[Samba] placing sam.ldb (was dns.keytab doesn't exist)

Dan Egli dan at newideatest.site
Fri Dec 11 21:20:40 UTC 2020 

Okay, here's mine:

/var/lib/samba/bind-dns:
total 16
drwx------ 3 root named 4096 Dec 11 01:02 dns
-rw-rw---- 2 root named  556 Dec 11 01:02 dns.keytab
-rw-rw-r-- 1 root named  929 Dec 11 01:02 named.conf
-rw-rw-r-- 1 root named 2051 Dec 11 01:02 named.txt

/var/lib/samba/bind-dns/dns:
total 3544
-rw-rw---- 1 root named 3620864 Dec 11 01:02 sam.ldb
drwx------ 2 root named    4096 Dec 11 01:02 sam.ldb.d

/var/lib/samba/bind-dns/dns/sam.ldb.d:
total 25316
-rw-rw---- 1 root named 6582272 Dec 11 01:02 
'CN=CONFIGURATION,DC=HOME,DC=EGLIFAMILY,DC=NAME.ldb'
-rw-rw---- 1 root named 8228864 Dec 11 01:02 
'CN=SCHEMA,CN=CONFIGURATION,DC=HOME,DC=EGLIFAMILY,DC=NAME.ldb'
-rw-rw---- 2 root named 4694016 Dec 11 01:45 
'DC=DOMAINDNSZONES,DC=HOME,DC=EGLIFAMILY,DC=NAME.ldb'
-rw-rw---- 2 root named 4694016 Dec 11 01:45 
'DC=FORESTDNSZONES,DC=HOME,DC=EGLIFAMILY,DC=NAME.ldb'
-rw-rw---- 1 root named 1286144 Dec 11 01:02 
'DC=HOME,DC=EGLIFAMILY,DC=NAME.ldb'
-rw-rw---- 2 root named  421888 Dec 11 01:45  metadata.tdb

Problem is: that sam.ldb is the one that's broken (empty) I think. 
There's ANOTHER sam.ldb in /var/lib/samba/private that's a bit bigger:
-rw-rw---- 1 root named 4694016 Dec 10 18:05 /var/lib/samba/private/sam.ldb

So if samba is looking for a sam.ldb in /var/lib/samba/bind-dns should I 
copy the one from private over? Or what should I do?

On 12/11/2020 1:45 PM, Rowland penny via samba wrote:
> On 11/12/2020 20:02, Dan Egli wrote:
>> I have the keytab file, and it's pointed there. What line do I put in 
>> for the sam.ldb file? 
>
> Nothing, it should be created for you.
>
> On my DC /var/lib/samba/bind-dns contains this:
>
> dns  dns.keytab  named.conf  named.conf.update    named.txt
>
> The 'dns' dir contains:
>
> sam.ldb  sam.ldb.d
>
> The 'sam.ldb.d' dir contains:
>
> 'CN=CONFIGURATION,DC=SAMDOM,DC=EXAMPLE,DC=COM.ldb'
> 'CN=SCHEMA,CN=CONFIGURATION,DC=SAMDOM,DC=EXAMPLE,DC=COM.ldb'
> 'DC=DOMAINDNSZONES,DC=SAMDOM,DC=EXAMPLE,DC=COM.ldb'
> 'DC=FORESTDNSZONES,DC=SAMDOM,DC=EXAMPLE,DC=COM.ldb'
> 'DC=SAMDOM,DC=EXAMPLE,DC=COM.ldb'
>  metadata.tdb
>
>> I can see where the good one and the bogus one were created. I'm 
>> perfectly content to copy the good one over the bogus one, but if 
>> there's a better option, I'd like to know about it. I have NO lines 
>> dealing with sam.ldb at all. the tkey-gssapt-keytab line already 
>> existed in my config, no worries there.
> Yes, but was it the correct line, I only ask because everything used 
> to be in the private dir.
>>
>> Once I do all of this, in theory I should be able to start named in 
>> association with samba, right? 
> Once everything is correct, then yes.
>> And then samba should be able to tell named when to update the zone 
>> files for the domain, right?
>
> something along those lines.
>
> Rowland
>
>
>
-- 
Dan Egli
 From my Test Server

More information about the samba mailing list