On 09/01/2021 14:13, Igor Sousa via samba wrote:> Hi,
>
> I created an installation tutorial for Samba 4.12.4 Domain Controller based
> on my domain requirements on June/2020. When I've tested to follow this
> tutorial to install Samba 4.13.3, I notice some inconsistency:
>
> 1. /usr/local/samba/bind-dns/ is empty;
> 2. When I seek to dns.keytab (find /usr/local/samba -i dns.keytab),
> nothing is returned, but I find a secrets.keytab in
> /usr/local/samba/private;
> 3. I don't find named.conf in /usr/local/samba/bind-dns or
> /usr/local/samba/private. This there is in /usr/local/samba/share
>
> I verify my tutorial with the Samba Wiki topics "Setting up Samba as
an
> Active Directory Domain Controller", "Setting up a BIND DNS
Server" and
> "BIND9 DLZ DNS Back End" and I don't notice any difference
between this
> same pages that I accessed on June/2020.
>
> I'm feeling pretty dumb by this. It seems I don't see something
obvious.
>
> --
> Igor Sousa
There is a bug: https://bugzilla.samba.org/show_bug.cgi?id=14535
Basically, there is no code to create the keytab in the bind-dns
directory. The code is only required on three occasions, when a new DC
is provisioned with '? --dns-backend=BIND9_DLZ', when you upgrade from
the internal dns server to bind9 and when you join another DC with
'--dns-backend=BIND9_DLZ'. The code is there for the provision and in
samba_dnsupdate, but not for the join.
The fix (at the moment) is to change to the internal dns server with
samba_dnsupdate, then change back to bind9 with the same tool, the
keytab will then appear in the bind-dns directory.
Rowland