On 06/11/2013 12:15 PM, Rowland Penny wrote:
Have you created the reverse zone? Samba, for some reason, does not
automatically create it. If I run your command, I get:
IPs: ['192.168.0.2']
Calling nsupdate for A domain.lan 192.168.0.2
Outgoing update query:
;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id: 0
;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0
;; UPDATE SECTION:
domain.lan. 900 IN A 192.168.0.2
and so on ~~~~~
Rowland
Hi Rowland,
do you mean the samba_dnsupdate command?
I don't think the command, when I run it, gets as far as you get.
Where do you propose to create the reverse zone? statically in bind or
by editing the file /usr/local/samba/private/dns_update_list?
Cheers
Simon
On 11 June 2013 10:54, NOC <[email protected]
<mailto:[email protected]>> wrote:
Hi All
I've started again from scratch, following the wikipage at
https://wiki.samba.org/index.php/Dns-backend_bind#Bind_9.8_.2F_9.9
I'm using bind 9.8.5-P1 and samba4 master (from yesterday I guess)
compiling from scratch:
bind: ./configure --with-gssapi=/usr/include/gssapi --with-dlopen=yes
And the given named.conf in /etc/bind/ (as this is where I want
the config to reside)
I've include the local zones as provided and I modified the named
in a few places:
diff orig-named.conf /etc/bind/named.conf
6c6
< directory "/var/named";
---
> directory "/etc/bind";
8c8
< forwarders { 8.8.8.8; 8.8.4.4; };
---
> forwarders { 172.16.1.12; 172.16.1.18; };
16,17c16,18
< 10.1.1.0/24 <http://10.1.1.0/24>;
< ...other networks you want to allow to query your
DNS...;
---
> 192.168.6.0/24 <http://192.168.6.0/24>;
> 127.0.0.0/8 <http://127.0.0.0/8>;
> #...other networks you want to allow to query
your DNS...;
21,22c22,24
< 10.1.1.0/24 <http://10.1.1.0/24>;
< ...other networks you want to allow to do
recursive queries...;
---
> 192.168.6.0/24 <http://192.168.6.0/24>;
> 127.0.0.0/8 <http://127.0.0.0/8>;
> #...other networks you want to allow to do
recursive queries...;
24a27,28
> tkey-gssapi-keytab "/usr/local/samba/private/dns.keytab";
>
26a31
> include "/usr/local/samba/private/named.conf";
This is just so bind actually works and the files created by
provision are included
Provision was done using:
samba-tool domain provision
Realm: example
Domain [example]: example.com <http://example.com>
Server Role (dc, member, standalone) [dc]: dc
DNS backend (SAMBA_INTERNAL, BIND9_FLATFILE, BIND9_DLZ, NONE)
[SAMBA_INTERNAL]: BIND9_DLZ
Administrator password:
Retype password:
Looking up IPv4 addresses
Looking up IPv6 addresses
No IPv6 address will be assigned
Setting up share.ldb
Setting up secrets.ldb
Setting up the registry
Setting up the privileges database
Setting up idmap db
Setting up SAM db
Setting up sam.ldb partitions and settings
Setting up sam.ldb rootDSE
Pre-loading the Samba 4 and AD schema
Adding DomainDN: DC=example
Adding configuration container
Setting up sam.ldb schema
Setting up sam.ldb configuration data
Setting up display specifiers
Modifying display specifiers
Adding users container
Modifying users container
Adding computers container
Modifying computers container
Setting up sam.ldb data
Setting up well known security principals
Setting up sam.ldb users and groups
Setting up self join
Adding DNS accounts
Creating CN=MicrosoftDNS,CN=System,DC=example
Creating DomainDnsZones and ForestDnsZones partitions
Populating DomainDnsZones and ForestDnsZones partitions
See /usr/local/samba/private/named.conf for an example
configuration include file for BIND
and /usr/local/samba/private/named.txt for further documentation
required for secure DNS updates
Setting up sam.ldb rootDSE marking as synchronized
Fixing provision GUIDs
A Kerberos configuration suitable for Samba 4 has been generated
at /usr/local/samba/private/krb5.conf
Once the above files are installed, your Samba4 server will be
ready to use
Server Role: active directory domain controller
Hostname: sambabind02
NetBIOS Domain: EXAMPLE.COM <http://EXAMPLE.COM>
DNS Domain: example
DOMAIN SID: S-1-5-21-294307859-3325552197-969134079
stopped/started bind using the new config file
Then I started /usr/local/samba/sbin/samba -D
Then command:
# /usr/local/samba/sbin/samba_dnsupdate --verbose --all-names
IPs: ['192.168.6.86']
Traceback (most recent call last):
File "/usr/local/samba/sbin/samba_dnsupdate", line 511, in <module>
get_credentials(lp)
File "/usr/local/samba/sbin/samba_dnsupdate", line 124, in
get_credentials
raise e
RuntimeError: kinit for SAMBABIND02$@EXAMPLE failed (Cannot
contact any KDC for requested realm)
It appears that samba_dnsupdate tries to get a ticket from the KDC
that it tries to find using DNS, but the record isn't yet inserted
in the bind dns database. Is it a chicken/egg problem?
Now either the wiki hasn't been fully tested or it's missing a
obvious step
Any clues?
/Simon
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
