Yes I have added "server services = -dns" to my smb.conf file and also removed "dns forwarder =" I've done the same setup but on Samba 4.7.7, RHEL6, named 9.8 and this works perfect. On Mon, Jul 30, 2018 at 11:18 AM Rowland Penny via samba < samba at lists.samba.org> wrote:> On Mon, 30 Jul 2018 10:57:11 +0200 > Eben Victor <eben.victor at gmail.com> wrote: > > > Hello Rowland, > > > > See below as requested. > > > > /etc/named.conf > > # Global Configuration Options > > > > include "/var/lib/samba/bind-dns/named.conf"; > > > > options { > > > > dump-file "/var/named/data/cache_dump.db"; > > statistics-file "/var/named/data/named_stats.txt"; > > memstatistics-file "/var/named/data/named_mem_stats.txt"; > > auth-nxdomain yes; > > directory "/var/named"; > > notify no; > > empty-zones-enable no; > > tkey-gssapi-keytab "/var/lib/samba/bind-dns/dns.keytab"; > > > > # IP addresses and network ranges allowed to query the DNS server: > > allow-query { > > any; > > }; > > > > # IP addresses and network ranges allowed to run recursive > > queries: # (Zones not served by this DNS server) > > allow-recursion { > > any; > > }; > > > > # Forward queries that can not be answered from own zones > > # to these DNS servers: > > forwarders { > > 8.8.8.8; > > }; > > > > # Disable zone transfers > > allow-transfer { > > none; > > }; > > }; > > > > # Root Servers > > # (Required for recursive DNS queries) > > zone "." { > > type hint; > > file "named.root"; > > }; > > > > # localhost zone > > zone "localhost" { > > type master; > > file "master/localhost.zone"; > > }; > > > > # 127.0.0. zone. > > zone "0.0.127.in-addr.arpa" { > > type master; > > file "master/0.0.127.zone"; > > }; > > > > /var/lib/samba/bind-dns/named.conf > > # This DNS configuration is for BIND 9.8.0 or later with dlz_dlopen > > support. # > > # This file should be included in your main BIND configuration file > > # > > # For example with > > # include "/var/lib/samba/bind-dns/named.conf"; > > > > # > > # This configures dynamically loadable zones (DLZ) from AD schema > > # Uncomment only single database line, depending on your BIND version > > # > > dlz "AD DNS Zone" { > > # For BIND 9.8.x > > # database "dlopen /usr/lib64/samba/bind9/dlz_bind9.so"; > > > > # For BIND 9.9.x > > database "dlopen /usr/lib64/samba/bind9/dlz_bind9_9.so"; > > > > # For BIND 9.10.x > > # database "dlopen /usr/lib64/samba/bind9/dlz_bind9_10.so"; > > > > # For BIND 9.11.x > > # database "dlopen /usr/lib64/samba/bind9/dlz_bind9_11.so"; > > }; > > > > There doesn't seem to be anything wrong there, but I may know what the > problem is. > You are trying to change to Bind9 from the internal dns server, but > have you read this: > > https://wiki.samba.org/index.php/Changing_the_DNS_Back_End_of_a_Samba_AD_DC > > Rowland > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba >-- Eben Victor Cell: +27 82 759 5266 Email: eben.victor at gmail.com
On Mon, 30 Jul 2018 11:25:11 +0200 Eben Victor <eben.victor at gmail.com> wrote:> Yes I have added "server services = -dns" to my smb.conf file and > also removed "dns forwarder =" > I've done the same setup but on Samba 4.7.7, RHEL6, named 9.8 and this > works perfect. >OK, but have you run 'samba_upgradedns' ? If you have, then all that seems to be left is selinux, is this getting in the way ? Rowland
Hello Rowland,
selinux has been disabled, I also ran th follow
# systemctl stop sernet-samba-ad
# samba_upgradedns --dns-backend=BIND9_DLZ
# named -d3 -f -g -u named
Which then still fails, see below smb.conf
[global]
workgroup = DOMAIN
realm = DOMAIN.CORP
netbios name = PDC
server role = active directory domain controller
idmap_ldb:use rfc2307 = yes
idmap config * : range = 3000-7999
winbind offline logon = Yes
guest account = nobody
restrict anonymous = 1
winbind max clients = 2000
log level = 2
ldap server require strong auth = no
ntlm auth = mschapv2-and-ntlmv2-only
template homedir = /home/%D/%U
template shell = /bin/bash
interfaces = lo ens192
bind interfaces only = yes
server services = -dns
max xmit = 65535
dead time = 15
# Disable printer share
load printers = No
printcap name = /dev/null
disable spoolss = Yes
# Enable domain TLS
tls enabled = yes
tls keyfile = tls/key.pem
tls certfile = tls/cert.pem
tls cafile = tls/ca.pem
[netlogon]
path = /var/lib/samba/sysvol/domain.corp/scripts
read only = Yes
[sysvol]
path = /var/lib/samba/sysvol
read only = Yes
On Mon, Jul 30, 2018 at 11:43 AM Rowland Penny via samba <
samba at lists.samba.org> wrote:
> On Mon, 30 Jul 2018 11:25:11 +0200
> Eben Victor <eben.victor at gmail.com> wrote:
>
> > Yes I have added "server services = -dns" to my smb.conf
file and
> > also removed "dns forwarder ="
> > I've done the same setup but on Samba 4.7.7, RHEL6, named 9.8 and
this
> > works perfect.
> >
>
> OK, but have you run 'samba_upgradedns' ?
>
> If you have, then all that seems to be left is selinux, is this getting
> in the way ?
>
> Rowland
>
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
>
--
Eben Victor
Cell: +27 82 759 5266
Email: eben.victor at gmail.com