[Samba] Problems joining station in domain

Marcio Demetrio Bacci marciobacci at gmail.com
Wed Aug 28 18:20:35 UTC 2019


Hi,

I have installed bind9 bind9utils, but

There isn't the file "dns.keytab" in my server:
tkey-gssapi-keytab "/var/lib/samba/bind-dns/dns.keytab";

There isn't the file "named.conf" in the follow path:
include "/var/lib/samba/private/named.conf";

Are these files generated after joining the domain?

Regards,

Márcio Bacci

Em qua, 28 de ago de 2019 às 13:17, Marcio Demetrio Bacci <
marciobacci at gmail.com> escreveu:

> Hi,
>
> >What i hoped it to try to "upgrade"  you internal DNS to bind9_dlz
> >And with doing that, avoid this bug.
> My production DCs use DNS Internal, so can I join a new DC using Bin9_dlz
> without problems?
>
> Regards,
>
> Márcio Bacci
>
> Em qua, 28 de ago de 2019 às 12:14, L.P.H. van Belle via samba <
> samba at lists.samba.org> escreveu:
>
>> Hai Marcio,
>>
>>
>> ________________________________
>>
>>         Van: Marcio Demetrio Bacci [mailto:marciobacci at gmail.com]
>>         Verzonden: woensdag 28 augustus 2019 15:57
>>         Aan: L.P.H. van Belle; sambalist
>>         Onderwerp: Re: [Samba] Problems joining station in domain
>>
>>
>>         Hi,
>>
>>         >What is in /etc/ldap/ldap.conf
>>         >Does it have : TLS_REQCERT allow ?
>>         >If not add it.
>>         Do I add this to all DC's?
>>
>> Yes, but as Andrew did say, we could/should use an other setting these
>> days.
>> He confirmed its still a bug in the DNS partitioning.
>> What i hoped it to try to "upgrade"  you internal DNS to bind9_dlz
>> And with doing that, avoid this bug.
>>
>> I suggest you read:
>> Then we are left with the 2 possible workarounds as mentions in the list
>> before.
>> See: https://www.spinics.net/lists/samba/msg158588.html
>> Adjust the code of samba a bit.
>>
>> Dennis pointed out, and option to upgrade/create partitions on w2k3
>> before the joins.
>> Found here: https://lists.samba.org/archive/samba/2019-July/224515.html
>> But as far i know that server is gone.
>>
>>
>>         >You installed a new server, why did you not choose debian buster
>> but installed debian stretch?
>>         Because our Debian distribution is customized and packaged
>> according to the institution's security rules. I depend on making this
>> distribution available in Debian 10.
>>
>> Well ok, i can only respect this.
>> Then i strongly suggeset you also read the subject on the list :
>> TLS_REQCERT and Samba AD DC
>> Because if you have security rules, then this should not be an option,
>> and you should have your own CA running.
>>
>>
>> Sso far, (office is closing), untill tomorrow.
>>
>>
>> Greetz,
>>
>> Louis
>>
>>
>>
>> --
>> To unsubscribe from this list go to the following URL and read the
>> instructions:  https://lists.samba.org/mailman/options/samba
>>
>


More information about the samba mailing list