On Sat, 09 Dec 2017 18:46:39 +0000
sandy.napoles at eccmg.cupet.cu wrote:
> 9 de diciembre de 2017 13:34, "Rowland Penny via samba"
> <samba at lists.samba.org> escribió:
>
> > On Sat, 09 Dec 2017 18:01:44 +0000
> > sandy.napoles at eccmg.cupet.cu wrote:
> >
> >> 9 de diciembre de 2017 12:57, "Rowland Penny via samba"
> >> <samba at lists.samba.org> escribió:
> >>
> >> On Sat, 09 Dec 2017 17:06:21 +0000
> >> Sandy via samba <samba at lists.samba.org> wrote:
> >>
> >> Hello list, I want to make a new domain with the following
> >> features, using debian 9 with samba 4.7.3, at the beginning
> >> everything went well, but I have a doubt when in the configuration
> >> it is requested what type of server to choose, I would like to use
> >> the option NONE , then install a bind and configure it myself, all
> >> that is fine, but I have a doubt, when I run the
> >> command ./samba_update --verbose, I get the following ....... I
> >> would like to know what I have wrong or what's wrong with that
> >> output, I'll only show a part, I'd like to know if that
output is
> >> correct and the error it gives to what should be need cache add: A
> >> ccmg7.eccmg.cupet.cu x.x.x.x Looking for DNS entry A
> >> ccmg7.eccmg.cupet.cu 172.18.68.7 as ccmg7.eccmg.cupet.cu. need
> >> cache add: A eccmg.cupet.cu 172.18.68.7 Looking for DNS entry A
> >> eccmg.cupet.cu 172.18.68.7 as eccmg.cupet.cu. need cache add: SRV
> >> _ldap._tcp.eccmg.cupet.cu ccmg7.eccmg.cupet.cu 389 Looking for DNS
> >> entry SRV _ldap._tcp.eccmg.cupet.cu ccmg7.eccmg.cupet.cu 389 as
> >> _ldap._tcp.eccmg.cupet.cu. Checking 0 100 389
> >> ccmg7.eccmg.cupet.cu. against SRV _ldap._tcp.eccmg.cupet.cu
> >> ccmg7.eccmg.cupet.cu 389 need cache add: SRV
> >> _ldap._tcp.dc._msdcs.eccmg.cupet.cu ccmg7.eccmg.cupet.cu 389
> >>
> >> 1 DNS updates and 0 DNS deletes needed
> >> Traceback (most recent call last):
> >> File "./samba_dnsupdate", line 863, in
> >> creds = get_credentials(lp)
> >> File "./samba_dnsupdate", line 204, in get_credentials
> >> raise e
> >> samba.NTSTATUSError: (-1073741811, 'An invalid parameter was
passed
> >> to a service or function.')
> >>
> >> I take it you mean you used '--dns-backend=NONE' with the
provision
> >> command or you ran the provision command interactively and enter
> >> 'NONE' when prompted for the dns server.
> >>
> >> Which ever you did, it was a BAD idea.
> >> If you want to use Bind9 as the dns server instead of the internal
> >> dns server, install bind9 before the provision and use
> >> '--dns-backend=BIND9_DLZ' with the provision command or,
if you run
> >> the provision interactively, enter 'BIND9_DLZ' when
prompted for
> >> the dns server.
> >> Do not under any circumstances use 'BIND9_FLATFILE', it
doesn't
> >> work, just as using 'NONE' doesn't work.
> >>
> >> Rowland
> >>
> >> --
> >> To unsubscribe from this list go to the following URL and read the
> >> instructions: https://lists.samba.org/mailman/options/samba
> >>
> >> 1- samba-tool domain provision --use-rfc2307 --interactive
> >> 2- Realm [SAMDOM.EXAMPLE.COM]: SAMDOM.EXAMPLE.COM
> >> 3- Domain [SAMDOM]: SAMDOM
> >> 4- Server Role (dc, member, standalone) [dc]: dc
> >> 5- DNS backend (SAMBA_INTERNAL, BIND9_FLATFILE, BIND9_DLZ, NONE)
> >> [SAMBA_INTERNAL]: NONE
> >
> > Do not use 'NONE', if you do, you will not get the dns info in
AD.
> >
> > install Bind9 before you provision the domain, then when prompted:
> >
> > DNS backend (SAMBA_INTERNAL, BIND9_FLATFILE, BIND9_DLZ, NONE)
> > [SAMBA_INTERNAL]:
> >
> > Enter 'BIND9_DLZ'
> >
> > You can, if you wish, configure Bind9 before the provision, but do
> > not start it or add any AD dns zones to the named conf files.
> >
> > Rowland
> >
> > --
> > To unsubscribe from this list go to the following URL and read the
> > instructions: https://lists.samba.org/mailman/options/samba
>
>
> thanks, I'll do what you tell me, but I need to clarify something,
> have 1- install bind 9, aptitude install bind9
> by default he creates configuration files like named.conf.option and
> named.conf.local that I used to configure them, he also creates files
> in / var / cache / bind where the zones are declared direct and
> inverza you tell me that those files leave them blank 2- I promote my
> samba 4 as you tell me the doubt is after promoting I have to
> configure the files ????? if from any pc I do an nslookup and it
> solves me the zones ???
>
> look what my configuration files have
>
>
> $ORIGIN .
> $TTL 604800 ; 1 week
> eccmg.cupet.cu IN SOA eccmg.cupet.cu.
> sandynapoles at eccmg.cupet.cu. ( 1110093 ; serial
> 604800 ; refresh (1 week)
> 86400 ; retry (1 day)
> 2419200 ; expire (4 weeks)
> 604800 ; minimum (1 week)
> )
>
> NS ccmg7.eccmg.cupet.cu.
> A 172.18.68.7
> ccmg7.eccmg.cupet.cu. IN A 172.18.68.7
>
> ;================RECORDS PERTENECIENTES AL DC OVER
>
SMABA4====================================================================>
8b812222-b390-493d-bfc7-a97dbb0a023b._msdcs.eccmg.cupet.cu.
> 900 IN CNAME
> ccmg7.eccmg.cupet.cu.
;============================================================================================================================
I think you need to go and read this Samba wikipage:
https://wiki.samba.org/index.php/BIND9_DLZ_DNS_Back_End
Rowland