[Samba] samba_dnsupdate options: --use-samba-tool vs. --use-nsupdate, and dhcpd dynamic updates
Billy Bob
billysbobs at yahoo.com
Fri Jan 11 18:43:39 UTC 2019
On Friday, January 11, 2019 12:04 PM, Rowland Penny via samba <samba at lists.samba.org> wrote:
> OK, you are now running my scripts as found on the Samba wiki, so it
> should work.
>
> Lets check some things, can you post the contents of the following
> files:
>
> /etc/resolv.conf
search corp.<DOMAIN>.com# nameserver 172.20.10.131nameserver 172.20.10.130
> /etc/hostname
dc01
> /etc/hosts
127.0.0.1 localhost172.20.10.130 dc01.corp.<DOMAIN>.com dc01
# The following lines are desirable for IPv6 capable hosts::1 localhost ip6-localhost ip6-loopbackff02::1 ip6-allnodesff02::2 ip6-allrouters
> /etc/krb5.conf
[libdefaults] default_realm = CORP.<DOMAIN>.COM dns_lookup_realm = false dns_lookup_kdc = true
> smb.conf
Is at /usr/local/samba/etc/smb.conf, and contains:
# Global parameters[global] bind interfaces only = Yes interfaces = lo eno1 netbios name = DC01 realm = CORP.<DOMAIN>.COM server role = active directory domain controller server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc, drepl, winbindd, ntp_signd, kcc, dnsupdate workgroup = CORP idmap_ldb:use rfc2307 = yes dns update command = /usr/local/samba/sbin/samba_dnsupdate --use-samba-tool
[netlogon] path = /usr/local/samba/var/locks/sysvol/corp.<DOMAIN>.com/scripts read only = No
[sysvol] path = /usr/local/samba/var/locks/sysvol read only = No
> your named.conf file(s)
Is at /etc/bind/named.conf, and contains:
# Global Configuration Optionsoptions {
auth-nxdomain yes; directory "/var/cache/bind"; notify no; empty-zones-enable no;
# Enable dynamic DNS updates using Kerberos tkey-gssapi-keytab "/usr/local/samba/private/dns.keytab";
# IP addresses and network ranges allowed to query the DNS server: allow-query { 127.0.0.1; 172.20.10.128/25; };
# IP addresses and network ranges allowed to run recursive queries: # (Zones not served by this DNS server) allow-recursion { 127.0.0.1; 172.20.10.128/25; };
# Forward queries that can not be answered from own zones # to these DNS servers: forwarders { 172.20.10.129; };
# Disable zone transfers allow-transfer { none; }; };
# Configure dynamically loadable zones (DLZ) from AD schemadlz "AD DNS Zone" { database "dlopen /usr/local/samba/lib/bind9/dlz_bind9_11.so";};
# Root Servers# (Required for recursive DNS queries)zone "." { type hint; file "named.root";};
# localhost zonezone "localhost" { type master; file "master/localhost.zone";};
# 127.0.0. zone.zone "0.0.127.in-addr.arpa" { type master; file "master/0.0.127.zone";};
> What OS is this on ?
Ubuntu 18.04.1, fully updated
On startup, no systemctl status errors for system, samba-ad-dc, bind9, ntp or isc-dhcp-server
> What version of Bind9 ?
$ sudo named -V
BIND 9.11.3-1ubuntu1.3-Ubuntu ... built by make with ... '--sysconfdir=/etc' ... '--sysconfdir=/etc/bind' ... '--with-gssapi=/usr' ...
> Is a firewall running ?
Not on the server
> Is Selinux or Apparmor running ?
AppArmor is running, with dhcpd, named and ntpd in Complain mode; in any case, no violations are being logged as DENIED
More information about the samba
mailing list