[Samba] Bind Questions I know you are going to ask:

Fri Jun 3 18:45:43 UTC 2022

On 6/3/22 14:26, Kees van Vloten via samba wrote:
>
> Op 03-06-2022 om 17:02 schreef Zombie Ryushu via samba:
>> On 6/3/22 10:54, L. van Belle via samba wrote:
>>> Well, that bind isnt starting when you remove the flat file zone.
>>> that "is" correct. I tell you why that is..
>>>
>>> what is also to be observced that, you need to replace the entries from
>>> flatfile to bind_DLZ.
>>> so, why bind_dlz doesn't start, its trying to load a "non-existing" 
>>> zone.
>>>
>>> The fix is, threat this as a new install.
>>> so, remove smb.conf, stop and provision samba.
>>>
>>> My thoughts where right here.
>>> starting samba without a "provisioned" zone in bind_dlz.
>>>
>>> now, after you have provisioned this server, repeat on the others.
>>> re-read :
>>> https://wiki.samba.org/index.php/Setting_up_Samba_as_an_Active_Directory_Dom 
>>>
>>> ain_Controller
>>>
>>> if you need extra servers with dns services.  *( Not samba-ad-dc's, 
>>> because
>>> ad-dc's you just join in the domain. ) Just set a forwarding zone to 
>>> the
>>> AD-DC's or slave zones on these other servers.
>>>
>>> I hope this helps you.
>>>
>>> Greetz,
>>>
>>> Louis
>>>
>>>
>>>> -----Oorspronkelijk bericht-----
>>>> Van: samba <samba-bounces at lists.samba.org> Namens Zombie Ryushu via
>>>> samba
>>>> Verzonden: vrijdag 3 juni 2022 16:19
>>>> Aan: Rowland Penny via samba <samba at lists.samba.org>
>>>> Onderwerp: [Samba] Bind Questions I know you are going to ask:
>>>>
>>>> Okay, so I know you will have some questions abound Bind. Let me
>>>> answer a few of them for you.
>>>>
>>>> I did re-enable a Flat File Zone just so Bind would start. I also have
>>>> a commented out AD Zone that crashes Bind.
>>>>
>>>> I did generate a DNS Keytab with samba-tool export keytab.
>>>>
>>>> Bind won't start if I use the AD Dynamic zone.
>>>>
>>>>
>>>> -- 
>>>> To unsubscribe from this list go to the following URL and read the
>>>> instructions:  https://lists.samba.org/mailman/options/samba
>>>
>> I don't have the Resources to setup another constantly running 
>> system. I CAN NOT have two continuously running hardware DNS Servers. 
>> I don't have enough electrical power for that. I can have spares that 
>> I can power up occasionally as backups that are offline most of the 
>> time.
>>
>> I also do not want to create some convoluted Virtualization scheme to 
>> drain my resources. This is the entire reason I did not want to hand 
>> DNS over to Samba.
>>
>> Additionally I have a bunch of existing users. I will NOT Rip my 
>> Domain to shreds over this.
>>
>>
> Fire up some privileged lxc containers and you can achieve this 
> without extra hardware. Samba AD-DC and Samba Fileserver will run fine 
> in a privileged lxc containers.
>
>
>
I'm not too concerned with the File servers, but this is blocking AD 
Logins of workstations using the sssd AD Module. Only Classic 
LDAP/Kerberos still work.