Fwd: Error start bind9 samba4 BIND9_DLZ
Daniele Dario
d.dario76 at gmail.com
Tue Sep 24 16:11:53 CEST 2013
On Tue, 2013-09-24 at 08:10 -0300, Jacó Ramos wrote:
> When run :
>
>
> samba-upgradedns --dns-backend=BIND9_DLZ
> Cannot create AD based DNS for OS Level < 2003
> and now ?
>
> Grato.
>
> Jacó Ramos
> 2013/9/24 Rowland Penny <repenny241155 at gmail.com>
> On 24/09/13 11:38, Jacó Ramos wrote:
> Hi Dario,
>
> cp /usr/local/samba/private/sam.ldb /usr/local/samba/private/dns
> cp /usr/local/samba/private/sam.ldb.d /usr/local/samba/private/dns
>
>
> and
>
> chmod 777 /usr/local/samba/private/dns/*
>
> and dns works fine!
>
> Grato.
> Jacó Ramos
>
>
> Hi, sorry but you have got it wrong, it needs to be hard
> linked, see here:
> https://wiki.samba.org/index.php/Samba4/HOWTO/Join_a_domain_as_a_DC
>
> and here:
> https://wiki.samba.org/index.php/Dns-backend_bind#New_added_DNS_entries_are_not_resolvable
>
> Rowland
>
Hi Jacó,
could it be that your domain/forest level is < 2003?
try to run
# samba-tool domain level show
to see the domain/forest levels.
Did you provision the domain on samba AD DC or did you join it to an
existing domain?
BTW as Rowland said the private/dns content has to be hard linked and
not a simple copy. Samba updates it's private/sam.ldb and
private/sam.ldb.d/* files. Files on private/dns won't be updated that's
why they have to be links to the original ones.
A side note about permissions: it would be safer to restrict permissions
to bind/named so as stated in the wiki you can
# chown named:named /usr/local/samba/private/dns
# chgrp named /usr/local/samba/private/dns.keytab
# chmod g+r /usr/local/samba/private/dns.keytab
# chmod 775 /usr/local/samba/private/dns
Daniele.
More information about the samba-technical
mailing list