[Samba] samba_dnsupdate options: --use-samba-tool vs. --use-nsupdate, and dhcpd dynamic updates

Billy Bob billysbobs at yahoo.com
Fri Jan 11 18:43:39 UTC 2019


    On Friday, January 11, 2019 12:04 PM, Rowland Penny via samba <samba at lists.samba.org> wrote:
> OK, you are now running my scripts as found on the Samba wiki, so it
> should work.
> Lets check some things, can you post the contents of the following
> files:
> /etc/resolv.conf
search corp.<DOMAIN>.com# nameserver

> /etc/hostname

> /etc/hosts       localhost172.20.10.130   dc01.corp.<DOMAIN>.com      dc01
# The following lines are desirable for IPv6 capable hosts::1     localhost ip6-localhost ip6-loopbackff02::1 ip6-allnodesff02::2 ip6-allrouters

> /etc/krb5.conf
[libdefaults]        default_realm = CORP.<DOMAIN>.COM        dns_lookup_realm = false        dns_lookup_kdc = true

> smb.conf
Is at /usr/local/samba/etc/smb.conf, and contains:
# Global parameters[global]        bind interfaces only = Yes        interfaces = lo eno1        netbios name = DC01        realm = CORP.<DOMAIN>.COM        server role = active directory domain controller        server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc, drepl, winbindd, ntp_signd, kcc, dnsupdate        workgroup = CORP        idmap_ldb:use rfc2307 = yes        dns update command = /usr/local/samba/sbin/samba_dnsupdate --use-samba-tool
[netlogon]        path = /usr/local/samba/var/locks/sysvol/corp.<DOMAIN>.com/scripts        read only = No
[sysvol]        path = /usr/local/samba/var/locks/sysvol        read only = No

> your named.conf file(s)

Is at /etc/bind/named.conf, and contains:
# Global Configuration Optionsoptions {
    auth-nxdomain yes;    directory "/var/cache/bind";    notify no;    empty-zones-enable no;
    # Enable dynamic DNS updates using Kerberos    tkey-gssapi-keytab "/usr/local/samba/private/dns.keytab";
    # IP addresses and network ranges allowed to query the DNS server:    allow-query {;;    };
    # IP addresses and network ranges allowed to run recursive queries:    # (Zones not served by this DNS server)    allow-recursion {;;    };
    # Forward queries that can not be answered from own zones    # to these DNS servers:    forwarders {;    };
    # Disable zone transfers    allow-transfer {        none;    }; };
# Configure dynamically loadable zones (DLZ) from AD schemadlz "AD DNS Zone" {    database "dlopen /usr/local/samba/lib/bind9/dlz_bind9_11.so";};
# Root Servers# (Required for recursive DNS queries)zone "." {    type hint;    file "named.root";};
# localhost zonezone "localhost" {    type master;    file "master/localhost.zone";};
# 127.0.0. zone.zone "0.0.127.in-addr.arpa" {    type master;    file "master/0.0.127.zone";};

> What OS is this on ?
Ubuntu 18.04.1, fully updated
On startup, no systemctl status errors for system, samba-ad-dc, bind9, ntp or isc-dhcp-server

> What version of Bind9 ?
$ sudo named -V
BIND 9.11.3-1ubuntu1.3-Ubuntu ... built by make with ...  '--sysconfdir=/etc' ... '--sysconfdir=/etc/bind' ... '--with-gssapi=/usr' ...
> Is a firewall running ?
Not on the server

> Is Selinux or Apparmor running ?
AppArmor is running, with dhcpd, named and ntpd in Complain mode; in any case, no violations are being logged as DENIED


More information about the samba mailing list