Hello,
Sorry for the few details.
rsync:
rsync -h -a -v /usr/local/samba/var/locks/sysvol/pragma.com.co/
root at server2:/usr/local/samba/var/locks/sysvol/pragma.com.co/
first dc smb.conf:
[global]
tls verify peer = no_check
ldap server require strong auth = no
netbios name = NEPTUNO
realm = PRAGMA.COM.CO
server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc, drepl,
winbindd, ntp_signd, kcc, dnsupdate
workgroup = PRAGMA
server role = active directory domain controller
# interfaces = en160 en160:0 lo
wins support = Yes
name resolve order = wins lmhosts hosts bcast
[netlogon]
path = /usr/local/samba/var/locks/sysvol/pragma.com.co/scripts
read only = No
[sysvol]
path = /usr/local/samba/var/locks/sysvol
read only = No
#[Users]
# directory_mode: parameter = 0700
# read only = no
# path = /Users
named.conf:
options {
// tkey-gssapi-keytab “/usr/local/samba/private/dns.keytab†;
listen-on port 53 { 127.0.0.1; any; };
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
allow-query { localhost; any; };
allow-update { localhost; any; };
/*
- If you are building an AUTHORITATIVE DNS server, do NOT enable recursion.
- If you are building a RECURSIVE (caching) DNS server, you need to enable
recursion.
- If your recursive DNS server has a public IP address, you MUST
enable access
control to limit queries to your legitimate users. Failing to do so will
cause your server to become part of large scale DNS amplification
attacks. Implementing BCP38 within your network would greatly
reduce such attack surface
*/
recursion yes;
dnssec-enable yes;
dnssec-validation yes;
// dnssec-lookaside auto;
/* Path to ISC DLV key */
bindkeys-file "/etc/named.iscdlv.key";
managed-keys-directory "/var/named/dynamic";
pid-file "/run/named/named.pid";
session-keyfile "/run/named/session.key";
forwarders {
8.8.8.8;
8.8.4.4;
};
};
logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
};
zone "." IN {
type hint;
file "named.ca";
};
zone "pragma.com.co" {
type master;
file "dynamic/pragma.com.co";
};
include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";
//include "/usr/local/samba/private/named.conf";
Best regards,
Santiago.
Thank you very much for your help
2017-03-14 16:19 GMT-05:00, Rowland Penny via samba <samba at
lists.samba.org>:>
>
> Here we go again, I think it would be easier extracting teeth without
> anaesthetic ;-)
>
>> I copied the sysvol using rsync
>
> How did you run rsync, what actual command did you use ??
>
>> Another sysadmin has configured bind without using the integration
>> with samba, this is the problem.
>
> That is not what I asked and it sounds like Bind has been setup
> incorrectly, it should be integrated with Samba, I suggest you post
> your Bind conf files.
>
>> I can not use the mmc plugin to manage the dns, must do it directly
>> in the bind configuration files.
>
> You should be able to to use the mmc, probably got something to do with
> your Bind setup.
>
>> How could repair the dns database to use integration with bind?
>
> I do not know, mostly because I do not know how you have set up Bind.
>
> Can you please post your smb.conf
>
> Rowland
>
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
>
--
Santiago Londoño Mejía
Analista de Infraestructura
t. (574) 605 25 23 ext. 1232
m. (57) 3148332567
Medellín | Carrera 50 C #10 Sur 80
Bogotá | Medellín | Cali
www.pragma.com.co
--
Este mensaje es confidencial. Puede contener información privilegiada que
pertenece a PRAGMA S.A. y/o a sus clientes, contratistas, directores, empleados
y asesores, por tanto no debe ser usado ni divulgado por personas distintas a su
destinatario. Si obtiene este mensaje por error, equivocación u omisión, por
favor bórrelo y avise al remitente.
Está prohibida su retención, grabación, utilización o divulgación con cualquier
propósito.
Este mensaje ha sido sometido a programas antivirus. No obstante, PRAGMA S.A. no
asume ninguna responsabilidad por eventuales daños generados por el recibo y uso
de este material, siendo responsabilidad del destinatario verificar con sus
propios medios la existencia de virus u otros defectos.
Las opiniones, conclusiones y otra información contenida en este correo no
relacionadas con el negocio oficial de PRAGMA S.A., deben entenderse como
personales y de ninguna manera son avaladas por la Compañía.
On Tue, 14 Mar 2017 17:01:24 -0500 Santiago Londoño Mejía <santiago.londono at pragma.com.co> wrote:> Hello, > > Sorry for the few details. > > rsync: > > rsync -h -a -v /usr/local/samba/var/locks/sysvol/pragma.com.co/ > root at server2:/usr/local/samba/var/locks/sysvol/pragma.com.co/OH dear, have a look here: https://wiki.samba.org/index.php/Rsync_based_SysVol_replication_workaround> > first dc smb.conf: > [global] > tls verify peer = no_check > ldap server require strong auth = no > netbios name = NEPTUNO > realm = PRAGMA.COM.CO > server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc, > drepl, winbindd, ntp_signd, kcc, dnsupdate > workgroup = PRAGMA > server role = active directory domain controller > # interfaces = en160 en160:0 lo > wins support = Yes > name resolve order = wins lmhosts hosts bcast'name resolve order' on something that is running (or should be) a DNS server ???> named.conf:> zone "pragma.com.co" { > type master; > file "dynamic/pragma.com.co"; > };AHA, you are running Bind with the totally unsupported flatfiles, this does not work.> > > > include "/etc/named.rfc1912.zones"; > include "/etc/named.root.key"; > //include "/usr/local/samba/private/named.conf";Uncomment the above line, you need it. Can I suggest you read about DNS on the samba wiki: https://wiki.samba.org/index.php/Setting_up_a_BIND_DNS_Server
Hello,
Thank you very much for your reply.
I have configured bind using the dlz backend and these are the results.
named log:
Mar 15 09:39:41 neptuno named[13166]: sizing zone task pool based on 6 zones
Mar 15 09:39:41 neptuno named[13166]: Loading 'AD DNS Zone' using driver
dlopen
Mar 15 09:39:42 neptuno named[13166]: samba_dlz: started for DN
DC=pragma,DC=com,DC=co
Mar 15 09:39:42 neptuno named[13166]: samba_dlz: starting configure
Mar 15 09:39:42 neptuno named[13166]: samba_dlz: configured writeable
zone 'waspruebas.proteccion.com.co'
Mar 15 09:39:42 neptuno named[13166]: samba_dlz: configured writeable
zone 'segdllo02.suranet.com'
Mar 15 09:39:42 neptuno named[13166]: zone dbmed04.pragma.com.co/NONE:
has no NS records
Mar 15 09:39:42 neptuno named[13166]: samba_dlz: Failed to configure
zone 'dbmed04.pragma.com.co'
Mar 15 09:39:42 neptuno named[13166]: loading configuration: bad zone
Mar 15 09:39:42 neptuno named[13166]: exiting (due to fatal error)
named.conf:
options {
listen-on port 53 { 127.0.0.1; };
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
allow-query { localhost; };
recursion yes;
dnssec-enable yes;
dnssec-validation yes;
tkey-gssapi-keytab "/usr/local/samba/private/dns.keytab";
/* Path to ISC DLV key */
bindkeys-file "/etc/named.iscdlv.key";
managed-keys-directory "/var/named/dynamic";
};
logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
};
zone "." IN {
type hint;
file "named.ca";
};
include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";
include "/usr/local/samba/private/named.conf";
As you can see in the log, the zone dbmed04.pragma.com.co does not
have ns records according to the database.
I've tried deleting it with
./samba-tool dns zonedelete neptuno.pragma.com.co dbmed04.pragma.com.co
ERROR(runtime): uncaught exception - (9717,
'WERR_DNS_ERROR_DS_UNAVAILABLE')
File
"/usr/local/samba/lib64/python2.6/site-packages/samba/netcmd/__init__.py"
, line 176, in _run
return self.run(*args, **kwargs)
File
"/usr/local/samba/lib64/python2.6/site-packages/samba/netcmd/dns.py",
line 780, in run
raise e
Best regards,
Santiago.
2017-03-14 17:21 GMT-05:00, Rowland Penny via samba <samba at
lists.samba.org>:> On Tue, 14 Mar 2017 17:01:24 -0500
> Santiago Londoño Mejía <santiago.londono at pragma.com.co> wrote:
>
>> Hello,
>>
>> Sorry for the few details.
>>
>> rsync:
>>
>> rsync -h -a -v /usr/local/samba/var/locks/sysvol/pragma.com.co/
>> root at server2:/usr/local/samba/var/locks/sysvol/pragma.com.co/
>
> OH dear, have a look here:
>
> https://wiki.samba.org/index.php/Rsync_based_SysVol_replication_workaround
>
>>
>> first dc smb.conf:
>> [global]
>> tls verify peer = no_check
>> ldap server require strong auth = no
>> netbios name = NEPTUNO
>> realm = PRAGMA.COM.CO
>> server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc,
>> drepl, winbindd, ntp_signd, kcc, dnsupdate
>> workgroup = PRAGMA
>> server role = active directory domain controller
>> # interfaces = en160 en160:0 lo
>> wins support = Yes
>> name resolve order = wins lmhosts hosts bcast
>
> 'name resolve order' on something that is running (or should be) a
DNS
> server ???
>
>
>> named.conf:
>
>> zone "pragma.com.co" {
>> type master;
>> file "dynamic/pragma.com.co";
>> };
>
> AHA, you are running Bind with the totally unsupported flatfiles, this
> does not work.
>
>>
>>
>>
>> include "/etc/named.rfc1912.zones";
>> include "/etc/named.root.key";
>> //include "/usr/local/samba/private/named.conf";
>
> Uncomment the above line, you need it.
>
> Can I suggest you read about DNS on the samba wiki:
>
> https://wiki.samba.org/index.php/Setting_up_a_BIND_DNS_Server
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
>
--
Santiago Londoño Mejía
Analista de Infraestructura
t. (574) 605 25 23 ext. 1232
m. (57) 3148332567
Medellín | Carrera 50 C #10 Sur 80
Bogotá | Medellín | Cali
www.pragma.com.co
--
Este mensaje es confidencial. Puede contener información privilegiada que
pertenece a PRAGMA S.A. y/o a sus clientes, contratistas, directores, empleados
y asesores, por tanto no debe ser usado ni divulgado por personas distintas a su
destinatario. Si obtiene este mensaje por error, equivocación u omisión, por
favor bórrelo y avise al remitente.
Está prohibida su retención, grabación, utilización o divulgación con cualquier
propósito.
Este mensaje ha sido sometido a programas antivirus. No obstante, PRAGMA S.A. no
asume ninguna responsabilidad por eventuales daños generados por el recibo y uso
de este material, siendo responsabilidad del destinatario verificar con sus
propios medios la existencia de virus u otros defectos.
Las opiniones, conclusiones y otra información contenida en este correo no
relacionadas con el negocio oficial de PRAGMA S.A., deben entenderse como
personales y de ninguna manera son avaladas por la Compañía.
Apparently Analagous Threads
- " a misconfigured DNS zone" (was Provision new domain keeping users and passwords (Santiago))
- Problems with replication and dns
- Provision new domain keeping users and passwords (Santiago)
- Problems with replication and dns
- Provision new domain keeping users and passwords