[Samba] User names not replicating to secondary DC

durwin at mgtsciences.com durwin at mgtsciences.com
Thu Feb 27 19:56:10 UTC 2020


> > DC1 smb.conf
> >         winbind use default domain = true
> >         winbind offline logon = false
> >         winbind nss info = rfc2307
> >         winbind enum users = yes
> >         winbind enum groups = yes
> 
> The above lines have no place in a DC smb.conf or are defaults
Commented them out.

> 
> Change the following files as shown:

Done.

> 
> ===
> DC0 /etc/resolv.conf
> 
> nameserver 172.23.93.25
> search msi.mydomain.com
> ===
> 
> DC1 /etc/resolv.conf
> 
> nameserver 172.23.93.3
> search msi.mydomain.com
> ===
> 
> DC0 /etc/hosts
> 127.0.0.1       localhost
> 172.23.93.25    dc0.msi.mydomain.com dc0
> 
> # The following lines are desirable for IPv6 capable hosts
> ::1     localhost ip6-localhost ip6-loopback
> fe00::0 ip6-localnet
> ff02::1 ip6-allnodes
> ff02::2 ip6-allrouters
> ff02::3 ip6-allhosts
> ===
> 
> DC1 /etc/hosts
> 127.0.0.1       localhost
> 172.23.93.26    dc1.msi.mydomain.com dc1
> 
> # The following lines are desirable for IPv6 capable hosts
> ::1     ip6-localhost ip6-loopback
> fe00::0 ip6-localnet
> ff00::0 ip6-mcastprefix
> ff02::1 ip6-allnodes
> ff02::2 ip6-allrouters
> ===
> 
> Why are you using the internal dns server on one DC and Bind9 on the 
other ?
I am very familiar with configuring Named on Fedora.  I thought it would 
be
just as easy on Ubuntu.  After discovering the files were in different 
places
and so many more being 'included', I decided to use internal on the second
one.  I believe there is a command to switch over to internal, correct?

> 
> Can you post the named.conf files from the one that is running Bind9.
named.conf
include "/etc/bind/named.conf.options";
include "/etc/bind/named.conf.local";
include "/etc/bind/named.conf.default-zones";

named.conf.options
acl "trusted" {
        172.23.93.0/24;
        192.168.4.0/24;
        10.8.3.0/24;
        10.8.2.0/24;
        127.0.0.1;
        localnets;
        localhost;
};


options {
        directory "/var/cache/bind";
        notify no;
        empty-zones-enable no;
        allow-query { trusted;};
        allow-recursion { trusted;};
        forwarders { 172.23.93.3; };
        allow-transfer { trusted;};
        allow-update { trusted;};
        dnssec-validation no;
        dnssec-enable no;
        dnssec-lookaside no;
        listen-on-v6 { none; };
        listen-on port 53 { 172.23.93.25; 127.0.0.1; };

        tkey-gssapi-keytab "/var/lib/samba/private/dns.keytab";
};


named.conf.local
include "/var/lib/samba/bind-dns/named.conf";

/var/lib/samba/bind-dns/named.conf
dlz "AD DNS Zone" {
    # For BIND 9.8.x
    # database "dlopen 
/usr/lib/x86_64-linux-gnu/samba/bind9/dlz_bind9.so";

    # For BIND 9.9.x
    # database "dlopen 
/usr/lib/x86_64-linux-gnu/samba/bind9/dlz_bind9_9.so";

    # For BIND 9.10.x
    # database "dlopen 
/usr/lib/x86_64-linux-gnu/samba/bind9/dlz_bind9_10.so";

    # For BIND 9.11.x
     database "dlopen 
/usr/lib/x86_64-linux-gnu/samba/bind9/dlz_bind9_11.so";
};

/etc/bind/named.conf.default-zones
// prime the server with knowledge of the root servers
zone "." {
        type hint;
        file "/etc/bind/db.root";
};

// be authoritative for the localhost forward and reverse zones, and for
// broadcast zones as per RFC 1912

zone "localhost" {
        type master;
        file "/etc/bind/db.local";
};

zone "127.in-addr.arpa" {
        type master;
        file "/etc/bind/db.127";
};

zone "0.in-addr.arpa" {
        type master;
        file "/etc/bind/db.0";
};

zone "255.in-addr.arpa" {
        type master;
        file "/etc/bind/db.255";
};


The command 'samba-tool drs showrepl' shows zero failures.  That was the
attachments I thought went out on first email.

> 
> Rowland
> 
> 
> 
> -- 
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba



This email message and any attachments are for the sole use of the 
intended recipient(s) and may contain proprietary and/or confidential 
information which may be privileged or otherwise protected from 
disclosure. Any unauthorized review, use, disclosure or distribution is 
prohibited. If you are not the intended recipient(s), please contact the 
sender by reply email and destroy the original message and any copies of 
the message as well as any attachments to the original message.


More information about the samba mailing list