samba - Aug 2015 - More on bind_dlz - documentation I have not found

On 08/28/2015 09:37 AM, Rowland Penny wrote:
> On 28/08/15 14:13, Robert Moskowitz wrote:
>>
>>
>>>
>>>> I have not yet checked any ldap documentation on the wiki to
see
>>>> what it says, but I suspect a dhcp lease results in an ldap
update.
>>>> Would a lease expire remove that ldap info?
>
> It should do, if dhcp is set up correctly.
We will be getting to this shortly!
>
>>>>
>>
>> Do you mean /var/lib/samba/private/sam.ldb.d?  That is where I am 
>> finding files of interest.  I do not have the directory you provided.
>
> Yes
>
>>
>> And what is the difference between:
>>
>> /usr/share/samba/setup
>
> This stores samba docs used to install samba (or something like this)
So I need to do the includes into /etc/named.conf from there.
>
>> and
>> /var/lib/private
>
> This is where your databases etc are placed
>
>>
>> I see named.conf in both.  And the setup has other named.* files.
>>
>> But the zone htt. is NOT in there, nor would I expect it to be. 
>> normally MOST people use samba.mydomain.com and mydomain.com is found 
>> via the forwarding.  Of course there is no proper delegation of 
>> samba.mydomain.com so other systems cannot resolve that subdomain.  
>> Here I am building my own TLD, and want proper access elsewhere in my 
>> internal network, thus the htt.zone file needed.
>>
>> BTW, I do not see you using views in your named include files. From 
>> what I got beaten up long ago on the DNS list (Mark Andrews and I go 
>> back a long way in the IETF, so it is 'all in fun') that you
MUST use
>> views.
>>
>
> I personally don't use views and I don't think you really need them
in
> a samba domain
Mark is a bit of a purist; it IS much his code.  And he pretty much 
thinks in C.
>
> OK, to see the AD object for your forward zone, install ldb-tools, you 
> do this with 'apt-get install ldb-tools' on debian
> Then run this command: ldbsearch -H /var/lib/samba/private/sam.ldb 
> --cross-ncs "(DC=home.htt)"
yum install ldb-tools
Loaded plugins: fastestmirror
Shivaserv-sernet                                         | 2.9 kB     00:00
c7buildroot                                              | 2.9 kB     00:00
c7pass1                                                  | 2.9 kB     00:00
comps                                                    | 3.6 kB     00:00
epel                                                     | 4.3 kB     00:00
(1/2): epel/updateinfo                                     | 344 kB   00:01
(2/2): epel/primary_db                                     | 3.5 MB   00:04
Loading mirror speeds from cached hostfile
Package ldb-tools-1.1.17-2.el7.armv7hl is obsoleted by 
99:sernet-samba-ad-4.2.3-18.el.armv7hl which is already installed

So it is already there thanks to sernet.

# ldbsearch -H /var/lib/samba/private/sam.ldb --cross-ncs
"(DC=home.htt)"
# record 1
dn: DC=home.htt,CN=MicrosoftDNS,DC=DomainDnsZones,DC=home,DC=htt
objectClass: top
objectClass: dnsZone
instanceType: 4
whenCreated: 20150827220723.0Z
whenChanged: 20150827220723.0Z
uSNCreated: 3656
uSNChanged: 3656
showInAdvancedViewOnly: TRUE
name: home.htt
objectGUID: 34b4ec5b-bfd2-42e0-96df-c5b12a512725
objectCategory: CN=Dns-Zone,CN=Schema,CN=Configuration,DC=home,DC=htt
dNSProperty:: BAAAAAAAAAAAAAAAAQAAAAEAAAABAAAAAAAAAA=dNSProperty::
AQAAAAAAAAAAAAAAAQAAAAIAAAACAAAAAA=dNSProperty::
CAAAAAAAAAAAAAAAAQAAAAgAAAAAAAAAAAAAAAAAAAAdNSProperty::
BAAAAAAAAAAAAAAAAQAAABAAAACoAAAAAAAAAA=dNSProperty::
BAAAAAAAAAAAAAAAAQAAACAAAACoAAAAAAAAAA=dNSProperty::
BAAAAAAAAAAAAAAAAQAAAEAAAAAAAAAAAAAAAA=dNSProperty::
BAAAAAAAAAAAAAAAAQAAABIAAAAAAAAAAAAAAA=dc: home.htt
distinguishedName: 
DC=home.htt,CN=MicrosoftDNS,DC=DomainDnsZones,DC=home,DC=htt

# returned 1 records
# 1 entries
# 0 referrals

>
>>
>> Not for the samba zone, but yes for other zones.
>
> You should really just use the samba DNS server (either the builtin 
> one or bind) for the the samba zones, but I suppose you could add 
> other zones, just create them with samba-tool.
So I tried:

# samba-tool dns zonelist localhost
Failed to connect host 127.0.0.1 on port 135 - NT_STATUS_CONNECTION_REFUSED
Failed to connect host 127.0.0.1 (127.0.0.1) on port 135 - 
NT_STATUS_CONNECTION_REFUSED.
ERROR(runtime): uncaught exception - (-1073741258, 'The connection was 
refused')
   File "/usr/lib/python2.7/site-packages/samba/netcmd/__init__.py", 
line 175, in _run
     return self.run(*args, **kwargs)
   File "/usr/lib/python2.7/site-packages/samba/netcmd/dns.py", line 
809, in run
     dns_conn = dns_connect(server, self.lp, self.creds)
   File "/usr/lib/python2.7/site-packages/samba/netcmd/dns.py", line
40,
in dns_connect
     dns_conn = dnsserver.dnsserver(binding_str, lp, creds)

I THINK I have the services running...

On 28/08/15 14:55, Robert Moskowitz wrote:
>
>
> On 08/28/2015 09:37 AM, Rowland Penny wrote:
>> On 28/08/15 14:13, Robert Moskowitz wrote:
>>>
>>>
>>>>
>>>>> I have not yet checked any ldap documentation on the wiki
to see
>>>>> what it says, but I suspect a dhcp lease results in an ldap
>>>>> update. Would a lease expire remove that ldap info?
>>
>> It should do, if dhcp is set up correctly.
>
> We will be getting to this shortly!
>
>>
>>>>>
>>>
>>
>>>
>>> /usr/share/samba/setup
>>
>> This stores samba docs used to install samba (or something like this)
>
> So I need to do the includes into /etc/named.conf from there.
No, use the ones in /var/lib/samba , they should be set for you, there 
is also a krb5.conf in there, you should also use this.
>
>>
>>
>
> Mark is a bit of a purist; it IS much his code.  And he pretty much 
> thinks in C.
Well, I don't know him, so I don't have to worry about upsetting him by 
not using views :-)
>
>>
>> OK, to see the AD object for your forward zone, install ldb-tools, 
>> you do this with 'apt-get install ldb-tools' on debian
>> Then run this command: ldbsearch -H /var/lib/samba/private/sam.ldb 
>> --cross-ncs "(DC=home.htt)"
>
> yum install ldb-tools
> Loaded plugins: fastestmirror
> Shivaserv-sernet                                         | 2.9 kB     
> 00:00
> c7buildroot                                              | 2.9 kB     
> 00:00
> c7pass1                                                  | 2.9 kB     
> 00:00
> comps                                                    | 3.6 kB     
> 00:00
> epel                                                     | 4.3 kB     
> 00:00
> (1/2): epel/updateinfo                                     | 344 kB   
> 00:01
> (2/2): epel/primary_db                                     | 3.5 MB   
> 00:04
> Loading mirror speeds from cached hostfile
> Package ldb-tools-1.1.17-2.el7.armv7hl is obsoleted by 
> 99:sernet-samba-ad-4.2.3-18.el.armv7hl which is already installed
>
> So it is already there thanks to sernet.
>
> # ldbsearch -H /var/lib/samba/private/sam.ldb --cross-ncs
"(DC=home.htt)"
> # record 1
> dn: DC=home.htt,CN=MicrosoftDNS,DC=DomainDnsZones,DC=home,DC=htt
> objectClass: top
> objectClass: dnsZone
> instanceType: 4
> whenCreated: 20150827220723.0Z
> whenChanged: 20150827220723.0Z
> uSNCreated: 3656
> uSNChanged: 3656
> showInAdvancedViewOnly: TRUE
> name: home.htt
> objectGUID: 34b4ec5b-bfd2-42e0-96df-c5b12a512725
> objectCategory: CN=Dns-Zone,CN=Schema,CN=Configuration,DC=home,DC=htt
> dNSProperty:: BAAAAAAAAAAAAAAAAQAAAAEAAAABAAAAAAAAAA=> dNSProperty::
AQAAAAAAAAAAAAAAAQAAAAIAAAACAAAAAA=> dNSProperty::
CAAAAAAAAAAAAAAAAQAAAAgAAAAAAAAAAAAAAAAAAAA> dNSProperty::
BAAAAAAAAAAAAAAAAQAAABAAAACoAAAAAAAAAA=> dNSProperty::
BAAAAAAAAAAAAAAAAQAAACAAAACoAAAAAAAAAA=> dNSProperty::
BAAAAAAAAAAAAAAAAQAAAEAAAAAAAAAAAAAAAA=> dNSProperty::
BAAAAAAAAAAAAAAAAQAAABIAAAAAAAAAAAAAAA=> dc: home.htt
> distinguishedName: 
> DC=home.htt,CN=MicrosoftDNS,DC=DomainDnsZones,DC=home,DC=htt
>
> # returned 1 records
> # 1 entries
> # 0 referrals
>
>
>>
>>>
>>> Not for the samba zone, but yes for other zones.
>>
>> You should really just use the samba DNS server (either the builtin 
>> one or bind) for the the samba zones, but I suppose you could add 
>> other zones, just create them with samba-tool.
>
> So I tried:
>
> # samba-tool dns zonelist localhost
> Failed to connect host 127.0.0.1 on port 135 - 
> NT_STATUS_CONNECTION_REFUSED
> Failed to connect host 127.0.0.1 (127.0.0.1) on port 135 - 
> NT_STATUS_CONNECTION_REFUSED.
> ERROR(runtime): uncaught exception - (-1073741258, 'The connection was 
> refused')
>   File
"/usr/lib/python2.7/site-packages/samba/netcmd/__init__.py",
> line 175, in _run
>     return self.run(*args, **kwargs)
>   File "/usr/lib/python2.7/site-packages/samba/netcmd/dns.py",
line
> 809, in run
>     dns_conn = dns_connect(server, self.lp, self.creds)
>   File "/usr/lib/python2.7/site-packages/samba/netcmd/dns.py",
line
> 40, in dns_connect
>     dns_conn = dnsserver.dnsserver(binding_str, lp, creds)
>
> I THINK I have the services running...
>
make sure samba is running and try this:

samba-tool dns zonelist localhost -U Administrator

On 08/28/2015 10:03 AM, Rowland Penny wrote:
>
> make sure samba is running 
what services.  This is systemd which does not have a real chkconfig 
--list, but I do get:

sernet-samba-ad        0:off   1:off   2:off   3:on    4:off 5:on    6:off
sernet-samba-ctdb       0:off   1:off   2:off   3:on    4:off 5:on    6:off
sernet-samba-nmbd       0:off   1:off   2:off   3:on    4:off 5:on    6:off
sernet-samba-smbd       0:off   1:off   2:off   3:on    4:off 5:on    6:off
sernet-samba-winbindd   0:off   1:off   2:off   3:on    4:off 5:on    6:off

# service sernet-samba-smbd status
/etc/init.d/sernet-samba-smbd wants to status but SAMBA_START_MODE is 
set to "none".
Disable /etc/init.d/sernet-samba-smbd or set SAMBA_START_MODE in
/etc/default/sernet-samba to "classic".
Exiting gracefully now.                                    [WARNING]

and

# systemctl -l status sernet-samba-smbd
sernet-samba-smbd.service - LSB: initscript for the SAMBA smbd
    Loaded: loaded (/etc/rc.d/init.d/sernet-samba-smbd)
    Active: active (exited) since Wed 1969-12-31 19:00:34 EST; 45 years 
7 months ago

Dec 31 19:00:34 homebase.home.htt sernet-samba-smbd[1118]: 
/etc/rc.d/init.d/sernet-samba-smbd wants to start but SAMBA_START_MODE 
is set to "none".
Dec 31 19:00:34 homebase.home.htt sernet-samba-smbd[1118]: Disable 
/etc/rc.d/init.d/sernet-samba-smbd or set SAMBA_START_MODE in
Dec 31 19:00:34 homebase.home.htt sernet-samba-smbd[1118]: 
/etc/default/sernet-samba to "classic".
Dec 31 19:00:34 homebase.home.htt sernet-samba-smbd[1118]: Exiting 
gracefully now.[WARNING]
Dec 31 19:00:34 homebase.home.htt systemd[1]: Started LSB: initscript 
for the SAMBA smbd.


> and try this:
>
> samba-tool dns zonelist localhost -U Administrator
>
>
>

On 08/28/2015 10:22 AM, Ed Byrne wrote:
> On Fri, 28 Aug 2015, Robert Moskowitz wrote:
>
>>>  make sure samba is running 
>>
>> what services.  This is systemd which does not have a real chkconfig 
>> --list, but I do get:
>>
>> sernet-samba-ad        0:off   1:off   2:off   3:on    4:off 5:on    
>> 6:off
>
> This is the one you want.  However, the init script will not start it 
> unless you also edit /etc/default/sernet-samba and set 
> SAMBA_START_MODE to "ad".
>
> It will also start smbd and nmbd as needed, you don't need to enable 
> the other samba services.
>
>
# systemctl enable sernet-samba-ad
sernet-samba-ad.service is not a native service, redirecting to 
/sbin/chkconfig.
Executing /sbin/chkconfig sernet-samba-ad on
The unit files have no [Install] section. They are not meant to be enabled
using systemctl.
Possible reasons for having this kind of units are:
1) A unit may be statically enabled by being symlinked from another unit's
    .wants/ or .requires/ directory.
2) A unit's purpose may be to act as a helper for some other unit which has
    a requirement dependency on it.
3) A unit may be started when needed via activation (socket, path, timer,
    D-Bus, udev, scripted systemctl call, ...).

and still no 135...

Are you setting up a AD DC or old style NT PDC ? 

see :  
/etc/default/sernet-samba to "classic". for NT PDC 
/etc/default/sernet-samba to "ad". for AD DC. 


greetz, 

Louis

>-----Oorspronkelijk bericht-----
>Van: samba [mailto:samba-bounces at lists.samba.org] Namens 
>Robert Moskowitz
>Verzonden: vrijdag 28 augustus 2015 16:13
>Aan: Rowland Penny; samba at lists.samba.org
>Onderwerp: Re: [Samba] More on bind_dlz - documentation I have 
>not found
>
>
>
>On 08/28/2015 10:03 AM, Rowland Penny wrote:
>
>>
>> make sure samba is running 
>
>what services.  This is systemd which does not have a real chkconfig 
>--list, but I do get:
>
>sernet-samba-ad        0:off   1:off   2:off   3:on    4:off 
>5:on    6:off
>sernet-samba-ctdb       0:off   1:off   2:off   3:on    4:off 
>5:on    6:off
>sernet-samba-nmbd       0:off   1:off   2:off   3:on    4:off 
>5:on    6:off
>sernet-samba-smbd       0:off   1:off   2:off   3:on    4:off 
>5:on    6:off
>sernet-samba-winbindd   0:off   1:off   2:off   3:on    4:off 
>5:on    6:off
>
># service sernet-samba-smbd status
>/etc/init.d/sernet-samba-smbd wants to status but SAMBA_START_MODE is 
>set to "none".
>Disable /etc/init.d/sernet-samba-smbd or set SAMBA_START_MODE in
>/etc/default/sernet-samba to "classic".
>Exiting gracefully now.                                    [WARNING]
>
>and
>
># systemctl -l status sernet-samba-smbd
>sernet-samba-smbd.service - LSB: initscript for the SAMBA smbd
>    Loaded: loaded (/etc/rc.d/init.d/sernet-samba-smbd)
>    Active: active (exited) since Wed 1969-12-31 19:00:34 EST; 
>45 years 
>7 months ago
>
>Dec 31 19:00:34 homebase.home.htt sernet-samba-smbd[1118]: 
>/etc/rc.d/init.d/sernet-samba-smbd wants to start but SAMBA_START_MODE 
>is set to "none".
>Dec 31 19:00:34 homebase.home.htt sernet-samba-smbd[1118]: Disable 
>/etc/rc.d/init.d/sernet-samba-smbd or set SAMBA_START_MODE in
>Dec 31 19:00:34 homebase.home.htt sernet-samba-smbd[1118]: 
>/etc/default/sernet-samba to "classic".
>Dec 31 19:00:34 homebase.home.htt sernet-samba-smbd[1118]: Exiting 
>gracefully now.[WARNING]
>Dec 31 19:00:34 homebase.home.htt systemd[1]: Started LSB: initscript 
>for the SAMBA smbd.
>
>
>
>> and try this:
>>
>> samba-tool dns zonelist localhost -U Administrator
>>
>>
>>
>
>
>-- 
>To unsubscribe from this list go to the following URL and read the
>instructions:  https://lists.samba.org/mailman/options/samba
>
>