[Samba] bind9 refuses to start -> zone has no NS records
Benedikt Kaleß
benedikt.kaless at forumZFD.de
Thu Apr 30 13:16:59 UTC 2020
Hi,
after installation of xattrs and acl packages this is the debug info.
I still have "zone has no NS records" , and a /etc/samba/smb.conf
Collected config --- 2020-04-30-16:13 -----------
Hostname: addc-jor02
DNS Domain: example.com
FQDN: addc-jor02.example.com
ipaddress: 192.168.40.24
-----------
Kerberos SRV _kerberos._tcp.example.com record verified ok, sample output:
Server: 192.168.168.48
Address: 192.168.168.48#53
_kerberos._tcp.example.com service = 0 100 88 addc-ho-hos1.example.com.
_kerberos._tcp.example.com service = 0 100 88 addc-jor01.example.com.
_kerberos._tcp.example.com service = 0 100 88 addc-lbn1.example.com.
_kerberos._tcp.example.com service = 0 100 88 addc-ho-1.example.com.
Samba is running as an AD DC
-----------
Checking file: /etc/os-release
PRETTY_NAME="Debian GNU/Linux 10 (buster)"
NAME="Debian GNU/Linux"
VERSION_ID="10"
VERSION="10 (buster)"
VERSION_CODENAME=buster
ID=debian
HOME_URL="https://www.debian.org/"
SUPPORT_URL="https://www.debian.org/support"
BUG_REPORT_URL="https://bugs.debian.org/"
-----------
This computer is running Debian 10.3 x86_64
-----------
running command : ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN
group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
inet6 ::1/128 scope host
2: ens3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast
state UP group default qlen 1000
link/ether 52:54:00:9d:c7:c1 brd ff:ff:ff:ff:ff:ff
inet 192.168.40.24/24 brd 192.168.40.255 scope global ens3
inet6 fe80::5054:ff:fe9d:c7c1/64 scope link
-----------
Checking file: /etc/hosts
127.0.0.1 localhost
192.168.40.24 addc-jor02.example.com addc-jor02
# The following lines are desirable for IPv6 capable hosts
::1 localhost ip6-localhost ip6-loopback
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters
-----------
Checking file: /etc/resolv.conf
domain example.com
search example.com.
#nameserver 192.168.40.22
nameserver 192.168.40.24
nameserver 192.168.168.48
nameserver 192.168.168.44
#nameserver 192.168.168.44
#nameserver 192.168.169.46
#nameserver 192.168.168.48
-----------
Checking file: /etc/krb5.conf
[libdefaults]
default_realm = ZFD.FORUMZFD.DE
dns_lookup_realm = false
dns_lookup_kdc = true
-----------
Checking file: /etc/nsswitch.conf
# /etc/nsswitch.conf
#
# Example configuration of GNU Name Service Switch functionality.
# If you have the `glibc-doc-reference' and `info' packages installed, try:
# `info libc "Name Service Switch"' for information about this file.
passwd: files systemd
group: files systemd
shadow: files
gshadow: files
hosts: files dns
networks: files
protocols: db files
services: db files
ethers: db files
rpc: db files
netgroup: nis
-----------
Checking file: /etc/samba/smb.conf
# Global parameters
[global]
netbios name = ADDC-JOR02
realm = EXAMPLE.COM
server role = active directory domain controller
server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc, drepl,
winbindd, ntp_signd, kcc, dnsupdate
workgroup = ZFD
wins support = yes
[netlogon]
path = /var/lib/samba/sysvol/example.com/scripts
read only = No
[sysvol]
path = /var/lib/samba/sysvol
read only = No
-----------
Detected bind DLZ enabled..
Checking file: /etc/bind/named.conf
// This is the primary configuration file for the BIND DNS server named.
//
// Please read /usr/share/doc/bind9/README.Debian.gz for information on the
// structure of BIND configuration files in Debian, *BEFORE* you customize
// this configuration file.
//
// If you are just adding zones, please do that in
/etc/bind/named.conf.local
include "/etc/bind/named.conf.options";
include "/etc/bind/named.conf.local";
include "/etc/bind/named.conf.default-zones";
-----------
Checking file: /etc/bind/named.conf.options
options {
directory "/var/cache/bind";
// If there is a firewall between you and nameservers you want
// to talk to, you may need to fix the firewall to allow multiple
// ports to talk. See http://www.kb.cert.org/vuls/id/800113
// If your ISP provided one or more IP addresses for stable
// nameservers, you probably want to use them as forwarders.
// Uncomment the following block, and insert the addresses replacing
// the all-0's placeholder.
forwarders {
192.168.40.1;
};
tkey-gssapi-keytab "/var/lib/samba/private/dns.keytab";
//========================================================================
// If BIND logs error messages about the root key being expired,
// you will need to update your keys. See https://www.isc.org/bind-keys
//========================================================================
dnssec-validation no;
dnssec-enable no;
dnssec-lookaside no;
auth-nxdomain yes; # conform to RFC1035
allow-recursion { any; };
allow-query { any; };
allow-query-cache { any; };
//notify no;
//empty-zones-enable no;
//allow-transfer { none; };
//listen-on port 53 { any; };
listen-on-v6 { any; };
};
-----------
Checking file: /etc/bind/named.conf.local
//
// Do any local configuration here
//
// Consider adding the 1918 zones here, if they are not used in your
// organization
//include "/etc/bind/zones.rfc1918";
include "/var/lib/samba/bind-dns/named.conf";
-----------
Checking file: /etc/bind/named.conf.default-zones
// prime the server with knowledge of the root servers
zone "." {
type hint;
file "/usr/share/dns/root.hints";
};
// be authoritative for the localhost forward and reverse zones, and for
// broadcast zones as per RFC 1912
zone "localhost" {
type master;
file "/etc/bind/db.local";
};
zone "127.in-addr.arpa" {
type master;
file "/etc/bind/db.127";
};
zone "0.in-addr.arpa" {
type master;
file "/etc/bind/db.0";
};
zone "255.in-addr.arpa" {
type master;
file "/etc/bind/db.255";
};
-----------
Samba DNS zone list: 13 zone(s) found
pszZoneName : 21.168.192.in-addr.arpa
Flags : DNS_RPC_ZONE_DSINTEGRATED
DNS_RPC_ZONE_UPDATE_SECURE
ZoneType : DNS_ZONE_TYPE_PRIMARY
Version : 50
dwDpFlags : DNS_DP_AUTOCREATED DNS_DP_DOMAIN_DEFAULT
DNS_DP_ENLISTED
pszDpFqdn : DomainDnsZones.example.com
pszZoneName : 40.168.192.in-addr.arpa
Flags : DNS_RPC_ZONE_DSINTEGRATED
DNS_RPC_ZONE_UPDATE_SECURE
ZoneType : DNS_ZONE_TYPE_PRIMARY
Version : 50
dwDpFlags : DNS_DP_AUTOCREATED DNS_DP_DOMAIN_DEFAULT
DNS_DP_ENLISTED
pszDpFqdn : DomainDnsZones.example.com
pszZoneName : 168.168.192.in-addr.arpa
Flags : DNS_RPC_ZONE_DSINTEGRATED
DNS_RPC_ZONE_UPDATE_SECURE
ZoneType : DNS_ZONE_TYPE_PRIMARY
Version : 50
dwDpFlags : DNS_DP_AUTOCREATED DNS_DP_DOMAIN_DEFAULT
DNS_DP_ENLISTED
pszDpFqdn : DomainDnsZones.example.com
pszZoneName : 20.168.192.in-addr.arpa
Flags : DNS_RPC_ZONE_DSINTEGRATED
DNS_RPC_ZONE_UPDATE_SECURE
ZoneType : DNS_ZONE_TYPE_PRIMARY
Version : 50
dwDpFlags : DNS_DP_AUTOCREATED DNS_DP_DOMAIN_DEFAULT
DNS_DP_ENLISTED
pszDpFqdn : DomainDnsZones.example.com
pszZoneName : 60.168.192.in-addr.arpa
Flags : DNS_RPC_ZONE_DSINTEGRATED
DNS_RPC_ZONE_UPDATE_SECURE
ZoneType : DNS_ZONE_TYPE_PRIMARY
Version : 50
dwDpFlags : DNS_DP_AUTOCREATED DNS_DP_DOMAIN_DEFAULT
DNS_DP_ENLISTED
pszDpFqdn : DomainDnsZones.example.com
pszZoneName : 130.168.192.in-addr.arpa
Flags : DNS_RPC_ZONE_DSINTEGRATED
DNS_RPC_ZONE_UPDATE_SECURE
ZoneType : DNS_ZONE_TYPE_PRIMARY
Version : 50
dwDpFlags : DNS_DP_AUTOCREATED DNS_DP_DOMAIN_DEFAULT
DNS_DP_ENLISTED
pszDpFqdn : DomainDnsZones.example.com
pszZoneName : 50.168.192.in-addr.arpa
Flags : DNS_RPC_ZONE_DSINTEGRATED
DNS_RPC_ZONE_UPDATE_SECURE
ZoneType : DNS_ZONE_TYPE_PRIMARY
Version : 50
dwDpFlags : DNS_DP_AUTOCREATED DNS_DP_DOMAIN_DEFAULT
DNS_DP_ENLISTED
pszDpFqdn : DomainDnsZones.example.com
pszZoneName : 169.168.192.in-addr.arpa
Flags : DNS_RPC_ZONE_DSINTEGRATED
DNS_RPC_ZONE_UPDATE_SECURE
ZoneType : DNS_ZONE_TYPE_PRIMARY
Version : 50
dwDpFlags : DNS_DP_AUTOCREATED DNS_DP_DOMAIN_DEFAULT
DNS_DP_ENLISTED
pszDpFqdn : DomainDnsZones.example.com
pszZoneName : 120.168.192.in-addr.arpa
Flags : DNS_RPC_ZONE_DSINTEGRATED
DNS_RPC_ZONE_UPDATE_SECURE
ZoneType : DNS_ZONE_TYPE_PRIMARY
Version : 50
dwDpFlags : DNS_DP_AUTOCREATED DNS_DP_DOMAIN_DEFAULT
DNS_DP_ENLISTED
pszDpFqdn : DomainDnsZones.example.com
pszZoneName : 167.168.192.in-addr.arpa
Flags : DNS_RPC_ZONE_DSINTEGRATED
DNS_RPC_ZONE_UPDATE_SECURE
ZoneType : DNS_ZONE_TYPE_PRIMARY
Version : 50
dwDpFlags : DNS_DP_AUTOCREATED DNS_DP_DOMAIN_DEFAULT
DNS_DP_ENLISTED
pszDpFqdn : DomainDnsZones.example.com
pszZoneName : example.com
Flags : DNS_RPC_ZONE_DSINTEGRATED
DNS_RPC_ZONE_UPDATE_SECURE
ZoneType : DNS_ZONE_TYPE_PRIMARY
Version : 50
dwDpFlags : DNS_DP_AUTOCREATED DNS_DP_DOMAIN_DEFAULT
DNS_DP_ENLISTED
pszDpFqdn : DomainDnsZones.example.com
pszZoneName : 10.168.192.in-addr.arpa
Flags : DNS_RPC_ZONE_DSINTEGRATED
DNS_RPC_ZONE_UPDATE_SECURE
ZoneType : DNS_ZONE_TYPE_PRIMARY
Version : 50
dwDpFlags : DNS_DP_AUTOCREATED DNS_DP_DOMAIN_DEFAULT
DNS_DP_ENLISTED
pszDpFqdn : DomainDnsZones.example.com
pszZoneName : _msdcs.example.com
Flags : DNS_RPC_ZONE_DSINTEGRATED
DNS_RPC_ZONE_UPDATE_SECURE
ZoneType : DNS_ZONE_TYPE_PRIMARY
Version : 50
dwDpFlags : DNS_DP_AUTOCREATED DNS_DP_FOREST_DEFAULT
DNS_DP_ENLISTED
pszDpFqdn : ForestDnsZones.example.com
Samba DNS zone list Automated check :
zone : 21.168.192.in-addr.arpa ok, no Bind flat-files found
-----------
zone : 40.168.192.in-addr.arpa ok, no Bind flat-files found
-----------
zone : 168.168.192.in-addr.arpa ok, no Bind flat-files found
-----------
zone : 20.168.192.in-addr.arpa ok, no Bind flat-files found
-----------
zone : 60.168.192.in-addr.arpa ok, no Bind flat-files found
-----------
zone : 130.168.192.in-addr.arpa ok, no Bind flat-files found
-----------
zone : 50.168.192.in-addr.arpa ok, no Bind flat-files found
-----------
zone : 169.168.192.in-addr.arpa ok, no Bind flat-files found
-----------
zone : 120.168.192.in-addr.arpa ok, no Bind flat-files found
-----------
zone : 167.168.192.in-addr.arpa ok, no Bind flat-files found
-----------
zone : example.com ok, no Bind flat-files found
-----------
zone : 10.168.192.in-addr.arpa ok, no Bind flat-files found
-----------
zone : _msdcs.example.com ok, no Bind flat-files found
-----------
Installed packages:
ii acl 2.2.53-4
amd64 access control list - utilities
ii attr 1:2.4.48-4
amd64 utilities for manipulating filesystem extended attributes
ii bind9 1:9.11.5.P4+dfsg-5.1
amd64 Internet Domain Name Server
ii bind9-host 1:9.11.5.P4+dfsg-5.1
amd64 DNS lookup utility (deprecated)
ii bind9utils 1:9.11.5.P4+dfsg-5.1
amd64 Utilities for BIND
ii krb5-config 2.6
all Configuration files for Kerberos Version 5
ii krb5-locales 1.17-3
all internationalization support for MIT Kerberos
ii libacl1:amd64 2.2.53-4
amd64 access control list - shared library
ii libattr1:amd64 1:2.4.48-4
amd64 extended attribute handling - shared library
ii libbind9-161:amd64 1:9.11.5.P4+dfsg-5.1
amd64 BIND9 Shared Library used by BIND
ii libgssapi-krb5-2:amd64 1.17-3
amd64 MIT Kerberos runtime libraries - krb5 GSS-API Mechanism
ii libkrb5-26-heimdal:amd64 7.5.0+dfsg-3
amd64 Heimdal Kerberos - libraries
ii libkrb5-3:amd64 1.17-3
amd64 MIT Kerberos runtime libraries
ii libkrb5support0:amd64 1.17-3
amd64 MIT Kerberos runtime libraries - Support library
ii libwbclient0:amd64 99:4.11.8-7
amd64 Glue package for sernet-samba-libs.
ii python3-xattr 0.9.6-1
amd64 module for manipulating filesystem extended attributes -
Python 3
ii sernet-samba 99:4.11.8-7
amd64 SMB/CIFS file, print, and login server for Unix
ii sernet-samba-ad 99:4.11.8-7
amd64 Samba Active Directory Domain Controller
ii sernet-samba-client 99:4.11.8-7
amd64 a LanManager-like simple client for Unix
ii sernet-samba-common 99:4.11.8-7
all Samba common files used by both the server and the client
ii sernet-samba-keyring 1.9
all GnuPG archive keys of the SerNet Samba archive
ii sernet-samba-libs:amd64 99:4.11.8-7
amd64 Samba common library files used by both the server and the
client
ii sernet-samba-libsmbclient0:amd64 99:4.11.8-7
amd64 Shared library that allows applications to talk to SMB servers
ii sernet-samba-winbind 99:4.11.8-7
amd64 Samba nameservice integration server
ii xattr 0.9.6-1
amd64 tool for manipulating filesystem extended attributes
-----------
Am 30.04.20 um 14:52 schrieb Rowland penny via samba:
> On 30/04/2020 13:47, L.P.H. van Belle via samba wrote:
> > Aahh, how could i miss that one.. The server ip in resolv.conf .. Slapping head..
> > Good you're here also Rowland :-)
> >
> I am more worried that he doesn't seem to have a smb.conf file
>
> Rowland
>
>
>
--
forumZFD
Entschieden für Frieden|Committed to Peace
Benedikt Kaleß
Leiter Team IT|Head team IT
Forum Ziviler Friedensdienst e.V.|Forum Civil Peace Service
Am Kölner Brett 8 | 50825 Köln | Germany
Tel 0221 91273233 | Fax 0221 91273299 |
http://www.forumZFD.de
Vorstand nach § 26 BGB, einzelvertretungsberechtigt|Executive Board:
Oliver Knabe (Vorsitz|Chair), Sonja Wiekenberg-Mlalandle, Alexander Mauz
VR 17651 Amtsgericht Köln
Spenden|Donations: IBAN DE37 3702 0500 0008 2401 01 BIC BFSWDE33XXX
More information about the samba
mailing list