[Samba] samba dlz. bind9 nslookup is wrong
Patrik
alabard at gmail.com
Mon Aug 5 10:56:45 UTC 2019
I have know idea why i get this 192.168.81.120 and
2001:470:1f1b:5b5:eeaa:a0ff:fe1b:4d84
- these are the business interface and is not turned on, in smb.conf it
says interfaces = lo enp1s0f3 , which is the 192.168.78.0/24 subent.
root at server:~# cat /etc/resolv.conf
search patrikx3.com
search corifeus.com
search p3x-dc.patrikx3.com
nameserver 192.168.78.20
nameserver 2001:470:1f1b:5b3:21b:21ff:fea6:ce93
root at server:~# hostname -f
p3x-dc.patrikx3.com
root at server:~# hostname -d
patrikx3.com
root at server:~# hostname -s
server
root at server:~# hostname -A
p3x-dc.patrikx3.com patrikx3.com
root at server:~# hostname -I
192.168.81.20 192.168.78.20 172.17.0.1 2001:470:1f1b:5b5::20
2001:470:1f1b:5b5:21b:21ff:fea6:ce92 2001:470:1f1b:5b3::20
2001:470:1f1b:5b3:21b:21ff:fea6:ce93
root at server:~#
root at server:~# cat /etc/krb5.conf
[libdefaults]
default_realm = P3X-DC.PATRIKX3.COM
dns_lookup_realm = false
dns_lookup_kdc = true
*Patrik*
WWW <https://patrikx3.com> | GitHub <https://github.com/patrikx3/> | NPM
<https://www.npmjs.com/~patrikx3> | Corifeus <https://corifeus.com> | +36
20 342 8046
On Mon, Aug 5, 2019 at 12:00 PM L.P.H. van Belle via samba <
samba at lists.samba.org> wrote:
> That the script isnt running, shows that whats going wrong..
> Your resolving.. And then thats also why your kerberos settings are not
> working.
>
> And, that is what your problem is.
> Show this:
>
> cat /etc/hosts
> cat /etc/resolv.conf
> hostname -f
> hostname -d
> hostname -s
> hostname -A
> hostname -I
>
> cat /etc/krb5.conf
>
> The bind setup on my Debian (10) Buster AD-DC's with Bind9_dlz
> About same setup as Rowland showed.
>
> This is what i use now:
> (named.conf.options)
>
> acl thisserverip {
> 192.168.0.1;
> };
> acl all-networks {
> 192.168.0.0/24;
> };
>
> options {
> directory "/var/cache/bind";
> version "0.0.7";
> dnssec-validation no;
>
> listen-on-v6 { "none"; };
> listen-on port 53 { "thisserverip"; 127.0.0.1; };
> notify no;
>
> minimal-responses yes;
> empty-zones-enable yes;
>
> allow-query { "all-networks"; 127.0.0.1/32; };
> allow-query-cache { "all-networks"; 127.0.0.1/32; };
> allow-recursion { "all-networks"; 127.0.0.1/32; };
> // verify where you dns.keytab file is.
> // it might be in a different folder.
> tkey-gssapi-keytab "/var/lib/samba/bind-dns/dns.keytab";
> };
>
> include "/etc/bind/rndc.key";
> controls {
> inet 127.0.0.1 allow { localhost; } keys { rndc-key;};
> };
>
>
> And named.conf.local
> // adding the dlopen ( Bind DLZ ) module for samba, beware, if you using
> bind9.9 then you need to change this manualy
> include "/var/lib/samba/bind-dns/named.conf";
>
>
>
> ________________________________
>
> Van: Patrik [mailto:alabard at gmail.com]
> Verzonden: maandag 5 augustus 2019 11:41
> Aan: L.P.H. van Belle
> CC: samba at lists.samba.org
> Onderwerp: Re: [Samba] samba dlz. bind9 nslookup is wrong
>
>
> root at server:/# curl -sL
> https://raw.githubusercontent.com/thctlo/samba4/master/samba-collect-debug-info.sh
> | bash -
> Password for Administrator at P3X-DC.PATRIKX3.COM:
> kinit: Password incorrect while getting initial credentials
> Wrong password, exiting now.
>
>
>
> Patrik
> WWW <https://patrikx3.com> | GitHub <https://github.com/patrikx3/>
> | NPM <https://www.npmjs.com/~patrikx3> | Corifeus <https://corifeus.com>
> | +36 20 342 8046
>
>
>
>
> On Mon, Aug 5, 2019 at 11:39 AM L.P.H. van Belle via samba <
> samba at lists.samba.org> wrote:
>
>
>
>
> ... From your output below..
> >> Uncomment only single database line, depending on your
> BIND version <<
>
> Then tell uss, why are 3 lines uncommented?
>
> I suggest, run :
>
> https://raw.githubusercontent.com/thctlo/samba4/master/samba-collect-debug-info.sh
>
> Anonimize it where needed, and show me your server setup.
>
>
> Greetz,
>
> Louis
>
>
> > -----Oorspronkelijk bericht-----
> > Van: samba [mailto:samba-bounces at lists.samba.org]
> Namens
> > Patrik via samba
> > Verzonden: maandag 5 augustus 2019 11:31
> > Aan: Rowland penny
> > CC: sambalist
> > Onderwerp: Re: [Samba] samba dlz. bind9 nslookup is wrong
> >
> > i only added this in the appropriote interface
> > include "/var/lib/samba/private/named.conf";
> >
> > root at server:/# cat /var/lib/samba/private/named.conf
> > # This DNS configuration is for BIND 9.8.0 or later with
> > dlz_dlopen support.
> > #
> > # This file should be included in your main BIND
> configuration file
> > #
> > # For example with
> > # include "/var/lib/samba/private/named.conf";
> >
> > #
> > # This configures dynamically loadable zones (DLZ) from
> AD schema
> > # Uncomment only single database line, depending on your
> BIND version
> > #
> > dlz "AD DNS Zone" {
> > # For BIND 9.8.x
> > # database "dlopen
> > /usr/lib/x86_64-linux-gnu/samba/bind9/dlz_bind9.so";
> >
> > # For BIND 9.9.x
> > # database "dlopen
> > /usr/lib/x86_64-linux-gnu/samba/bind9/dlz_bind9_9.so";
> >
> > # For BIND 9.10.x
> > # database "dlopen
> > /usr/lib/x86_64-linux-gnu/samba/bind9/dlz_bind9_10.so";
> >
> > # For BIND 9.11.x
> > database "dlopen
> > /usr/lib/x86_64-linux-gnu/samba/bind9/dlz_bind9_11.so";
> > };
> >
> >
> > *I am on Bind 9.11*
> >
> > *Patrik*
> > WWW <https://patrikx3.com> | GitHub
> > <https://github.com/patrikx3/> | NPM
> > <https://www.npmjs.com/~patrikx3> | Corifeus
> > <https://corifeus.com> | +36
> > 20 342 8046
> >
> >
> >
> >
> > On Mon, Aug 5, 2019 at 11:29 AM Patrik <
> alabard at gmail.com> wrote:
> >
> > > ok, so i remove that nemd.conf.update, but the rest it
> looks good?
> > >
> > > *Patrik*
> > > WWW <https://patrikx3.com> | GitHub
> > <https://github.com/patrikx3/> | NPM
> > > <https://www.npmjs.com/~patrikx3> | Corifeus
> > <https://corifeus.com> | +36
> > > 20 342 8046
> > >
> > >
> > >
> > >
> > > On Mon, Aug 5, 2019 at 11:28 AM Rowland penny via
> samba <
> > > samba at lists.samba.org> wrote:
> > >
> > >> On 05/08/2019 10:14, Patrik wrote:
> > >> > I am not using flatfiles and i using BIND_DLZ it
> shows
> > in my log and i
> > >> > do not use flatfiles. BIND_DLZ only.
> > >>
> > >> Oh yes you are, you have this in your
> /etc/bind/named.conf.local :
> > >>
> > >> zone "patrikx3.com" {
> > >> type master;
> > >> file "/etc/bind/zones/enp1s0f3/patrikx3.com
> ";
> > >> include
> "/var/lib/samba/private/named.conf.update";
> > >> };
> > >>
> > >> That means your AD records are being stored in
> > >> /etc/bind/zones/enp1s0f3/patrikx3.com and not in AD,
> this
> > is known as
> > >> 'flatfile' and is not supported by Samba.
> > >>
> > >> You also seem to using bind9 as a dns server for
> domains that have
> > >> nothing to do with AD, this is not recommended.
> > >>
> > >> Rowland
> > >>
> > >>
> > >> --
> > >> To unsubscribe from this list go to the following URL
> and read the
> > >> instructions:
> https://lists.samba.org/mailman/options/samba
> > >>
> > >
> > --
> > To unsubscribe from this list go to the following URL
> and read the
> > instructions:
> https://lists.samba.org/mailman/options/samba
> >
> >
>
>
> --
> To unsubscribe from this list go to the following URL and
> read the
> instructions:
> https://lists.samba.org/mailman/options/samba
>
>
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
>
More information about the samba
mailing list