samba - Sep 2015 - On to samba-tools tools - Re: samba_dlz: Failed to connect

On 03/09/15 19:42, Robert Moskowitz wrote:
>
>
> On 09/03/2015 02:33 PM, Rowland Penny wrote:
>> On 03/09/15 19:21, Robert Moskowitz wrote:
>>>
>>>
>>> On 09/03/2015 02:17 PM, Rowland Penny wrote:
>>>> On 03/09/15 19:05, Robert Moskowitz wrote:
>>>>>
>>>>>
>>>>> On 09/03/2015 01:59 PM, Sketch wrote:
>>>>>> On Thu, 3 Sep 2015, Rowland Penny wrote:
>>>>>>
>>>>>>>  What are the permissions on
/var/lib/samba/private/dns ?
>>>>>>
>>>>>> Also don't forget the permissions on
/var/lib/samba/private
>>>>>>
>>>>>> If you're using sernet's packages, you'll
have to chgrp it to to
>>>>>> named or give it o+x perms.
>>>>>
>>>>> chown root:named /var/lib/samba/private
>>>>>
>>>>> Wow that was it!
>>>>>
>>>>> DLZ is up and running.  Lots more to get right in the bind
config....
>>>>>
>>>>> Is there a web app to front end samba-tools for maintaining
at
>>>>> least the dns portion?
>>>>
>>>> Yes, it is called RSAT and runs on windows :-D
>>>
>>>
>>> Very funny.  THAT IS NOT a web app front end to samba-tools. What 
>>> about webmin?  But have to see if it is build specific...
>>>
>>>
>>
>> As far as I know RSAT is the only option at the moment, Webmin 
>> doesn't seem to know anything about dlz, but then again Samba 4 AD 
>> has been out nearly 3 years now and Webmin still doesn't work with
it.
>
> Well does Webmin know about ldap and can update the ldap directly?
>
> Grumble.
>
>
It is no good grumbling on here, you could try grumbling at Webmin :-)

Also, using ldap is not as simple as that, try reading dns.py, it is in 
/usr/share/pyshared/samba/netcmd on debian
I know it is written in python and uses ldb, but it might help you to 
understand just how difficult it is to work with dns & samba.

Rowland

On 09/03/2015 02:51 PM, Rowland Penny wrote:
> On 03/09/15 19:42, Robert Moskowitz wrote:
>>
>>
>> On 09/03/2015 02:33 PM, Rowland Penny wrote:
>>> On 03/09/15 19:21, Robert Moskowitz wrote:
>>>>
>>>>
>>>> On 09/03/2015 02:17 PM, Rowland Penny wrote:
>>>>> On 03/09/15 19:05, Robert Moskowitz wrote:
>>>>>>
>>>>>>
>>>>>> On 09/03/2015 01:59 PM, Sketch wrote:
>>>>>>> On Thu, 3 Sep 2015, Rowland Penny wrote:
>>>>>>>
>>>>>>>>  What are the permissions on
/var/lib/samba/private/dns ?
>>>>>>>
>>>>>>> Also don't forget the permissions on
/var/lib/samba/private
>>>>>>>
>>>>>>> If you're using sernet's packages,
you'll have to chgrp it to to
>>>>>>> named or give it o+x perms.
>>>>>>
>>>>>> chown root:named /var/lib/samba/private
>>>>>>
>>>>>> Wow that was it!
>>>>>>
>>>>>> DLZ is up and running.  Lots more to get right in the
bind
>>>>>> config....
>>>>>>
>>>>>> Is there a web app to front end samba-tools for
maintaining at
>>>>>> least the dns portion?
>>>>>
>>>>> Yes, it is called RSAT and runs on windows :-D
>>>>
>>>>
>>>> Very funny.  THAT IS NOT a web app front end to samba-tools.
What
>>>> about webmin?  But have to see if it is build specific...
>>>>
>>>>
>>>
>>> As far as I know RSAT is the only option at the moment, Webmin 
>>> doesn't seem to know anything about dlz, but then again Samba 4
AD
>>> has been out nearly 3 years now and Webmin still doesn't work
with it.
>>
>> Well does Webmin know about ldap and can update the ldap directly?
>>
>> Grumble.
>>
>>
>
> It is no good grumbling on here, you could try grumbling at Webmin :-)
>
> Also, using ldap is not as simple as that, try reading dns.py, it is 
> in /usr/share/pyshared/samba/netcmd on debian
> I know it is written in python and uses ldb, but it might help you to 
> understand just how difficult it is to work with dns & samba.
My first item is to add the A and CNAME records for some of the 
statically addressed systems in my home.htt domain.

For 2 of them I COULD use dhcp with MAC - IP address mapping.  Have you 
used that and gotten the A record added?  That probably won't handle the 
CNAME (and MX) though.

On 03/09/15 20:48, Robert Moskowitz wrote:
>
>
> On 09/03/2015 02:51 PM, Rowland Penny wrote:
>> On 03/09/15 19:42, Robert Moskowitz wrote:
>>>
>>>
>>> On 09/03/2015 02:33 PM, Rowland Penny wrote:
>>>> On 03/09/15 19:21, Robert Moskowitz wrote:
>>>>>
>>>>>
>>>>> On 09/03/2015 02:17 PM, Rowland Penny wrote:
>>>>>> On 03/09/15 19:05, Robert Moskowitz wrote:
>>>>>>>
>>>>>>>
>>>>>>> On 09/03/2015 01:59 PM, Sketch wrote:
>>>>>>>> On Thu, 3 Sep 2015, Rowland Penny wrote:
>>>>>>>>
>>>>>>>>>  What are the permissions on
/var/lib/samba/private/dns ?
>>>>>>>>
>>>>>>>> Also don't forget the permissions on
/var/lib/samba/private
>>>>>>>>
>>>>>>>> If you're using sernet's packages,
you'll have to chgrp it to
>>>>>>>> to named or give it o+x perms.
>>>>>>>
>>>>>>> chown root:named /var/lib/samba/private
>>>>>>>
>>>>>>> Wow that was it!
>>>>>>>
>>>>>>> DLZ is up and running.  Lots more to get right in
the bind
>>>>>>> config....
>>>>>>>
>>>>>>> Is there a web app to front end samba-tools for
maintaining at
>>>>>>> least the dns portion?
>>>>>>
>>>>>> Yes, it is called RSAT and runs on windows :-D
>>>>>
>>>>>
>>>>> Very funny.  THAT IS NOT a web app front end to
samba-tools. What
>>>>> about webmin?  But have to see if it is build specific...
>>>>>
>>>>>
>>>>
>>>> As far as I know RSAT is the only option at the moment, Webmin 
>>>> doesn't seem to know anything about dlz, but then again
Samba 4 AD
>>>> has been out nearly 3 years now and Webmin still doesn't
work with it.
>>>
>>> Well does Webmin know about ldap and can update the ldap directly?
>>>
>>> Grumble.
>>>
>>>
>>
>> It is no good grumbling on here, you could try grumbling at Webmin :-)
>>
>> Also, using ldap is not as simple as that, try reading dns.py, it is 
>> in /usr/share/pyshared/samba/netcmd on debian
>> I know it is written in python and uses ldb, but it might help you to 
>> understand just how difficult it is to work with dns & samba.
>
> My first item is to add the A and CNAME records for some of the 
> statically addressed systems in my home.htt domain.
Try 'samba-tool dns add --help'
The first line it prints is this:

Usage: samba-tool dns add <server> <zone> <name> 
<A|AAAA|PTR|CNAME|NS|MX|SRV|TXT> <data>
>
> For 2 of them I COULD use dhcp with MAC - IP address mapping. Have you 
> used that and gotten the A record added?  That probably won't handle 
> the CNAME (and MX) though.
>
Never tried it, so cannot comment :-)

Rowland