You need to create the reverse zone using samba-tool. Example using '192.168.0.10' for the Samba 4 server and the realm 'DOMAIN.LAN'
samba-tool dns zonecreate 192.168.0.10 0.168.192.in-addr.arpa -U administra...@domain.lan Now add the AD server to the reverse zone. Here the Samba 4 servers FQDN is 'adserver.domain.lan' samba-tool dns add 192.168.0.10 0.168.192.in-addr.arpa 10 PTR adserver.domain.lan -U administra...@domain.lan Rowland On 11 June 2013 11:35, NOC <n...@nieuwland.nl> wrote: > On 06/11/2013 12:15 PM, Rowland Penny wrote: > >> Have you created the reverse zone? Samba, for some reason, does not >> automatically create it. If I run your command, I get: >> >> IPs: ['192.168.0.2'] >> Calling nsupdate for A domain.lan 192.168.0.2 >> Outgoing update query: >> ;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id: 0 >> ;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0 >> ;; UPDATE SECTION: >> domain.lan. 900 IN A 192.168.0.2 >> >> and so on ~~~~~ >> >> Rowland >> >> > Hi Rowland, > > do you mean the samba_dnsupdate command? > I don't think the command, when I run it, gets as far as you get. > > Where do you propose to create the reverse zone? statically in bind or by > editing the file /usr/local/samba/private/dns_**update_list? > > Cheers > > Simon > > >> On 11 June 2013 10:54, NOC <n...@nieuwland.nl <mailto:n...@nieuwland.nl>> >> wrote: >> >> Hi All >> >> I've started again from scratch, following the wikipage at >> https://wiki.samba.org/index.**php/Dns-backend_bind#Bind_9.8_** >> .2F_9.9<https://wiki.samba.org/index.php/Dns-backend_bind#Bind_9.8_.2F_9.9> >> >> I'm using bind 9.8.5-P1 and samba4 master (from yesterday I guess) >> >> compiling from scratch: >> bind: ./configure --with-gssapi=/usr/include/**gssapi >> --with-dlopen=yes >> >> And the given named.conf in /etc/bind/ (as this is where I want >> the config to reside) >> >> I've include the local zones as provided and I modified the named >> in a few places: >> diff orig-named.conf /etc/bind/named.conf >> 6c6 >> < directory "/var/named"; >> --- >> > directory "/etc/bind"; >> 8c8 >> < forwarders { 8.8.8.8; 8.8.4.4; }; >> --- >> > forwarders { 172.16.1.12; 172.16.1.18; }; >> 16,17c16,18 >> < 10.1.1.0/24 <http://10.1.1.0/24>; >> >> < ...other networks you want to allow to query your >> DNS...; >> --- >> > 192.168.6.0/24 <http://192.168.6.0/24>; >> > 127.0.0.0/8 <http://127.0.0.0/8>; >> >> > #...other networks you want to allow to query >> your DNS...; >> 21,22c22,24 >> < 10.1.1.0/24 <http://10.1.1.0/24>; >> >> < ...other networks you want to allow to do >> recursive queries...; >> --- >> > 192.168.6.0/24 <http://192.168.6.0/24>; >> > 127.0.0.0/8 <http://127.0.0.0/8>; >> >> > #...other networks you want to allow to do >> recursive queries...; >> 24a27,28 >> > tkey-gssapi-keytab "/usr/local/samba/private/dns.**keytab"; >> > >> 26a31 >> > include "/usr/local/samba/private/**named.conf"; >> >> >> This is just so bind actually works and the files created by >> provision are included >> >> Provision was done using: >> samba-tool domain provision >> Realm: example >> Domain [example]: example.com <http://example.com> >> >> Server Role (dc, member, standalone) [dc]: dc >> DNS backend (SAMBA_INTERNAL, BIND9_FLATFILE, BIND9_DLZ, NONE) >> [SAMBA_INTERNAL]: BIND9_DLZ >> Administrator password: >> Retype password: >> Looking up IPv4 addresses >> Looking up IPv6 addresses >> No IPv6 address will be assigned >> Setting up share.ldb >> Setting up secrets.ldb >> Setting up the registry >> Setting up the privileges database >> Setting up idmap db >> Setting up SAM db >> Setting up sam.ldb partitions and settings >> Setting up sam.ldb rootDSE >> Pre-loading the Samba 4 and AD schema >> Adding DomainDN: DC=example >> Adding configuration container >> Setting up sam.ldb schema >> Setting up sam.ldb configuration data >> Setting up display specifiers >> Modifying display specifiers >> Adding users container >> Modifying users container >> Adding computers container >> Modifying computers container >> Setting up sam.ldb data >> Setting up well known security principals >> Setting up sam.ldb users and groups >> Setting up self join >> Adding DNS accounts >> Creating CN=MicrosoftDNS,CN=System,DC=**example >> Creating DomainDnsZones and ForestDnsZones partitions >> Populating DomainDnsZones and ForestDnsZones partitions >> See /usr/local/samba/private/**named.conf for an example >> configuration include file for BIND >> and /usr/local/samba/private/**named.txt for further documentation >> required for secure DNS updates >> Setting up sam.ldb rootDSE marking as synchronized >> Fixing provision GUIDs >> A Kerberos configuration suitable for Samba 4 has been generated >> at /usr/local/samba/private/krb5.**conf >> Once the above files are installed, your Samba4 server will be >> ready to use >> Server Role: active directory domain controller >> Hostname: sambabind02 >> NetBIOS Domain: EXAMPLE.COM <http://EXAMPLE.COM> >> >> DNS Domain: example >> DOMAIN SID: S-1-5-21-294307859-3325552197-**969134079 >> >> >> stopped/started bind using the new config file >> >> Then I started /usr/local/samba/sbin/samba -D >> >> Then command: >> # /usr/local/samba/sbin/samba_**dnsupdate --verbose --all-names >> IPs: ['192.168.6.86'] >> >> Traceback (most recent call last): >> File "/usr/local/samba/sbin/samba_**dnsupdate", line 511, in >> <module> >> get_credentials(lp) >> File "/usr/local/samba/sbin/samba_**dnsupdate", line 124, in >> get_credentials >> raise e >> RuntimeError: kinit for SAMBABIND02$@EXAMPLE failed (Cannot >> contact any KDC for requested realm) >> >> It appears that samba_dnsupdate tries to get a ticket from the KDC >> that it tries to find using DNS, but the record isn't yet inserted >> in the bind dns database. Is it a chicken/egg problem? >> >> Now either the wiki hasn't been fully tested or it's missing a >> obvious step >> >> Any clues? >> >> /Simon >> >> >> >> >> -- To unsubscribe from this list go to the following URL and read >> the >> instructions: >> https://lists.samba.org/**mailman/options/samba<https://lists.samba.org/mailman/options/samba> >> >> >> > -- > To unsubscribe from this list go to the following URL and read the > instructions: > https://lists.samba.org/**mailman/options/samba<https://lists.samba.org/mailman/options/samba> > -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba