[Samba] Internal DNS migrate to Bind9_DLZ

Eben Victor eben.victor at gmail.com
Mon Jul 30 20:50:04 UTC 2018 

Hello Rowland,

Please see below installed samba packages.

# rpm -qa | grep samba
sernet-samba-client-4.8.3-11.el7.x86_64
sernet-samba-common-4.8.3-11.el7.x86_64
sernet-samba-libsmbclient0-4.8.3-11.el7.x86_64
sernet-samba-4.8.3-11.el7.x86_64
sernet-samba-ad-4.8.3-11.el7.x86_64
sernet-samba-libs-4.8.3-11.el7.x86_64
sernet-samba-winbind-4.8.3-11.el7.x86_64

ldb is installed with the samba packages.

Kind Regards

On Mon, Jul 30, 2018 at 4:16 PM Rowland Penny via samba <
samba at lists.samba.org> wrote:

> On Mon, 30 Jul 2018 15:42:45 +0200
> Eben Victor <eben.victor at gmail.com> wrote:
>
> > Hello Rowland,
> >
> > selinux has been disabled, I also ran th follow
> >
> > # systemctl stop sernet-samba-ad
> > # samba_upgradedns --dns-backend=BIND9_DLZ
> > # named -d3 -f -g -u named
> >
> > Which then still fails, see below smb.conf
> >
> > [global]
> >         workgroup = DOMAIN
> >         realm = DOMAIN.CORP
> >         netbios name = PDC
> >         server role = active directory domain controller
> >         idmap_ldb:use rfc2307 = yes
> >         idmap config * : range = 3000-7999
> >         winbind offline logon = Yes
> >         guest account = nobody
> >         restrict anonymous = 1
> >         winbind max clients = 2000
> >         log level = 2
> >         ldap server require strong auth = no
> >         ntlm auth = mschapv2-and-ntlmv2-only
> >         template homedir = /home/%D/%U
> >         template shell = /bin/bash
> >         interfaces = lo ens192
> >         bind interfaces only = yes
> >        server services = -dns
> >         max xmit = 65535
> >         dead time = 15
> >
> > # Disable printer share
> >         load printers = No
> >         printcap name = /dev/null
> >         disable spoolss = Yes
> >
> > # Enable domain TLS
> >         tls enabled  = yes
> >         tls keyfile  = tls/key.pem
> >         tls certfile = tls/cert.pem
> >         tls cafile   = tls/ca.pem
> >
> > [netlogon]
> >         path = /var/lib/samba/sysvol/domain.corp/scripts
> >         read only = Yes
> >
> > [sysvol]
> >         path = /var/lib/samba/sysvol
> >         read only = Yes
> >
>
> Before I comment, can I ask a general question ?
>
> Does anybody read the Samba wiki and/or man smb.conf ????
>
> If I remove all the default options and lines that shouldn't be there
> (as in 'winbind offline logon = Yes', really, on a DC ?), I get this:
>
> [global]
>         workgroup = DOMAIN
>         realm = DOMAIN.CORP
>         netbios name = PDC
>         server role = active directory domain controller
>         idmap_ldb:use rfc2307 = yes
>         log level = 2
>         ldap server require strong auth = no
>         ntlm auth = mschapv2-and-ntlmv2-only
>         template shell = /bin/bash
>         interfaces = lo ens192
>         bind interfaces only = yes
>         server services = -dns
>
> # Disable printer share
>         load printers = No
>         printcap name = /dev/null
>         disable spoolss = Yes
>
> [netlogon]
>         path = /var/lib/samba/sysvol/domain.corp/scripts
>         read only = Yes
>
> [sysvol]
>         path = /var/lib/samba/sysvol
>         read only = Yes
>
> However, even with the smb.conf that is in use, there doesn't seem to
> be any reason why it isn't working. The only other thing I can think of
> is, what version of ldb is installed ?
>
> Rowland
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
>


-- 
Eben Victor
Cell:  +27 82 759 5266
Email: eben.victor at gmail.com

More information about the samba mailing list