[Samba] DNS problems when adding samba DC to win2008R2

Carlos Jesus camjesus2 at gmail.com
Mon Sep 14 09:39:32 UTC 2020


>
> On 13/09/2020 22:40, Carlos Jesus wrote:
> > Hi Rowland, thank you for your help.
> > I've added the include "/var/lib/samba/bind-dns/named.conf in
> > /etc/bind/named.conf instead of named.conf.options.
> Please don't do that, it isn't a good idea, use an 'include', that way
> if something changes, it will still work.
> >

It IS an include. In named.conf with the other includes, but I've changed
it.

>

> As for the link, here it goes.
> > https://lists.samba.org/archive/samba/2019-July/224546.html
>
> Yes and that didn't end successfully :-\
>
> Yeap. I  noticed but still...

> What did the Windows DC start out as ? 2008R2 or was it an earlier version
> ?
>
> Straight Windows 2008R2

> What was the full command you used to join the Samba DC to the Windows
> domain ?
>
> I basically followed
https://wiki.samba.org/index.php/Joining_a_Samba_DC_to_an_Existing_Active_Directory
.
The command was
samba-tool domain join MyDomain.lx.pt DC -U"MyDomain\administrator"

> Did you get any errors during the successful join ?
>
> Not after changing join.py

> Can you go here:
> https://github.com/thctlo/samba4/blob/master/samba-collect-debug-info.sh
>
> Download the script and run it on your Samba DC.
>
> sanitise the outpost and post it to this list.



>
>
grep: /etc/samba/smb.conf: No such file or directory
./samba.sh: line 328: [: : integer expression expected
DC2:/home/carlos# more /tmp/samba-debug-info.txt
Collected config  --- 2020-09-14-10:27 -----------

Hostname: DC2
DNS Domain: MyDomain.lx.pt
FQDN: DC2.MyDomain.lx.pt
ipaddress: 192.168.59.112
-----------
Kerberos SRV _kerberos._tcp.MyDomain.lx.pt record verified ok, sample
output:
Server:         192.168.59.112
Address:        192.168.59.112#53

_kerberos._tcp.MyDomain.lx.pt     service = 0 100 88 dc2.MyDomain.lx.pt.
Samba is running as an AD DC
-----------
       Checking file: /etc/os-release
PRETTY_NAME="Debian GNU/Linux 10 (buster)"
NAME="Debian GNU/Linux"
VERSION_ID="10"
VERSION="10 (buster)"
VERSION_CODENAME=buster
ID=debian
HOME_URL="https://www.debian.org/"
SUPPORT_URL="https://www.debian.org/support"
BUG_REPORT_URL="https://bugs.debian.org/"
-----------

This computer is running Debian 10.5 x86_64
-----------
running command : ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group
default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group
default qlen 1000
    link/ether 00:15:5d:3b:6f:09 brd ff:ff:ff:ff:ff:ff
    inet 192.168.59.112/24 brd 192.168.59.255 scope global eth0
-----------
       Checking file: /etc/hosts
127.0.0.1       localhost
192.168.59.112  DC2.MyDomain.lx.pt        DC2
-----------
       Checking file: /etc/resolv.conf
domain MyDomain.lx.pt
search MyDomain.lx.pt
#nameserver 192.168.59.111
nameserver 192.168.59.112
-----------
       Checking file: /etc/krb5.conf
[libdefaults]
        default_realm = MyDomain.LX.PT
        dns_lookup_realm = false
        dns_lookup_kdc = true
-----------
       Checking file: /etc/nsswitch.conf

passwd:         files systemd winbind
group:          files systemd winbind
shadow:         files
gshadow:        files

hosts:          files mdns4_minimal [NOTFOUND=return] dns
networks:       files

protocols:      db files
services:       db files
ethers:         db files
rpc:            db files

netgroup:       nis
-----------
       Checking file: /usr/local/samba/etc/smb.conf
[global]
        netbios name = DC2
        realm = MyDomain.LX.PT
        server role = active directory domain controller
        workgroup = MyDomain
        idmap_ldb:use rfc2307 = yes
        log level = 1 auth_json_audit:2@/var/log/samba/auth.log sam:2@
/var/log/samba/sam.log
        log file = /var/log/samba/samba.log
        server services = -dns

        winbind nss info = template
        template shell = /bin/bash
        template homedir = /home/%U
        server min protocol = SMB2

[sysvol]
        path = /usr/local/samba/var/locks/sysvol
        read only = No

[netlogon]
        path = /usr/local/samba/var/locks/sysvol/MyDomain.lx.pt/scripts
        read only = No
-----------
Detected bind DLZ enabled..
       Checking file: /etc/bind/named.conf

include "/etc/bind/named.conf.options";
include "/etc/bind/named.conf.local";
include "/etc/bind/named.conf.default-zones";
include "/usr/local/samba/bind-dns/named.conf";
-----------
       Checking file: /etc/bind/named.conf.options
acl internals { 127.0.0.0/8; 192.168.59.0/24; };

options {
      directory "/var/cache/bind";
      version "Go Away 0.0.7";
      notify no;
      empty-zones-enable no;
      auth-nxdomain yes;
      forwarders { 8.8.8.8; 8.8.4.4; };
      allow-transfer { none; };

      dnssec-validation no;
      dnssec-enable no;
      dnssec-lookaside no;
      listen-on-v6 { none; };
      listen-on port 53 { 192.168.59.112; 127.0.0.1; ::1; };

      minimal-responses yes;

      allow-query { "internals";  };
      allow-query-cache { "internals"; };

      recursion yes;
      allow-recursion {  "internals"; };

      tkey-gssapi-keytab "/usr/local/samba/bind-dns/dns.keytab";
  };
-----------
       Checking file: /etc/bind/named.conf.local
-----------
       Checking file: /etc/bind/named.conf.default-zones
zone "." {
        type hint;
        file "/usr/share/dns/root.hints";
};

zone "localhost" {
        type master;
        file "/etc/bind/db.local";
};

zone "127.in-addr.arpa" {
        type master;
        file "/etc/bind/db.127";
};

zone "0.in-addr.arpa" {
        type master;
        file "/etc/bind/db.0";
};

zone "255.in-addr.arpa" {
        type master;
        file "/etc/bind/db.255";
};
-----------
Samba DNS zone list:   3 zone(s) found

  pszZoneName                 : 59.168.192.in-addr.arpa
  Flags                       : DNS_RPC_ZONE_DSINTEGRATED
DNS_RPC_ZONE_UPDATE_SECURE
  ZoneType                    : DNS_ZONE_TYPE_PRIMARY
  Version                     : 50
  dwDpFlags                   : DNS_DP_AUTOCREATED DNS_DP_DOMAIN_DEFAULT
DNS_DP_ENLISTED
  pszDpFqdn                   : DomainDnsZones.MyDomain.lx.pt

  pszZoneName                 : MyDomain.lx.pt
  Flags                       : DNS_RPC_ZONE_DSINTEGRATED
DNS_RPC_ZONE_UPDATE_SECURE
  ZoneType                    : DNS_ZONE_TYPE_PRIMARY
  Version                     : 50
  dwDpFlags                   : DNS_DP_AUTOCREATED DNS_DP_DOMAIN_DEFAULT
DNS_DP_ENLISTED
  pszDpFqdn                   : DomainDnsZones.MyDomain.lx.pt

  pszZoneName                 : _msdcs.MyDomain.lx.pt
  Flags                       : DNS_RPC_ZONE_DSINTEGRATED
DNS_RPC_ZONE_UPDATE_SECURE
  ZoneType                    : DNS_ZONE_TYPE_PRIMARY
  Version                     : 50
  dwDpFlags                   : DNS_DP_AUTOCREATED DNS_DP_FOREST_DEFAULT
DNS_DP_ENLISTED
  pszDpFqdn                   : ForestDnsZones.MyDomain.lx.pt

Samba DNS zone list Automated check :
zone : 59.168.192.in-addr.arpa ok, no Bind flat-files found
-----------
zone : MyDomain.lx.pt ok, no Bind flat-files found
-----------
zone : _msdcs.MyDomain.lx.pt ok, no Bind flat-files found
-----------
Installed packages:
ii  acl                                   2.2.53-4
   amd64        access control list - utilities
ii  attr                                  1:2.4.48-4
   amd64        utilities for manipulating filesystem extended attributes
ii  bind9                                 1:9.11.5.P4+dfsg-5.1+deb10u2
   amd64        Internet Domain Name Server
ii  bind9-host                            1:9.11.5.P4+dfsg-5.1+deb10u2
   amd64        DNS lookup utility (deprecated)
ii  bind9utils                            1:9.11.5.P4+dfsg-5.1+deb10u2
   amd64        Utilities for BIND
ii  fonts-quicksand                       0.2016-2
   all          sans-serif font with round attributes
ii  krb5-config                           2.6
  all          Configuration files for Kerberos Version 5
ii  krb5-kdc                              1.17-3
   amd64        MIT Kerberos key server (KDC)
ii  krb5-locales                          1.17-3
   all          internationalization support for MIT Kerberos
ii  krb5-multidev:amd64                   1.17-3
   amd64        development files for MIT Kerberos without Heimdal conflict
ii  krb5-user                             1.17-3
   amd64        basic programs to authenticate using MIT Kerberos
ii  libacl1:amd64                         2.2.53-4
   amd64        access control list - shared library
ii  libacl1-dev:amd64                     2.2.53-4
   amd64        access control list - static libraries and headers
ii  libattr1:amd64                        1:2.4.48-4
   amd64        extended attribute handling - shared library
ii  libattr1-dev:amd64                    1:2.4.48-4
   amd64        extended attributes handling - static libraries and headers
ii  libbind9-161:amd64                    1:9.11.5.P4+dfsg-5.1+deb10u2
   amd64        BIND9 Shared Library used by BIND
ii  libgssapi-krb5-2:amd64                1.17-3
   amd64        MIT Kerberos runtime libraries - krb5 GSS-API Mechanism
ii  libkrb5-26-heimdal:amd64              7.5.0+dfsg-3
   amd64        Heimdal Kerberos - libraries
ii  libkrb5-3:amd64                       1.17-3
   amd64        MIT Kerberos runtime libraries
ii  libkrb5-dev:amd64                     1.17-3
   amd64        headers and development libraries for MIT Kerberos
ii  libkrb5support0:amd64                 1.17-3
   amd64        MIT Kerberos runtime libraries - Support library
ii  libsmbclient:amd64                    2:4.9.5+dfsg-5+deb10u1
   amd64        shared library for communication with SMB/CIFS servers
ii  libwbclient0:amd64                    2:4.9.5+dfsg-5+deb10u1
   amd64        Samba winbind client library
ii  python-attr                           18.2.0-1
   all          Attributes without boilerplate (Python 2)
ii  python3-pyxattr                       0.6.1-1
  amd64        module for manipulating filesystem extended attributes
(Python3)
ii  samba-libs:amd64                      2:4.9.5+dfsg-5+deb10u1
   amd64        Samba core libraries
-----------

Rowland penny via samba <samba at lists.samba.org> escreveu no dia segunda,
14/09/2020 à(s) 08:43:

> On 13/09/2020 22:40, Carlos Jesus wrote:
> > Hi Rowland, thank you for your help.
> > I've added the include "/var/lib/samba/bind-dns/named.conf in
> > /etc/bind/named.conf instead of named.conf.options.
> Please don't do that, it isn't a good idea, use an 'include', that way
> if something changes, it will still work.
> >
> > As for the link, here it goes.
> > https://lists.samba.org/archive/samba/2019-July/224546.html
>
> Yes and that didn't end successfully :-\
>
> What did the Windows DC start out as ? 2008R2 or was it an earlier version
> ?
>
> What was the full command you used to join the Samba DC to the Windows
> domain ?
>
> Did you get any errors during the successful join ?
>
> Can you go here:
> https://github.com/thctlo/samba4/blob/master/samba-collect-debug-info.sh
>
> Download the script and run it on your Samba DC.
>
> sanitise the outpost and post it to this list.
>
> Rowland
>
>
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
>


More information about the samba mailing list