[Samba] Internal DNS migrate to Bind9_DLZ
Rowland Penny
rpenny at samba.org
Mon Jul 30 14:15:24 UTC 2018
On Mon, 30 Jul 2018 15:42:45 +0200
Eben Victor <eben.victor at gmail.com> wrote:
> Hello Rowland,
>
> selinux has been disabled, I also ran th follow
>
> # systemctl stop sernet-samba-ad
> # samba_upgradedns --dns-backend=BIND9_DLZ
> # named -d3 -f -g -u named
>
> Which then still fails, see below smb.conf
>
> [global]
> workgroup = DOMAIN
> realm = DOMAIN.CORP
> netbios name = PDC
> server role = active directory domain controller
> idmap_ldb:use rfc2307 = yes
> idmap config * : range = 3000-7999
> winbind offline logon = Yes
> guest account = nobody
> restrict anonymous = 1
> winbind max clients = 2000
> log level = 2
> ldap server require strong auth = no
> ntlm auth = mschapv2-and-ntlmv2-only
> template homedir = /home/%D/%U
> template shell = /bin/bash
> interfaces = lo ens192
> bind interfaces only = yes
> server services = -dns
> max xmit = 65535
> dead time = 15
>
> # Disable printer share
> load printers = No
> printcap name = /dev/null
> disable spoolss = Yes
>
> # Enable domain TLS
> tls enabled = yes
> tls keyfile = tls/key.pem
> tls certfile = tls/cert.pem
> tls cafile = tls/ca.pem
>
> [netlogon]
> path = /var/lib/samba/sysvol/domain.corp/scripts
> read only = Yes
>
> [sysvol]
> path = /var/lib/samba/sysvol
> read only = Yes
>
Before I comment, can I ask a general question ?
Does anybody read the Samba wiki and/or man smb.conf ????
If I remove all the default options and lines that shouldn't be there
(as in 'winbind offline logon = Yes', really, on a DC ?), I get this:
[global]
workgroup = DOMAIN
realm = DOMAIN.CORP
netbios name = PDC
server role = active directory domain controller
idmap_ldb:use rfc2307 = yes
log level = 2
ldap server require strong auth = no
ntlm auth = mschapv2-and-ntlmv2-only
template shell = /bin/bash
interfaces = lo ens192
bind interfaces only = yes
server services = -dns
# Disable printer share
load printers = No
printcap name = /dev/null
disable spoolss = Yes
[netlogon]
path = /var/lib/samba/sysvol/domain.corp/scripts
read only = Yes
[sysvol]
path = /var/lib/samba/sysvol
read only = Yes
However, even with the smb.conf that is in use, there doesn't seem to
be any reason why it isn't working. The only other thing I can think of
is, what version of ldb is installed ?
Rowland
More information about the samba
mailing list