Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss
[Samba] Samba Internal DNS vs. BIND_DLZ
776 views
Skip to first unread message
Jim Seymour
Aug 27, 2015, 4:00:05 PM8/27/15
to
Hi All,
Well, after going in something of the Wrong Direction, I figure on
starting over.
Now: Looking at the docs, ISTM that BIND_DLZ is kind of a PITA. So,
being as I need the BIND (server also is the nameserver for the entire
LAN), and the recommendation is to put the AD PDC in a sub-domain,
anyway, I was thinking:
Run BIND as normal, but bind it to only eth0
Set up an eth0:0 (virtual interface), give it a different address,
run Samba bound to that interface
BIND would be the auth nameserver for example.com and delegate
the samdom.example.com zone to the Samba DNS running on the second
(virtual) interface
Samba is the auth nameserver for samdom.example.com
Thoughts?
Thanks,
Jim
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
Well, after going in something of the Wrong Direction, I figure on
starting over.
Now: Looking at the docs, ISTM that BIND_DLZ is kind of a PITA. So,
being as I need the BIND (server also is the nameserver for the entire
LAN), and the recommendation is to put the AD PDC in a sub-domain,
anyway, I was thinking:
Run BIND as normal, but bind it to only eth0
Set up an eth0:0 (virtual interface), give it a different address,
run Samba bound to that interface
BIND would be the auth nameserver for example.com and delegate
the samdom.example.com zone to the Samba DNS running on the second
(virtual) interface
Samba is the auth nameserver for samdom.example.com
Thoughts?
Thanks,
Jim
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
Marc Muehlfeld
Aug 27, 2015, 4:30:03 PM8/27/15
to
Hello Jim,
Am 27.08.2015 um 21:49 schrieb Jim Seymour:
> BIND would be the auth nameserver for example.com and delegate
> the samdom.example.com zone to the Samba DNS running on the second
> (virtual) interface
>
> Samba is the auth nameserver for samdom.example.com
If you're already having BIND running, you're just one step away from
including the AD DNS domain as additional domain via DLZ.
https://wiki.samba.org/index.php/Configure_BIND_as_backend_for_Samba_AD#BIND_9.8_.2F_9.9
What's wrong with that?
Regards,
Marc
Am 27.08.2015 um 21:49 schrieb Jim Seymour:
> BIND would be the auth nameserver for example.com and delegate
> the samdom.example.com zone to the Samba DNS running on the second
> (virtual) interface
>
> Samba is the auth nameserver for samdom.example.com
including the AD DNS domain as additional domain via DLZ.
https://wiki.samba.org/index.php/Configure_BIND_as_backend_for_Samba_AD#BIND_9.8_.2F_9.9
What's wrong with that?
Regards,
Marc
Robert Moskowitz
Aug 27, 2015, 4:30:04 PM8/27/15
to
On 08/27/2015 04:18 PM, Marc Muehlfeld wrote:
> Hello Jim,
>
> Am 27.08.2015 um 21:49 schrieb Jim Seymour:
>> BIND would be the auth nameserver for example.com and delegate
>> the samdom.example.com zone to the Samba DNS running on the second
>> (virtual) interface
>>
>> Samba is the auth nameserver for samdom.example.com
> If you're already having BIND running, you're just one step away from
> including the AD DNS domain as additional domain via DLZ.
> https://wiki.samba.org/index.php/Configure_BIND_as_backend_for_Samba_AD#BIND_9.8_.2F_9.9
>
> What's wrong with that?
include "/usr/local/samba/private/named.conf";
This file does not exist on my sernet 4.2 installation.
In fact, I do not have a /usr/local/samba directory.
Rowland Penny
Aug 27, 2015, 4:30:05 PM8/27/15
to
On 27/08/15 20:49, Jim Seymour wrote:
> Hi All,
>
> Well, after going in something of the Wrong Direction, I figure on
> starting over.
>
> Now: Looking at the docs, ISTM that BIND_DLZ is kind of a PITA. So,
> being as I need the BIND (server also is the nameserver for the entire
> LAN), and the recommendation is to put the AD PDC in a sub-domain,
> anyway, I was thinking:
>
> Run BIND as normal, but bind it to only eth0
>
> Set up an eth0:0 (virtual interface), give it a different address,
> run Samba bound to that interface
>
> BIND would be the auth nameserver for example.com and delegate
> the samdom.example.com zone to the Samba DNS running on the second
> (virtual) interface
>
> Samba is the auth nameserver for samdom.example.com
>
> Thoughts?
>
> Thanks,
> Jim
>
No, please No, setting up bind dlz is not a PITA as you put it. You
> Hi All,
>
> Well, after going in something of the Wrong Direction, I figure on
> starting over.
>
> Now: Looking at the docs, ISTM that BIND_DLZ is kind of a PITA. So,
> being as I need the BIND (server also is the nameserver for the entire
> LAN), and the recommendation is to put the AD PDC in a sub-domain,
> anyway, I was thinking:
>
> Run BIND as normal, but bind it to only eth0
>
> Set up an eth0:0 (virtual interface), give it a different address,
> run Samba bound to that interface
>
> BIND would be the auth nameserver for example.com and delegate
> the samdom.example.com zone to the Samba DNS running on the second
> (virtual) interface
>
> Samba is the auth nameserver for samdom.example.com
>
> Thoughts?
>
> Thanks,
> Jim
>
really need to run a DNS server that is authoritative for your samba
domain and anything else is forwarded to another DNS server that knows
about everything else i.e. if a client asks for info about another
domain member, your samba4 server would supply this via bind, if it
asked for an internet site, your samba 4 DNS server would ask the
forwarder and would then give this info to the client, this is a very
simplistic way of putting it, but I sure you get the drift.
If there is something you don't understand about anything on the wiki,
please ask, I will try to help you out and if the wiki proves to be
unclear, I will then update the relevant wiki page.
If you are not wedded to ubuntu and are willing to use Debian instead, a
user called Louis van Belle posts on here and he actually provides
scripts to install a DC for you, you can find these scripts here:
https://secure.bazuin.nl/scripts/
Even if you don't want to use Debian and can read and understand a bash
script, they may help you when/if you re-install.
Rowland
Rowland Penny
Aug 27, 2015, 4:40:04 PM8/27/15
to
On 27/08/15 21:23, Robert Moskowitz wrote:
>
>
> On 08/27/2015 04:18 PM, Marc Muehlfeld wrote:
>> Hello Jim,
>>
>> Am 27.08.2015 um 21:49 schrieb Jim Seymour:
>>> BIND would be the auth nameserver for example.com and delegate
>>> the samdom.example.com zone to the Samba DNS running on the second
>>> (virtual) interface
>>>
>>> Samba is the auth nameserver for samdom.example.com
>> If you're already having BIND running, you're just one step away from
>> including the AD DNS domain as additional domain via DLZ.
>> https://wiki.samba.org/index.php/Configure_BIND_as_backend_for_Samba_AD#BIND_9.8_.2F_9.9
>>
>>
>> What's wrong with that?
>
> It says:
>
> include "/usr/local/samba/private/named.conf";
>
> This file does not exist on my sernet 4.2 installation.
>
> In fact, I do not have a /usr/local/samba directory.
>
>
>
It now also says (at the top):
>
>
> On 08/27/2015 04:18 PM, Marc Muehlfeld wrote:
>> Hello Jim,
>>
>> Am 27.08.2015 um 21:49 schrieb Jim Seymour:
>>> BIND would be the auth nameserver for example.com and delegate
>>> the samdom.example.com zone to the Samba DNS running on the second
>>> (virtual) interface
>>>
>>> Samba is the auth nameserver for samdom.example.com
>> If you're already having BIND running, you're just one step away from
>> including the AD DNS domain as additional domain via DLZ.
>> https://wiki.samba.org/index.php/Configure_BIND_as_backend_for_Samba_AD#BIND_9.8_.2F_9.9
>>
>>
>> What's wrong with that?
>
> It says:
>
> include "/usr/local/samba/private/named.conf";
>
> This file does not exist on my sernet 4.2 installation.
>
> In fact, I do not have a /usr/local/samba directory.
>
>
>
As this HowTo is based around a compiled install, the PATHs refer to
'/usr/local/samba' as a base. If you are using packages from your OS or
Sernet, this PATH will most likely not exist, you will need to find the
relevant files on your system, try starting with '/var/lib/samba'.
I also use Sernet Samba 4.2.3 on one of my DCs and the required
named.conf is in /var/lib/samba/private/ , it is also in
/usr/share/samba/setup/ but called named.conf.dlz
Rowland
Marc Muehlfeld
Aug 27, 2015, 4:50:04 PM8/27/15
to
Am 27.08.2015 um 22:23 schrieb Robert Moskowitz:
>> What's wrong with that?
>
> It says:
>
> include "/usr/local/samba/private/named.conf";
>
> This file does not exist on my sernet 4.2 installation.
>
> In fact, I do not have a /usr/local/samba directory.
Sorry, but we really can't describe all file locations for every distro
>> What's wrong with that?
>
> It says:
>
> include "/usr/local/samba/private/named.conf";
>
> This file does not exist on my sernet 4.2 installation.
>
> In fact, I do not have a /usr/local/samba directory.
or package out there. It would end up in a totally mess. I'm already
unhappy that there are so many distro exceptions on each page meanwhile,
but I will clean that up, somewhen.
We try to keep most things general with the default pathes when you
compile it yourself.
I'm sure, you will find out easily where the file is located via 'find'
or having a look into the package file.
Regards,
Marc
Rowland Penny
Aug 27, 2015, 5:00:04 PM8/27/15
to
On 27/08/15 21:42, Robert Moskowitz wrote:
OK, how did you provision samba4 as a DC ?
I believe that /var/lib/samba/private is empty until the domain is
provisioned, at which point it should look like this:
dns ldapi randseed.tdb share.ldb
dns.keytab ldap_priv sam.ldb smbd.tmp
dns_update_cache named.conf sam.ldb.d spn_update_list
dns_update_list named.conf.update schannel_store.tdb tls
hklm.ldb named.txt secrets.keytab
idmap.ldb netlogon_creds_cli.tdb secrets.ldb
krb5.conf privilege.ldb secrets.tdb
Rowland
>
>> , it is also in /usr/share/samba/setup/ but called named.conf.dlz
>
> Ah there it (and others) are!
>
> thanks
>
>
> On 08/27/2015 04:37 PM, Rowland Penny wrote:
>> On 27/08/15 21:23, Robert Moskowitz wrote:
>>>
>>>
>>> On 08/27/2015 04:18 PM, Marc Muehlfeld wrote:
>>>> Hello Jim,
>>>>
>>>> Am 27.08.2015 um 21:49 schrieb Jim Seymour:
>>>>> BIND would be the auth nameserver for example.com and delegate
>>>>> the samdom.example.com zone to the Samba DNS running on the
>>>>> second
>>>>> (virtual) interface
>>>>>
>>>>> Samba is the auth nameserver for samdom.example.com
>>>> If you're already having BIND running, you're just one step away from
>>>> including the AD DNS domain as additional domain via DLZ.
>>>> https://wiki.samba.org/index.php/Configure_BIND_as_backend_for_Samba_AD#BIND_9.8_.2F_9.9
>>>>
>>>>
>>>> What's wrong with that?
>>>
>>> It says:
>>>
>>> include "/usr/local/samba/private/named.conf";
>>>
>>> This file does not exist on my sernet 4.2 installation.
>>>
>>> In fact, I do not have a /usr/local/samba directory.
>>>
>>>
>>>
>>
>> It now also says (at the top):
>>
>> As this HowTo is based around a compiled install, the PATHs refer to
>> '/usr/local/samba' as a base. If you are using packages from your OS
>> or Sernet, this PATH will most likely not exist, you will need to
>> find the relevant files on your system, try starting with
>> '/var/lib/samba'.
>
> Oh this is soooo much fun! Not..
>
> On 08/27/2015 04:37 PM, Rowland Penny wrote:
>> On 27/08/15 21:23, Robert Moskowitz wrote:
>>>
>>>
>>> On 08/27/2015 04:18 PM, Marc Muehlfeld wrote:
>>>> Hello Jim,
>>>>
>>>> Am 27.08.2015 um 21:49 schrieb Jim Seymour:
>>>>> BIND would be the auth nameserver for example.com and delegate
>>>>> the samdom.example.com zone to the Samba DNS running on the
>>>>> second
>>>>> (virtual) interface
>>>>>
>>>>> Samba is the auth nameserver for samdom.example.com
>>>> If you're already having BIND running, you're just one step away from
>>>> including the AD DNS domain as additional domain via DLZ.
>>>> https://wiki.samba.org/index.php/Configure_BIND_as_backend_for_Samba_AD#BIND_9.8_.2F_9.9
>>>>
>>>>
>>>> What's wrong with that?
>>>
>>> It says:
>>>
>>> include "/usr/local/samba/private/named.conf";
>>>
>>> This file does not exist on my sernet 4.2 installation.
>>>
>>> In fact, I do not have a /usr/local/samba directory.
>>>
>>>
>>>
>>
>> It now also says (at the top):
>>
>> As this HowTo is based around a compiled install, the PATHs refer to
>> '/usr/local/samba' as a base. If you are using packages from your OS
>> or Sernet, this PATH will most likely not exist, you will need to
>> find the relevant files on your system, try starting with
>> '/var/lib/samba'.
>
>
>> I also use Sernet Samba 4.2.3 on one of my DCs and the required
>> named.conf is in /var/lib/samba/private/
>
> Empty dir.
>> I also use Sernet Samba 4.2.3 on one of my DCs and the required
>> named.conf is in /var/lib/samba/private/
>
OK, how did you provision samba4 as a DC ?
I believe that /var/lib/samba/private is empty until the domain is
provisioned, at which point it should look like this:
dns ldapi randseed.tdb share.ldb
dns.keytab ldap_priv sam.ldb smbd.tmp
dns_update_cache named.conf sam.ldb.d spn_update_list
dns_update_list named.conf.update schannel_store.tdb tls
hklm.ldb named.txt secrets.keytab
idmap.ldb netlogon_creds_cli.tdb secrets.ldb
krb5.conf privilege.ldb secrets.tdb
Rowland
>
>> , it is also in /usr/share/samba/setup/ but called named.conf.dlz
>
>
> thanks
Robert Moskowitz
Aug 27, 2015, 5:00:04 PM8/27/15
to
On 08/27/2015 04:37 PM, Rowland Penny wrote:
> On 27/08/15 21:23, Robert Moskowitz wrote:
>>
>>
>> On 08/27/2015 04:18 PM, Marc Muehlfeld wrote:
>>> Hello Jim,
>>>
>>> Am 27.08.2015 um 21:49 schrieb Jim Seymour:
>>>> BIND would be the auth nameserver for example.com and delegate
>>>> the samdom.example.com zone to the Samba DNS running on the
>>>> second
>>>> (virtual) interface
>>>>
>>>> Samba is the auth nameserver for samdom.example.com
>>> If you're already having BIND running, you're just one step away from
>>> including the AD DNS domain as additional domain via DLZ.
>>> https://wiki.samba.org/index.php/Configure_BIND_as_backend_for_Samba_AD#BIND_9.8_.2F_9.9
>>>
>>>
>>> What's wrong with that?
>>
>> It says:
>>
>> include "/usr/local/samba/private/named.conf";
>>
>> This file does not exist on my sernet 4.2 installation.
>>
>> In fact, I do not have a /usr/local/samba directory.
>>
>>
>>
>
> It now also says (at the top):
>
> As this HowTo is based around a compiled install, the PATHs refer to
> '/usr/local/samba' as a base. If you are using packages from your OS
> or Sernet, this PATH will most likely not exist, you will need to find
> the relevant files on your system, try starting with '/var/lib/samba'.
>>
>>
>> On 08/27/2015 04:18 PM, Marc Muehlfeld wrote:
>>> Hello Jim,
>>>
>>> Am 27.08.2015 um 21:49 schrieb Jim Seymour:
>>>> BIND would be the auth nameserver for example.com and delegate
>>>> the samdom.example.com zone to the Samba DNS running on the
>>>> second
>>>> (virtual) interface
>>>>
>>>> Samba is the auth nameserver for samdom.example.com
>>> If you're already having BIND running, you're just one step away from
>>> including the AD DNS domain as additional domain via DLZ.
>>> https://wiki.samba.org/index.php/Configure_BIND_as_backend_for_Samba_AD#BIND_9.8_.2F_9.9
>>>
>>>
>>> What's wrong with that?
>>
>> It says:
>>
>> include "/usr/local/samba/private/named.conf";
>>
>> This file does not exist on my sernet 4.2 installation.
>>
>> In fact, I do not have a /usr/local/samba directory.
>>
>>
>>
>
> It now also says (at the top):
>
> As this HowTo is based around a compiled install, the PATHs refer to
> '/usr/local/samba' as a base. If you are using packages from your OS
> or Sernet, this PATH will most likely not exist, you will need to find
> the relevant files on your system, try starting with '/var/lib/samba'.
Oh this is soooo much fun! Not..
> I also use Sernet Samba 4.2.3 on one of my DCs and the required
> named.conf is in /var/lib/samba/private/
Empty dir.
> named.conf is in /var/lib/samba/private/
> , it is also in /usr/share/samba/setup/ but called named.conf.dlz
Ah there it (and others) are!
thanks
thanks
Robert Moskowitz
Aug 27, 2015, 5:00:04 PM8/27/15
to
stuff. No provisioning yet. I suppose since this build is a through
away one, I should do that.
I still have to figure out what ldap rpms to install, along with dhcp!
Quite a bit to go. Perhaps I am getting too bogged down in DNS, as I
THINK I should know that part up until dlz.
Rowland Penny
Aug 27, 2015, 5:10:03 PM8/27/15
to
On 27/08/15 21:41, Marc Muehlfeld wrote:
> Am 27.08.2015 um 22:23 schrieb Robert Moskowitz:
>>> What's wrong with that?
>> It says:
>>
>> include "/usr/local/samba/private/named.conf";
>>
>> This file does not exist on my sernet 4.2 installation.
>>
>> In fact, I do not have a /usr/local/samba directory.
>
> Sorry, but we really can't describe all file locations for every distro
> or package out there. It would end up in a totally mess. I'm already
> unhappy that there are so many distro exceptions on each page meanwhile,
> but I will clean that up, somewhen.
Hi Marc, I am guilty of this as much as anyone, but there is nowhere
> Am 27.08.2015 um 22:23 schrieb Robert Moskowitz:
>>> What's wrong with that?
>> It says:
>>
>> include "/usr/local/samba/private/named.conf";
>>
>> This file does not exist on my sernet 4.2 installation.
>>
>> In fact, I do not have a /usr/local/samba directory.
>
> Sorry, but we really can't describe all file locations for every distro
> or package out there. It would end up in a totally mess. I'm already
> unhappy that there are so many distro exceptions on each page meanwhile,
> but I will clean that up, somewhen.
else to put this info. It would probably be better to have a page that
lays out what computer name, domain and ipaddress etc the wiki uses. It
should also stress that the wiki is based around a self compiled system
as this is the way that Samba is actually distributed and that the users
paths will be different if they use distro or Sernet packages.
Something needs to be done, one confused user is one user too many.
Rowland
Robert Moskowitz
Aug 27, 2015, 5:10:04 PM8/27/15
to
Ah, LDAP is included within Samba, I find. Don't install provided one...
I suppose I will have to find what schemas, particularly if the bind dlz
schema is included?
I suppose I will have to find what schemas, particularly if the bind dlz
schema is included?
Rowland Penny
Aug 27, 2015, 5:20:03 PM8/27/15
to
On 27/08/15 22:00, Robert Moskowitz wrote:
> Ah, LDAP is included within Samba, I find. Don't install provided one...
>
> I suppose I will have to find what schemas, particularly if the bind
> dlz schema is included?
ER, you don't actually need to add any extra schemas, it is all built
> Ah, LDAP is included within Samba, I find. Don't install provided one...
>
> I suppose I will have to find what schemas, particularly if the bind
> dlz schema is included?
into samba4 when run as an AD DC, if you are struggling to understand
this, just think a windows AD DC but running on Linux.
The next thing to understand is if you want an AD DC and want to use an
rpm based OS (centos, clearos etc) then you cannot use the distro
packages, at the moment, there aren't any. What you can use are the
packages supplied by Sernet: http://www.samba.plus/home/
This is not a bad thing really, as you get more uptodate versions, 4.2.3
at the moment
Rowland
Robert Moskowitz
Aug 27, 2015, 5:30:05 PM8/27/15
to
On 08/27/2015 05:10 PM, Rowland Penny wrote:
> On 27/08/15 22:00, Robert Moskowitz wrote:
>> Ah, LDAP is included within Samba, I find. Don't install provided
>> one...
>>
>> I suppose I will have to find what schemas, particularly if the bind
>> dlz schema is included?
>
> ER, you don't actually need to add any extra schemas, it is all built
> into samba4 when run as an AD DC, if you are struggling to understand
> this, just think a windows AD DC but running on Linux.
here! I still run my home as an NT Domain; I am trying to get with the
future here.
> The next thing to understand is if you want an AD DC and want to use
> an rpm based OS (centos, clearos etc) then you cannot use the distro
> packages, at the moment, there aren't any. What you can use are the
> packages supplied by Sernet: http://www.samba.plus/home/
this is a Centos 7 system. And more it is the development distro for
C7-armv7l. So some stuff is not present. But the my sernet 4.2 rpms
were built on the QEMU server they are using for all this work.
ERGO, I SHOULD have everything in some place resembling where sernet
puts it.
>
> This is not a bad thing really, as you get more uptodate versions,
> 4.2.3 at the moment
perhaps we can automate it.
Marc Muehlfeld
Aug 27, 2015, 5:40:03 PM8/27/15
to
Hello Rowland,
Am 27.08.2015 um 23:02 schrieb Rowland Penny:
> Hi Marc, I am guilty of this as much as anyone, but there is nowhere
> else to put this info. It would probably be better to have a page that
> lays out what computer name, domain and ipaddress etc the wiki uses. It
> should also stress that the wiki is based around a self compiled system
> as this is the way that Samba is actually distributed and that the users
> paths will be different if they use distro or Sernet packages.
>
> Something needs to be done, one confused user is one user too many.
The documentation will receive a huge rework over the next months. I
already begun working on that.
Am 27.08.2015 um 23:02 schrieb Rowland Penny:
> Hi Marc, I am guilty of this as much as anyone, but there is nowhere
> else to put this info. It would probably be better to have a page that
> lays out what computer name, domain and ipaddress etc the wiki uses. It
> should also stress that the wiki is based around a self compiled system
> as this is the way that Samba is actually distributed and that the users
> paths will be different if they use distro or Sernet packages.
>
> Something needs to be done, one confused user is one user too many.
already begun working on that.
Rowland Penny
Aug 27, 2015, 5:40:03 PM8/27/15
to
supplied you with an ARM samba4 package it should be able to be used an
AD DC unless they said otherwise, might be an idea to ask them.
Initially when you install the X86 Sernet packages, they do not know
what they are going to do, AD DC, NT4-style PDC, member server or a
standalone workgroup server, it can be any of these. It is up to the
sysadmin (i.e. you) to tell it what to be, you do this by setting up
smb.conf for all except the first, an AD DC. To set up an AD DC, you
need to run 'samba-tool domain provision' , this will populate, amongst
others, the private dir.
Rowland
Robert Moskowitz
Aug 27, 2015, 6:00:03 PM8/27/15
to
and built that on the armv7l build system. It completed without errors.
>
> Initially when you install the X86 Sernet packages, they do not know
> what they are going to do, AD DC, NT4-style PDC, member server or a
> standalone workgroup server, it can be any of these. It is up to the
> sysadmin (i.e. you) to tell it what to be, you do this by setting up
> smb.conf for all except the first, an AD DC. To set up an AD DC, you
> need to run 'samba-tool domain provision' , this will populate,
> amongst others, the private dir.
my new system and am ready to run the classicupgrade.
Figured 'this is only a test'. Go for it.
Jim Seymour
Aug 27, 2015, 8:30:04 PM8/27/15
to
On Thu, 27 Aug 2015 16:23:57 -0400
Robert Moskowitz <r...@htt-consult.com> wrote:
>
> On 08/27/2015 04:18 PM, Marc Muehlfeld wrote:
[snip]
Robert Moskowitz <r...@htt-consult.com> wrote:
>
> On 08/27/2015 04:18 PM, Marc Muehlfeld wrote:
> > If you're already having BIND running, you're just one step away
> > from including the AD DNS domain as additional domain via DLZ.
> > https://wiki.samba.org/index.php/Configure_BIND_as_backend_for_Samba_AD#BIND_9.8_.2F_9.9
> >
> > What's wrong with that?
>
> It says:
>
> include "/usr/local/samba/private/named.conf";
>
> This file does not exist on my sernet 4.2 installation.
>
> In fact, I do not have a /usr/local/samba directory.
It's an unfortunate fact of life that different Linux distros tend to
> > from including the AD DNS domain as additional domain via DLZ.
> > https://wiki.samba.org/index.php/Configure_BIND_as_backend_for_Samba_AD#BIND_9.8_.2F_9.9
> >
> > What's wrong with that?
>
> It says:
>
> include "/usr/local/samba/private/named.conf";
>
> This file does not exist on my sernet 4.2 installation.
>
> In fact, I do not have a /usr/local/samba directory.
put stuff in different places. Whenever documentation from the
original/source project maintainer(s) refers to "/usr/local/...", you
can be assured they're talking about if you build and install their
package from the source tarball and that Linux distro people will put
stuff Somewhere Else, often a wildly different Somewhere Else.
samba_upgradedns told me where it would be, in my case.
Regards,
Jim
--
Note: My mail server employs *very* aggressive anti-spam
filtering. If you reply to this email and your email is
rejected, please accept my apologies and let me know via my
web form at <http://jimsun.LinxNet.com/contact/scform.php>.
Jim Seymour
Aug 27, 2015, 8:40:03 PM8/27/15
to
On Thu, 27 Aug 2015 22:18:59 +0200
Marc Muehlfeld <mmueh...@samba.org> wrote:
> Hello Jim,
[snip]
include "/var/lib/samba/private/named.conf";
to /etc/bind/named.conf (after editing the above file for BIND
version), named segfault'd on start-up?
Nothing at all ;)
Regards,
Jim
--
Note: My mail server employs *very* aggressive anti-spam
filtering. If you reply to this email and your email is
rejected, please accept my apologies and let me know via my
web form at <http://jimsun.LinxNet.com/contact/scform.php>.
Marc Muehlfeld <mmueh...@samba.org> wrote:
> Hello Jim,
[snip]
>
> If you're already having BIND running, you're just one step away
> from including the AD DNS domain as additional domain via DLZ.
> https://wiki.samba.org/index.php/Configure_BIND_as_backend_for_Samba_AD#BIND_9.8_.2F_9.9
>
> What's wrong with that?
Other than the fact that, when I added
> If you're already having BIND running, you're just one step away
> from including the AD DNS domain as additional domain via DLZ.
> https://wiki.samba.org/index.php/Configure_BIND_as_backend_for_Samba_AD#BIND_9.8_.2F_9.9
>
> What's wrong with that?
include "/var/lib/samba/private/named.conf";
to /etc/bind/named.conf (after editing the above file for BIND
version), named segfault'd on start-up?
Nothing at all ;)
Regards,
Jim
--
Note: My mail server employs *very* aggressive anti-spam
filtering. If you reply to this email and your email is
rejected, please accept my apologies and let me know via my
web form at <http://jimsun.LinxNet.com/contact/scform.php>.
Jim Seymour
Aug 27, 2015, 8:50:03 PM8/27/15
to
On Thu, 27 Aug 2015 21:23:48 +0100
Rowland Penny <rowlandpe...@gmail.com> wrote:
[snip]
> You
> really need to run a DNS server that is authoritative for your
> samba domain and anything else is forwarded to another DNS server
> that knows about everything else ...
[snip]
And that's what running BIND on, say, 192.168.0.1 on eth0, and Samba
at 192.168.0.2 on eth0:0 would accomplish. Samba has built-in DNS.
Why do I need to go to the trouble of running *two* servers for BIND,
bastardizing the BIND on one of them, when I can do everything I want
in one?
I am *not* going to be running Samba on one server and everything
else on another. This is Linux, not Windows. It can walk and chew
gum at the same time ;)
>
[snip]
>
> If you are not wedded to ubuntu ...
[snip]
We've standardized on it.
>
> https://secure.bazuin.nl/scripts/
>
> Even if you don't want to use Debian and can read and understand a
> bash script, they may help you when/if you re-install.
I understand bash, and a good many other languages, as well. Thanks
for the pointer. I'll take a look.
Regards,
Jim
--
Note: My mail server employs *very* aggressive anti-spam
filtering. If you reply to this email and your email is
rejected, please accept my apologies and let me know via my
web form at <http://jimsun.LinxNet.com/contact/scform.php>.
Rowland Penny <rowlandpe...@gmail.com> wrote:
[snip]
>
> No, please No, setting up bind dlz is not a PITA as you put it.
Yes, actually, it is. In my opinion, of course.
> No, please No, setting up bind dlz is not a PITA as you put it.
> You
> really need to run a DNS server that is authoritative for your
> samba domain and anything else is forwarded to another DNS server
[snip]
And that's what running BIND on, say, 192.168.0.1 on eth0, and Samba
at 192.168.0.2 on eth0:0 would accomplish. Samba has built-in DNS.
Why do I need to go to the trouble of running *two* servers for BIND,
bastardizing the BIND on one of them, when I can do everything I want
in one?
I am *not* going to be running Samba on one server and everything
else on another. This is Linux, not Windows. It can walk and chew
gum at the same time ;)
>
[snip]
>
> If you are not wedded to ubuntu ...
[snip]
We've standardized on it.
>
> https://secure.bazuin.nl/scripts/
>
> Even if you don't want to use Debian and can read and understand a
> bash script, they may help you when/if you re-install.
for the pointer. I'll take a look.
Regards,
Jim
--
Note: My mail server employs *very* aggressive anti-spam
filtering. If you reply to this email and your email is
rejected, please accept my apologies and let me know via my
web form at <http://jimsun.LinxNet.com/contact/scform.php>.
Jim Seymour
Aug 27, 2015, 8:50:04 PM8/27/15
to
On Thu, 27 Aug 2015 17:00:28 -0400
Robert Moskowitz <r...@htt-consult.com> wrote:
> Ah, LDAP is included within Samba, I find. Don't install provided
> one...
[remainder snipped]
Robert Moskowitz <r...@htt-consult.com> wrote:
> Ah, LDAP is included within Samba, I find. Don't install provided
> one...
Yikes!
I thought it awfully suspicious that Samba required so few additional
packages and so little "glue work" to get an AD PDC going. Now I
know why.
We *require*, not desire, but *require* OpenLDAP. OpenLDAP is used
for, amongst other things, a Corporate email address book and by the
RADIUS server. Eventually the entire set of network directory data
that currently resides in and is served by NIS+ will be in LDAP.
I'm beginning to suspect this is going to be Not Much Fun :(
Regards,
Jim
--
Note: My mail server employs *very* aggressive anti-spam
filtering. If you reply to this email and your email is
rejected, please accept my apologies and let me know via my
web form at <http://jimsun.LinxNet.com/contact/scform.php>.
Robert Moskowitz
Aug 27, 2015, 11:10:03 PM8/27/15
to
On 08/27/2015 08:45 PM, Jim Seymour wrote:
> On Thu, 27 Aug 2015 17:00:28 -0400
> Robert Moskowitz <r...@htt-consult.com> wrote:
>
>> Ah, LDAP is included within Samba, I find. Don't install provided
>> one...
> [remainder snipped]
>
> Yikes!
>
> I thought it awfully suspicious that Samba required so few additional
> packages and so little "glue work" to get an AD PDC going. Now I
> know why.
>
> We *require*, not desire, but *require* OpenLDAP. OpenLDAP is used
> for, amongst other things, a Corporate email address book and by the
> RADIUS server. Eventually the entire set of network directory data
> that currently resides in and is served by NIS+ will be in LDAP.
syncing with OpenLDAP on other machines.
>
> I'm beginning to suspect this is going to be Not Much Fun :(
>
>
L.P.H. van Belle
Aug 28, 2015, 2:40:04 AM8/28/15
to
when you know the name of a file.. its not so hard to search for it.
I for example install mlocate.. type updatedb
and `locate named.conf | grep samba` , voila your file and location.
Greetz,
>-----Oorspronkelijk bericht-----
>Van: samba [mailto:samba-...@lists.samba.org] Namens Jim Seymour
>Verzonden: vrijdag 28 augustus 2015 02:25
>Aan: sa...@lists.samba.org
>Onderwerp: Re: [Samba] Samba Internal DNS vs. BIND_DLZ
I for example install mlocate.. type updatedb
and `locate named.conf | grep samba` , voila your file and location.
Greetz,
>-----Oorspronkelijk bericht-----
>Van: samba [mailto:samba-...@lists.samba.org] Namens Jim Seymour
>Verzonden: vrijdag 28 augustus 2015 02:25
>Aan: sa...@lists.samba.org
>Onderwerp: Re: [Samba] Samba Internal DNS vs. BIND_DLZ
L.P.H. van Belle
Aug 28, 2015, 2:40:04 AM8/28/15
to
>We *require*, not desire, but *require* OpenLDAP. OpenLDAP is used
>for, amongst other things, a Corporate email address book and by the
>RADIUS server.
wel.. same here, But you can use the ldap of samba,.. i dont see you problem..
>for, amongst other things, a Corporate email address book and by the
>RADIUS server.
coperate e-mail adresses in ldap, wel.. i use zarafa mail server,
which is integrated in ldap also. i extended the schema of samba for that.
i now have multiple adresbooks and other "trick" accounts and/or users/group
for other things.
as by example one of my postfix configs.
server_host = ldap://dc1.internal.domain.tld:389 ldap://dc2.internal.domain.tld:389
search_base = OU=General-Aliasses,OU=Company,DC=internal,DC=domain,DC=tld
version = 3
bind = yes
bind_dn = CN=ldap-bind,OU=Service-Accounts,OU=Company,DC=internal,DC=domain,DC=tld
bind_pw = MyVerySecretPassword
scope = sub
query_filter = (&(objectClass=contact)(displayName=%s))
result_attribute = description
Here in this case for example, i create a contact, and use the displayName and results in description.
and for my users an other filter like..
query_filter = (&(objectClass=person)(zarafaAccount=1)(|(mail=%s)(otherMailbox=%s)))
result_attribute = mail
so, again, if needed extend you schema and enjoy your samba AD..
go here :
https://wiki.samba.org/index.php/User_Documentation
scrol to the bottem, there are also other examples
then
https://wiki.samba.org/index.php/VPN_Single_SignOn_with_Samba_AD
and..
https://wiki.samba.org/index.php/VPN_Single_SignOn_with_Samba_AD#Install_.26_Configure_a_Radius_Server
here is your radius setup example.
Greetz,
Louis
>Verzonden: vrijdag 28 augustus 2015 02:45
L.P.H. van Belle
Aug 28, 2015, 2:50:04 AM8/28/15
to
.....
>
>I just rsynced ALL the files in /etc/samba and /var/lib/samba/*.tdb to
>my new system and am ready to run the classicupgrade.
>
>Figured 'this is only a test'. Go for it.
>
>
All in /var/lib/samba ??
>I just rsynced ALL the files in /etc/samba and /var/lib/samba/*.tdb to
>my new system and am ready to run the classicupgrade.
>
>Figured 'this is only a test'. Go for it.
>
>
thats not entirly correct. below wil get you more going.
before your upgrade, and with the sernet package installed run
samba -b
results in something like : ( this is debian !! )
Paths:
BINDIR: /usr/bin
SBINDIR: /usr/sbin
CONFIGFILE: /etc/samba/smb.conf
NCALRPCDIR: /var/run/samba/ncalrpc
LOGFILEBASE: /var/log/samba
LMHOSTSFILE: /etc/samba/lmhosts
DATADIR: /usr/share
MODULESDIR: /usr/lib/x86_64-linux-gnu/samba
LOCKDIR: /var/cache/samba
STATEDIR: /var/lib/samba
CACHEDIR: /var/cache/samba
PIDDIR: /var/run/samba
PRIVATE_DIR: /var/lib/samba/private
CODEPAGEDIR: /usr/share/samba/codepages
SETUPDIR: /usr/share/samba/setup
WINBINDD_SOCKET_DIR: /var/run/samba/winbindd
WINBINDD_PRIVILEGED_SOCKET_DIR: /var/lib/samba/winbindd_privileged
NTP_SIGND_SOCKET_DIR: /var/lib/samba/ntp_signd
and a "locate *.tdb"
/var/cache/samba/brlock.tdb
/var/cache/samba/dbwrap_watchers.tdb
/var/cache/samba/gencache.tdb
/var/cache/samba/gencache_notrans.tdb
/var/cache/samba/leases.tdb
/var/cache/samba/locking.tdb
/var/cache/samba/messages.tdb
/var/cache/samba/netsamlogon_cache.tdb
/var/cache/samba/notify.tdb
/var/cache/samba/notify_index.tdb
/var/cache/samba/printer_list.tdb
/var/cache/samba/serverid.tdb
/var/cache/samba/smbXsrv_open_global.tdb
/var/cache/samba/smbXsrv_session_global.tdb
/var/cache/samba/smbXsrv_tcon_global.tdb
/var/cache/samba/smbXsrv_version_global.tdb
/var/lib/samba/account_policy.tdb
/var/lib/samba/registry.tdb
/var/lib/samba/share_info.tdb
/var/lib/samba/winbindd_cache.tdb
/var/lib/samba/private/netlogon_creds_cli.tdb
/var/lib/samba/private/randseed.tdb
/var/lib/samba/private/schannel_store.tdb
/var/lib/samba/private/secrets.tdb
/var/lib/samba/private/dns/sam.ldb.d/metadata.tdb
/var/lib/samba/private/sam.ldb.d/metadata.tdb
/var/lib/samba/private/smbd.tmp/msg/names.tdb
locate *.ldb
/var/lib/samba/wins.ldb
/var/lib/samba/private/hklm.ldb
/var/lib/samba/private/idmap.ldb
/var/lib/samba/private/privilege.ldb
/var/lib/samba/private/sam.ldb
/var/lib/samba/private/secrets.ldb
/var/lib/samba/private/share.ldb
/var/lib/samba/private/wins_config.ldb
/var/lib/samba/private/dns/sam.ldb
Rowland Penny
Aug 28, 2015, 4:00:04 AM8/28/15
to
On 28/08/15 01:39, Jim Seymour wrote:
> On Thu, 27 Aug 2015 21:23:48 +0100
> Rowland Penny <rowlandpe...@gmail.com> wrote:
>
> [snip]
>> No, please No, setting up bind dlz is not a PITA as you put it.
> Yes, actually, it is. In my opinion, of course.
>
>> You
>> really need to run a DNS server that is authoritative for your
>> samba domain and anything else is forwarded to another DNS server
>> that knows about everything else ...
> [snip]
>
> And that's what running BIND on, say, 192.168.0.1 on eth0, and Samba
> at 192.168.0.2 on eth0:0 would accomplish. Samba has built-in DNS.
> Why do I need to go to the trouble of running *two* servers for BIND,
> bastardizing the BIND on one of them, when I can do everything I want
> in one?
>
> I am *not* going to be running Samba on one server and everything
> else on another. This is Linux, not Windows. It can walk and chew
> gum at the same time ;)
I run samba 4, Bind9 and DHCP all on the same machine, what you seem to
> On Thu, 27 Aug 2015 21:23:48 +0100
> Rowland Penny <rowlandpe...@gmail.com> wrote:
>
> [snip]
>> No, please No, setting up bind dlz is not a PITA as you put it.
> Yes, actually, it is. In my opinion, of course.
>
>> You
>> really need to run a DNS server that is authoritative for your
>> samba domain and anything else is forwarded to another DNS server
>> that knows about everything else ...
> [snip]
>
> And that's what running BIND on, say, 192.168.0.1 on eth0, and Samba
> at 192.168.0.2 on eth0:0 would accomplish. Samba has built-in DNS.
> Why do I need to go to the trouble of running *two* servers for BIND,
> bastardizing the BIND on one of them, when I can do everything I want
> in one?
>
> I am *not* going to be running Samba on one server and everything
> else on another. This is Linux, not Windows. It can walk and chew
> gum at the same time ;)
be missing is that you run bind9 instead of the internal samba4 DNS
server. Whatever DNS server you do use, it needs to only know about the
samba4 dns domain (which also needs to be the realm name), anything else
it gets from its forwarder.
Rowland
Robert Moskowitz
Aug 28, 2015, 5:50:04 AM8/28/15
to
On 08/28/2015 02:37 AM, L.P.H. van Belle wrote:
> .....
>> I just rsynced ALL the files in /etc/samba and /var/lib/samba/*.tdb to
>> my new system and am ready to run the classicupgrade.
>>
>> Figured 'this is only a test'. Go for it.
>>
>>
>
> All in /var/lib/samba ??
> thats not entirly correct. below wil get you more going.
them all in a directory under /root where I ran the conversion.
Jim Seymour
Aug 28, 2015, 7:50:03 AM8/28/15
to
On Fri, 28 Aug 2015 08:51:30 +0100
Rowland Penny <rowlandpe...@gmail.com> wrote:
> ... what you seem
that. The dynamic zone code crashed named. (Don't know why, yet. It
happened at the end of the day, and I no longer skip workout time for
work, no matter *how* interesting the problem, so...)
However...
I have to say that lash-up strikes me as kind of fragile.
Jim
Rowland Penny <rowlandpe...@gmail.com> wrote:
> ... what you seem
> to be missing is that you run bind9 instead of the internal samba4
> DNS server. Whatever DNS server you do use, it needs to only know
> about the samba4 dns domain (which also needs to be the realm name),
> anything else it gets from its forwarder.
I did not miss it. As you'll see from another of my posts: I tried
> DNS server. Whatever DNS server you do use, it needs to only know
> about the samba4 dns domain (which also needs to be the realm name),
> anything else it gets from its forwarder.
that. The dynamic zone code crashed named. (Don't know why, yet. It
happened at the end of the day, and I no longer skip workout time for
work, no matter *how* interesting the problem, so...)
However...
I have to say that lash-up strikes me as kind of fragile.
Jim
Rowland Penny
Aug 28, 2015, 8:00:05 AM8/28/15
to
On 28/08/15 12:40, Jim Seymour wrote:
> On Fri, 28 Aug 2015 08:51:30 +0100
> Rowland Penny <rowlandpe...@gmail.com> wrote:
>
>> ... what you seem
>> to be missing is that you run bind9 instead of the internal samba4
>> DNS server. Whatever DNS server you do use, it needs to only know
>> about the samba4 dns domain (which also needs to be the realm name),
>> anything else it gets from its forwarder.
> I did not miss it. As you'll see from another of my posts: I tried
> that. The dynamic zone code crashed named. (Don't know why, yet. It
> happened at the end of the day, and I no longer skip workout time for
> work, no matter *how* interesting the problem, so...)
>
> However...
>
> I have to say that lash-up strikes me as kind of fragile.
>
> Jim
>
Hmm, I have been running samba4 AD and bind9 since 2012 and never had a
> On Fri, 28 Aug 2015 08:51:30 +0100
> Rowland Penny <rowlandpe...@gmail.com> wrote:
>
>> ... what you seem
>> to be missing is that you run bind9 instead of the internal samba4
>> DNS server. Whatever DNS server you do use, it needs to only know
>> about the samba4 dns domain (which also needs to be the realm name),
>> anything else it gets from its forwarder.
> I did not miss it. As you'll see from another of my posts: I tried
> that. The dynamic zone code crashed named. (Don't know why, yet. It
> happened at the end of the day, and I no longer skip workout time for
> work, no matter *how* interesting the problem, so...)
>
> However...
>
> I have to say that lash-up strikes me as kind of fragile.
>
> Jim
>
crash, can we see your named conf files ?
Rowland
Rowland
L.P.H. van Belle
Aug 28, 2015, 8:50:03 AM8/28/15
to
Hai Jim, (and Robert, saw your last post, read this also for samba with bind9_DLZ )
i just search back in the post, and what i noticed was your first post.
http://www.tiltingatlinux.com/2014/04/basic-samba4-domain-controler-on-ubuntu.html
i went over this link ..
This setup has some faults.
sudo nano /etc/hosts
127.0.0.1 localhost
127.0.1.1 pdc.mydomain.local pdc < remove this line.
10.0.0.5 pdc.mydomain.local pdc
UUID=blahblahmoomoowhatnot / ext4 user_xattr,acl,barrier=1,errors=remount-ro,relatime 0 1
change that to
UUID=blahblahmoomoowhatnot / ext4 defaults,barrier=1,errors=remount-ro,relatime 0 1
apt-get install acl xattr
mount -o remount -a
sudo rm /etc/samba/smb.conf
better sudo mv /etc/samba/smb.conf /etc/samba/smb.conf.ubuntu_original
ntp is not linked to samba in that setup.
So, that told..
If you can read bash scripts, and if not, try, its not that hard.
get this script if you use ubuntu 14.04..
https://secure.bazuin.nl/scripts/4-jessie-samba-DC.sh
read through it, it explains itself, i just didnt test it on ubuntu,
but the basics are the same.
Just keep the install order as in the script, thats most important.
simple things can be changed like line 208
debian:
for x in 0 1 2 3 ; do sed -i "s]server ${x}.debian]#server ${x}.debian]g" /etc/ntp.conf ; done
for ubuntu:
for x in 0 1 2 3 ; do sed -i "s]server ${x}.ubuntu]#server ${x}.ubuntu]g" /etc/ntp.conf ; done
etc. .
all you need to know is in this script.
try it, and i say, you wil have a perfect working samba 4 AD DC with bind9_DLZ.
Greetz,
Louis
>-----Oorspronkelijk bericht-----
>Van: samba [mailto:samba-...@lists.samba.org] Namens Jim Seymour
>Verzonden: vrijdag 28 augustus 2015 13:40
i just search back in the post, and what i noticed was your first post.
http://www.tiltingatlinux.com/2014/04/basic-samba4-domain-controler-on-ubuntu.html
i went over this link ..
This setup has some faults.
sudo nano /etc/hosts
127.0.0.1 localhost
127.0.1.1 pdc.mydomain.local pdc < remove this line.
10.0.0.5 pdc.mydomain.local pdc
UUID=blahblahmoomoowhatnot / ext4 user_xattr,acl,barrier=1,errors=remount-ro,relatime 0 1
change that to
UUID=blahblahmoomoowhatnot / ext4 defaults,barrier=1,errors=remount-ro,relatime 0 1
apt-get install acl xattr
mount -o remount -a
sudo rm /etc/samba/smb.conf
better sudo mv /etc/samba/smb.conf /etc/samba/smb.conf.ubuntu_original
ntp is not linked to samba in that setup.
So, that told..
If you can read bash scripts, and if not, try, its not that hard.
get this script if you use ubuntu 14.04..
https://secure.bazuin.nl/scripts/4-jessie-samba-DC.sh
read through it, it explains itself, i just didnt test it on ubuntu,
but the basics are the same.
Just keep the install order as in the script, thats most important.
simple things can be changed like line 208
debian:
for x in 0 1 2 3 ; do sed -i "s]server ${x}.debian]#server ${x}.debian]g" /etc/ntp.conf ; done
for ubuntu:
for x in 0 1 2 3 ; do sed -i "s]server ${x}.ubuntu]#server ${x}.ubuntu]g" /etc/ntp.conf ; done
etc. .
all you need to know is in this script.
try it, and i say, you wil have a perfect working samba 4 AD DC with bind9_DLZ.
Greetz,
Louis
>-----Oorspronkelijk bericht-----
>Van: samba [mailto:samba-...@lists.samba.org] Namens Jim Seymour
Rowland Penny
Aug 28, 2015, 9:10:03 AM8/28/15
to
you had one for Ubuntu.
Rowland
Sketch
Aug 28, 2015, 10:00:04 AM8/28/15
to
On Fri, 28 Aug 2015, Jim Seymour wrote:
> I did not miss it. As you'll see from another of my posts: I tried
> that. The dynamic zone code crashed named. (Don't know why, yet. It
> happened at the end of the day, and I no longer skip workout time for
> work, no matter *how* interesting the problem, so...)
Possibly a silly question, but did you edit
> I did not miss it. As you'll see from another of my posts: I tried
> that. The dynamic zone code crashed named. (Don't know why, yet. It
> happened at the end of the day, and I no longer skip workout time for
> work, no matter *how* interesting the problem, so...)
<path_to>/samba/private/named.conf to point to the correct DLZ module for
your version of bind? Note that dlz_bind9 is for bind 9.8. You need to
use the other modules for 9.9 or 9.10.
> I have to say that lash-up strikes me as kind of fragile.
Jim Seymour
Aug 28, 2015, 2:40:03 PM8/28/15
to
On Fri, 28 Aug 2015 14:41:09 +0200
L.P.H. van Belle <be...@bazuin.nl> wrote:
> Hai Jim, (and Robert, saw your last post, read this also for samba
> with bind9_DLZ )
>
> i just search back in the post, and what i noticed was your first
> post.
> http://www.tiltingatlinux.com/2014/04/basic-samba4-domain-controler-on-ubuntu.html
> i went over this link ..
>
> This setup has some faults.
>
> sudo nano /etc/hosts
> 127.0.0.1 localhost
> 127.0.1.1 pdc.mydomain.local pdc < remove this line.
> 10.0.0.5 pdc.mydomain.local pdc
Already done, but I hadn't created the sub-zone, yet.
L.P.H. van Belle <be...@bazuin.nl> wrote:
> Hai Jim, (and Robert, saw your last post, read this also for samba
> with bind9_DLZ )
>
> i just search back in the post, and what i noticed was your first
> post.
> http://www.tiltingatlinux.com/2014/04/basic-samba4-domain-controler-on-ubuntu.html
> i went over this link ..
>
> This setup has some faults.
>
> sudo nano /etc/hosts
> 127.0.0.1 localhost
> 127.0.1.1 pdc.mydomain.local pdc < remove this line.
> 10.0.0.5 pdc.mydomain.local pdc
>
>
> UUID=blahblahmoomoowhatnot / ext4
> user_xattr,acl,barrier=1,errors=remount-ro,relatime 0 1 change that
> to UUID=blahblahmoomoowhatnot / ext4
> defaults,barrier=1,errors=remount-ro,relatime 0 1
>
> apt-get install acl xattr
"xattr?"
$ apt-get install xattr
Reading package lists... Done
Building dependency tree
Reading state information... Done
E: Unable to locate package xattr
There are various "python-xattr" type things.
>
> mount -o remount -a
>
> sudo rm /etc/samba/smb.conf
> better sudo
> mv /etc/samba/smb.conf /etc/samba/smb.conf.ubuntu_original
one of the first I ever drop on a new install. It saves the named file
from your current directory to an identical path relative to /root.
>
> ntp is not linked to samba in that setup.
> So, that told..
>
> If you can read bash scripts, and if not, try, its not that hard.
>
> get this script if you use ubuntu 14.04..
> https://secure.bazuin.nl/scripts/4-jessie-samba-DC.sh
> read through it, it explains itself, i just didnt test it on ubuntu,
> but the basics are the same.
> Just keep the install order as in the script, thats most important.
> simple things can be changed like line 208
> debian:
> for x in 0 1 2 3 ; do sed -i "s]server ${x}.debian]#server
> ${x}.debian]g" /etc/ntp.conf ; done for ubuntu:
> for x in 0 1 2 3 ; do sed -i "s]server ${x}.ubuntu]#server
> ${x}.ubuntu]g" /etc/ntp.conf ; done
>
> etc. .
> all you need to know is in this script.
> try it, and i say, you wil have a perfect working samba 4 AD DC with
> bind9_DLZ.
Thanks, Louis. I've done some of the above. "Purge"d what I already
had. Will restart anew with your suggestions.
And those of the others, here.
Thanks, everybody, for your patient help!
Rowland Penny
Aug 28, 2015, 3:00:04 PM8/28/15
to
Rowland
Jim Seymour
Sep 1, 2015, 3:10:04 PM9/1/15
to
[snip]
Usage: samba-tool domain provision [options]
samba-tool domain provision: error: no such option: --site
stat: cannot stat ‘/var/lib/samba/private/dns.keytab’: No such file
or directory
(also chown and chmod failed)
enable-ing access for bind in /var/lib/samba/private
sed: can't read /etc/samba/smb.conf: No such file or directory
(4 times)
Setting up the SePrivileges, this wil take a while
kinit: Cannot contact any KDC for realm 'EXAMPLE.COM' while getting
initial credentials
Enter Administrator's password:
Could not connect to server 127.0.0.1
Connection failed: NT_STATUS_CONNECTION_REFUSED
(Those last three lines many times)
Failed to connect host 172.24.125.35 on port 135 -
NT_STATUS_CONNECTION_REFUSED
Failed to connect host 172.24.125.35 (host.example.com) on port 135
- NT_STATUS_CONNECTION_REFUSED.
ERROR(runtime): uncaught exception - (-1073741258, 'The connection
was refused')
File "/usr/lib/python2.7/dist-packages/samba/netcmd/__init__.py",
line 175, in _run return self.run(*args, **kwargs)
File "/usr/lib/python2.7/dist-packages/samba/netcmd/dns.py", line
847, in run dns_conn = dns_connect(server, self.lp, self.creds)
File "/usr/lib/python2.7/dist-packages/samba/netcmd/dns.py", line
37, in dns_connect dns_conn = dnsserver.dnsserver(binding_str,
lp, creds)
And more, but there's probably little point in reproducing the rest.
> but the basics are the same.
> Just keep the install order as in the script, thats most important.
I guess I'll just read the script and try it manually.
[snip]
We'll see.
Thanks for your help. I'll give it one more go. If that fails they I
revert to a plain old Samba server and if they ever want AD they can
buy a MS-Win server.
Thanks,
>
> If you can read bash scripts, and if not, try, its not that hard.
>
> get this script if you use ubuntu 14.04..
> https://secure.bazuin.nl/scripts/4-jessie-samba-DC.sh
> read through it, it explains itself, i just didnt test it on ubuntu,
Doesn't work. Some things that went wrong:
> If you can read bash scripts, and if not, try, its not that hard.
>
> get this script if you use ubuntu 14.04..
> https://secure.bazuin.nl/scripts/4-jessie-samba-DC.sh
> read through it, it explains itself, i just didnt test it on ubuntu,
Usage: samba-tool domain provision [options]
samba-tool domain provision: error: no such option: --site
stat: cannot stat ‘/var/lib/samba/private/dns.keytab’: No such file
or directory
(also chown and chmod failed)
enable-ing access for bind in /var/lib/samba/private
sed: can't read /etc/samba/smb.conf: No such file or directory
(4 times)
Setting up the SePrivileges, this wil take a while
kinit: Cannot contact any KDC for realm 'EXAMPLE.COM' while getting
initial credentials
Enter Administrator's password:
Could not connect to server 127.0.0.1
Connection failed: NT_STATUS_CONNECTION_REFUSED
(Those last three lines many times)
Failed to connect host 172.24.125.35 on port 135 -
NT_STATUS_CONNECTION_REFUSED
Failed to connect host 172.24.125.35 (host.example.com) on port 135
- NT_STATUS_CONNECTION_REFUSED.
ERROR(runtime): uncaught exception - (-1073741258, 'The connection
was refused')
File "/usr/lib/python2.7/dist-packages/samba/netcmd/__init__.py",
line 175, in _run return self.run(*args, **kwargs)
File "/usr/lib/python2.7/dist-packages/samba/netcmd/dns.py", line
847, in run dns_conn = dns_connect(server, self.lp, self.creds)
File "/usr/lib/python2.7/dist-packages/samba/netcmd/dns.py", line
37, in dns_connect dns_conn = dnsserver.dnsserver(binding_str,
lp, creds)
And more, but there's probably little point in reproducing the rest.
> but the basics are the same.
> Just keep the install order as in the script, thats most important.
[snip]
>
> etc. .
> all you need to know is in this script.
> try it, and i say, you wil have a perfect working samba 4 AD DC with
> bind9_DLZ.
[snip]
> etc. .
> all you need to know is in this script.
> try it, and i say, you wil have a perfect working samba 4 AD DC with
> bind9_DLZ.
We'll see.
Thanks for your help. I'll give it one more go. If that fails they I
revert to a plain old Samba server and if they ever want AD they can
buy a MS-Win server.
Thanks,
Jim
--
Note: My mail server employs *very* aggressive anti-spam
filtering. If you reply to this email and your email is
rejected, please accept my apologies and let me know via my
web form at <http://jimsun.LinxNet.com/contact/scform.php>.
--
Note: My mail server employs *very* aggressive anti-spam
filtering. If you reply to this email and your email is
rejected, please accept my apologies and let me know via my
web form at <http://jimsun.LinxNet.com/contact/scform.php>.
Rowland Penny
Sep 1, 2015, 3:20:03 PM9/1/15
to
On 01/09/15 20:01, Jim Seymour wrote:
> On Fri, 28 Aug 2015 14:41:09 +0200
> L.P.H. van Belle <be...@bazuin.nl> wrote:
>
> [snip]
>> If you can read bash scripts, and if not, try, its not that hard.
>>
>> get this script if you use ubuntu 14.04..
>> https://secure.bazuin.nl/scripts/4-jessie-samba-DC.sh
>> read through it, it explains itself, i just didnt test it on ubuntu,
> Doesn't work. Some things that went wrong:
>
> Usage: samba-tool domain provision [options]
>
> samba-tool domain provision: error: no such option: --site
The '--site' option was added after the samba version 4.1.6 used by
> On Fri, 28 Aug 2015 14:41:09 +0200
> L.P.H. van Belle <be...@bazuin.nl> wrote:
>
> [snip]
>> If you can read bash scripts, and if not, try, its not that hard.
>>
>> get this script if you use ubuntu 14.04..
>> https://secure.bazuin.nl/scripts/4-jessie-samba-DC.sh
>> read through it, it explains itself, i just didnt test it on ubuntu,
> Doesn't work. Some things that went wrong:
>
> Usage: samba-tool domain provision [options]
>
> samba-tool domain provision: error: no such option: --site
Ubuntu 4.1.6, I think what happened here was that samba-tool error-ed
out and didn't provision the domain, try removing the '--site' from
Louis's script and try again.
Rowland
0 new messages