Re: [Samba] V4 - New Install - Missing Zone File
Hi Michael, On Tue, Feb 21, 2012 at 11:57 PM, Michael Wood esiot...@gmail.com wrote: Since I provisioned samba4 before the DLZ option was available I have stuck with BIND9_FLATFILE for now. I have pushed upgradedns script to upgrade DNS provisioning from BIND9_FLATFILE backend to BIND9_DLZ backend or SAMBA_INTERNAL. If you would like to migrate to AD based DNS, you can give the script a try. Amitay. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] V4 - New Install - Missing Zone File
HI Michael, On Wed, Feb 22, 2012 at 7:06 PM, Michael Wood esiot...@gmail.com wrote: Hi On 22 February 2012 01:46, jdf...@cox.net wrote: The default DNS backend has changed to BIND9_DLZ. This means the DNS records are stored in Samba4's AD tree instead of in a normal zone file. [...] If you're just starting out, you might want to try the DLZ backend. Thank you for your help! I was able to get a new Bind version to somewhat work. I was able to join an XP machine to the domain but DNS seems to not be updating correctly. Below you will find the logs that I am seeing. I don't know what would cause that, but you could try increasing the debug level (e.g. samba -d10 -i -M single) to see if it gives you more details about the issue. Increasing bind9's debug level might help too. Also, you might want to discuss this on samba-technical. I've copied my reply there. Since Samba 4 is still in alpha, the HOWTO says to discuss successes/failures on samba-technical. /var/log/messages: Feb 21 16:39:39 davis named[1163]: validating @0x24c0d30: com SOA: no valid signature found Feb 21 16:39:39 davis named[1163]: validating @0x220f220: com SOA: no valid signature found Feb 21 16:39:39 davis named[1163]: validating @0x220f220: CK0POJMG874LJREF7EFN8430QVIT8BSM.com NSEC3: no valid signature found Feb 21 16:39:39 davis named[1163]: validating @0x24c0d30: CK0POJMG874LJREF7EFN8430QVIT8BSM.com NSEC3: no valid signature found Feb 21 16:39:39 davis named[1163]: validating @0x198b010: A2MEHD73GB2UACB908FCH30EPFLFHMH7.com NSEC3: no valid signature found Feb 21 16:39:39 davis named[1163]: validating @0x24c0d30: A2MEHD73GB2UACB908FCH30EPFLFHMH7.com NSEC3: no valid signature found Feb 21 16:39:40 davis named[1163]: validating @0x24c0d30: 3RL0HJSI26SCTO21AV9TVIGIPUVPJAI1.com NSEC3: no valid signature found Feb 21 16:39:40 davis named[1163]: validating @0x198b010: 3RL0HJSI26SCTO21AV9TVIGIPUVPJAI1.com NSEC3: no valid signature found These messages are from DNSSEC and are not really from dlz_bind9 module. Can you check if you have any lines in the log with prefix samba_dlz? samba output in single mode: samba -i -M single samba version 4.0.0alpha18-GIT-89586ed started. Copyright Andrew Tridgell and the Samba Team 1992-2012 samba: using 'single' process model ../source4/dsdb/dns/dns_update.c:294: Failed DNS update - NT_STATUS_UNSUCCESSFUL Any ideas as to what that could me? Thank you for your time and have a great day! To check if dynamic dns is working, you can try to run samba_dnsupdate script manually. Make sure bind9 and samba are running and then # samba_dnsupdate --verbose This will try to dynamically update various names in the zone. And check the logs for messages from dlz_bind9 module. Just to make sure that the DNS migration has completed correctly, can you post the output of following commands: # ldbsearch -H /path/to/sam.ldb -b DC=DomainDnsZones,DC (name=@) --show-binary # ldbsearch -H /path/to/sam.ldb -b DC=ForestDnsZones,DC= (name=@) --show-binary There was an issue previously with migration that @ records were not populated correctly. Amitay. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] V4 - New Install - Missing Zone File
Hi Jeremy, On Thu, Feb 23, 2012 at 4:01 AM, jdf...@cox.net wrote: Hello All, Thank you for your help that you have provided so far regarding my issue. I have cleared out this email to reduce the confusion of my current issue. Here is a recap of my issue and the logs you requested below. Currently, I have resolved the DNSSEC issue that I was seeing in my /var/log/messages log. I am still having problems with Bind 9.8.1 on CentOS 6.2 updating records using Samba4 latest from git. Steve emailed me offline and stated that Bind 9.8.1 has issues with updates and suggested 9.9 to resolve the issue. I have not tried that yet as I wanted to provide some more information to see if we can resolve this issue on 9.8.1. It seems the everything else in samba4 that I have used is working. I can add new servers to the domain without much issue. Once they are added I can ping/resolve the DC samba4 server but I can't resolve any of the other servers. Below you will find the output you all requested. Seems like it can't find some files or something. From bind logs it appears everything is loading correct.y. /usr/local/samba/sbin/samba_dnsupdate --verbose IPs: ['2002:4b46:c8ad:0:a00:27ff:fe14:5491', 'fe80::a00:27ff:fe14:5491%eth0', 'fe80::a00:27ff:fee5:5840%eth1', '192.168.7.30', '192.168.30.1'] Looking for DNS entry A bob-dc.com 192.168.7.30 as bob-dc.com. Looking for DNS entry A dc1.bob-dc.com 192.168.7.30 as dc1.bob-dc.com. Looking for DNS entry bob-dc.com 2002:4b46:c8ad:0:a00:27ff:fe14:5491 as bob-dc.com. Failed to find matching DNS entry bob-dc.com 2002:4b46:c8ad:0:a00:27ff:fe14:5491 Looking for DNS entry dc1.bob-dc.com 2002:4b46:c8ad:0:a00:27ff:fe14:5491 as dc1.bob-dc.com. Failed to find matching DNS entry dc1.bob-dc.com 2002:4b46:c8ad:0:a00:27ff:fe14:5491 Looking for DNS entry A gc._msdcs.bob-dc.com 192.168.7.30 as gc._msdcs.bob-dc.com. Looking for DNS entry gc._msdcs.bob-dc.com 2002:4b46:c8ad:0:a00:27ff:fe14:5491 as gc._msdcs.bob-dc.com. Failed to find matching DNS entry gc._msdcs.bob-dc.com 2002:4b46:c8ad:0:a00:27ff:fe14:5491 Looking for DNS entry CNAME 48c0fc0c-dcc1-425d-bcb2-a229d40ab48c._msdcs.bob-dc.com dc1.bob-dc.com as 48c0fc0c-dcc1-425d-bcb2-a229d40ab48c._msdcs.bob-dc.com. Looking for DNS entry SRV _kpasswd._tcp.bob-dc.com dc1.bob-dc.com 464 as _kpasswd._tcp.bob-dc.com. Checking 0 100 464 dc1.bob-dc.com. against SRV _kpasswd._tcp.bob-dc.com dc1.bob-dc.com 464 Looking for DNS entry SRV _kpasswd._udp.bob-dc.com dc1.bob-dc.com 464 as _kpasswd._udp.bob-dc.com. Checking 0 100 464 dc1.bob-dc.com. against SRV _kpasswd._udp.bob-dc.com dc1.bob-dc.com 464 Looking for DNS entry SRV _kerberos._tcp.bob-dc.com dc1.bob-dc.com 88 as _kerberos._tcp.bob-dc.com. Checking 0 100 88 dc1.bob-dc.com. against SRV _kerberos._tcp.bob-dc.com dc1.bob-dc.com 88 Looking for DNS entry SRV _kerberos._tcp.dc._msdcs.bob-dc.com dc1.bob-dc.com 88 as _kerberos._tcp.dc._msdcs.bob-dc.com. Checking 0 100 88 dc1.bob-dc.com. against SRV _kerberos._tcp.dc._msdcs.bob-dc.com dc1.bob-dc.com 88 Looking for DNS entry SRV _kerberos._tcp.default-first-site-name._sites.bob-dc.com dc1.bob-dc.com 88 as _kerberos._tcp.default-first-site-name._sites.bob-dc.com. Checking 0 100 88 dc1.bob-dc.com. against SRV _kerberos._tcp.default-first-site-name._sites.bob-dc.com dc1.bob-dc.com 88 Looking for DNS entry SRV _kerberos._tcp.default-first-site-name._sites.dc._msdcs.bob-dc.com dc1.bob-dc.com 88 as _kerberos._tcp.default-first-site-name._sites.dc._msdcs.bob-dc.com. Checking 0 100 88 dc1.bob-dc.com. against SRV _kerberos._tcp.default-first-site-name._sites.dc._msdcs.bob-dc.com dc1.bob-dc.com 88 Looking for DNS entry SRV _kerberos._udp.bob-dc.com dc1.bob-dc.com 88 as _kerberos._udp.bob-dc.com. Checking 0 100 88 dc1.bob-dc.com. against SRV _kerberos._udp.bob-dc.com dc1.bob-dc.com 88 Looking for DNS entry SRV _ldap._tcp.bob-dc.com dc1.bob-dc.com 389 as _ldap._tcp.bob-dc.com. Checking 0 100 389 dc1.bob-dc.com. against SRV _ldap._tcp.bob-dc.com dc1.bob-dc.com 389 Looking for DNS entry SRV _ldap._tcp.dc._msdcs.bob-dc.com dc1.bob-dc.com 389 as _ldap._tcp.dc._msdcs.bob-dc.com. Checking 0 100 389 dc1.bob-dc.com. against SRV _ldap._tcp.dc._msdcs.bob-dc.com dc1.bob-dc.com 389 Looking for DNS entry SRV _ldap._tcp.gc._msdcs.bob-dc.com dc1.bob-dc.com 3268 as _ldap._tcp.gc._msdcs.bob-dc.com. Checking 0 100 3268 dc1.bob-dc.com. against SRV _ldap._tcp.gc._msdcs.bob-dc.com dc1.bob-dc.com 3268 Looking for DNS entry SRV _ldap._tcp.pdc._msdcs.bob-dc.com dc1.bob-dc.com 389 as _ldap._tcp.pdc._msdcs.bob-dc.com. Checking 0 100 389 dc1.bob-dc.com. against SRV _ldap._tcp.pdc._msdcs.bob-dc.com dc1.bob-dc.com 389 Looking for DNS entry SRV _ldap._tcp.default-first-site-name._sites.bob-dc.com dc1.bob-dc.com 389 as _ldap._tcp.default-first-site-name._sites.bob-dc.com. Checking 0 100 389 dc1.bob-dc.com. against SRV
Re: [Samba] V4 - New Install - Missing Zone File
Hi Jeremy, On Thu, Feb 23, 2012 at 3:29 PM, Jeremy Davis jdavis4...@gmail.com wrote: Hello Amitay, On 02/22/2012 02:34 PM, Amitay Isaacs wrote: Hi Jeremy, That error message needs to be fixed. :) Looks like nsupdate command is not in the path. samba_dnsupdate script uses nsupdate to dynamically update DNS entries. Try adding nsupdate command = /path/to/nsupdate in smb.conf. Amitay. Thank you SO MUCH for getting me this far!! :) That looks like it fixed that issue but I have now ran into a denied error message for bind. Below you can find my logs for both samba_dnsupdate and bind. Seems like the dns.keytab file is not correct or something. I have tried to put allow-update { 192.168.30.1; } in my options section of my named.conf with no luck. I forgot to mention that nsupdate command should also include -g flag to force secure (kerberos) updates. nsupdate command = /path/to/nsupdate -g dlz_bind9 module only allows secure dynamic updates. Amitay. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] V4 - New Install - Missing Zone File
On Thu, Feb 23, 2012 at 4:33 PM, Jeremy Davisjdavis4...@gmail.com wrote: I forgot to mention that nsupdate command should also include -g flag to force secure (kerberos) updates. nsupdate command = /path/to/nsupdate -g dlz_bind9 module only allows secure dynamic updates. Amitay. I added the -g to the smb.conf and restarted samba and named but it doesn't seem to do anything. Could this be an issue with kerberos? I am able to authenticate with my Windows machine and via the command line using the tests on the samba4 wiki. Any ideas as to what this could be? What happens when you run samba_dnsupdate --verbose? What's the output from BIND? Amitay. Well, the samba_dnsupdate logs are the same but bind is now showing a little different error. samba-dnsupdate: IPs: ['2002:4b46:c8ad:0:a00:27ff:fe14:5491', 'fe80::a00:27ff:fe14:5491%eth0', 'fe80::a00:27ff:fee5:5840%eth1', '192.168.7.30', '192.168.30.1'] Looking for DNS entry A bob-dc.com 192.168.7.30 as bob-dc.com. Looking for DNS entry A dc1.bob-dc.com 192.168.7.30 as dc1.bob-dc.com. Looking for DNS entry bob-dc.com 2002:4b46:c8ad:0:a00:27ff:fe14:5491 as bob-dc.com. Failed to find matching DNS entry bob-dc.com 2002:4b46:c8ad:0:a00:27ff:fe14:5491 Looking for DNS entry dc1.bob-dc.com 2002:4b46:c8ad:0:a00:27ff:fe14:5491 as dc1.bob-dc.com. Failed to find matching DNS entry dc1.bob-dc.com 2002:4b46:c8ad:0:a00:27ff:fe14:5491 Looking for DNS entry A gc._msdcs.bob-dc.com 192.168.7.30 as gc._msdcs.bob-dc.com. Looking for DNS entry gc._msdcs.bob-dc.com 2002:4b46:c8ad:0:a00:27ff:fe14:5491 as gc._msdcs.bob-dc.com. Failed to find matching DNS entry gc._msdcs.bob-dc.com 2002:4b46:c8ad:0:a00:27ff:fe14:5491 Looking for DNS entry CNAME 48c0fc0c-dcc1-425d-bcb2-a229d40ab48c._msdcs.bob-dc.com dc1.bob-dc.com as 48c0fc0c-dcc1-425d-bcb2-a229d40ab48c._msdcs.bob-dc.com. Looking for DNS entry SRV _kpasswd._tcp.bob-dc.com dc1.bob-dc.com 464 as _kpasswd._tcp.bob-dc.com. Checking 0 100 464 dc1.bob-dc.com. against SRV _kpasswd._tcp.bob-dc.com dc1.bob-dc.com 464 Looking for DNS entry SRV _kpasswd._udp.bob-dc.com dc1.bob-dc.com 464 as _kpasswd._udp.bob-dc.com. Checking 0 100 464 dc1.bob-dc.com. against SRV _kpasswd._udp.bob-dc.com dc1.bob-dc.com 464 Looking for DNS entry SRV _kerberos._tcp.bob-dc.com dc1.bob-dc.com 88 as _kerberos._tcp.bob-dc.com. Checking 0 100 88 dc1.bob-dc.com. against SRV _kerberos._tcp.bob-dc.com dc1.bob-dc.com 88 Looking for DNS entry SRV _kerberos._tcp.dc._msdcs.bob-dc.com dc1.bob-dc.com 88 as _kerberos._tcp.dc._msdcs.bob-dc.com. Checking 0 100 88 dc1.bob-dc.com. against SRV _kerberos._tcp.dc._msdcs.bob-dc.com dc1.bob-dc.com 88 Looking for DNS entry SRV _kerberos._tcp.default-first-site-name._sites.bob-dc.com dc1.bob-dc.com 88 as _kerberos._tcp.default-first-site-name._sites.bob-dc.com. Checking 0 100 88 dc1.bob-dc.com. against SRV _kerberos._tcp.default-first-site-name._sites.bob-dc.com dc1.bob-dc.com 88 Looking for DNS entry SRV _kerberos._tcp.default-first-site-name._sites.dc._msdcs.bob-dc.com dc1.bob-dc.com 88 as _kerberos._tcp.default-first-site-name._sites.dc._msdcs.bob-dc.com. Checking 0 100 88 dc1.bob-dc.com. against SRV _kerberos._tcp.default-first-site-name._sites.dc._msdcs.bob-dc.com dc1.bob-dc.com 88 Looking for DNS entry SRV _kerberos._udp.bob-dc.com dc1.bob-dc.com 88 as _kerberos._udp.bob-dc.com. Checking 0 100 88 dc1.bob-dc.com. against SRV _kerberos._udp.bob-dc.com dc1.bob-dc.com 88 Looking for DNS entry SRV _ldap._tcp.bob-dc.com dc1.bob-dc.com 389 as _ldap._tcp.bob-dc.com. Checking 0 100 389 dc1.bob-dc.com. against SRV _ldap._tcp.bob-dc.com dc1.bob-dc.com 389 Looking for DNS entry SRV _ldap._tcp.dc._msdcs.bob-dc.com dc1.bob-dc.com 389 as _ldap._tcp.dc._msdcs.bob-dc.com. Checking 0 100 389 dc1.bob-dc.com. against SRV _ldap._tcp.dc._msdcs.bob-dc.com dc1.bob-dc.com 389 Looking for DNS entry SRV _ldap._tcp.gc._msdcs.bob-dc.com dc1.bob-dc.com 3268 as _ldap._tcp.gc._msdcs.bob-dc.com. Checking 0 100 3268 dc1.bob-dc.com. against SRV _ldap._tcp.gc._msdcs.bob-dc.com dc1.bob-dc.com 3268 Looking for DNS entry SRV _ldap._tcp.pdc._msdcs.bob-dc.com dc1.bob-dc.com 389 as _ldap._tcp.pdc._msdcs.bob-dc.com. Checking 0 100 389 dc1.bob-dc.com. against SRV _ldap._tcp.pdc._msdcs.bob-dc.com dc1.bob-dc.com 389 Looking for DNS entry SRV _ldap._tcp.default-first-site-name._sites.bob-dc.com dc1.bob-dc.com 389 as _ldap._tcp.default-first-site-name._sites.bob-dc.com. Checking 0 100 389 dc1.bob-dc.com. against SRV _ldap._tcp.default-first-site-name._sites.bob-dc.com dc1.bob-dc.com 389 Looking for DNS entry SRV _ldap._tcp.default-first-site-name._sites.dc._msdcs.bob-dc.com dc1.bob-dc.com 389 as _ldap._tcp.default-first-site-name._sites.dc._msdcs.bob-dc.com. Checking 0 100 389 dc1.bob-dc.com. against SRV _ldap._tcp.default-first-site-name._sites.dc._msdcs.bob-dc.com dc1.bob-dc.com 389 Looking for DNS entry SRV _ldap._tcp.default-first-site-name._sites.gc._msdcs.bob-dc.com dc1.bob-dc.com
Re: [Samba] V4 - New Install - Missing Zone File
Hello All, On 02/23/2012 09:31 AM, Jeremy Davis wrote: On Thu, Feb 23, 2012 at 4:33 PM, Jeremy Davisjdavis4...@gmail.com wrote: I forgot to mention that nsupdate command should also include -g flag to force secure (kerberos) updates. nsupdate command = /path/to/nsupdate -g dlz_bind9 module only allows secure dynamic updates. Amitay. I added the -g to the smb.conf and restarted samba and named but it doesn't seem to do anything. Could this be an issue with kerberos? I am able to authenticate with my Windows machine and via the command line using the tests on the samba4 wiki. Any ideas as to what this could be? What happens when you run samba_dnsupdate --verbose? What's the output from BIND? Amitay. Well, the samba_dnsupdate logs are the same but bind is now showing a little different error. samba-dnsupdate: IPs: ['2002:4b46:c8ad:0:a00:27ff:fe14:5491', 'fe80::a00:27ff:fe14:5491%eth0', 'fe80::a00:27ff:fee5:5840%eth1', '192.168.7.30', '192.168.30.1'] Looking for DNS entry A bob-dc.com 192.168.7.30 as bob-dc.com. Looking for DNS entry A dc1.bob-dc.com 192.168.7.30 as dc1.bob-dc.com. Looking for DNS entry bob-dc.com 2002:4b46:c8ad:0:a00:27ff:fe14:5491 as bob-dc.com. Failed to find matching DNS entry bob-dc.com 2002:4b46:c8ad:0:a00:27ff:fe14:5491 Looking for DNS entry dc1.bob-dc.com 2002:4b46:c8ad:0:a00:27ff:fe14:5491 as dc1.bob-dc.com. Failed to find matching DNS entry dc1.bob-dc.com 2002:4b46:c8ad:0:a00:27ff:fe14:5491 Looking for DNS entry A gc._msdcs.bob-dc.com 192.168.7.30 as gc._msdcs.bob-dc.com. Looking for DNS entry gc._msdcs.bob-dc.com 2002:4b46:c8ad:0:a00:27ff:fe14:5491 as gc._msdcs.bob-dc.com. Failed to find matching DNS entry gc._msdcs.bob-dc.com 2002:4b46:c8ad:0:a00:27ff:fe14:5491 Looking for DNS entry CNAME 48c0fc0c-dcc1-425d-bcb2-a229d40ab48c._msdcs.bob-dc.com dc1.bob-dc.com as 48c0fc0c-dcc1-425d-bcb2-a229d40ab48c._msdcs.bob-dc.com. Looking for DNS entry SRV _kpasswd._tcp.bob-dc.com dc1.bob-dc.com 464 as _kpasswd._tcp.bob-dc.com. Checking 0 100 464 dc1.bob-dc.com. against SRV _kpasswd._tcp.bob-dc.com dc1.bob-dc.com 464 Looking for DNS entry SRV _kpasswd._udp.bob-dc.com dc1.bob-dc.com 464 as _kpasswd._udp.bob-dc.com. Checking 0 100 464 dc1.bob-dc.com. against SRV _kpasswd._udp.bob-dc.com dc1.bob-dc.com 464 Looking for DNS entry SRV _kerberos._tcp.bob-dc.com dc1.bob-dc.com 88 as _kerberos._tcp.bob-dc.com. Checking 0 100 88 dc1.bob-dc.com. against SRV _kerberos._tcp.bob-dc.com dc1.bob-dc.com 88 Looking for DNS entry SRV _kerberos._tcp.dc._msdcs.bob-dc.com dc1.bob-dc.com 88 as _kerberos._tcp.dc._msdcs.bob-dc.com. Checking 0 100 88 dc1.bob-dc.com. against SRV _kerberos._tcp.dc._msdcs.bob-dc.com dc1.bob-dc.com 88 Looking for DNS entry SRV _kerberos._tcp.default-first-site-name._sites.bob-dc.com dc1.bob-dc.com 88 as _kerberos._tcp.default-first-site-name._sites.bob-dc.com. Checking 0 100 88 dc1.bob-dc.com. against SRV _kerberos._tcp.default-first-site-name._sites.bob-dc.com dc1.bob-dc.com 88 Looking for DNS entry SRV _kerberos._tcp.default-first-site-name._sites.dc._msdcs.bob-dc.com dc1.bob-dc.com 88 as _kerberos._tcp.default-first-site-name._sites.dc._msdcs.bob-dc.com. Checking 0 100 88 dc1.bob-dc.com. against SRV _kerberos._tcp.default-first-site-name._sites.dc._msdcs.bob-dc.com dc1.bob-dc.com 88 Looking for DNS entry SRV _kerberos._udp.bob-dc.com dc1.bob-dc.com 88 as _kerberos._udp.bob-dc.com. Checking 0 100 88 dc1.bob-dc.com. against SRV _kerberos._udp.bob-dc.com dc1.bob-dc.com 88 Looking for DNS entry SRV _ldap._tcp.bob-dc.com dc1.bob-dc.com 389 as _ldap._tcp.bob-dc.com. Checking 0 100 389 dc1.bob-dc.com. against SRV _ldap._tcp.bob-dc.com dc1.bob-dc.com 389 Looking for DNS entry SRV _ldap._tcp.dc._msdcs.bob-dc.com dc1.bob-dc.com 389 as _ldap._tcp.dc._msdcs.bob-dc.com. Checking 0 100 389 dc1.bob-dc.com. against SRV _ldap._tcp.dc._msdcs.bob-dc.com dc1.bob-dc.com 389 Looking for DNS entry SRV _ldap._tcp.gc._msdcs.bob-dc.com dc1.bob-dc.com 3268 as _ldap._tcp.gc._msdcs.bob-dc.com. Checking 0 100 3268 dc1.bob-dc.com. against SRV _ldap._tcp.gc._msdcs.bob-dc.com dc1.bob-dc.com 3268 Looking for DNS entry SRV _ldap._tcp.pdc._msdcs.bob-dc.com dc1.bob-dc.com 389 as _ldap._tcp.pdc._msdcs.bob-dc.com. Checking 0 100 389 dc1.bob-dc.com. against SRV _ldap._tcp.pdc._msdcs.bob-dc.com dc1.bob-dc.com 389 Looking for DNS entry SRV _ldap._tcp.default-first-site-name._sites.bob-dc.com dc1.bob-dc.com 389 as _ldap._tcp.default-first-site-name._sites.bob-dc.com. Checking 0 100 389 dc1.bob-dc.com. against SRV _ldap._tcp.default-first-site-name._sites.bob-dc.com dc1.bob-dc.com 389 Looking for DNS entry SRV _ldap._tcp.default-first-site-name._sites.dc._msdcs.bob-dc.com dc1.bob-dc.com 389 as _ldap._tcp.default-first-site-name._sites.dc._msdcs.bob-dc.com. Checking 0 100 389 dc1.bob-dc.com. against SRV _ldap._tcp.default-first-site-name._sites.dc._msdcs.bob-dc.com dc1.bob-dc.com 389 Looking for DNS entry SRV
Re: [Samba] V4 - New Install - Missing Zone File
On 22 February 2012 00:58, Amitay Isaacs ami...@gmail.com wrote: Hi Michael, On Tue, Feb 21, 2012 at 11:57 PM, Michael Wood esiot...@gmail.com wrote: Since I provisioned samba4 before the DLZ option was available I have stuck with BIND9_FLATFILE for now. I have pushed upgradedns script to upgrade DNS provisioning from BIND9_FLATFILE backend to BIND9_DLZ backend or SAMBA_INTERNAL. If you would like to migrate to AD based DNS, you can give the script a try. Thanks, Amitay. I don't have time to try it now, but I'll let you know if I run into any issues when I do. By the way, how does this interact with dbcheck and upgradeprovision? e.g. which order should I run them in? My current provision is 4.0.0alpha12-GIT-77b9b97 and Matthieu was looking into some issues I had with upgradeprovision which were related to DNS: https://bugzilla.samba.org/show_bug.cgi?id=8669 Given the above I suppose it might be safest to try upgradedns before upgradeprovision and perhaps dbcheck before upgradedns? But if I try this it won't be in production yet because the last thing Matthieu said about upgradeprovision was that it should not be used until he's fixed it. -- Michael Wood esiot...@gmail.com -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] V4 - New Install - Missing Zone File
Hi On 22 February 2012 01:46, jdf...@cox.net wrote: The default DNS backend has changed to BIND9_DLZ. This means the DNS records are stored in Samba4's AD tree instead of in a normal zone file. [...] If you're just starting out, you might want to try the DLZ backend. Thank you for your help! I was able to get a new Bind version to somewhat work. I was able to join an XP machine to the domain but DNS seems to not be updating correctly. Below you will find the logs that I am seeing. I don't know what would cause that, but you could try increasing the debug level (e.g. samba -d10 -i -M single) to see if it gives you more details about the issue. Increasing bind9's debug level might help too. Also, you might want to discuss this on samba-technical. I've copied my reply there. Since Samba 4 is still in alpha, the HOWTO says to discuss successes/failures on samba-technical. /var/log/messages: Feb 21 16:39:39 davis named[1163]: validating @0x24c0d30: com SOA: no valid signature found Feb 21 16:39:39 davis named[1163]: validating @0x220f220: com SOA: no valid signature found Feb 21 16:39:39 davis named[1163]: validating @0x220f220: CK0POJMG874LJREF7EFN8430QVIT8BSM.com NSEC3: no valid signature found Feb 21 16:39:39 davis named[1163]: validating @0x24c0d30: CK0POJMG874LJREF7EFN8430QVIT8BSM.com NSEC3: no valid signature found Feb 21 16:39:39 davis named[1163]: validating @0x198b010: A2MEHD73GB2UACB908FCH30EPFLFHMH7.com NSEC3: no valid signature found Feb 21 16:39:39 davis named[1163]: validating @0x24c0d30: A2MEHD73GB2UACB908FCH30EPFLFHMH7.com NSEC3: no valid signature found Feb 21 16:39:40 davis named[1163]: validating @0x24c0d30: 3RL0HJSI26SCTO21AV9TVIGIPUVPJAI1.com NSEC3: no valid signature found Feb 21 16:39:40 davis named[1163]: validating @0x198b010: 3RL0HJSI26SCTO21AV9TVIGIPUVPJAI1.com NSEC3: no valid signature found samba output in single mode: samba -i -M single samba version 4.0.0alpha18-GIT-89586ed started. Copyright Andrew Tridgell and the Samba Team 1992-2012 samba: using 'single' process model ../source4/dsdb/dns/dns_update.c:294: Failed DNS update - NT_STATUS_UNSUCCESSFUL Any ideas as to what that could me? Thank you for your time and have a great day! -- Michael Wood esiot...@gmail.com -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] V4 - New Install - Missing Zone File
On 22 February 2012 03:16, jdf...@cox.net wrote: One note I would like to add. I am now using Bind 9.8.1 compiled from source. It seems to load the DLZ driver just fine. The issue I am having is that samba4 is trying to update DNS and can't. When I add a new server to the domain DNS can't resolve that new server. OK, so it's not working for the XP client or another (samba4?) server. These may or may not be caused by the same thing. Do the logs look the same in both cases? -- Michael Wood esiot...@gmail.com -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] V4 - New Install - Missing Zone File
Hi Amitay I think you may be getting mixed up between my issues with upgrading and the original poster's (Jeremy/jdfire) issue with a new provision :) The messages from the logs are all from Jeremy. It's a new provision, so there's no migration unless I'm missing something. My issues with upgradeprovision etc. are unrelated to Jeremy's issue. I just mentioned that I hadn't tested the DLZ module yet because I was still running an old provision from before the DLZ module existed. On 22 February 2012 10:24, Amitay Isaacs ami...@gmail.com wrote: HI Michael, On Wed, Feb 22, 2012 at 7:06 PM, Michael Wood esiot...@gmail.com wrote: Hi On 22 February 2012 01:46, jdf...@cox.net wrote: The default DNS backend has changed to BIND9_DLZ. This means the DNS records are stored in Samba4's AD tree instead of in a normal zone file. [...] If you're just starting out, you might want to try the DLZ backend. Thank you for your help! I was able to get a new Bind version to somewhat work. I was able to join an XP machine to the domain but DNS seems to not be updating correctly. Below you will find the logs that I am seeing. I don't know what would cause that, but you could try increasing the debug level (e.g. samba -d10 -i -M single) to see if it gives you more details about the issue. Increasing bind9's debug level might help too. Also, you might want to discuss this on samba-technical. I've copied my reply there. Since Samba 4 is still in alpha, the HOWTO says to discuss successes/failures on samba-technical. /var/log/messages: Feb 21 16:39:39 davis named[1163]: validating @0x24c0d30: com SOA: no valid signature found Feb 21 16:39:39 davis named[1163]: validating @0x220f220: com SOA: no valid signature found Feb 21 16:39:39 davis named[1163]: validating @0x220f220: CK0POJMG874LJREF7EFN8430QVIT8BSM.com NSEC3: no valid signature found Feb 21 16:39:39 davis named[1163]: validating @0x24c0d30: CK0POJMG874LJREF7EFN8430QVIT8BSM.com NSEC3: no valid signature found Feb 21 16:39:39 davis named[1163]: validating @0x198b010: A2MEHD73GB2UACB908FCH30EPFLFHMH7.com NSEC3: no valid signature found Feb 21 16:39:39 davis named[1163]: validating @0x24c0d30: A2MEHD73GB2UACB908FCH30EPFLFHMH7.com NSEC3: no valid signature found Feb 21 16:39:40 davis named[1163]: validating @0x24c0d30: 3RL0HJSI26SCTO21AV9TVIGIPUVPJAI1.com NSEC3: no valid signature found Feb 21 16:39:40 davis named[1163]: validating @0x198b010: 3RL0HJSI26SCTO21AV9TVIGIPUVPJAI1.com NSEC3: no valid signature found These messages are from DNSSEC and are not really from dlz_bind9 module. Can you check if you have any lines in the log with prefix samba_dlz? samba output in single mode: samba -i -M single samba version 4.0.0alpha18-GIT-89586ed started. Copyright Andrew Tridgell and the Samba Team 1992-2012 samba: using 'single' process model ../source4/dsdb/dns/dns_update.c:294: Failed DNS update - NT_STATUS_UNSUCCESSFUL Any ideas as to what that could me? Thank you for your time and have a great day! To check if dynamic dns is working, you can try to run samba_dnsupdate script manually. Make sure bind9 and samba are running and then # samba_dnsupdate --verbose This will try to dynamically update various names in the zone. And check the logs for messages from dlz_bind9 module. The stuff below about DNS migration is not relevant for Jeremy's problem, I don't think. Right? Just to make sure that the DNS migration has completed correctly, can you post the output of following commands: # ldbsearch -H /path/to/sam.ldb -b DC=DomainDnsZones,DC (name=@) --show-binary # ldbsearch -H /path/to/sam.ldb -b DC=ForestDnsZones,DC= (name=@) --show-binary There was an issue previously with migration that @ records were not populated correctly. Amitay. -- Michael Wood esiot...@gmail.com -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] V4 - New Install - Missing Zone File
Hello All, Thank you for your help that you have provided so far regarding my issue. I have cleared out this email to reduce the confusion of my current issue. Here is a recap of my issue and the logs you requested below. Currently, I have resolved the DNSSEC issue that I was seeing in my /var/log/messages log. I am still having problems with Bind 9.8.1 on CentOS 6.2 updating records using Samba4 latest from git. Steve emailed me offline and stated that Bind 9.8.1 has issues with updates and suggested 9.9 to resolve the issue. I have not tried that yet as I wanted to provide some more information to see if we can resolve this issue on 9.8.1. It seems the everything else in samba4 that I have used is working. I can add new servers to the domain without much issue. Once they are added I can ping/resolve the DC samba4 server but I can't resolve any of the other servers. Below you will find the output you all requested. Seems like it can't find some files or something. From bind logs it appears everything is loading correct.y. /usr/local/samba/sbin/samba_dnsupdate --verbose IPs: ['2002:4b46:c8ad:0:a00:27ff:fe14:5491', 'fe80::a00:27ff:fe14:5491%eth0', 'fe80::a00:27ff:fee5:5840%eth1', '192.168.7.30', '192.168.30.1'] Looking for DNS entry A bob-dc.com 192.168.7.30 as bob-dc.com. Looking for DNS entry A dc1.bob-dc.com 192.168.7.30 as dc1.bob-dc.com. Looking for DNS entry bob-dc.com 2002:4b46:c8ad:0:a00:27ff:fe14:5491 as bob-dc.com. Failed to find matching DNS entry bob-dc.com 2002:4b46:c8ad:0:a00:27ff:fe14:5491 Looking for DNS entry dc1.bob-dc.com 2002:4b46:c8ad:0:a00:27ff:fe14:5491 as dc1.bob-dc.com. Failed to find matching DNS entry dc1.bob-dc.com 2002:4b46:c8ad:0:a00:27ff:fe14:5491 Looking for DNS entry A gc._msdcs.bob-dc.com 192.168.7.30 as gc._msdcs.bob-dc.com. Looking for DNS entry gc._msdcs.bob-dc.com 2002:4b46:c8ad:0:a00:27ff:fe14:5491 as gc._msdcs.bob-dc.com. Failed to find matching DNS entry gc._msdcs.bob-dc.com 2002:4b46:c8ad:0:a00:27ff:fe14:5491 Looking for DNS entry CNAME 48c0fc0c-dcc1-425d-bcb2-a229d40ab48c._msdcs.bob-dc.com dc1.bob-dc.com as 48c0fc0c-dcc1-425d-bcb2-a229d40ab48c._msdcs.bob-dc.com. Looking for DNS entry SRV _kpasswd._tcp.bob-dc.com dc1.bob-dc.com 464 as _kpasswd._tcp.bob-dc.com. Checking 0 100 464 dc1.bob-dc.com. against SRV _kpasswd._tcp.bob-dc.com dc1.bob-dc.com 464 Looking for DNS entry SRV _kpasswd._udp.bob-dc.com dc1.bob-dc.com 464 as _kpasswd._udp.bob-dc.com. Checking 0 100 464 dc1.bob-dc.com. against SRV _kpasswd._udp.bob-dc.com dc1.bob-dc.com 464 Looking for DNS entry SRV _kerberos._tcp.bob-dc.com dc1.bob-dc.com 88 as _kerberos._tcp.bob-dc.com. Checking 0 100 88 dc1.bob-dc.com. against SRV _kerberos._tcp.bob-dc.com dc1.bob-dc.com 88 Looking for DNS entry SRV _kerberos._tcp.dc._msdcs.bob-dc.com dc1.bob-dc.com 88 as _kerberos._tcp.dc._msdcs.bob-dc.com. Checking 0 100 88 dc1.bob-dc.com. against SRV _kerberos._tcp.dc._msdcs.bob-dc.com dc1.bob-dc.com 88 Looking for DNS entry SRV _kerberos._tcp.default-first-site-name._sites.bob-dc.com dc1.bob-dc.com 88 as _kerberos._tcp.default-first-site-name._sites.bob-dc.com. Checking 0 100 88 dc1.bob-dc.com. against SRV _kerberos._tcp.default-first-site-name._sites.bob-dc.com dc1.bob-dc.com 88 Looking for DNS entry SRV _kerberos._tcp.default-first-site-name._sites.dc._msdcs.bob-dc.com dc1.bob-dc.com 88 as _kerberos._tcp.default-first-site-name._sites.dc._msdcs.bob-dc.com. Checking 0 100 88 dc1.bob-dc.com. against SRV _kerberos._tcp.default-first-site-name._sites.dc._msdcs.bob-dc.com dc1.bob-dc.com 88 Looking for DNS entry SRV _kerberos._udp.bob-dc.com dc1.bob-dc.com 88 as _kerberos._udp.bob-dc.com. Checking 0 100 88 dc1.bob-dc.com. against SRV _kerberos._udp.bob-dc.com dc1.bob-dc.com 88 Looking for DNS entry SRV _ldap._tcp.bob-dc.com dc1.bob-dc.com 389 as _ldap._tcp.bob-dc.com. Checking 0 100 389 dc1.bob-dc.com. against SRV _ldap._tcp.bob-dc.com dc1.bob-dc.com 389 Looking for DNS entry SRV _ldap._tcp.dc._msdcs.bob-dc.com dc1.bob-dc.com 389 as _ldap._tcp.dc._msdcs.bob-dc.com. Checking 0 100 389 dc1.bob-dc.com. against SRV _ldap._tcp.dc._msdcs.bob-dc.com dc1.bob-dc.com 389 Looking for DNS entry SRV _ldap._tcp.gc._msdcs.bob-dc.com dc1.bob-dc.com 3268 as _ldap._tcp.gc._msdcs.bob-dc.com. Checking 0 100 3268 dc1.bob-dc.com. against SRV _ldap._tcp.gc._msdcs.bob-dc.com dc1.bob-dc.com 3268 Looking for DNS entry SRV _ldap._tcp.pdc._msdcs.bob-dc.com dc1.bob-dc.com 389 as _ldap._tcp.pdc._msdcs.bob-dc.com. Checking 0 100 389 dc1.bob-dc.com. against SRV _ldap._tcp.pdc._msdcs.bob-dc.com dc1.bob-dc.com 389 Looking for DNS entry SRV _ldap._tcp.default-first-site-name._sites.bob-dc.com dc1.bob-dc.com 389 as _ldap._tcp.default-first-site-name._sites.bob-dc.com. Checking 0 100 389 dc1.bob-dc.com. against SRV _ldap._tcp.default-first-site-name._sites.bob-dc.com dc1.bob-dc.com 389 Looking for DNS entry SRV _ldap._tcp.default-first-site-name._sites.dc._msdcs.bob-dc.com
Re: [Samba] V4 - New Install - Missing Zone File
Hello Amitay, On 02/22/2012 02:34 PM, Amitay Isaacs wrote: Hi Jeremy, That error message needs to be fixed. :) Looks like nsupdate command is not in the path. samba_dnsupdate script uses nsupdate to dynamically update DNS entries. Try adding nsupdate command = /path/to/nsupdate in smb.conf. Amitay. Thank you SO MUCH for getting me this far!! :) That looks like it fixed that issue but I have now ran into a denied error message for bind. Below you can find my logs for both samba_dnsupdate and bind. Seems like the dns.keytab file is not correct or something. I have tried to put allow-update { 192.168.30.1; } in my options section of my named.conf with no luck. samba-dnsupdate: IPs: ['2002:4b46:c8ad:0:a00:27ff:fe14:5491', 'fe80::a00:27ff:fe14:5491%eth0', 'fe80::a00:27ff:fee5:5840%eth1', '192.168.7.30', '192.168.30.1'] Looking for DNS entry A bob-dc.com 192.168.7.30 as bob-dc.com. Looking for DNS entry A dc1.bob-dc.com 192.168.7.30 as dc1.bob-dc.com. Looking for DNS entry bob-dc.com 2002:4b46:c8ad:0:a00:27ff:fe14:5491 as bob-dc.com. Failed to find matching DNS entry bob-dc.com 2002:4b46:c8ad:0:a00:27ff:fe14:5491 Looking for DNS entry dc1.bob-dc.com 2002:4b46:c8ad:0:a00:27ff:fe14:5491 as dc1.bob-dc.com. Failed to find matching DNS entry dc1.bob-dc.com 2002:4b46:c8ad:0:a00:27ff:fe14:5491 Looking for DNS entry A gc._msdcs.bob-dc.com 192.168.7.30 as gc._msdcs.bob-dc.com. Looking for DNS entry gc._msdcs.bob-dc.com 2002:4b46:c8ad:0:a00:27ff:fe14:5491 as gc._msdcs.bob-dc.com. Failed to find matching DNS entry gc._msdcs.bob-dc.com 2002:4b46:c8ad:0:a00:27ff:fe14:5491 Looking for DNS entry CNAME 48c0fc0c-dcc1-425d-bcb2-a229d40ab48c._msdcs.bob-dc.com dc1.bob-dc.com as 48c0fc0c-dcc1-425d-bcb2-a229d40ab48c._msdcs.bob-dc.com. Looking for DNS entry SRV _kpasswd._tcp.bob-dc.com dc1.bob-dc.com 464 as _kpasswd._tcp.bob-dc.com. Checking 0 100 464 dc1.bob-dc.com. against SRV _kpasswd._tcp.bob-dc.com dc1.bob-dc.com 464 Looking for DNS entry SRV _kpasswd._udp.bob-dc.com dc1.bob-dc.com 464 as _kpasswd._udp.bob-dc.com. Checking 0 100 464 dc1.bob-dc.com. against SRV _kpasswd._udp.bob-dc.com dc1.bob-dc.com 464 Looking for DNS entry SRV _kerberos._tcp.bob-dc.com dc1.bob-dc.com 88 as _kerberos._tcp.bob-dc.com. Checking 0 100 88 dc1.bob-dc.com. against SRV _kerberos._tcp.bob-dc.com dc1.bob-dc.com 88 Looking for DNS entry SRV _kerberos._tcp.dc._msdcs.bob-dc.com dc1.bob-dc.com 88 as _kerberos._tcp.dc._msdcs.bob-dc.com. Checking 0 100 88 dc1.bob-dc.com. against SRV _kerberos._tcp.dc._msdcs.bob-dc.com dc1.bob-dc.com 88 Looking for DNS entry SRV _kerberos._tcp.default-first-site-name._sites.bob-dc.com dc1.bob-dc.com 88 as _kerberos._tcp.default-first-site-name._sites.bob-dc.com. Checking 0 100 88 dc1.bob-dc.com. against SRV _kerberos._tcp.default-first-site-name._sites.bob-dc.com dc1.bob-dc.com 88 Looking for DNS entry SRV _kerberos._tcp.default-first-site-name._sites.dc._msdcs.bob-dc.com dc1.bob-dc.com 88 as _kerberos._tcp.default-first-site-name._sites.dc._msdcs.bob-dc.com. Checking 0 100 88 dc1.bob-dc.com. against SRV _kerberos._tcp.default-first-site-name._sites.dc._msdcs.bob-dc.com dc1.bob-dc.com 88 Looking for DNS entry SRV _kerberos._udp.bob-dc.com dc1.bob-dc.com 88 as _kerberos._udp.bob-dc.com. Checking 0 100 88 dc1.bob-dc.com. against SRV _kerberos._udp.bob-dc.com dc1.bob-dc.com 88 Looking for DNS entry SRV _ldap._tcp.bob-dc.com dc1.bob-dc.com 389 as _ldap._tcp.bob-dc.com. Checking 0 100 389 dc1.bob-dc.com. against SRV _ldap._tcp.bob-dc.com dc1.bob-dc.com 389 Looking for DNS entry SRV _ldap._tcp.dc._msdcs.bob-dc.com dc1.bob-dc.com 389 as _ldap._tcp.dc._msdcs.bob-dc.com. Checking 0 100 389 dc1.bob-dc.com. against SRV _ldap._tcp.dc._msdcs.bob-dc.com dc1.bob-dc.com 389 Looking for DNS entry SRV _ldap._tcp.gc._msdcs.bob-dc.com dc1.bob-dc.com 3268 as _ldap._tcp.gc._msdcs.bob-dc.com. Checking 0 100 3268 dc1.bob-dc.com. against SRV _ldap._tcp.gc._msdcs.bob-dc.com dc1.bob-dc.com 3268 Looking for DNS entry SRV _ldap._tcp.pdc._msdcs.bob-dc.com dc1.bob-dc.com 389 as _ldap._tcp.pdc._msdcs.bob-dc.com. Checking 0 100 389 dc1.bob-dc.com. against SRV _ldap._tcp.pdc._msdcs.bob-dc.com dc1.bob-dc.com 389 Looking for DNS entry SRV _ldap._tcp.default-first-site-name._sites.bob-dc.com dc1.bob-dc.com 389 as _ldap._tcp.default-first-site-name._sites.bob-dc.com. Checking 0 100 389 dc1.bob-dc.com. against SRV _ldap._tcp.default-first-site-name._sites.bob-dc.com dc1.bob-dc.com 389 Looking for DNS entry SRV _ldap._tcp.default-first-site-name._sites.dc._msdcs.bob-dc.com dc1.bob-dc.com 389 as _ldap._tcp.default-first-site-name._sites.dc._msdcs.bob-dc.com. Checking 0 100 389 dc1.bob-dc.com. against SRV _ldap._tcp.default-first-site-name._sites.dc._msdcs.bob-dc.com dc1.bob-dc.com 389 Looking for DNS entry SRV _ldap._tcp.default-first-site-name._sites.gc._msdcs.bob-dc.com dc1.bob-dc.com 3268 as _ldap._tcp.default-first-site-name._sites.gc._msdcs.bob-dc.com. Checking 0 100
Re: [Samba] V4 - New Install - Missing Zone File
Hello Amitay, On 02/22/2012 10:07 PM, Amitay Isaacs wrote: Hi Jeremy, On Thu, Feb 23, 2012 at 3:29 PM, Jeremy Davisjdavis4...@gmail.com wrote: Hello Amitay, On 02/22/2012 02:34 PM, Amitay Isaacs wrote: Hi Jeremy, That error message needs to be fixed. :) Looks like nsupdate command is not in the path. samba_dnsupdate script uses nsupdate to dynamically update DNS entries. Try adding nsupdate command = /path/to/nsupdate in smb.conf. Amitay. Thank you SO MUCH for getting me this far!! :) That looks like it fixed that issue but I have now ran into a denied error message for bind. Below you can find my logs for both samba_dnsupdate and bind. Seems like the dns.keytab file is not correct or something. I have tried to put allow-update { 192.168.30.1; } in my options section of my named.conf with no luck. I forgot to mention that nsupdate command should also include -g flag to force secure (kerberos) updates. nsupdate command = /path/to/nsupdate -g dlz_bind9 module only allows secure dynamic updates. Amitay. I added the -g to the smb.conf and restarted samba and named but it doesn't seem to do anything. Could this be an issue with kerberos? I am able to authenticate with my Windows machine and via the command line using the tests on the samba4 wiki. Any ideas as to what this could be? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] V4 - New Install - Missing Zone File
On 02/23/2012 06:33 AM, Jeremy Davis wrote: Hello Amitay, On 02/22/2012 10:07 PM, Amitay Isaacs wrote: Hi Jeremy, On Thu, Feb 23, 2012 at 3:29 PM, Jeremy Davisjdavis4...@gmail.com wrote: Hello Amitay, On 02/22/2012 02:34 PM, Amitay Isaacs wrote: Hi Jeremy, That error message needs to be fixed. :) Looks like nsupdate command is not in the path. samba_dnsupdate script uses nsupdate to dynamically update DNS entries. Try adding nsupdate command = /path/to/nsupdate in smb.conf. I forgot to mention that nsupdate command should also include -g flag to force secure (kerberos) updates. nsupdate command = /path/to/nsupdate -g dlz_bind9 module only allows secure dynamic updates. Amitay. Thinking out loud. On ubuntu and opensuse, nsupdate is in /usr/bin which is in the path by default. Could it be rather that the op does not have /usr/local/samba/sbin in his path? Worth a try? Steve -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] V4 - New Install - Missing Zone File
Hi On 21 February 2012 13:26, JDFire jdf...@cox.net wrote: Hello List, I am trying to compile and install Samba 4 using the wiki guide on Centos 6.2. I am currently using the current source from git. It seems that the zone file used for Bind is not configured and not installed in the private directory. Is there any way to get this file generated so I can finish my install? The default DNS backend has changed to BIND9_DLZ. This means the DNS records are stored in Samba4's AD tree instead of in a normal zone file. I've not tried the above, so am not sure exactly how to set it up. There are some posts about it in the samba-technical mailing list archives, though. For the zone file, re-provision with the following option: --dns-backend=BIND9_FLATFILE The BIND9_FLATFILE backend is the old way. BIND9_DLZ and SAMBA_INTERNAL are the two new methods. BIND9_DLZ needs a recent version of bind with DLZ dlopen support. The SAMBA_INTERNAL does not yet support signed DNS updates (last I heard). Since I provisioned samba4 before the DLZ option was available I have stuck with BIND9_FLATFILE for now. If you're just starting out, you might want to try the DLZ backend. -- Michael Wood esiot...@gmail.com -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] V4 - New Install - Missing Zone File
On 02/21/2012 12:26 PM, JDFire wrote: Hello List, I am trying to compile and install Samba 4 using the wiki guide on Centos 6.2. I am currently using the current source from git. It seems that the zone file used for Bind is not configured and not installed in the private directory. Is there any way to get this file generated so I can finish my install? Thank you for your time and have a great day!! Kind regards, Jeremy Hi Armed only with this information: rerun make where you downloaded the git. Then reprovision. HTH Steve -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] V4 - New Install - Missing Zone File
The default DNS backend has changed to BIND9_DLZ. This means the DNS records are stored in Samba4's AD tree instead of in a normal zone file. I've not tried the above, so am not sure exactly how to set it up. There are some posts about it in the samba-technical mailing list archives, though. For the zone file, re-provision with the following option: --dns-backend=BIND9_FLATFILE The BIND9_FLATFILE backend is the old way. BIND9_DLZ and SAMBA_INTERNAL are the two new methods. BIND9_DLZ needs a recent version of bind with DLZ dlopen support. The SAMBA_INTERNAL does not yet support signed DNS updates (last I heard). Since I provisioned samba4 before the DLZ option was available I have stuck with BIND9_FLATFILE for now. If you're just starting out, you might want to try the DLZ backend. -- Thank you for your help! I was able to get a new Bind version to somewhat work. I was able to join an XP machine to the domain but DNS seems to not be updating correctly. Below you will find the logs that I am seeing. /var/log/messages: Feb 21 16:39:39 davis named[1163]: validating @0x24c0d30: com SOA: no valid signature found Feb 21 16:39:39 davis named[1163]: validating @0x220f220: com SOA: no valid signature found Feb 21 16:39:39 davis named[1163]: validating @0x220f220: CK0POJMG874LJREF7EFN8430QVIT8BSM.com NSEC3: no valid signature found Feb 21 16:39:39 davis named[1163]: validating @0x24c0d30: CK0POJMG874LJREF7EFN8430QVIT8BSM.com NSEC3: no valid signature found Feb 21 16:39:39 davis named[1163]: validating @0x198b010: A2MEHD73GB2UACB908FCH30EPFLFHMH7.com NSEC3: no valid signature found Feb 21 16:39:39 davis named[1163]: validating @0x24c0d30: A2MEHD73GB2UACB908FCH30EPFLFHMH7.com NSEC3: no valid signature found Feb 21 16:39:40 davis named[1163]: validating @0x24c0d30: 3RL0HJSI26SCTO21AV9TVIGIPUVPJAI1.com NSEC3: no valid signature found Feb 21 16:39:40 davis named[1163]: validating @0x198b010: 3RL0HJSI26SCTO21AV9TVIGIPUVPJAI1.com NSEC3: no valid signature found samba output in single mode: samba -i -M single samba version 4.0.0alpha18-GIT-89586ed started. Copyright Andrew Tridgell and the Samba Team 1992-2012 samba: using 'single' process model ../source4/dsdb/dns/dns_update.c:294: Failed DNS update - NT_STATUS_UNSUCCESSFUL Any ideas as to what that could me? Thank you for your time and have a great day! -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] V4 - New Install - Missing Zone File
On 02/22/2012 12:46 AM, jdf...@cox.net wrote: The default DNS backend has changed to BIND9_DLZ. This means the DNS records are stored in Samba4's AD tree instead of in a normal zone file. I've not tried the above, so am not sure exactly how to set it up. There are some posts about it in the samba-technical mailing list archives, though. For the zone file, re-provision with the following option: --dns-backend=BIND9_FLATFILE The BIND9_FLATFILE backend is the old way. BIND9_DLZ and SAMBA_INTERNAL are the two new methods. BIND9_DLZ needs a recent version of bind with DLZ dlopen support. The SAMBA_INTERNAL does not yet support signed DNS updates (last I heard). Since I provisioned samba4 before the DLZ option was available I have stuck with BIND9_FLATFILE for now. If you're just starting out, you might want to try the DLZ backend. -- Thank you for your help! I was able to get a new Bind version to somewhat work. I was able to join an XP machine to the domain but DNS seems to not be updating correctly. Below you will find the logs that I am seeing. /var/log/messages: Feb 21 16:39:39 davis named[1163]: validating @0x24c0d30: com SOA: no valid signature found Feb 21 16:39:39 davis named[1163]: validating @0x220f220: com SOA: no valid signature found Feb 21 16:39:39 davis named[1163]: validating @0x220f220: CK0POJMG874LJREF7EFN8430QVIT8BSM.com NSEC3: no valid signature found Feb 21 16:39:39 davis named[1163]: validating @0x24c0d30: CK0POJMG874LJREF7EFN8430QVIT8BSM.com NSEC3: no valid signature found Feb 21 16:39:39 davis named[1163]: validating @0x198b010: A2MEHD73GB2UACB908FCH30EPFLFHMH7.com NSEC3: no valid signature found Feb 21 16:39:39 davis named[1163]: validating @0x24c0d30: A2MEHD73GB2UACB908FCH30EPFLFHMH7.com NSEC3: no valid signature found Feb 21 16:39:40 davis named[1163]: validating @0x24c0d30: 3RL0HJSI26SCTO21AV9TVIGIPUVPJAI1.com NSEC3: no valid signature found Feb 21 16:39:40 davis named[1163]: validating @0x198b010: 3RL0HJSI26SCTO21AV9TVIGIPUVPJAI1.com NSEC3: no valid signature found samba output in single mode: samba -i -M single samba version 4.0.0alpha18-GIT-89586ed started. Copyright Andrew Tridgell and the Samba Team 1992-2012 samba: using 'single' process model ../source4/dsdb/dns/dns_update.c:294: Failed DNS update - NT_STATUS_UNSUCCESSFUL Any ideas as to what that could me? Thank you for your time and have a great day! Hi I think DLZ is the default. I didn't specify any dns-backend when provisioning but I got files I needed to include for named. I had to make 2 changes to the bind 9 config as detailed here: http://linuxcostablanca.blogspot.com/2012/01/samba-4-ubuntu.html HTH Steve -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] V4 - New Install - Missing Zone File
steve st...@steve-ss.com wrote: On 02/22/2012 12:46 AM, jdf...@cox.net wrote: The default DNS backend has changed to BIND9_DLZ. This means the DNS records are stored in Samba4's AD tree instead of in a normal zone file. I've not tried the above, so am not sure exactly how to set it up. There are some posts about it in the samba-technical mailing list archives, though. For the zone file, re-provision with the following option: --dns-backend=BIND9_FLATFILE The BIND9_FLATFILE backend is the old way. BIND9_DLZ and SAMBA_INTERNAL are the two new methods. BIND9_DLZ needs a recent version of bind with DLZ dlopen support. The SAMBA_INTERNAL does not yet support signed DNS updates (last I heard). Since I provisioned samba4 before the DLZ option was available I have stuck with BIND9_FLATFILE for now. If you're just starting out, you might want to try the DLZ backend. -- Thank you for your help! I was able to get a new Bind version to somewhat work. I was able to join an XP machine to the domain but DNS seems to not be updating correctly. Below you will find the logs that I am seeing. /var/log/messages: Feb 21 16:39:39 davis named[1163]: validating @0x24c0d30: com SOA: no valid signature found Feb 21 16:39:39 davis named[1163]: validating @0x220f220: com SOA: no valid signature found Feb 21 16:39:39 davis named[1163]: validating @0x220f220: CK0POJMG874LJREF7EFN8430QVIT8BSM.com NSEC3: no valid signature found Feb 21 16:39:39 davis named[1163]: validating @0x24c0d30: CK0POJMG874LJREF7EFN8430QVIT8BSM.com NSEC3: no valid signature found Feb 21 16:39:39 davis named[1163]: validating @0x198b010: A2MEHD73GB2UACB908FCH30EPFLFHMH7.com NSEC3: no valid signature found Feb 21 16:39:39 davis named[1163]: validating @0x24c0d30: A2MEHD73GB2UACB908FCH30EPFLFHMH7.com NSEC3: no valid signature found Feb 21 16:39:40 davis named[1163]: validating @0x24c0d30: 3RL0HJSI26SCTO21AV9TVIGIPUVPJAI1.com NSEC3: no valid signature found Feb 21 16:39:40 davis named[1163]: validating @0x198b010: 3RL0HJSI26SCTO21AV9TVIGIPUVPJAI1.com NSEC3: no valid signature found samba output in single mode: samba -i -M single samba version 4.0.0alpha18-GIT-89586ed started. Copyright Andrew Tridgell and the Samba Team 1992-2012 samba: using 'single' process model ../source4/dsdb/dns/dns_update.c:294: Failed DNS update - NT_STATUS_UNSUCCESSFUL Any ideas as to what that could me? Thank you for your time and have a great day! Hi I think DLZ is the default. I didn't specify any dns-backend when provisioning but I got files I needed to include for named. I had to make 2 changes to the bind 9 config as detailed here: http://linuxcostablanca.blogspot.com/2012/01/samba-4-ubuntu.html HTH Steve Hello Steve, I have the entries in my /etc/named.conf. Not sure what else to try. Based on the logs samba4 is unable to update DNS. And Bind is having issues with a signature by what the /var/log/messages is saying. Any ideas as to what it could be? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] V4 - New Install - Missing Zone File
-- Thank you for your help! I was able to get a new Bind version to somewhat work. I was able to join an XP machine to the domain but DNS seems to not be updating correctly. Below you will find the logs that I am seeing. /var/log/messages: Feb 21 16:39:39 davis named[1163]: validating @0x24c0d30: com SOA: no valid signature found Feb 21 16:39:39 davis named[1163]: validating @0x220f220: com SOA: no valid signature found Feb 21 16:39:39 davis named[1163]: validating @0x220f220: CK0POJMG874LJREF7EFN8430QVIT8BSM.com NSEC3: no valid signature found Feb 21 16:39:39 davis named[1163]: validating @0x24c0d30: CK0POJMG874LJREF7EFN8430QVIT8BSM.com NSEC3: no valid signature found Feb 21 16:39:39 davis named[1163]: validating @0x198b010: A2MEHD73GB2UACB908FCH30EPFLFHMH7.com NSEC3: no valid signature found Feb 21 16:39:39 davis named[1163]: validating @0x24c0d30: A2MEHD73GB2UACB908FCH30EPFLFHMH7.com NSEC3: no valid signature found Feb 21 16:39:40 davis named[1163]: validating @0x24c0d30: 3RL0HJSI26SCTO21AV9TVIGIPUVPJAI1.com NSEC3: no valid signature found Feb 21 16:39:40 davis named[1163]: validating @0x198b010: 3RL0HJSI26SCTO21AV9TVIGIPUVPJAI1.com NSEC3: no valid signature found samba output in single mode: samba -i -M single samba version 4.0.0alpha18-GIT-89586ed started. Copyright Andrew Tridgell and the Samba Team 1992-2012 samba: using 'single' process model ../source4/dsdb/dns/dns_update.c:294: Failed DNS update - NT_STATUS_UNSUCCESSFUL Any ideas as to what that could me? Thank you for your time and have a great day! Hi I think DLZ is the default. I didn't specify any dns-backend when provisioning but I got files I needed to include for named. I had to make 2 changes to the bind 9 config as detailed here: http://linuxcostablanca.blogspot.com/2012/01/samba-4-ubuntu.html HTH Steve Hello Steve, I have the entries in my /etc/named.conf. Not sure what else to try. Based on the logs samba4 is unable to update DNS. And Bind is having issues with a signature by what the /var/log/messages is saying. Any ideas as to what it could be? One note I would like to add. I am now using Bind 9.8.1 compiled from source. It seems to load the DLZ driver just fine. The issue I am having is that samba4 is trying to update DNS and can't. When I add a new server to the domain DNS can't resolve that new server. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba