[Samba] Problems joining station in domain
Marcio Demetrio Bacci
marciobacci at gmail.com
Wed Aug 28 18:20:35 UTC 2019
Hi,
I have installed bind9 bind9utils, but
There isn't the file "dns.keytab" in my server:
tkey-gssapi-keytab "/var/lib/samba/bind-dns/dns.keytab";
There isn't the file "named.conf" in the follow path:
include "/var/lib/samba/private/named.conf";
Are these files generated after joining the domain?
Regards,
Márcio Bacci
Em qua, 28 de ago de 2019 às 13:17, Marcio Demetrio Bacci <
marciobacci at gmail.com> escreveu:
> Hi,
>
> >What i hoped it to try to "upgrade" you internal DNS to bind9_dlz
> >And with doing that, avoid this bug.
> My production DCs use DNS Internal, so can I join a new DC using Bin9_dlz
> without problems?
>
> Regards,
>
> Márcio Bacci
>
> Em qua, 28 de ago de 2019 às 12:14, L.P.H. van Belle via samba <
> samba at lists.samba.org> escreveu:
>
>> Hai Marcio,
>>
>>
>> ________________________________
>>
>> Van: Marcio Demetrio Bacci [mailto:marciobacci at gmail.com]
>> Verzonden: woensdag 28 augustus 2019 15:57
>> Aan: L.P.H. van Belle; sambalist
>> Onderwerp: Re: [Samba] Problems joining station in domain
>>
>>
>> Hi,
>>
>> >What is in /etc/ldap/ldap.conf
>> >Does it have : TLS_REQCERT allow ?
>> >If not add it.
>> Do I add this to all DC's?
>>
>> Yes, but as Andrew did say, we could/should use an other setting these
>> days.
>> He confirmed its still a bug in the DNS partitioning.
>> What i hoped it to try to "upgrade" you internal DNS to bind9_dlz
>> And with doing that, avoid this bug.
>>
>> I suggest you read:
>> Then we are left with the 2 possible workarounds as mentions in the list
>> before.
>> See: https://www.spinics.net/lists/samba/msg158588.html
>> Adjust the code of samba a bit.
>>
>> Dennis pointed out, and option to upgrade/create partitions on w2k3
>> before the joins.
>> Found here: https://lists.samba.org/archive/samba/2019-July/224515.html
>> But as far i know that server is gone.
>>
>>
>> >You installed a new server, why did you not choose debian buster
>> but installed debian stretch?
>> Because our Debian distribution is customized and packaged
>> according to the institution's security rules. I depend on making this
>> distribution available in Debian 10.
>>
>> Well ok, i can only respect this.
>> Then i strongly suggeset you also read the subject on the list :
>> TLS_REQCERT and Samba AD DC
>> Because if you have security rules, then this should not be an option,
>> and you should have your own CA running.
>>
>>
>> Sso far, (office is closing), untill tomorrow.
>>
>>
>> Greetz,
>>
>> Louis
>>
>>
>>
>> --
>> To unsubscribe from this list go to the following URL and read the
>> instructions: https://lists.samba.org/mailman/options/samba
>>
>
More information about the samba
mailing list