samba - Aug 2015 - Samba Internal DNS vs. BIND_DLZ

Hai Jim,  (and Robert, saw your last post, read this also for samba with
bind9_DLZ )

i just search back in the post, and what i noticed was your first post. 
http://www.tiltingatlinux.com/2014/04/basic-samba4-domain-controler-on-ubuntu.html
i went over this link .. 

This setup has some faults. 

sudo nano /etc/hosts 
127.0.0.1 localhost
127.0.1.1 pdc.mydomain.local pdc 	< remove this line. 
10.0.0.5 pdc.mydomain.local pdc


UUID=blahblahmoomoowhatnot  / ext4
user_xattr,acl,barrier=1,errors=remount-ro,relatime 0 1
change that to 
UUID=blahblahmoomoowhatnot  / ext4 defaults,barrier=1,errors=remount-ro,relatime
0 1

apt-get install acl xattr 

mount -o remount -a 

sudo rm /etc/samba/smb.conf 
better sudo mv /etc/samba/smb.conf /etc/samba/smb.conf.ubuntu_original 

ntp is not linked to samba in that setup. 
So, that told.. 

If you can read bash scripts, and if not, try, its not that hard. 

get this script if you use ubuntu 14.04.. 
https://secure.bazuin.nl/scripts/4-jessie-samba-DC.sh 
read through it, it explains itself, i just didnt test it on ubuntu,
but the basics are the same. 
Just keep the install order as in the script, thats most important. 
simple things can be changed like line 208 
debian: 
for x in 0 1 2 3 ; do     sed -i "s]server ${x}.debian]#server
${x}.debian]g" /etc/ntp.conf ;     done
for ubuntu: 
for x in 0 1 2 3 ; do     sed -i "s]server ${x}.ubuntu]#server
${x}.ubuntu]g" /etc/ntp.conf ;     done

etc. . 
all you need to know is in this script. 
try it, and i say, you wil have a perfect working samba 4 AD DC with bind9_DLZ. 


Greetz, 

Louis

>-----Oorspronkelijk bericht-----
>Van: samba [mailto:samba-bounces at lists.samba.org] Namens Jim Seymour
>Verzonden: vrijdag 28 augustus 2015 13:40
>Aan: samba at lists.samba.org
>Onderwerp: Re: [Samba] Samba Internal DNS vs. BIND_DLZ
>
>On Fri, 28 Aug 2015 08:51:30 +0100
>Rowland Penny <rowlandpenny241155 at gmail.com> wrote:
>
>> ... what you seem
>> to be missing is that you run bind9 instead of the internal samba4
>> DNS server. Whatever DNS server you do use, it needs to only know
>> about the samba4 dns domain (which also needs to be the realm name),
>> anything else it gets from its forwarder.
>
>I did not miss it.  As you'll see from another of my posts: I tried
>that.  The dynamic zone code crashed named.  (Don't know why, yet.  It
>happened at the end of the day, and I no longer skip workout time for
>work, no matter *how* interesting the problem, so...)
>
>However...
>
>I have to say that lash-up strikes me as kind of fragile.
>
>Jim
>
>-- 
>To unsubscribe from this list go to the following URL and read the
>instructions:  https://lists.samba.org/mailman/options/samba
>
>

On 28/08/15 13:41, L.P.H. van Belle wrote:
> Hai Jim,  (and Robert, saw your last post, read this also for samba with
bind9_DLZ )
>
> i just search back in the post, and what i noticed was your first post.
>
http://www.tiltingatlinux.com/2014/04/basic-samba4-domain-controler-on-ubuntu.html
> i went over this link ..
>
> This setup has some faults.
>
> sudo nano /etc/hosts
> 127.0.0.1 localhost
> 127.0.1.1 pdc.mydomain.local pdc 	< remove this line.
> 10.0.0.5 pdc.mydomain.local pdc
>
>
> UUID=blahblahmoomoowhatnot  / ext4
user_xattr,acl,barrier=1,errors=remount-ro,relatime 0 1
> change that to
> UUID=blahblahmoomoowhatnot  / ext4
defaults,barrier=1,errors=remount-ro,relatime 0 1
>
> apt-get install acl xattr
>
> mount -o remount -a
>
> sudo rm /etc/samba/smb.conf
> better sudo mv /etc/samba/smb.conf /etc/samba/smb.conf.ubuntu_original
>
> ntp is not linked to samba in that setup.
> So, that told..
>
> If you can read bash scripts, and if not, try, its not that hard.
>
> get this script if you use ubuntu 14.04..
> https://secure.bazuin.nl/scripts/4-jessie-samba-DC.sh
> read through it, it explains itself, i just didnt test it on ubuntu,
> but the basics are the same.
> Just keep the install order as in the script, thats most important.
> simple things can be changed like line 208
> debian:
> for x in 0 1 2 3 ; do     sed -i "s]server ${x}.debian]#server
${x}.debian]g" /etc/ntp.conf ;     done
> for ubuntu:
> for x in 0 1 2 3 ; do     sed -i "s]server ${x}.ubuntu]#server
${x}.ubuntu]g" /etc/ntp.conf ;     done
>
> etc. .
> all you need to know is in this script.
> try it, and i say, you wil have a perfect working samba 4 AD DC with
bind9_DLZ.
>
>
> Greetz,
>
> Louis
>
>
>> -----Oorspronkelijk bericht-----
>> Van: samba [mailto:samba-bounces at lists.samba.org] Namens Jim Seymour
>> Verzonden: vrijdag 28 augustus 2015 13:40
>> Aan: samba at lists.samba.org
>> Onderwerp: Re: [Samba] Samba Internal DNS vs. BIND_DLZ
>>
>> On Fri, 28 Aug 2015 08:51:30 +0100
>> Rowland Penny <rowlandpenny241155 at gmail.com> wrote:
>>
>>> ... what you seem
>>> to be missing is that you run bind9 instead of the internal samba4
>>> DNS server. Whatever DNS server you do use, it needs to only know
>>> about the samba4 dns domain (which also needs to be the realm
name),
>>> anything else it gets from its forwarder.
>> I did not miss it.  As you'll see from another of my posts: I tried
>> that.  The dynamic zone code crashed named.  (Don't know why, yet. 
It
>> happened at the end of the day, and I no longer skip workout time for
>> work, no matter *how* interesting the problem, so...)
>>
>> However...
>>
>> I have to say that lash-up strikes me as kind of fragile.
>>
>> Jim
>>
>> -- 
>> To unsubscribe from this list go to the following URL and read the
>> instructions:  https://lists.samba.org/mailman/options/samba
>>
>>
>
Hi Louis, I had already pointed him at your scripts, but I didn't know 
you had one for Ubuntu.

Rowland

On Fri, 28 Aug 2015 14:41:09 +0200
L.P.H. van Belle <belle at bazuin.nl> wrote:
> Hai Jim,  (and Robert, saw your last post, read this also for samba
> with bind9_DLZ ) 
> 
> i just search back in the post, and what i noticed was your first
> post.
>
http://www.tiltingatlinux.com/2014/04/basic-samba4-domain-controler-on-ubuntu.html
> i went over this link .. 
> 
> This setup has some faults. 
> 
> sudo nano /etc/hosts 
> 127.0.0.1 localhost
> 127.0.1.1 pdc.mydomain.local pdc 	< remove this line. 
> 10.0.0.5 pdc.mydomain.local pdc
Already done, but I hadn't created the sub-zone, yet.
> 
> 
> UUID=blahblahmoomoowhatnot  / ext4
> user_xattr,acl,barrier=1,errors=remount-ro,relatime 0 1 change that
> to UUID=blahblahmoomoowhatnot  / ext4
> defaults,barrier=1,errors=remount-ro,relatime 0 1
Done!
> 
> apt-get install acl xattr 
"xattr?"

$ apt-get install xattr
Reading package lists... Done
Building dependency tree       
Reading state information... Done
E: Unable to locate package xattr

There are various "python-xattr" type things.
> 
> mount -o remount -a 
> 
> sudo rm /etc/samba/smb.conf 
> better sudo
> mv /etc/samba/smb.conf /etc/samba/smb.conf.ubuntu_original 
I've a simple script I wrote, some time ago, called "save-orig." 
It's
one of the first I ever drop on a new install.  It saves the named file
from your current directory to an identical path relative to /root.
> 
> ntp is not linked to samba in that setup. 
> So, that told.. 
> 
> If you can read bash scripts, and if not, try, its not that hard. 
Heh.  I've probably written more sh than most people have ever used ;)
> 
> get this script if you use ubuntu 14.04.. 
> https://secure.bazuin.nl/scripts/4-jessie-samba-DC.sh 
> read through it, it explains itself, i just didnt test it on ubuntu,
> but the basics are the same. 
> Just keep the install order as in the script, thats most important. 
> simple things can be changed like line 208 
> debian: 
> for x in 0 1 2 3 ; do     sed -i "s]server ${x}.debian]#server
> ${x}.debian]g" /etc/ntp.conf ;     done for ubuntu: 
> for x in 0 1 2 3 ; do     sed -i "s]server ${x}.ubuntu]#server
> ${x}.ubuntu]g" /etc/ntp.conf ;     done
> 
> etc. . 
> all you need to know is in this script. 
> try it, and i say, you wil have a perfect working samba 4 AD DC with
> bind9_DLZ. 
[snip]

Thanks, Louis.  I've done some of the above.  "Purge"d what I
already
had.  Will restart anew with your suggestions.

And those of the others, here.

Thanks, everybody, for your patient help!

Jim

On 28/08/15 19:30, Jim Seymour wrote:
> On Fri, 28 Aug 2015 14:41:09 +0200
> L.P.H. van Belle <belle at bazuin.nl> wrote:
>
>> Hai Jim,  (and Robert, saw your last post, read this also for samba
>> with bind9_DLZ )
>>
>> i just search back in the post, and what i noticed was your first
>> post.
>>
http://www.tiltingatlinux.com/2014/04/basic-samba4-domain-controler-on-ubuntu.html
>> i went over this link ..
>>
>> This setup has some faults.
>>
>> sudo nano /etc/hosts
>> 127.0.0.1 localhost
>> 127.0.1.1 pdc.mydomain.local pdc 	< remove this line.
>> 10.0.0.5 pdc.mydomain.local pdc
> Already done, but I hadn't created the sub-zone, yet.
>
>>
>> UUID=blahblahmoomoowhatnot  / ext4
>> user_xattr,acl,barrier=1,errors=remount-ro,relatime 0 1 change that
>> to UUID=blahblahmoomoowhatnot  / ext4
>> defaults,barrier=1,errors=remount-ro,relatime 0 1
> Done!
>
>> apt-get install acl xattr
> "xattr?"
>
> $ apt-get install xattr
> Reading package lists... Done
> Building dependency tree
> Reading state information... Done
> E: Unable to locate package xattr
>
> There are various "python-xattr" type things.
Its just called 'attr'

Rowland
>
>> mount -o remount -a
>>
>> sudo rm /etc/samba/smb.conf
>> better sudo
>> mv /etc/samba/smb.conf /etc/samba/smb.conf.ubuntu_original
> I've a simple script I wrote, some time ago, called
"save-orig."  It's
> one of the first I ever drop on a new install.  It saves the named file
> from your current directory to an identical path relative to /root.
>
>> ntp is not linked to samba in that setup.
>> So, that told..
>>
>> If you can read bash scripts, and if not, try, its not that hard.
> Heh.  I've probably written more sh than most people have ever used ;)
>
>> get this script if you use ubuntu 14.04..
>> https://secure.bazuin.nl/scripts/4-jessie-samba-DC.sh
>> read through it, it explains itself, i just didnt test it on ubuntu,
>> but the basics are the same.
>> Just keep the install order as in the script, thats most important.
>> simple things can be changed like line 208
>> debian:
>> for x in 0 1 2 3 ; do     sed -i "s]server ${x}.debian]#server
>> ${x}.debian]g" /etc/ntp.conf ;     done for ubuntu:
>> for x in 0 1 2 3 ; do     sed -i "s]server ${x}.ubuntu]#server
>> ${x}.ubuntu]g" /etc/ntp.conf ;     done
>>
>> etc. .
>> all you need to know is in this script.
>> try it, and i say, you wil have a perfect working samba 4 AD DC with
>> bind9_DLZ.
> [snip]
>
> Thanks, Louis.  I've done some of the above.  "Purge"d what I
already
> had.  Will restart anew with your suggestions.
>
> And those of the others, here.
>
> Thanks, everybody, for your patient help!
>
> Jim
>

On Fri, 28 Aug 2015 14:41:09 +0200
L.P.H. van Belle <belle at bazuin.nl> wrote:

[snip]
> 
> If you can read bash scripts, and if not, try, its not that hard. 
> 
> get this script if you use ubuntu 14.04.. 
> https://secure.bazuin.nl/scripts/4-jessie-samba-DC.sh 
> read through it, it explains itself, i just didnt test it on ubuntu,
Doesn't work.  Some things that went wrong:

    Usage: samba-tool domain provision [options]

    samba-tool domain provision: error: no such option: --site

    stat: cannot stat ‘/var/lib/samba/private/dns.keytab’: No such file
    or directory
    (also chown and chmod failed)

    enable-ing access for bind in /var/lib/samba/private

    sed: can't read /etc/samba/smb.conf: No such file or directory
    (4 times)

    Setting up the SePrivileges, this wil take a while
    kinit: Cannot contact any KDC for realm 'EXAMPLE.COM' while getting
    initial credentials
    Enter Administrator's password:
    Could not connect to server 127.0.0.1
    Connection failed: NT_STATUS_CONNECTION_REFUSED
    (Those last three lines many times)

    Failed to connect host 172.24.125.35 on port 135 -
    NT_STATUS_CONNECTION_REFUSED

    Failed to connect host 172.24.125.35 (host.example.com) on port 135
    - NT_STATUS_CONNECTION_REFUSED.

    ERROR(runtime): uncaught exception - (-1073741258, 'The connection
    was refused')

      File
"/usr/lib/python2.7/dist-packages/samba/netcmd/__init__.py",
      line 175, in _run return self.run(*args, **kwargs)

      File "/usr/lib/python2.7/dist-packages/samba/netcmd/dns.py",
line
      847, in run dns_conn = dns_connect(server, self.lp, self.creds)
      
      File "/usr/lib/python2.7/dist-packages/samba/netcmd/dns.py",
line
      37, in dns_connect dns_conn = dnsserver.dnsserver(binding_str,
      lp, creds)

And more, but there's probably little point in reproducing the rest.
> but the basics are the same. 
> Just keep the install order as in the script, thats most important. 
I guess I'll just read the script and try it manually.

[snip]
> 
> etc. . 
> all you need to know is in this script. 
> try it, and i say, you wil have a perfect working samba 4 AD DC with
> bind9_DLZ. 
[snip]

We'll see.

Thanks for your help.  I'll give it one more go.  If that fails they I
revert to a plain old Samba server and if they ever want AD they can
buy a MS-Win server.

Thanks,
Jim
-- 
Note: My mail server employs *very* aggressive anti-spam
filtering.  If you reply to this email and your email is
rejected, please accept my apologies and let me know via my
web form at <http://jimsun.LinxNet.com/contact/scform.php>.

On 01/09/15 20:01, Jim Seymour wrote:
> On Fri, 28 Aug 2015 14:41:09 +0200
> L.P.H. van Belle <belle at bazuin.nl> wrote:
>
> [snip]
>> If you can read bash scripts, and if not, try, its not that hard.
>>
>> get this script if you use ubuntu 14.04..
>> https://secure.bazuin.nl/scripts/4-jessie-samba-DC.sh
>> read through it, it explains itself, i just didnt test it on ubuntu,
> Doesn't work.  Some things that went wrong:
>
>      Usage: samba-tool domain provision [options]
>
>      samba-tool domain provision: error: no such option: --site
The '--site' option was added after the samba version 4.1.6 used by 
Ubuntu 4.1.6, I think what happened here was that samba-tool error-ed 
out and didn't provision the domain, try removing the '--site' from 
Louis's script and try again.

Rowland
>
>      stat: cannot stat ‘/var/lib/samba/private/dns.keytab’: No such file
>      or directory
>      (also chown and chmod failed)
>
>      enable-ing access for bind in /var/lib/samba/private
>
>      sed: can't read /etc/samba/smb.conf: No such file or directory
>      (4 times)
>
>      Setting up the SePrivileges, this wil take a while
>      kinit: Cannot contact any KDC for realm 'EXAMPLE.COM' while
getting
>      initial credentials
>      Enter Administrator's password:
>      Could not connect to server 127.0.0.1
>      Connection failed: NT_STATUS_CONNECTION_REFUSED
>      (Those last three lines many times)
>
>      Failed to connect host 172.24.125.35 on port 135 -
>      NT_STATUS_CONNECTION_REFUSED
>
>      Failed to connect host 172.24.125.35 (host.example.com) on port 135
>      - NT_STATUS_CONNECTION_REFUSED.
>
>      ERROR(runtime): uncaught exception - (-1073741258, 'The connection
>      was refused')
>
>        File
"/usr/lib/python2.7/dist-packages/samba/netcmd/__init__.py",
>        line 175, in _run return self.run(*args, **kwargs)
>
>        File
"/usr/lib/python2.7/dist-packages/samba/netcmd/dns.py", line
>        847, in run dns_conn = dns_connect(server, self.lp, self.creds)
>        
>        File
"/usr/lib/python2.7/dist-packages/samba/netcmd/dns.py", line
>        37, in dns_connect dns_conn = dnsserver.dnsserver(binding_str,
>        lp, creds)
>
> And more, but there's probably little point in reproducing the rest.
>
>> but the basics are the same.
>> Just keep the install order as in the script, thats most important.
> I guess I'll just read the script and try it manually.
>
> [snip]
>> etc. .
>> all you need to know is in this script.
>> try it, and i say, you wil have a perfect working samba 4 AD DC with
>> bind9_DLZ.
> [snip]
>
> We'll see.
>
> Thanks for your help.  I'll give it one more go.  If that fails they I
> revert to a plain old Samba server and if they ever want AD they can
> buy a MS-Win server.
>
> Thanks,
> Jim