[Samba] samba dlz. bind9 nslookup is wrong
L.P.H. van Belle
belle at bazuin.nl
Mon Aug 5 09:59:30 UTC 2019
That the script isnt running, shows that whats going wrong..
Your resolving.. And then thats also why your kerberos settings are not working.
And, that is what your problem is.
Show this:
cat /etc/hosts
cat /etc/resolv.conf
hostname -f
hostname -d
hostname -s
hostname -A
hostname -I
cat /etc/krb5.conf
The bind setup on my Debian (10) Buster AD-DC's with Bind9_dlz
About same setup as Rowland showed.
This is what i use now:
(named.conf.options)
acl thisserverip {
192.168.0.1;
};
acl all-networks {
192.168.0.0/24;
};
options {
directory "/var/cache/bind";
version "0.0.7";
dnssec-validation no;
listen-on-v6 { "none"; };
listen-on port 53 { "thisserverip"; 127.0.0.1; };
notify no;
minimal-responses yes;
empty-zones-enable yes;
allow-query { "all-networks"; 127.0.0.1/32; };
allow-query-cache { "all-networks"; 127.0.0.1/32; };
allow-recursion { "all-networks"; 127.0.0.1/32; };
// verify where you dns.keytab file is.
// it might be in a different folder.
tkey-gssapi-keytab "/var/lib/samba/bind-dns/dns.keytab";
};
include "/etc/bind/rndc.key";
controls {
inet 127.0.0.1 allow { localhost; } keys { rndc-key;};
};
And named.conf.local
// adding the dlopen ( Bind DLZ ) module for samba, beware, if you using bind9.9 then you need to change this manualy
include "/var/lib/samba/bind-dns/named.conf";
________________________________
Van: Patrik [mailto:alabard at gmail.com]
Verzonden: maandag 5 augustus 2019 11:41
Aan: L.P.H. van Belle
CC: samba at lists.samba.org
Onderwerp: Re: [Samba] samba dlz. bind9 nslookup is wrong
root at server:/# curl -sL https://raw.githubusercontent.com/thctlo/samba4/master/samba-collect-debug-info.sh | bash -
Password for Administrator at P3X-DC.PATRIKX3.COM:
kinit: Password incorrect while getting initial credentials
Wrong password, exiting now.
Patrik
WWW <https://patrikx3.com> | GitHub <https://github.com/patrikx3/> | NPM <https://www.npmjs.com/~patrikx3> | Corifeus <https://corifeus.com> | +36 20 342 8046
On Mon, Aug 5, 2019 at 11:39 AM L.P.H. van Belle via samba <samba at lists.samba.org> wrote:
... From your output below..
>> Uncomment only single database line, depending on your BIND version <<
Then tell uss, why are 3 lines uncommented?
I suggest, run :
https://raw.githubusercontent.com/thctlo/samba4/master/samba-collect-debug-info.sh
Anonimize it where needed, and show me your server setup.
Greetz,
Louis
> -----Oorspronkelijk bericht-----
> Van: samba [mailto:samba-bounces at lists.samba.org] Namens
> Patrik via samba
> Verzonden: maandag 5 augustus 2019 11:31
> Aan: Rowland penny
> CC: sambalist
> Onderwerp: Re: [Samba] samba dlz. bind9 nslookup is wrong
>
> i only added this in the appropriote interface
> include "/var/lib/samba/private/named.conf";
>
> root at server:/# cat /var/lib/samba/private/named.conf
> # This DNS configuration is for BIND 9.8.0 or later with
> dlz_dlopen support.
> #
> # This file should be included in your main BIND configuration file
> #
> # For example with
> # include "/var/lib/samba/private/named.conf";
>
> #
> # This configures dynamically loadable zones (DLZ) from AD schema
> # Uncomment only single database line, depending on your BIND version
> #
> dlz "AD DNS Zone" {
> # For BIND 9.8.x
> # database "dlopen
> /usr/lib/x86_64-linux-gnu/samba/bind9/dlz_bind9.so";
>
> # For BIND 9.9.x
> # database "dlopen
> /usr/lib/x86_64-linux-gnu/samba/bind9/dlz_bind9_9.so";
>
> # For BIND 9.10.x
> # database "dlopen
> /usr/lib/x86_64-linux-gnu/samba/bind9/dlz_bind9_10.so";
>
> # For BIND 9.11.x
> database "dlopen
> /usr/lib/x86_64-linux-gnu/samba/bind9/dlz_bind9_11.so";
> };
>
>
> *I am on Bind 9.11*
>
> *Patrik*
> WWW <https://patrikx3.com> | GitHub
> <https://github.com/patrikx3/> | NPM
> <https://www.npmjs.com/~patrikx3> | Corifeus
> <https://corifeus.com> | +36
> 20 342 8046
>
>
>
>
> On Mon, Aug 5, 2019 at 11:29 AM Patrik <alabard at gmail.com> wrote:
>
> > ok, so i remove that nemd.conf.update, but the rest it looks good?
> >
> > *Patrik*
> > WWW <https://patrikx3.com> | GitHub
> <https://github.com/patrikx3/> | NPM
> > <https://www.npmjs.com/~patrikx3> | Corifeus
> <https://corifeus.com> | +36
> > 20 342 8046
> >
> >
> >
> >
> > On Mon, Aug 5, 2019 at 11:28 AM Rowland penny via samba <
> > samba at lists.samba.org> wrote:
> >
> >> On 05/08/2019 10:14, Patrik wrote:
> >> > I am not using flatfiles and i using BIND_DLZ it shows
> in my log and i
> >> > do not use flatfiles. BIND_DLZ only.
> >>
> >> Oh yes you are, you have this in your /etc/bind/named.conf.local :
> >>
> >> zone "patrikx3.com" {
> >> type master;
> >> file "/etc/bind/zones/enp1s0f3/patrikx3.com";
> >> include "/var/lib/samba/private/named.conf.update";
> >> };
> >>
> >> That means your AD records are being stored in
> >> /etc/bind/zones/enp1s0f3/patrikx3.com and not in AD, this
> is known as
> >> 'flatfile' and is not supported by Samba.
> >>
> >> You also seem to using bind9 as a dns server for domains that have
> >> nothing to do with AD, this is not recommended.
> >>
> >> Rowland
> >>
> >>
> >> --
> >> To unsubscribe from this list go to the following URL and read the
> >> instructions: https://lists.samba.org/mailman/options/samba
> >>
> >
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
>
>
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
More information about the samba
mailing list