( the copy of the list, but i've added the bind9 steps. )
The correct lines, i forgot the echo's.. :-//
First DC1
SERVER_IP=$(ip -o route get to 8.8.8.8 | sed -n 's/.*src
\([0-9.]\+\).*/\1/p')
echo "search $(hostname -d)" > resolv.conf.new
echo "nameserver ${SERVER_IP}" >> resolv.conf.new
echo "nameserver 8.8.8.8 # because we want a fallback to internet, for
now." >> resolv.conf.new
mv /etc/resolv.conf{,.backup}
mv /etc/resolv.conf.new /etc/resolv.conf
# Check resolv.conf before you reboot !
samba_upgradedns --dns-backend=BIND9_DLZ
And just to make sure..
install -d /var/lib/samba/bind-dns -o root -g bind -m 750
# If already exits (/var/lib/samba/bind-dns) , just run it doesnt heart
chgrp bind /var/lib/samba/bind-dns
chgrp bind /var/lib/samba/bind-dns/dns
mv /var/lib/samba/private/dns.keytab /var/lib/samba/bind-dns/dns.keytab
chown root:bind /var/lib/samba/bind-dns/dns.keytab
In /etc/bind/named.conf.options
dnssec-validation no;
auth-nxdomain yes;
notify no;
minimal-responses yes;
empty-zones-enable no;
tkey-gssapi-keytab "/var/lib/samba/bind-dns/dns.keytab";
And in /etc/bind/named.conf.local
include "/var/lib/samba/bind-dns/named.conf";
# Change the path in that line (you might see private in there )
Now you can reboot DC1.
Then DC2 before the reboot of DC2.
SERVER_IP=$(ip -o route get to 8.8.8.8 | sed -n 's/.*src
\([0-9.]\+\).*/\1/p')
echo "search $(hostname -d)" > resolv.conf.new
for x in `host $(hostname -d) |grep -Evi mail|grep -v ${SERVER_IP} |awk '{
print $NF }'` ; \
do echo "nameserver ${x}" >> /etc/resolv.conf.new ; done
echo "nameserver ${SERVER_IP}" >> resolv.conf.new
mv /etc/resolv.conf{,.backup-1}
mv /etc/resolv.conf.new /etc/resolv.conf
# Check resolv.conf before you reboot !
samba_upgradedns --dns-backend=BIND9_DLZ
And just to make sure..
install -d /var/lib/samba/bind-dns -o root -g bind -m 750
# If already exits (/var/lib/samba/bind-dns) , just run it doesnt heart
chgrp bind /var/lib/samba/bind-dns
chgrp bind /var/lib/samba/bind-dns/dns
mv /var/lib/samba/private/dns.keytab /var/lib/samba/bind-dns/dns.keytab
chown root:bind /var/lib/samba/bind-dns/dns.keytab
In /etc/bind/named.conf.options
dnssec-validation no;
auth-nxdomain yes;
notify no;
minimal-responses yes;
empty-zones-enable no;
tkey-gssapi-keytab "/var/lib/samba/bind-dns/dns.keytab";
include "/var/lib/samba/bind-dns/named.conf";
# Change the path in that line (you might see private in there )
Now you can reboot DC2
Then DC2 after the reboot of DC2.
SERVER_IP=$(ip -o route get to 8.8.8.8 | sed -n 's/.*src
\([0-9.]\+\).*/\1/p')
echo "search $(hostname -d)" > resolv.conf.new
echo "nameserver ${SERVER_IP}" >> resolv.conf.new
for x in `host $(hostname -d) |grep -Evi mail|grep -v ${SERVER_IP} |awk '{
print $NF }'` ; \
do echo "nameserver ${x}" >> /etc/resolv.conf.new ; done
mv /etc/resolv.conf{,.backup-2}
mv /etc/resolv.conf.new /etc/resolv.conf
# Check resolv.conf before you reboot !
> -----Oorspronkelijk bericht-----
> Van: Joachim Lindenberg [mailto:samba at lindenberg.one]
> Verzonden: donderdag 22 oktober 2020 20:49
> Aan: 'Rowland penny'
> Onderwerp: AW: [Samba] new dc does not allow login..?
>
> Ok, /etc/hosts was incomplete. Hostnames now as expected.
> Actually the test script "checks /etc/hostname", but likely
> later than you.
>
> root at cobra:/home/joachim# ./samba-collect-debug-info.sh
> Please wait, collecting debug info.
>
> Password for Administrator at SAMBA.LINDENBERG.ONE:
> INFO 2020-10-22 18:41:27,361 pid:2037
> /usr/lib/python3/dist-packages/samba/netcmd/testparm.py #96:
> Loaded smb config files from /etc/samba/smb.conf
> INFO 2020-10-22 18:41:27,361 pid:2037
> /usr/lib/python3/dist-packages/samba/netcmd/testparm.py #97:
> Loaded services file OK.
> Failed to bind to uuid 50abc2a4-574d-40b3-9d66-ee4fd5fba076
> for
> ncacn_ip_tcp:192.168.177.19[49153,sign,target_hostname=cobra.s
> amba.lindenberg.one,abstract_syntax=50abc2a4-574d-40b3-9d66-ee
> 4fd5fba076/0x00000005,localaddress=192.168.177.19]
> NT_STATUS_LOGON_FAILURE
> ERROR: Connecting to DNS RPC server
> cobra.samba.lindenberg.one failed with (3221225581, 'The
> attempted logon is invalid. This is either due to a bad
> username or authentication information.')
> Failed to bind to uuid 50abc2a4-574d-40b3-9d66-ee4fd5fba076
> for
> ncacn_ip_tcp:192.168.177.19[49153,sign,target_hostname=cobra.s
> amba.lindenberg.one,abstract_syntax=50abc2a4-574d-40b3-9d66-ee
> 4fd5fba076/0x00000005,localaddress=192.168.177.19]
> NT_STATUS_LOGON_FAILURE
> ERROR: Connecting to DNS RPC server
> cobra.samba.lindenberg.one failed with (3221225581, 'The
> attempted logon is invalid. This is either due to a bad
> username or authentication information.')
> The debug info about your system can be found in this file:
> /tmp/samba-debug-info.txt
> Please check this and if required, sanitise it.
> Then copy & paste it into an email to the samba list
> Do not attach it to the email, the Samba mailing list strips
> attachments.
>
> root at cobra:/home/joachim# cat /tmp/samba-debug-info.txt
> Collected config --- 2020-10-22-18:41 -----------
>
> Hostname: cobra
> DNS Domain: samba.lindenberg.one
> FQDN: cobra.samba.lindenberg.one
> ipaddress: 192.168.177.19
>
> -----------
>
> Kerberos SRV _kerberos._tcp.samba.lindenberg.one record
> verified ok, sample output:
> Server: 192.168.177.18
> Address: 192.168.177.18#53
>
> _kerberos._tcp.samba.lindenberg.one service = 0 100 88
> boa.samba.lindenberg.one.
> _kerberos._tcp.samba.lindenberg.one service = 0 100 88
> cobra.samba.lindenberg.one.
> Samba is running as an AD DC
>
> -----------
> Checking file: /etc/os-release
>
> NAME="Ubuntu"
> VERSION="20.04.1 LTS (Focal Fossa)"
> ID=ubuntu
> ID_LIKE=debian
> PRETTY_NAME="Ubuntu 20.04.1 LTS"
> VERSION_ID="20.04"
> HOME_URL="https://www.ubuntu.com/"
> SUPPORT_URL="https://help.ubuntu.com/"
> BUG_REPORT_URL="https://bugs.launchpad.net/ubuntu/"
> PRIVACY_POLICY_URL="https://www.ubuntu.com/legal/terms-and-pol
> icies/privacy-policy"
> VERSION_CODENAME=focal
> UBUNTU_CODENAME=focal
>
> -----------
>
>
> This computer is running Ubuntu 20.04.1 LTS x86_64
>
> -----------
> running command : ip a
> 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state
> UNKNOWN group default qlen 1000
> link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
> inet 127.0.0.1/8 scope host lo
> inet6 ::1/128 scope host
> 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq
> state UP group default qlen 1000
> link/ether 00:15:5d:b1:0c:50 brd ff:ff:ff:ff:ff:ff
> inet 192.168.177.19/24 brd 192.168.177.255 scope global eth0
> inet6 fe80::215:5dff:feb1:c50/64 scope link
>
> -----------
> Checking file: /etc/hosts
>
> 127.0.0.1 localhost
> 192.168.177.19 cobra.samba.lindenberg.one cobra
>
> # The following lines are desirable for IPv6 capable hosts
> ::1 ip6-localhost ip6-loopback
> fe00::0 ip6-localnet
> ff00::0 ip6-mcastprefix
> ff02::1 ip6-allnodes
> ff02::2 ip6-allrouters
>
> -----------
>
> Checking file: /etc/resolv.conf
>
> nameserver 192.168.177.18
> search samba.lindenberg.one
>
> -----------
>
> Checking file: /etc/krb5.conf
>
> [libdefaults]
> default_realm = SAMBA.LINDENBERG.ONE
>
> # The following krb5.conf variables are only for MIT Kerberos.
> kdc_timesync = 1
> ccache_type = 4
> forwardable = true
> proxiable = true
>
> # The following encryption type specification will be used by
> MIT Kerberos
> # if uncommented. In general, the defaults in the MIT
> Kerberos code are
> # correct and overriding these specifications only serves to
> disable new
> # encryption types as they are added, creating
> interoperability problems.
> #
> # The only time when you might need to uncomment these lines
> and change
> # the enctypes is if you have local software that will break on ticket
> # caches containing ticket encryption types it doesn't know
> about (such as
> # old versions of Sun Java).
>
> # default_tgs_enctypes = des3-hmac-sha1
> # default_tkt_enctypes = des3-hmac-sha1
> # permitted_enctypes = des3-hmac-sha1
>
> # The following libdefaults parameters are only for Heimdal Kerberos.
> fcc-mit-ticketflags = true
>
> [realms]
> ATHENA.MIT.EDU = {
> kdc = kerberos.mit.edu
> kdc = kerberos-1.mit.edu
> kdc = kerberos-2.mit.edu:88
> admin_server = kerberos.mit.edu
> default_domain = mit.edu
> }
> ZONE.MIT.EDU = {
> kdc = casio.mit.edu
> kdc = seiko.mit.edu
> admin_server = casio.mit.edu
> }
> CSAIL.MIT.EDU = {
> admin_server = kerberos.csail.mit.edu
> default_domain = csail.mit.edu
> }
> IHTFP.ORG = {
> kdc = kerberos.ihtfp.org
> admin_server = kerberos.ihtfp.org
> }
> 1TS.ORG = {
> kdc = kerberos.1ts.org
> admin_server = kerberos.1ts.org
> }
> ANDREW.CMU.EDU = {
> admin_server = kerberos.andrew.cmu.edu
> default_domain = andrew.cmu.edu
> }
> CS.CMU.EDU = {
> kdc = kerberos-1.srv.cs.cmu.edu
> kdc = kerberos-2.srv.cs.cmu.edu
> kdc = kerberos-3.srv.cs.cmu.edu
> admin_server = kerberos.cs.cmu.edu
> }
> DEMENTIA.ORG = {
> kdc = kerberos.dementix.org
> kdc = kerberos2.dementix.org
> admin_server = kerberos.dementix.org
> }
> stanford.edu = {
> kdc = krb5auth1.stanford.edu
> kdc = krb5auth2.stanford.edu
> kdc = krb5auth3.stanford.edu
> master_kdc = krb5auth1.stanford.edu
> admin_server = krb5-admin.stanford.edu
> default_domain = stanford.edu
> }
> UTORONTO.CA = {
> kdc = kerberos1.utoronto.ca
> kdc = kerberos2.utoronto.ca
> kdc = kerberos3.utoronto.ca
> admin_server = kerberos1.utoronto.ca
> default_domain = utoronto.ca
> }
>
> [domain_realm]
> .mit.edu = ATHENA.MIT.EDU
> mit.edu = ATHENA.MIT.EDU
> .media.mit.edu = MEDIA-LAB.MIT.EDU
> media.mit.edu = MEDIA-LAB.MIT.EDU
> .csail.mit.edu = CSAIL.MIT.EDU
> csail.mit.edu = CSAIL.MIT.EDU
> .whoi.edu = ATHENA.MIT.EDU
> whoi.edu = ATHENA.MIT.EDU
> .stanford.edu = stanford.edu
> .slac.stanford.edu = SLAC.STANFORD.EDU
> .toronto.edu = UTORONTO.CA
> .utoronto.ca = UTORONTO.CA
>
> -----------
>
> Checking file: /etc/nsswitch.conf
>
> # /etc/nsswitch.conf
> #
> # Example configuration of GNU Name Service Switch functionality.
> # If you have the `glibc-doc-reference' and `info' packages
> installed, try:
> # `info libc "Name Service Switch"' for information about
this file.
>
> passwd: files systemd
> group: files systemd
> shadow: files
> gshadow: files
>
> hosts: files dns
> networks: files
>
> protocols: db files
> services: db files
> ethers: db files
> rpc: db files
>
> netgroup: nis
>
> -----------
>
> Checking file: /etc/samba/smb.conf
>
> # Global parameters
> [global]
> netbios name = COBRA
> realm = SAMBA.LINDENBERG.ONE
> server role = active directory domain controller
> server services = s3fs, rpc, nbt, wrepl, ldap, cldap,
> kdc, drepl, winbindd, ntp_signd, kcc, dnsupdate
> workgroup = SAMBA
>
> [sysvol]
> path = /var/lib/samba/sysvol
> read only = No
>
> [netlogon]
> path = /var/lib/samba/sysvol/samba.lindenberg.one/scripts
> read only = No
>
> -----------
>
> Detected bind DLZ enabled..
> Checking file: /etc/bind/named.conf
>
> // This is the primary configuration file for the BIND DNS
> server named.
> //
> // Please read /usr/share/doc/bind9/README.Debian.gz for
> information on the
> // structure of BIND configuration files in Debian, *BEFORE*
> you customize
> // this configuration file.
> //
> // If you are just adding zones, please do that in
> /etc/bind/named.conf.local
>
> include "/etc/bind/named.conf.options";
> include "/etc/bind/named.conf.local";
> include "/etc/bind/named.conf.default-zones";
>
> -----------
>
> Checking file: /etc/bind/named.conf.options
>
> acl "trusted" {
> 192.168.0.0/16;
> };
>
> options {
> directory "/var/cache/bind";
>
> // If there is a firewall between you and nameservers you want
> // to talk to, you may need to fix the firewall to
> allow multiple
> // ports to talk. See http://www.kb.cert.org/vuls/id/800113
>
> // If your ISP provided one or more IP addresses for stable
> // nameservers, you probably want to use them as forwarders.
> // Uncomment the following block, and insert the
> addresses replacing
> // the all-0's placeholder.
>
> forwarders {
> 192.168.177.7;
> };
>
>
> //===========================================================>
===========> // If BIND logs error messages about the root key
> being expired,
> // you will need to update your keys. See
> https://www.isc.org/bind-keys
>
> //===========================================================>
===========> dnssec-validation auto;
>
> listen-on-v6 { none; };
> recursion yes;
> allow-recursion { trusted;localhost; };
> tkey-gssapi-keytab "/var/lib/samba/private/dns.keytab";
> minimal-responses yes;
> allow-transfer { none; };
> };
>
> -----------
>
> Checking file: /etc/bind/named.conf.local
>
> //
> // Do any local configuration here
> //
>
> // Consider adding the 1918 zones here, if they are not used in your
> // organization
> //include "/etc/bind/zones.rfc1918";
>
> include "/var/lib/samba/bind-dns/named.conf";
>
> -----------
>
> Checking file: /etc/bind/named.conf.default-zones
>
> // prime the server with knowledge of the root servers
> zone "." {
> type hint;
> file "/usr/share/dns/root.hints";
> };
>
> // be authoritative for the localhost forward and reverse
> zones, and for
> // broadcast zones as per RFC 1912
>
> zone "localhost" {
> type master;
> file "/etc/bind/db.local";
> };
>
> zone "127.in-addr.arpa" {
> type master;
> file "/etc/bind/db.127";
> };
>
> zone "0.in-addr.arpa" {
> type master;
> file "/etc/bind/db.0";
> };
>
> zone "255.in-addr.arpa" {
> type master;
> file "/etc/bind/db.255";
> };
>
> -----------
>
> Samba DNS zone list:
> Samba DNS zone list Automated check :
>
> Installed packages:
> ii acl 2.2.53-6
> amd64 access control list - utilities
> ii attr 1:2.4.48-5
> amd64 utilities for manipulating
> filesystem extended attributes
> ii bind9 1:9.16.1-0ubuntu2.3
> amd64 Internet Domain Name Server
> ii bind9-dnsutils 1:9.16.1-0ubuntu2.3
> amd64 Clients provided with BIND 9
> ii bind9-doc 1:9.16.1-0ubuntu2.3
> all Documentation for BIND 9
> ii bind9-host 1:9.16.1-0ubuntu2.3
> amd64 DNS Lookup Utility
> ii bind9-libs:amd64 1:9.16.1-0ubuntu2.3
> amd64 Shared Libraries used by BIND 9
> ii bind9-utils 1:9.16.1-0ubuntu2.3
> amd64 Utilities for BIND 9
> ii bind9utils 1:9.16.1-0ubuntu2.3
> all Transitional package for bind9-utils
> ii dnsutils 1:9.16.1-0ubuntu2.3
> all Transitional package for bind9-dnsutils
> ii krb5-config 2.6ubuntu1
> all Configuration files for
> Kerberos Version 5
> ii krb5-locales 1.17-6ubuntu4
> all internationalization support
> for MIT Kerberos
> ii krb5-user 1.17-6ubuntu4
> amd64 basic programs to authenticate
> using MIT Kerberos
> ii libacl1:amd64 2.2.53-6
> amd64 access control list - shared library
> ii libattr1:amd64 1:2.4.48-5
> amd64 extended attribute handling -
> shared library
> ii libgssapi-krb5-2:amd64 1.17-6ubuntu4
> amd64 MIT Kerberos runtime libraries
> - krb5 GSS-API Mechanism
> ii libkrb5-26-heimdal:amd64 7.7.0+dfsg-1ubuntu1
> amd64 Heimdal Kerberos - libraries
> ii libkrb5-3:amd64 1.17-6ubuntu4
> amd64 MIT Kerberos runtime libraries
> ii libkrb5support0:amd64 1.17-6ubuntu4
> amd64 MIT Kerberos runtime libraries
> - Support library
> ii libnss-winbind:amd64
> 2:4.12.8+dfsg-0.1focal1 amd64 Samba
> nameservice integration plugins
> ii libpam-krb5:amd64 4.8-2ubuntu1
> amd64 PAM module for MIT Kerberos
> ii libpam-winbind:amd64
> 2:4.12.8+dfsg-0.1focal1 amd64 Windows
> domain authentication integration plugin
> ii libsmbclient:amd64
> 2:4.12.8+dfsg-0.1focal1 amd64 shared
> library for communication with SMB/CIFS servers
> ii libwbclient0:amd64
> 2:4.12.8+dfsg-0.1focal1 amd64 Samba
> winbind client library
> ii python3-attr 19.3.0-2
> all Attributes without boilerplate
> (Python 3)
> ii python3-nacl 1.3.0-5
> amd64 Python bindings to libsodium (Python 3)
> ii python3-samba
> 2:4.12.8+dfsg-0.1focal1 amd64 Python 3
> bindings for Samba
> ii samba
> 2:4.12.8+dfsg-0.1focal1 amd64 SMB/CIFS
> file, print, and login server for Unix
> ii samba-common
> 2:4.12.8+dfsg-0.1focal1 all common
> files used by both the Samba server and client
> ii samba-common-bin
> 2:4.12.8+dfsg-0.1focal1 amd64 Samba
> common files used by both the server and the client
> ii samba-dsdb-modules:amd64
> 2:4.12.8+dfsg-0.1focal1 amd64 Samba
> Directory Services Database
> ii samba-libs:amd64
> 2:4.12.8+dfsg-0.1focal1 amd64 Samba core
> libraries
> ii samba-vfs-modules:amd64
> 2:4.12.8+dfsg-0.1focal1 amd64 Samba
> Virtual FileSystem plugins
> ii smbclient
> 2:4.12.8+dfsg-0.1focal1 amd64
> command-line SMB/CIFS clients for Unix
> ii winbind
> 2:4.12.8+dfsg-0.1focal1 amd64 service to
> resolve user and group information from Windows NT servers
>
>
> Thanks, Joachim
>
>
> -----Urspr?ngliche Nachricht-----
> Von: samba <samba-bounces at lists.samba.org> Im Auftrag von
> Rowland penny via samba
> Gesendet: Thursday, 22 October 2020 20:28
> An: sambalist <samba at lists.samba.org>
> Betreff: Re: [Samba] new dc does not allow login..?
>
> Please see replies inline:
>
> On 22/10/2020 19:06, Joachim Lindenberg wrote:
> > root at cobra:/home/joachim# cat /tmp/samba-debug-info.txt Collected
> > config --- 2020-10-22-17:57 -----------
> >
> > Hostname: cobra
> > DNS Domain:
> > FQDN: cobra
> > ipaddress: 192.168.177.19
>
> I actually expected more output, but lets start with what we have :-)
>
> You do not seem to have a domain name, you need to fix this,
> not sure just what Ubuntu 20.04 uses, but you need to fix it
> so that the following commands print the following output
>
> hostname -s
>
> cobra
>
> hostname -d
>
> samba.lindenberg.one
>
> hostname -f
>
> cobra.samba.lindenberg.one
>
> hostname -i
>
> 192.168.177.19
>
> >
> > -----------
> >
> > WARNING: kinit Administrator will fail and this needs to be
> fixed first.
> > unable to verify DNS kerberos._tcp SRV records
> >
> > Server: 192.168.177.18
> > Address: 192.168.177.18#53
> >
> > ** server can't find _kerberos._tcp: NXDOMAIN
> This could be because it isn't asking itself, the DC should
> use its own IP as the first nameserver in /etc/resolv.conf,
> so what is '192.168.177.19' ?
> >
> > kinit Adminstrator done manually does work or at least does
> not report any error.
> >
> > when I dig manually I get SRV records:
> >
> > root at cobra:/home/joachim# dig -t SRV
> > _kerberos._tcp.samba.lindenberg.one
> >
> > ; <<>> DiG 9.16.1-Ubuntu <<>> -t SRV
> > _kerberos._tcp.samba.lindenberg.one
> > ;; global options: +cmd
> > ;; Got answer:
> > ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 9893
;;
> flags: qr
> > aa rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 1
> >
> > ;; OPT PSEUDOSECTION:
> > ; EDNS: version: 0, flags:; udp: 4096
> > ; COOKIE: c60e03fcc592f9949fb4fc8e5f91c878ed0f2c5c525380ca
> (good) ;;
> > QUESTION SECTION:
> > ;_kerberos._tcp.samba.lindenberg.one. IN SRV
> >
> > ;; ANSWER SECTION:
> > _kerberos._tcp.samba.lindenberg.one. 900 IN SRV 0 100 88
> boa.samba.lindenberg.one.
> > _kerberos._tcp.samba.lindenberg.one. 900 IN SRV 0 100 88
> cobra.samba.lindenberg.one.
> >
> > ;; Query time: 4 msec
> > ;; SERVER: 192.168.177.18#53(192.168.177.18) ;; WHEN: Thu Oct 22
> > 17:59:20 UTC 2020 ;; MSG SIZE rcvd: 182
> >
> > (actually I missed them initially as dns_update did not work, and
> > fixed both)
> Again that is using '192.168.177.18'
> > Just in case, my smb.conf looks as follows:
> >
> > # Global parameters
> > [global]
> > netbios name = COBRA
> > realm = SAMBA.LINDENBERG.ONE
> > server role = active directory domain controller
> > server services = s3fs, rpc, nbt, wrepl, ldap,
> cldap, kdc, drepl, winbindd, ntp_signd, kcc, dnsupdate
> > workgroup = SAMBA
> >
> > [sysvol]
> > path = /var/lib/samba/sysvol
> > read only = No
> >
> > [netlogon]
> > path = /var/lib/samba/sysvol/samba.lindenberg.one/scripts
> > read only = No
>
> About all I can tell from that is that you are using Bind9,
> so you will manually have to set /var/lib/samba/bind-dns/named.conf.
>
> Open it in an editor and check if any of the lines that have
> 'database'
> in them have been uncommented (I don't think they will have),
> if not, uncomment the last one, under '# For BIND 9.11.x'
>
> Once you have fixed the problems highlighted above, re-run the script.
>
> Rowland
>
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
>