[Samba] samba dlz. bind9 nslookup is wrong
Patrik
alabard at gmail.com
Mon Aug 5 10:52:37 UTC 2019
root at server:~# ./samba-collect-debug-info.sh
Password for Administrator at P3X-DC.PATRIKX3.COM:
Please wait, collecting debug info.
Failed to bind to uuid 50abc2a4-574d-40b3-9d66-ee4fd5fba076 for
ncacn_ip_tcp:192.168.78.20[49152,sign,target_hostname=p3x-dc.patrikx3.com,abstract_syntax=50abc2a4-574d-40b3-9d66-ee4fd5fba076/0x00000005,localaddress=192.168.78.20]
NT_STATUS_INVALID_PARAMETER
ERROR: Connecting to DNS RPC server p3x-dc.patrikx3.com failed with
(3221225485, 'An invalid parameter was passed to a service or function.')
Failed to bind to uuid 50abc2a4-574d-40b3-9d66-ee4fd5fba076 for
ncacn_ip_tcp:192.168.78.20[49152,sign,target_hostname=p3x-dc.patrikx3.com,abstract_syntax=50abc2a4-574d-40b3-9d66-ee4fd5fba076/0x00000005,localaddress=192.168.78.20]
NT_STATUS_INVALID_PARAMETER
ERROR: Connecting to DNS RPC server p3x-dc.patrikx3.com failed with
(3221225485, 'An invalid parameter was passed to a service or function.')
The debug info about your system can be found in this file:
/tmp/samba-debug-info.txt
Please check this and if required, sanitise it.
Then copy & paste it into an email to the samba list
Do not attach it to the email, the Samba mailing list strips attachments.
*The debug:*
root at server:~# cat /tmp/samba-debug-info.txt
Collected config --- 2019-08-05-12:50 -----------
Hostname: server
DNS Domain: patrikx3.com
FQDN: p3x-dc.patrikx3.com
ipaddress: 192.168.81.20 192.168.78.20 172.17.0.1 2001:470:1f1b:5b5::20
2001:470:1f1b:5b5:21b:21ff:fea6:ce92 2001:470:1f1b:5b3::20
2001:470:1f1b:5b3:21b:21ff:fea6:ce93
-----------
Samba is running as an AD DC
-----------
Checking file: /etc/os-release
PRETTY_NAME="Debian GNU/Linux 10 (buster)"
NAME="Debian GNU/Linux"
VERSION_ID="10"
VERSION="10 (buster)"
VERSION_CODENAME=buster
ID=debian
HOME_URL="https://www.debian.org/"
SUPPORT_URL="https://www.debian.org/support"
BUG_REPORT_URL="https://bugs.debian.org/"
-----------
This computer is running Debian 10.0 x86_64
-----------
running command : ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group
default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
inet6 ::1/128 scope host
2: enp1s0f0: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN group
default qlen 1000
link/ether 00:1b:21:a6:ce:90 brd ff:ff:ff:ff:ff:ff
3: enp1s0f1: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN group
default qlen 1000
link/ether 00:1b:21:a6:ce:91 brd ff:ff:ff:ff:ff:ff
4: enp1s0f2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP
group default qlen 1000
link/ether 00:1b:21:a6:ce:92 brd ff:ff:ff:ff:ff:ff
inet 192.168.81.20/24 brd 192.168.81.255 scope global dynamic enp1s0f2
valid_lft 74962sec preferred_lft 74962sec
inet6 2001:470:1f1b:5b5::20/128 scope global
inet6 2001:470:1f1b:5b5:21b:21ff:fea6:ce92/64 scope global dynamic
mngtmpaddr
inet6 fe80::21b:21ff:fea6:ce92/64 scope link
5: enp3s0: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN group
default qlen 1000
link/ether ec:aa:a0:1b:4d:84 brd ff:ff:ff:ff:ff:ff
6: enp1s0f3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP
group default qlen 1000
link/ether 00:1b:21:a6:ce:93 brd ff:ff:ff:ff:ff:ff
inet 192.168.78.20/24 brd 192.168.78.255 scope global dynamic enp1s0f3
valid_lft 74962sec preferred_lft 74962sec
inet6 2001:470:1f1b:5b3::20/128 scope global
inet6 2001:470:1f1b:5b3:21b:21ff:fea6:ce93/64 scope global dynamic
mngtmpaddr
inet6 fe80::21b:21ff:fea6:ce93/64 scope link
7: docker0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue
state DOWN group default
link/ether 02:42:ed:55:77:ae brd ff:ff:ff:ff:ff:ff
inet 172.17.0.1/16 brd 172.17.255.255 scope global docker0
-----------
Checking file: /etc/hosts
127.0.0.1 localhost
192.168.78.20 p3x-dc.patrikx3.com p3x-dc server
# The following lines are desirable for IPv6 capable hosts
::1 localhost ip6-localhost ip6-loopback
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters
192.168.78.20 npm.patrikx3.com
#127.0.0.1 patrikx3.com
#127.0.0.1 www.patrikx3.com
#127.0.0.1 server.patrikx3.com server
#127.0.0.1 mail.patrikx3.com
#127.0.0.1 redis.patrikx3.com
#127.0.0.1 git.patrikx3.com
#127.0.0.1 mysql.patrikx3.com
#127.0.0.1 address-book.patrikx3.com
#127.0.0.1 afraid.patrikx3.com
#127.0.0.1 blog.patrikx3.com
#127.0.0.1 fortune-cookie.patrikx3.com
#127.0.0.1 github.patrikx3.com
#127.0.0.1 gitlist.patrikx3.com
#127.0.0.1 joomla.patrikx3.com
#127.0.0.1 stats.patrikx3.com
#127.0.0.1 sync.patrikx3.com
#127.0.0.1 test.patrikx3.com
#127.0.0.1 torrent.patrikx3.com
#127.0.0.1 webhook.patrikx3.com
#127.0.0.1 ipv6.patrikx3.com
#127.0.0.1 digi.router.patrikx3.com
#127.0.0.1 upc.router.patrikx3.com
#127.0.0.1 d-link.router.patrikx3.com
#127.0.0.1 corifeus.com
#127.0.0.1 www.corifeus.com
#127.0.0.1 pages.corifeus.com
#127.0.0.1 material.corifeus.com
#127.0.0.1 cdn.corifeus.com
-----------
Checking file: /etc/resolv.conf
search patrikx3.com
search corifeus.com
search p3x-dc.patrikx3.com
nameserver 192.168.78.20
nameserver 2001:470:1f1b:5b3:21b:21ff:fea6:ce93
-----------
Checking file: /etc/krb5.conf
[libdefaults]
default_realm = P3X-DC.PATRIKX3.COM
dns_lookup_realm = false
dns_lookup_kdc = true
-----------
Checking file: /etc/nsswitch.conf
# /etc/nsswitch.conf
#
# Example configuration of GNU Name Service Switch functionality.
# If you have the `glibc-doc-reference' and `info' packages installed, try:
# `info libc "Name Service Switch"' for information about this file.
passwd: files ldap systemd
group: files ldap systemd
shadow: files ldap
gshadow: files
hosts: files dns
networks: files
protocols: db files
services: db files
ethers: db files
rpc: db files
netgroup: nis
-----------
Checking file: /etc/samba/smb.conf
# Global parameters
[global]
bind interfaces only = yes
# if this is turned on, always perfect
# interfaces = lo 192.168.78.20 2001:470:1f1b:5b3:21b:21ff:fea6:ce93
# interfaces = lo 192.168.78.20 2001:470:1f1b:5b3:21b:21ff:fea6:ce93
192.168.81.20 2001:470:1f1b:5b5:21b:21ff:fea6:ce92
# interfaces = lo 192.168.81.20 2001:470:1f1b:5b5:21b:21ff:fea6:ce92
# if all interfaces known, order is important, the last is the required
# interfaces = lo 192.168.78.20 192.168.81.20
interfaces = lo enp1s0f3
netbios name = SERVER
realm = P3X-DC.PATRIKX3.COM
# server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc, drepl,
winbindd, ntp_signd, kcc, dnsupdate
server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc, drepl, winbindd,
ntp_signd, kcc
workgroup = P3X-DC
allow insecure wide links = Yes
# before was working
unix extensions = no
server role = active directory domain controller
idmap_ldb:use rfc2307 = yes
comment =
# log level = 3
template shell = /bin/bash
template homedir = /home/%U
[netlogon]
path = /var/lib/samba/sysvol/p3x-dc.patrikx3.com/scripts
read only = No
[sysvol]
path = /var/lib/samba/sysvol
read only = No
[media]
path = /media
read only = no
guest ok = no
force group = media
writable = yes
[mounts]
path = /mnt
read only = no
guest ok = no
force group = mount
writable = yes
[router-logs]
path = /var/log-router
read only = yes
guest ok = yes
writable = no
browseable = yes
# valid users = router
force user = root
follow symlinks = yes
wide links = yes
-----------
Detected bind DLZ enabled..
Checking file: /etc/bind/named.conf
// This is the primary configuration file for the BIND DNS server named.
//
// Please read /usr/share/doc/bind9/README.Debian.gz for information on the
// structure of BIND configuration files in Debian, *BEFORE* you customize
// this configuration file.
//
// If you are just adding zones, please do that in
/etc/bind/named.conf.local
//logging {
// category lame-servers { null; };
// channel security_file {
// file "/var/log/named/security.log" versions 3 size 30m;
// severity dynamic;
// print-time yes;
// };
// category security {
// security_file;
// };
//};
logging {
channel default_file {
file "/var/log/named/default.log" versions 3 size 5m;
severity dynamic;
print-time yes;
};
channel general_file {
file "/var/log/named/general.log" versions 3 size 5m;
severity dynamic;
print-time yes;
};
channel database_file {
file "/var/log/named/database.log" versions 3 size 5m;
severity dynamic;
print-time yes;
};
channel security_file {
file "/var/log/named/security.log" versions 3 size 5m;
severity dynamic;
print-time yes;
};
channel config_file {
file "/var/log/named/config.log" versions 3 size 5m;
severity dynamic;
print-time yes;
};
channel resolver_file {
file "/var/log/named/resolver.log" versions 3 size 5m;
severity dynamic;
print-time yes;
};
channel xfer-in_file {
file "/var/log/named/xfer-in.log" versions 3 size 5m;
severity dynamic;
print-time yes;
};
channel xfer-out_file {
file "/var/log/named/xfer-out.log" versions 3 size 5m;
severity dynamic;
print-time yes;
};
channel notify_file {
file "/var/log/named/notify.log" versions 3 size 5m;
severity dynamic;
print-time yes;
};
channel client_file {
file "/var/log/named/client.log" versions 3 size 5m;
severity dynamic;
print-time yes;
};
channel unmatched_file {
file "/var/log/named/unmatched.log" versions 3 size 5m;
severity dynamic;
print-time yes;
};
channel queries_file {
file "/var/log/named/queries.log" versions 3 size 5m;
severity dynamic;
print-time yes;
};
channel network_file {
file "/var/log/named/network.log" versions 3 size 5m;
severity dynamic;
print-time yes;
};
channel update_file {
file "/var/log/named/update.log" versions 3 size 5m;
severity dynamic;
print-time yes;
};
channel dispatch_file {
file "/var/log/named/dispatch.log" versions 3 size 5m;
severity dynamic;
print-time yes;
};
channel dnssec_file {
file "/var/log/named/dnssec.log" versions 3 size 5m;
severity dynamic;
print-time yes;
};
channel lame-servers_file {
file "/var/log/named/lame-servers.log" versions 3 size 5m;
severity dynamic;
print-time yes;
};
category default { default_file; };
category general { general_file; };
category database { database_file; };
category security { security_file; };
category config { config_file; };
category resolver { resolver_file; };
category xfer-in { xfer-in_file; };
category xfer-out { xfer-out_file; };
category notify { notify_file; };
category client { client_file; };
category unmatched { unmatched_file; };
category queries { queries_file; };
category network { network_file; };
category update { update_file; };
category dispatch { dispatch_file; };
category dnssec { dnssec_file; };
category lame-servers { lame-servers_file; };
};
acl "internal-enp1s0f3" {
// !192.168.78.1;
// 172.19.13.0/24;
// router
192.168.78.0/24;
2001:470:1f1b:5b3::/64;
192.168.99.0/24;
// openvpn
192.168.17.0/24;
172.17.0.1;
localhost;
// remote openvpn lan
192.168.70.0/24;
// fe80::/10;
};
acl "internal-enp1s0f2" {
// !192.168.81.1;
// 172.19.13.0/24;
// router
192.168.81.0/24;
2001:470:1f1b:5b5::/64;
192.168.99.0/24;
// openvpn
192.168.18.0/24;
// fe80::/10;
172.17.0.1;
};
acl "xfer" {
192.168.78.0/24;
2001:470:1f1b:5b3::/64;
192.168.99.0/24;
192.168.17.0/24;
localhost;
// 192.168.81.0/24;
// 2001:470:1f1b:5b5::/64;
// 192.168.18.0/24;
172.17.0.1;
192.168.70.0/24;
};
key signed_comms { algorithm hmac-md5; secret "X8CJzryfpSClCT72/VQJNw=="; };
server 192.168.78.20 {
transfer-format many-answers;
keys { signed_comms.; };
};
server 192.168.81.20 {
transfer-format many-answers;
keys { signed_comms.; };
};
include "/etc/bind/named.conf.options";
include "/etc/bind/named.conf.local";
//include "/var/lib/samba/private/named.conf";
-----------
Checking file: /etc/bind/named.conf.options
options {
directory "/var/cache/bind";
// max-cache-size 1024m;
// rate-limit {
// responses-per-second 10;
// log-only no;
// };
tkey-gssapi-keytab "/var/lib/samba/private/dns.keytab";
minimal-responses yes;
// If there is a firewall between you and nameservers you want
// to talk to, you may need to fix the firewall to allow multiple
// ports to talk. See http://www.kb.cert.org/vuls/id/800113
// If your ISP provided one or more IP addresses for stable
// nameservers, you probably want to use them as forwarders.
// Uncomment the following block, and insert the addresses replacing
// the all-0's placeholder.
// forwarders {
// 0.0.0.0;
// };
forwarders {
8.8.8.8;
8.8.4.4;
// 0.0.0.0;
};
forward only;
//========================================================================
// If BIND logs error messages about the root key being expired,
// you will need to update your keys. See https://www.isc.org/bind-keys
//========================================================================
// dnssec-validation auto;
dnssec-enable yes;
dnssec-validation yes;
auth-nxdomain no; # conform to RFC1035
listen-on-v6 { any; };
// listen-on-v6 { 2001:470:1f1b:5b3::/64; };
// listen-on { 192.168.78.20; 127.0.0.1; };
};
-----------
Checking file: /etc/bind/named.conf.local
// Consider adding the 1918 zones here, if they are not used in your
// organization
//include "/etc/bind/zones.rfc1918";
// the order is important!!!! first internal, then external!!!
view "internal-enp1s0f3" {
match-clients { "internal-enp1s0f3"; };
match-recursive-only yes;
recursion yes;
allow-recursion { "internal-enp1s0f3"; };
notify yes;
allow-update { none; };
allow-query { any; };
allow-transfer { xfer; };
include "/etc/bind/named.conf.default-zones";
zone "patrikx3.com" {
type master;
file "/etc/bind/zones/enp1s0f3/patrikx3.com";
// include "/var/lib/samba/private/named.conf.update";
};
zone "corifeus.com" {
type master;
file "/etc/bind/zones/enp1s0f3/corifeus.com";
};
zone "gitlist.tk" {
type master;
file "/etc/bind/zones/enp1s0f3/gitlist.tk";
};
zone "albafructus.eu" {
type master;
file "/etc/bind/zones/enp1s0f3/albafructus.eu";
};
zone "fruitinfo.hu" {
type master;
file "/etc/bind/zones/enp1s0f3/fruitinfo.hu";
};
zone "venyimgyumolcse.hu" {
type master;
file "/etc/bind/zones/enp1s0f3/venyimgyumolcse.hu";
};
include "/var/lib/samba/private/named.conf";
};
view "internal-enp1s0f2" {
match-clients { "internal-enp1s0f2"; };
match-recursive-only yes;
recursion yes;
allow-recursion { "internal-enp1s0f2"; };
notify yes;
allow-update { none; };
allow-query { any; };
allow-transfer { xfer; };
include "/etc/bind/named.conf.default-zones";
zone "patrikx3.com" {
type master;
file "/etc/bind/zones/enp1s0f2/patrikx3.com";
// include "/var/lib/samba/private/named.conf.update";
};
zone "corifeus.com" {
type master;
file "/etc/bind/zones/enp1s0f2/corifeus.com";
};
zone "gitlist.tk" {
type master;
file "/etc/bind/zones/enp1s0f2/gitlist.tk";
};
zone "albafructus.eu" {
type master;
file "/etc/bind/zones/enp1s0f2/albafructus.eu";
};
zone "fruitinfo.hu" {
type master;
file "/etc/bind/zones/enp1s0f2/fruitinfo.hu";
};
zone "venyimgyumolcse.hu" {
type master;
file "/etc/bind/zones/enp1s0f2/venyimgyumolcse.hu";
};
// include "/var/lib/samba/private/named.conf";
};
view "external" {
match-clients { any; };
recursion no;
additional-from-auth no;
additional-from-cache no;
// allow-transfer { any; }; // temporarily allowed for debugging purposes
allow-transfer { none; };
// zone "namesystem.tk" IN {
// type master;
// file "/etc/bind/zones/external.namesystem.tk";
// };
};
-----------
Checking file: /etc/bind/named.conf.default-zones
// prime the server with knowledge of the root servers
zone "." {
type hint;
file "/usr/share/dns/root.hints";
};
// be authoritative for the localhost forward and reverse zones, and for
// broadcast zones as per RFC 1912
zone "localhost" {
type master;
file "/etc/bind/db.local";
};
zone "127.in-addr.arpa" {
type master;
file "/etc/bind/db.127";
};
zone "0.in-addr.arpa" {
type master;
file "/etc/bind/db.0";
};
zone "255.in-addr.arpa" {
type master;
file "/etc/bind/db.255";
};
-----------
Samba DNS zone list:
Samba DNS zone list Automated check :
Installed packages:
ii attr 1:2.4.48-4
amd64 utilities for manipulating filesystem extended attributes
ii bind9 1:9.11.5.P4+dfsg-5.1
amd64 Internet Domain Name Server
ii bind9-doc 1:9.11.5.P4+dfsg-5.1
all Documentation for BIND
ii bind9-host 1:9.11.5.P4+dfsg-5.1
amd64 DNS lookup utility (deprecated)
ii bind9utils 1:9.11.5.P4+dfsg-5.1
amd64 Utilities for BIND
ii krb5-config 2.6
all Configuration files for Kerberos Version 5
ii krb5-locales 1.17-3
all internationalization support for MIT Kerberos
ii krb5-user 1.17-3
amd64 basic programs to authenticate using MIT Kerberos
ii libacl1:amd64 2.2.53-4
amd64 access control list - shared library
ii libacl1-dev:amd64 2.2.53-4
amd64 access control list - static libraries and headers
ii libattr1:amd64 1:2.4.48-4
amd64 extended attribute handling - shared library
ii libattr1-dev:amd64 1:2.4.48-4
amd64 extended attributes handling - static libraries and headers
ii libbind9-140:amd64 1:9.10.3.dfsg.P4-12.6
amd64 BIND9 Shared Library used by BIND
ii libbind9-160:amd64 1:9.11.4.P2+dfsg-3
amd64 BIND9 Shared Library used by BIND
ii libbind9-161:amd64 1:9.11.5.P4+dfsg-5.1
amd64 BIND9 Shared Library used by BIND
ii libcrypt-smbhash-perl 0.12-4
all generate LM/NT hash of a password for samba
ii libgssapi-krb5-2:amd64 1.17-3
amd64 MIT Kerberos runtime libraries - krb5 GSS-API Mechanism
ii libkrb5-3:amd64 1.17-3
amd64 MIT Kerberos runtime libraries
ii libkrb5support0:amd64 1.17-3
amd64 MIT Kerberos runtime libraries - Support library
ii libsmbclient:amd64 2:4.9.5+dfsg-5
amd64 shared library for communication with SMB/CIFS servers
ii libwbclient0:amd64 2:4.9.5+dfsg-5
amd64 Samba winbind client library
ii phpunit-object-reflector 1.1.1-2
all reflection of object attributes - PHPUnit component
ii python-samba 2:4.9.5+dfsg-5
amd64 Python bindings for Samba
ii samba 2:4.9.5+dfsg-5
amd64 SMB/CIFS file, print, and login server for Unix
ii samba-common 2:4.9.5+dfsg-5
all common files used by both the Samba server and client
ii samba-common-bin 2:4.9.5+dfsg-5
amd64 Samba common files used by both the server and the client
ii samba-dsdb-modules:amd64 2:4.9.5+dfsg-5
amd64 Samba Directory Services Database
ii samba-libs:amd64 2:4.9.5+dfsg-5
amd64 Samba core libraries
ii samba-vfs-modules:amd64 2:4.9.5+dfsg-5
amd64 Samba Virtual FileSystem plugins
ii smbclient 2:4.9.5+dfsg-5
amd64 command-line SMB/CIFS clients for Unix
ii winbind 2:4.9.5+dfsg-5
amd64 service to resolve user and group information from Windows NT
servers
*Patrik*
WWW <https://patrikx3.com> | GitHub <https://github.com/patrikx3/> | NPM
<https://www.npmjs.com/~patrikx3> | Corifeus <https://corifeus.com> | +36
20 342 8046
On Mon, Aug 5, 2019 at 11:39 AM L.P.H. van Belle via samba <
samba at lists.samba.org> wrote:
>
>
> ... From your output below..
> >> Uncomment only single database line, depending on your BIND version
> <<
>
> Then tell uss, why are 3 lines uncommented?
>
> I suggest, run :
>
> https://raw.githubusercontent.com/thctlo/samba4/master/samba-collect-debug-info.sh
>
> Anonimize it where needed, and show me your server setup.
>
>
> Greetz,
>
> Louis
>
>
> > -----Oorspronkelijk bericht-----
> > Van: samba [mailto:samba-bounces at lists.samba.org] Namens
> > Patrik via samba
> > Verzonden: maandag 5 augustus 2019 11:31
> > Aan: Rowland penny
> > CC: sambalist
> > Onderwerp: Re: [Samba] samba dlz. bind9 nslookup is wrong
> >
> > i only added this in the appropriote interface
> > include "/var/lib/samba/private/named.conf";
> >
> > root at server:/# cat /var/lib/samba/private/named.conf
> > # This DNS configuration is for BIND 9.8.0 or later with
> > dlz_dlopen support.
> > #
> > # This file should be included in your main BIND configuration file
> > #
> > # For example with
> > # include "/var/lib/samba/private/named.conf";
> >
> > #
> > # This configures dynamically loadable zones (DLZ) from AD schema
> > # Uncomment only single database line, depending on your BIND version
> > #
> > dlz "AD DNS Zone" {
> > # For BIND 9.8.x
> > # database "dlopen
> > /usr/lib/x86_64-linux-gnu/samba/bind9/dlz_bind9.so";
> >
> > # For BIND 9.9.x
> > # database "dlopen
> > /usr/lib/x86_64-linux-gnu/samba/bind9/dlz_bind9_9.so";
> >
> > # For BIND 9.10.x
> > # database "dlopen
> > /usr/lib/x86_64-linux-gnu/samba/bind9/dlz_bind9_10.so";
> >
> > # For BIND 9.11.x
> > database "dlopen
> > /usr/lib/x86_64-linux-gnu/samba/bind9/dlz_bind9_11.so";
> > };
> >
> >
> > *I am on Bind 9.11*
> >
> > *Patrik*
> > WWW <https://patrikx3.com> | GitHub
> > <https://github.com/patrikx3/> | NPM
> > <https://www.npmjs.com/~patrikx3> | Corifeus
> > <https://corifeus.com> | +36
> > 20 342 8046
> >
> >
> >
> >
> > On Mon, Aug 5, 2019 at 11:29 AM Patrik <alabard at gmail.com> wrote:
> >
> > > ok, so i remove that nemd.conf.update, but the rest it looks good?
> > >
> > > *Patrik*
> > > WWW <https://patrikx3.com> | GitHub
> > <https://github.com/patrikx3/> | NPM
> > > <https://www.npmjs.com/~patrikx3> | Corifeus
> > <https://corifeus.com> | +36
> > > 20 342 8046
> > >
> > >
> > >
> > >
> > > On Mon, Aug 5, 2019 at 11:28 AM Rowland penny via samba <
> > > samba at lists.samba.org> wrote:
> > >
> > >> On 05/08/2019 10:14, Patrik wrote:
> > >> > I am not using flatfiles and i using BIND_DLZ it shows
> > in my log and i
> > >> > do not use flatfiles. BIND_DLZ only.
> > >>
> > >> Oh yes you are, you have this in your /etc/bind/named.conf.local :
> > >>
> > >> zone "patrikx3.com" {
> > >> type master;
> > >> file "/etc/bind/zones/enp1s0f3/patrikx3.com";
> > >> include "/var/lib/samba/private/named.conf.update";
> > >> };
> > >>
> > >> That means your AD records are being stored in
> > >> /etc/bind/zones/enp1s0f3/patrikx3.com and not in AD, this
> > is known as
> > >> 'flatfile' and is not supported by Samba.
> > >>
> > >> You also seem to using bind9 as a dns server for domains that have
> > >> nothing to do with AD, this is not recommended.
> > >>
> > >> Rowland
> > >>
> > >>
> > >> --
> > >> To unsubscribe from this list go to the following URL and read the
> > >> instructions: https://lists.samba.org/mailman/options/samba
> > >>
> > >
> > --
> > To unsubscribe from this list go to the following URL and read the
> > instructions: https://lists.samba.org/mailman/options/samba
> >
> >
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
>
More information about the samba
mailing list