[Samba] Why are ForeignSecurityPrincipals and Managed Service Accounts empty with no entries?

Turritopsis Dohrnii Teo En Ming ceo at teo-en-ming-corp.com
Tue Feb 18 13:51:06 UTC 2020 

Resend.


________________________________
From: Turritopsis Dohrnii Teo En Ming <ceo at teo-en-ming-corp.com>
Sent: Tuesday, February 18, 2020 9:44 PM
To: L.P.H. van Belle <belle at bazuin.nl>; samba at lists.samba.org <samba at lists.samba.org>
Cc: Turritopsis Dohrnii Teo En Ming <ceo at teo-en-ming-corp.com>
Subject: Re: [Samba] Why are ForeignSecurityPrincipals and Managed Service Accounts empty with no entries?

Hi Louis,

My /etc/named.conf has the following line:

include "/usr/local/samba/bind-dns/named.conf";

My /usr/local/samba/bind-dns/named.conf has the following lines:

# This DNS configuration is for BIND 9.8.0 or later with dlz_dlopen support.
#
# This file should be included in your main BIND configuration file
#
# For example with
# include "/usr/local/samba/bind-dns/named.conf";

#
# This configures dynamically loadable zones (DLZ) from AD schema
# Uncomment only single database line, depending on your BIND version
#
dlz "AD DNS Zone" {
    # For BIND 9.8.x
    # database "dlopen /usr/local/samba/lib/bind9/dlz_bind9.so";

    # For BIND 9.9.x
    # database "dlopen /usr/local/samba/lib/bind9/dlz_bind9_9.so";

    # For BIND 9.10.x
    # database "dlopen /usr/local/samba/lib/bind9/dlz_bind9_10.so";

    # For BIND 9.11.x
     database "dlopen /usr/local/samba/lib/bind9/dlz_bind9_11.so";

    # For BIND 9.12.x
    # database "dlopen /usr/local/samba/lib/bind9/dlz_bind9_12.so";
};

I am using CentOS 8.1 as the AD DC and I didn't touch AppArmor at all.

I had SELinux disabled.

________________________________
From: L.P.H. van Belle <belle at bazuin.nl>
Sent: Tuesday, February 18, 2020 9:29 PM
To: samba at lists.samba.org <samba at lists.samba.org>
Cc: Turritopsis Dohrnii Teo En Ming <ceo at teo-en-ming-corp.com>
Subject: RE: [Samba] Why are ForeignSecurityPrincipals and Managed Service Accounts empty with no entries?

I had a quick look.

At 3:31, the last line.
Dnsupdate_namedupdate_done: FAILED....

On the AD-DC, your showing bind9 as resolving
I suggest, verified if bind_DLZ is enabled.
https://wiki.samba.org/index.php/BIND9_DLZ_DNS_Back_End

And check:
https://wiki.samba.org/index.php/BIND9_DLZ_AppArmor_and_SELinux_Integration



Greetz,

Louis


> -----Oorspronkelijk bericht-----
> Van: samba [mailto:samba-bounces at lists.samba.org] Namens
> Turritopsis Dohrnii Teo En Ming via samba
> Verzonden: dinsdag 18 februari 2020 14:17
> Aan: samba at lists.samba.org
> CC: Turritopsis Dohrnii Teo En Ming
> Onderwerp: [Samba] Why are ForeignSecurityPrincipals and
> Managed Service Accounts empty with no entries?
>
> Good evening from Singapore,
>
> I have just setup Samba 4.11.6 and CentOS 8.1 as Active
> Directory Domain Controller.
>
> Thread:  Teo En Ming's Manual for Setting Up Samba 4.11.6 and
> CentOS 8.1 (1911) Linux Server QEMU/KVM Virtual Machine as an
> Active Directory Domain Controller (AD DC)
>
> Link: https://lists.samba.org/archive/samba/2020-February/228348.html
>
> Question is, why are my ForeignSecurityPrincipals and Managed
> Service Accounts empty with no entries?
>
> Please watch my YouTube video clip for a visual
> representation of the problem.
>
> YouTube video: Samba 4.11.6 and CentOS 8.1 as Active
> Directory Domain Controller
>
> Link: https://www.youtube.com/watch?v=aBFQLy9aryY
>
> This is a short YouTube video clip of about 11 minutes.
>
> I am looking forward to your reply.
>
> Thank you very much.
>
>
>
>
>
>
> -----BEGIN EMAIL SIGNATURE-----
>
> The Gospel for all Targeted Individuals (TIs):
>
> [The New York Times] Microwave Weapons Are Prime Suspect in Ills of
> U.S. Embassy Workers
>
> Link:
> https://www.nytimes.com/2018/09/01/science/sonic-attack-cuba-m
> icrowave.html
>
> **************************************************************
> ******************************
>
>
> Singaporean Mr. Turritopsis Dohrnii Teo En Ming's Academic
> Qualifications as at 14 Feb 2019 and refugee seeking attempts
> at the United Nations Refugee Agency Bangkok (21 Mar 2017),
> in Taiwan (5 Aug 2019) and Australia (25 Dec 2019 to 9 Jan 2020):
>
> [1] https://tdtemcerts.wordpress.com/
>
> [2] https://tdtemcerts.blogspot.sg/
>
> [3] https://www.scribd.com/user/270125049/Teo-En-Ming
>
> -----END EMAIL SIGNATURE-----
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
>
>

More information about the samba mailing list