[Samba] Problems with Internal DNS Samba 4

Marcio Demetrio Bacci marciobacci at gmail.com
Mon Sep 2 11:41:44 UTC 2019 

Hi,

I believe it's all right now. I just changed the file paths.

samba_upgradedns --dns-backend=BIND9_DLZ
Reading domain information
DNS accounts already exist
No zone file /var/lib/samba/bind-dns/dns/EMPRESA.COM.BR.zone
DNS records will be automatically created
DNS partitions already exist
dns-samba4-dc1 account already exists
See /var/lib/samba/bind-dns/named.conf for an example configuration include
file for BIND
and /var/lib/samba/bind-dns/named.txt for further documentation required
for secure DNS updates
Finished upgrading DNS
You have switched to using BIND9_DLZ as your dns backend, but still have
the internal dns starting. Please make sure you add '-dns' to your server
services line in your smb.conf.
root at samba4-dc1:/var/lib/samba#
root at samba4-dc1:/var/lib/samba#
root at samba4-dc1:/var/lib/samba# mcedit /etc/samba/smb.conf

 cat /etc/samba/smb.conf
# Global parameters
[global]
        netbios name = SAMBA4-DC1
        realm = EMPRESA.COM.BR
        workgroup = EMPRESA
        server role = active directory domain controller
        server services = -dns
        dns update command = /usr/sbin/samba_dnsupdate --use-samba-tool
        ldap server require strong auth = no

[netlogon]
        path = /var/lib/samba/sysvol/empresa.com.br/scripts
        read only = No

[sysvol]
        path = /var/lib/samba/sysvol
        read only = No


 /etc/init.d/bind9 status
● bind9.service - BIND Domain Name Server
   Loaded: loaded (/lib/systemd/system/bind9.service; enabled; vendor
preset: enabled)
   Active: active (running) since Mon 2019-09-02 08:28:13 -03; 3s ago
     Docs: man:named(8)
 Main PID: 13296 (named)
    Tasks: 7 (limit: 4720)
   CGroup: /system.slice/bind9.service
           └─13296 /usr/sbin/named -f -u bind -4

set 02 08:28:13 samba4-dc1 named[13296]: set up managed keys zone for view
_default, file 'managed-keys.bind'
set 02 08:28:13 samba4-dc1 named[13296]: configuring command channel from
'/etc/bind/rndc.key'
set 02 08:28:13 samba4-dc1 named[13296]: command channel listening on
127.0.0.1#953
set 02 08:28:13 samba4-dc1 named[13296]: managed-keys-zone: loaded serial 0
set 02 08:28:13 samba4-dc1 named[13296]: zone 0.in-addr.arpa/IN: loaded
serial 1
set 02 08:28:13 samba4-dc1 named[13296]: zone localhost/IN: loaded serial 2
set 02 08:28:13 samba4-dc1 named[13296]: zone 255.in-addr.arpa/IN: loaded
serial 1
set 02 08:28:13 samba4-dc1 named[13296]: zone 127.in-addr.arpa/IN: loaded
serial 1
set 02 08:28:13 samba4-dc1 named[13296]: all zones loaded
set 02 08:28:13 samba4-dc1 named[13296]: running



root at samba4-dc1:ls -lai /var/lib/samba/private/sam.ldb.d/
total 162292
920703 drwx------ 2 root root     4096 set  2 08:16 .
920705 drwxr-xr-x 7 root root     4096 set  2 08:17 ..
920726 -rw------- 1 root root 40189952 set  2 08:29
CN=CONFIGURATION,DC=EMPRESA,DC=COM,DC=BR.ldb
920725 -rw------- 1 root root 26583040 set  2 08:29
CN=SCHEMA,CN=CONFIGURATION,DC=EMPRESA,DC=COM,DC=BR.ldb
920733 -rw-rw---- 2 root bind 14692352 set  2 08:29
DC=DOMAINDNSZONES,DC=EMPRESA,DC=COM,DC=BR.ldb
920734 -rw-rw---- 2 root bind  4210688 set  2 08:29
DC=FORESTDNSZONES,DC=EMPRESA,DC=COM,DC=BR.ldb
920731 -rw------- 1 root root 79663104 set  2 08:29
DC=EMPRESA,DC=COM,DC=BR.ldb
920708 -rw-rw---- 2 root bind   831488 set  2 08:16 metadata.tdb


root at samba4-dc1:/var/lib/samba# ls -lai
/var/lib/samba/bind-dns/dns/sam.ldb.d/
total 36220
920471 drwxrwx--- 2 root bind     4096 set  2 08:16 .
919793 drwxrwx--- 3 root bind     4096 set  2 08:16 ..
920736 -rw-rw---- 1 root bind  8601600 set  2 08:16
CN=CONFIGURATION,DC=EMPRESA,DC=COM,DC=BR.ldb
920732 -rw-rw---- 1 root bind  7446528 set  2 08:16
CN=SCHEMA,CN=CONFIGURATION,DC=EMPRESA,DC=COM,DC=BR.ldb
920733 -rw-rw---- 2 root bind 14692352 set  2 08:31
DC=DOMAINDNSZONES,DC=EMPRESA,DC=COM,DC=BR.ldb
920734 -rw-rw---- 2 root bind  4210688 set  2 08:31
DC=FORESTDNSZONES,DC=EMPRESA,DC=COM,DC=BR.ldb
920601 -rw-rw---- 1 root bind  1286144 set  2 08:16
DC=EMPRESA,DC=COM,DC=BR.ldb
920708 -rw-rw---- 2 root bind   831488 set  2 08:16 metadata.tdb

Do I do the same procedures on DC2 ?

Regards,

Márcio Bacci

Em seg, 2 de set de 2019 às 08:07, Marcio Demetrio Bacci <
marciobacci at gmail.com> escreveu:

> Hi,
>
> Failed to change DNS:
>
> samba_upgradedns --dns-backend=BIND9_DLZ
> Reading domain information
> DNS accounts already exist
> No zone file /var/lib/samba/bind-dns/dns/EMPRESA.COM.BR.zone
> DNS records will be automatically created
> DNS partitions already exist
> Adding dns-samba4-dc1 account
> Failed to create link /var/lib/samba/private/dns.keytab ->
> /var/lib/samba/bind-d
>
> ns/dns.keytab: No such file or directory
> Failed to chown /var/lib/samba/bind-dns to bind gid 121
> Failed to chown /var/lib/samba/bind-dns/dns.keytab to bind gid 121
> Traceback (most recent call last):
>   File "/usr/sbin/samba_upgradedns", line 533, in <module>
>     create_dns_dir(logger, paths)
>   File "/usr/lib/python3/dist-packages/samba/provision/sambadns.py", line
> 704, i
>                                                 n create_dns_dir
>     os.mkdir(dns_dir, 0o770)
> FileNotFoundError: [Errno 2] No such file or directory:
> '/var/lib/samba/bind-dns
>
> Regards,
>
> Márcio Bacci
>
> Em seg, 2 de set de 2019 às 07:31, Rowland penny via samba <
> samba at lists.samba.org> escreveu:
>
>> On 02/09/2019 11:11, Marcio Demetrio Bacci wrote:
>> >
>> > Hi,
>> >
>> > >No, you shouldn't have to, have you followed this first:
>> > I followed, but there are instructions in this tutorial to configure
>> > Bind9_DLZ first, as below:
>> >
>> >   * Set up and configure the |BIND9_DLZ| back end. For details, see
>> >     BIND9_DLZ Back End
>> >     <https://wiki.samba.org/index.php/BIND9_DLZ_DNS_Back_End>.
>> >
>> I will have a look and alter it if required.
>> >
>> > > What version of Samba is this ?
>> > Samba 4.10.7
>> >
>> > >Yours will probably be '/var/lib/samba'
>> > No, there aren't in my DC (I have searched with find / -name <file>).
>> If you were running a DC using the internal dns server and haven't
>> upgraded to Bind9 yet, then there will be no Samba Bind9 related files &
>> directories yet, they get created by the dns server upgrade and they
>> will be created in /var/lib/samba/bind-dns
>> >
>> >  Will files ( "/usr/local/samba/bind-dns/named.conf" and "dns.keytab"
>> > ) be created after I run the command samba_upgradedns
>> > --dns-backend=BIND9_DLZ ?
>>
>> Yes, but not at that path ;-)
>>
>> Rowland
>>
>>
>>
>> --
>> To unsubscribe from this list go to the following URL and read the
>> instructions:  https://lists.samba.org/mailman/options/samba
>>
>

More information about the samba mailing list