samba - Jul 2015 - Strange issue with share access on domain controllers

Le 13/07/2015 17:17, Rowland Penny a écrit :
> On 13/07/15 16:11, Sébastien Le Ray wrote:
>>
>>
>> Le 13/07/2015 17:02, Rowland Penny a écrit :
>>> On 13/07/15 15:57, Sébastien Le Ray wrote:
>>>> Le 13/07/2015 16:51, Rowland Penny a écrit :
>>>>> On 12/07/15 17:41, Sébastien Le Ray wrote:
>>>>>>         dns forwarder = 127.0.0.1
>>>>> Why is the DC forwarding unknown DNS addresses to itself ?
>>>> It isn't 127.0.0.1 is not part of the interfaces directive
:-)
>>>
>>> OK then, what is running on 127.0.0.1:53 ??
>>
>> Bind as a slave + recursive resolver
>
> Then it is undoubtedly interfering with the samba DNS server which 
> will also be trying to run on port 53!
>
> Just run one of them, either the internal DNS server or the Bind DNS 
> server, not both.
>
> Rowland
>
No it won't since bind interfaces prevents samba to bind on 127.0.0.1 :-)

On 13/07/15 16:25, Sébastien Le Ray wrote:
> Le 13/07/2015 17:17, Rowland Penny a écrit :
>> On 13/07/15 16:11, Sébastien Le Ray wrote:
>>>
>>>
>>> Le 13/07/2015 17:02, Rowland Penny a écrit :
>>>> On 13/07/15 15:57, Sébastien Le Ray wrote:
>>>>> Le 13/07/2015 16:51, Rowland Penny a écrit :
>>>>>> On 12/07/15 17:41, Sébastien Le Ray wrote:
>>>>>>>         dns forwarder = 127.0.0.1
>>>>>> Why is the DC forwarding unknown DNS addresses to
itself ?
>>>>> It isn't 127.0.0.1 is not part of the interfaces
directive :-)
>>>>
>>>> OK then, what is running on 127.0.0.1:53 ??
>>>
>>> Bind as a slave + recursive resolver
>>
>> Then it is undoubtedly interfering with the samba DNS server which 
>> will also be trying to run on port 53!
>>
>> Just run one of them, either the internal DNS server or the Bind DNS 
>> server, not both.
>>
>> Rowland
>>
> No it won't since bind interfaces prevents samba to bind on 127.0.0.1
:-)
Are you sure about that ?

 From man smb.conf:

        interfaces (G)

            This option allows you to override the default network 
interfaces
            list that Samba will use for browsing, name registration and 
other
            NetBIOS over TCP/IP (NBT) traffic. By default Samba will 
query the
            kernel for the list of all active interfaces and use any 
interfaces
            except 127.0.0.1 that are broadcast capable.

What I do not really understand is, why go to all the trouble of running 
Bind on the DC and not use it for Samba 4 DNS.

Rowland

Le 13/07/2015 17:34, Rowland Penny a écrit :
> Are you sure about that ?
Yes since everything is running smoothly
>
> From man smb.conf:
>
>        interfaces (G)
>
>            This option allows you to override the default network 
> interfaces
>            list that Samba will use for browsing, name registration 
> and other
>            NetBIOS over TCP/IP (NBT) traffic. By default Samba will 
> query the
>            kernel for the list of all active interfaces and use any 
> interfaces
>            except 127.0.0.1 that are broadcast capable.
>
> What I do not really understand is, why go to all the trouble of 
> running Bind on the DC and not use it for Samba 4 DNS.
Trouble ? You mean apt-get install bind + modify some config options 
/vs/ rebuilding the packages on each security alert ?