit:3
> max log size = 102400
> load printers = no
> printing = bsd
> printcap name = /dev/null
> disable spoolss = yes
> ntlm auth = yes
> ldap server require strong auth = no
>
> [netlogon]
> path = /var/lib/samba/sysvol/samdom.svmetal.cz/scripts
> read only = No
> acl_xattr:ignore system acls = yes
>
> [sysvol]
> path = /var/lib/samba/sysvol
> read only = No
> acl_xattr:ignore system acls = yes
>
>
> cat /etc/named.conf
> # Global Configuration Options
> options {
>
> directory "/var/named";
> notify no;
> empty-zones-enable no;
>
> allow-query { 127.0.0.1; 192.168.0.0/16; };
> allow-recursion { 127.0.0.1; 192.168.0.0/16; };
> forwarders { 8.8.8.8; 8.8.4.4; };
> allow-transfer { none; };
>
> dnssec-validation no;
> dnssec-enable no;
>
> tkey-gssapi-keytab "/var/lib/samba/private/dns.keytab";
> };
>
> include "/var/lib/samba/bind-dns/named.conf";
>
> # Root Servers
> zone "." {
> type hint;
> file "named.root";
> };
>
> # localhost zone
> zone "localhost" {
> type master;
> file "master/localhost.zone";
> };
>
> # 127.0.0. zone.
> zone "0.0.127.in-addr.arpa" {
> type master;
> file "master/0.0.127.zone";
> };
>
There doesn't seem anything wrong there, the only comment I would make,
is '/var/lib/samba/bind-dns/named.conf' pointing to the correct version
of named ?
How did you change to using Bind9 ?
Please post the log where an update fails.
Rowland
More information about the samba
mailing list