[Samba] Problems with Internal DNS Samba 4

Marcio Demetrio Bacci marciobacci at gmail.com
Mon Sep 2 11:58:02 UTC 2019 

Hi,

My DNS Service isn't working properly!

root at samba4-dc1:~#  host -t SRV _kerberos._udp.EMPRESA.COM.BR
;; connection timed out; no servers could be reached
root at samba4-dc1:~# host -t SRV _ldap._tcp.EMPRESA.COM.BR
;; connection timed out; no servers could be reached
root at samba4-dc1:~# host -t A EMPRESA.COM.BR
;; connection timed out; no servers could be reached
root at samba4-dc1:~# host -t A proxy-server
;; connection timed out; no servers could be reached

What should I do?

Regards,

Márcio Bacci

Em seg, 2 de set de 2019 às 08:41, Marcio Demetrio Bacci <
marciobacci at gmail.com> escreveu:

> Hi,
>
> I believe it's all right now. I just changed the file paths.
>
> samba_upgradedns --dns-backend=BIND9_DLZ
> Reading domain information
> DNS accounts already exist
> No zone file /var/lib/samba/bind-dns/dns/EMPRESA.COM.BR.zone
> DNS records will be automatically created
> DNS partitions already exist
> dns-samba4-dc1 account already exists
> See /var/lib/samba/bind-dns/named.conf for an example configuration
> include file for BIND
> and /var/lib/samba/bind-dns/named.txt for further documentation required
> for secure DNS updates
> Finished upgrading DNS
> You have switched to using BIND9_DLZ as your dns backend, but still have
> the internal dns starting. Please make sure you add '-dns' to your server
> services line in your smb.conf.
> root at samba4-dc1:/var/lib/samba#
> root at samba4-dc1:/var/lib/samba#
> root at samba4-dc1:/var/lib/samba# mcedit /etc/samba/smb.conf
>
>  cat /etc/samba/smb.conf
> # Global parameters
> [global]
>         netbios name = SAMBA4-DC1
>         realm = EMPRESA.COM.BR
>         workgroup = EMPRESA
>         server role = active directory domain controller
>         server services = -dns
>         dns update command = /usr/sbin/samba_dnsupdate --use-samba-tool
>         ldap server require strong auth = no
>
> [netlogon]
>         path = /var/lib/samba/sysvol/empresa.com.br/scripts
>         read only = No
>
> [sysvol]
>         path = /var/lib/samba/sysvol
>         read only = No
>
>
>  /etc/init.d/bind9 status
> ● bind9.service - BIND Domain Name Server
>    Loaded: loaded (/lib/systemd/system/bind9.service; enabled; vendor
> preset: enabled)
>    Active: active (running) since Mon 2019-09-02 08:28:13 -03; 3s ago
>      Docs: man:named(8)
>  Main PID: 13296 (named)
>     Tasks: 7 (limit: 4720)
>    CGroup: /system.slice/bind9.service
>            └─13296 /usr/sbin/named -f -u bind -4
>
> set 02 08:28:13 samba4-dc1 named[13296]: set up managed keys zone for view
> _default, file 'managed-keys.bind'
> set 02 08:28:13 samba4-dc1 named[13296]: configuring command channel from
> '/etc/bind/rndc.key'
> set 02 08:28:13 samba4-dc1 named[13296]: command channel listening on
> 127.0.0.1#953
> set 02 08:28:13 samba4-dc1 named[13296]: managed-keys-zone: loaded serial 0
> set 02 08:28:13 samba4-dc1 named[13296]: zone 0.in-addr.arpa/IN: loaded
> serial 1
> set 02 08:28:13 samba4-dc1 named[13296]: zone localhost/IN: loaded serial 2
> set 02 08:28:13 samba4-dc1 named[13296]: zone 255.in-addr.arpa/IN: loaded
> serial 1
> set 02 08:28:13 samba4-dc1 named[13296]: zone 127.in-addr.arpa/IN: loaded
> serial 1
> set 02 08:28:13 samba4-dc1 named[13296]: all zones loaded
> set 02 08:28:13 samba4-dc1 named[13296]: running
>
>
>
> root at samba4-dc1:ls -lai /var/lib/samba/private/sam.ldb.d/
> total 162292
> 920703 drwx------ 2 root root     4096 set  2 08:16 .
> 920705 drwxr-xr-x 7 root root     4096 set  2 08:17 ..
> 920726 -rw------- 1 root root 40189952 set  2 08:29
> CN=CONFIGURATION,DC=EMPRESA,DC=COM,DC=BR.ldb
> 920725 -rw------- 1 root root 26583040 set  2 08:29
> CN=SCHEMA,CN=CONFIGURATION,DC=EMPRESA,DC=COM,DC=BR.ldb
> 920733 -rw-rw---- 2 root bind 14692352 set  2 08:29
> DC=DOMAINDNSZONES,DC=EMPRESA,DC=COM,DC=BR.ldb
> 920734 -rw-rw---- 2 root bind  4210688 set  2 08:29
> DC=FORESTDNSZONES,DC=EMPRESA,DC=COM,DC=BR.ldb
> 920731 -rw------- 1 root root 79663104 set  2 08:29
> DC=EMPRESA,DC=COM,DC=BR.ldb
> 920708 -rw-rw---- 2 root bind   831488 set  2 08:16 metadata.tdb
>
>
> root at samba4-dc1:/var/lib/samba# ls -lai
> /var/lib/samba/bind-dns/dns/sam.ldb.d/
> total 36220
> 920471 drwxrwx--- 2 root bind     4096 set  2 08:16 .
> 919793 drwxrwx--- 3 root bind     4096 set  2 08:16 ..
> 920736 -rw-rw---- 1 root bind  8601600 set  2 08:16
> CN=CONFIGURATION,DC=EMPRESA,DC=COM,DC=BR.ldb
> 920732 -rw-rw---- 1 root bind  7446528 set  2 08:16
> CN=SCHEMA,CN=CONFIGURATION,DC=EMPRESA,DC=COM,DC=BR.ldb
> 920733 -rw-rw---- 2 root bind 14692352 set  2 08:31
> DC=DOMAINDNSZONES,DC=EMPRESA,DC=COM,DC=BR.ldb
> 920734 -rw-rw---- 2 root bind  4210688 set  2 08:31
> DC=FORESTDNSZONES,DC=EMPRESA,DC=COM,DC=BR.ldb
> 920601 -rw-rw---- 1 root bind  1286144 set  2 08:16
> DC=EMPRESA,DC=COM,DC=BR.ldb
> 920708 -rw-rw---- 2 root bind   831488 set  2 08:16 metadata.tdb
>
> Do I do the same procedures on DC2 ?
>
> Regards,
>
> Márcio Bacci
>
> Em seg, 2 de set de 2019 às 08:07, Marcio Demetrio Bacci <
> marciobacci at gmail.com> escreveu:
>
>> Hi,
>>
>> Failed to change DNS:
>>
>> samba_upgradedns --dns-backend=BIND9_DLZ
>> Reading domain information
>> DNS accounts already exist
>> No zone file /var/lib/samba/bind-dns/dns/EMPRESA.COM.BR.zone
>> DNS records will be automatically created
>> DNS partitions already exist
>> Adding dns-samba4-dc1 account
>> Failed to create link /var/lib/samba/private/dns.keytab ->
>> /var/lib/samba/bind-d
>>
>> ns/dns.keytab: No such file or directory
>> Failed to chown /var/lib/samba/bind-dns to bind gid 121
>> Failed to chown /var/lib/samba/bind-dns/dns.keytab to bind gid 121
>> Traceback (most recent call last):
>>   File "/usr/sbin/samba_upgradedns", line 533, in <module>
>>     create_dns_dir(logger, paths)
>>   File "/usr/lib/python3/dist-packages/samba/provision/sambadns.py", line
>> 704, i
>>                                                 n create_dns_dir
>>     os.mkdir(dns_dir, 0o770)
>> FileNotFoundError: [Errno 2] No such file or directory:
>> '/var/lib/samba/bind-dns
>>
>> Regards,
>>
>> Márcio Bacci
>>
>> Em seg, 2 de set de 2019 às 07:31, Rowland penny via samba <
>> samba at lists.samba.org> escreveu:
>>
>>> On 02/09/2019 11:11, Marcio Demetrio Bacci wrote:
>>> >
>>> > Hi,
>>> >
>>> > >No, you shouldn't have to, have you followed this first:
>>> > I followed, but there are instructions in this tutorial to configure
>>> > Bind9_DLZ first, as below:
>>> >
>>> >   * Set up and configure the |BIND9_DLZ| back end. For details, see
>>> >     BIND9_DLZ Back End
>>> >     <https://wiki.samba.org/index.php/BIND9_DLZ_DNS_Back_End>.
>>> >
>>> I will have a look and alter it if required.
>>> >
>>> > > What version of Samba is this ?
>>> > Samba 4.10.7
>>> >
>>> > >Yours will probably be '/var/lib/samba'
>>> > No, there aren't in my DC (I have searched with find / -name <file>).
>>> If you were running a DC using the internal dns server and haven't
>>> upgraded to Bind9 yet, then there will be no Samba Bind9 related files &
>>> directories yet, they get created by the dns server upgrade and they
>>> will be created in /var/lib/samba/bind-dns
>>> >
>>> >  Will files ( "/usr/local/samba/bind-dns/named.conf" and "dns.keytab"
>>> > ) be created after I run the command samba_upgradedns
>>> > --dns-backend=BIND9_DLZ ?
>>>
>>> Yes, but not at that path ;-)
>>>
>>> Rowland
>>>
>>>
>>>
>>> --
>>> To unsubscribe from this list go to the following URL and read the
>>> instructions:  https://lists.samba.org/mailman/options/samba
>>>
>>

More information about the samba mailing list