[Samba] Internal DNS migrate to Bind9_DLZ

Rowland Penny rpenny at samba.org
Mon Jul 30 14:15:24 UTC 2018 

On Mon, 30 Jul 2018 15:42:45 +0200
Eben Victor <eben.victor at gmail.com> wrote:

> Hello Rowland,
> 
> selinux has been disabled, I also ran th follow
> 
> # systemctl stop sernet-samba-ad
> # samba_upgradedns --dns-backend=BIND9_DLZ
> # named -d3 -f -g -u named
> 
> Which then still fails, see below smb.conf
> 
> [global]
>         workgroup = DOMAIN
>         realm = DOMAIN.CORP
>         netbios name = PDC
>         server role = active directory domain controller
>         idmap_ldb:use rfc2307 = yes
>         idmap config * : range = 3000-7999
>         winbind offline logon = Yes
>         guest account = nobody
>         restrict anonymous = 1
>         winbind max clients = 2000
>         log level = 2
>         ldap server require strong auth = no
>         ntlm auth = mschapv2-and-ntlmv2-only
>         template homedir = /home/%D/%U
>         template shell = /bin/bash
>         interfaces = lo ens192
>         bind interfaces only = yes
>        server services = -dns
>         max xmit = 65535
>         dead time = 15
> 
> # Disable printer share
>         load printers = No
>         printcap name = /dev/null
>         disable spoolss = Yes
> 
> # Enable domain TLS
>         tls enabled  = yes
>         tls keyfile  = tls/key.pem
>         tls certfile = tls/cert.pem
>         tls cafile   = tls/ca.pem
> 
> [netlogon]
>         path = /var/lib/samba/sysvol/domain.corp/scripts
>         read only = Yes
> 
> [sysvol]
>         path = /var/lib/samba/sysvol
>         read only = Yes
>

Before I comment, can I ask a general question ?

Does anybody read the Samba wiki and/or man smb.conf ????

If I remove all the default options and lines that shouldn't be there
(as in 'winbind offline logon = Yes', really, on a DC ?), I get this:

[global]
        workgroup = DOMAIN
        realm = DOMAIN.CORP
        netbios name = PDC
        server role = active directory domain controller
        idmap_ldb:use rfc2307 = yes
        log level = 2
        ldap server require strong auth = no
        ntlm auth = mschapv2-and-ntlmv2-only
        template shell = /bin/bash
        interfaces = lo ens192
        bind interfaces only = yes
        server services = -dns

# Disable printer share
        load printers = No
        printcap name = /dev/null
        disable spoolss = Yes

[netlogon]
        path = /var/lib/samba/sysvol/domain.corp/scripts
        read only = Yes

[sysvol]
        path = /var/lib/samba/sysvol
        read only = Yes

However, even with the smb.conf that is in use, there doesn't seem to
be any reason why it isn't working. The only other thing I can think of
is, what version of ldb is installed ?

Rowland

More information about the samba mailing list