Hello Rowland, selinux has been disabled, I also ran th follow # systemctl stop sernet-samba-ad # samba_upgradedns --dns-backend=BIND9_DLZ # named -d3 -f -g -u named Which then still fails, see below smb.conf [global] workgroup = DOMAIN realm = DOMAIN.CORP netbios name = PDC server role = active directory domain controller idmap_ldb:use rfc2307 = yes idmap config * : range = 3000-7999 winbind offline logon = Yes guest account = nobody restrict anonymous = 1 winbind max clients = 2000 log level = 2 ldap server require strong auth = no ntlm auth = mschapv2-and-ntlmv2-only template homedir = /home/%D/%U template shell = /bin/bash interfaces = lo ens192 bind interfaces only = yes server services = -dns max xmit = 65535 dead time = 15 # Disable printer share load printers = No printcap name = /dev/null disable spoolss = Yes # Enable domain TLS tls enabled = yes tls keyfile = tls/key.pem tls certfile = tls/cert.pem tls cafile = tls/ca.pem [netlogon] path = /var/lib/samba/sysvol/domain.corp/scripts read only = Yes [sysvol] path = /var/lib/samba/sysvol read only = Yes On Mon, Jul 30, 2018 at 11:43 AM Rowland Penny via samba < samba at lists.samba.org> wrote:> On Mon, 30 Jul 2018 11:25:11 +0200 > Eben Victor <eben.victor at gmail.com> wrote: > > > Yes I have added "server services = -dns" to my smb.conf file and > > also removed "dns forwarder =" > > I've done the same setup but on Samba 4.7.7, RHEL6, named 9.8 and this > > works perfect. > > > > OK, but have you run 'samba_upgradedns' ? > > If you have, then all that seems to be left is selinux, is this getting > in the way ? > > Rowland > > > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba >-- Eben Victor Cell: +27 82 759 5266 Email: eben.victor at gmail.com
Is the file (/var/lib/samba/bind-dns/named.conf) and the directory readable by named? We also have the packages vom Sernet and after a fresh install named is not able to read the file. Regards Christian Am 30.07.2018 um 15:42 schrieb Eben Victor via samba:> Hello Rowland, > > selinux has been disabled, I also ran th follow > > # systemctl stop sernet-samba-ad > # samba_upgradedns --dns-backend=BIND9_DLZ > # named -d3 -f -g -u named > > Which then still fails, see below smb.conf > > [global] > workgroup = DOMAIN > realm = DOMAIN.CORP > netbios name = PDC > server role = active directory domain controller > idmap_ldb:use rfc2307 = yes > idmap config * : range = 3000-7999 > winbind offline logon = Yes > guest account = nobody > restrict anonymous = 1 > winbind max clients = 2000 > log level = 2 > ldap server require strong auth = no > ntlm auth = mschapv2-and-ntlmv2-only > template homedir = /home/%D/%U > template shell = /bin/bash > interfaces = lo ens192 > bind interfaces only = yes > server services = -dns > max xmit = 65535 > dead time = 15 > > # Disable printer share > load printers = No > printcap name = /dev/null > disable spoolss = Yes > > # Enable domain TLS > tls enabled = yes > tls keyfile = tls/key.pem > tls certfile = tls/cert.pem > tls cafile = tls/ca.pem > > [netlogon] > path = /var/lib/samba/sysvol/domain.corp/scripts > read only = Yes > > [sysvol] > path = /var/lib/samba/sysvol > read only = Yes > > > On Mon, Jul 30, 2018 at 11:43 AM Rowland Penny via samba < > samba at lists.samba.org> wrote: > >> On Mon, 30 Jul 2018 11:25:11 +0200 >> Eben Victor <eben.victor at gmail.com> wrote: >> >>> Yes I have added "server services = -dns" to my smb.conf file and >>> also removed "dns forwarder =" >>> I've done the same setup but on Samba 4.7.7, RHEL6, named 9.8 and this >>> works perfect. >>> >> >> OK, but have you run 'samba_upgradedns' ? >> >> If you have, then all that seems to be left is selinux, is this getting >> in the way ? >> >> Rowland >> >> >> >> -- >> To unsubscribe from this list go to the following URL and read the >> instructions: https://lists.samba.org/mailman/options/samba >> > >-- Dr. Christian Naumer Research Scientist Plattform-Koordinator Bioprozesstechnik B.R.A.I.N Aktiengesellschaft Darmstaedter Str. 34-36, D-64673 Zwingenberg e-mail cn at brain-biotech.de, homepage www.brain-biotech.de fon +49-6251-9331-30 / fax +49-6251-9331-11 Sitz der Gesellschaft: Zwingenberg/Bergstrasse Registergericht AG Darmstadt, HRB 24758 Vorstand: Dr. Juergen Eck (Vorsitzender), Frank Goebel Aufsichtsratsvorsitzender: Dr. Ludger Mueller
On Mon, 30 Jul 2018 15:42:45 +0200 Eben Victor <eben.victor at gmail.com> wrote:> Hello Rowland, > > selinux has been disabled, I also ran th follow > > # systemctl stop sernet-samba-ad > # samba_upgradedns --dns-backend=BIND9_DLZ > # named -d3 -f -g -u named > > Which then still fails, see below smb.conf > > [global] > workgroup = DOMAIN > realm = DOMAIN.CORP > netbios name = PDC > server role = active directory domain controller > idmap_ldb:use rfc2307 = yes > idmap config * : range = 3000-7999 > winbind offline logon = Yes > guest account = nobody > restrict anonymous = 1 > winbind max clients = 2000 > log level = 2 > ldap server require strong auth = no > ntlm auth = mschapv2-and-ntlmv2-only > template homedir = /home/%D/%U > template shell = /bin/bash > interfaces = lo ens192 > bind interfaces only = yes > server services = -dns > max xmit = 65535 > dead time = 15 > > # Disable printer share > load printers = No > printcap name = /dev/null > disable spoolss = Yes > > # Enable domain TLS > tls enabled = yes > tls keyfile = tls/key.pem > tls certfile = tls/cert.pem > tls cafile = tls/ca.pem > > [netlogon] > path = /var/lib/samba/sysvol/domain.corp/scripts > read only = Yes > > [sysvol] > path = /var/lib/samba/sysvol > read only = Yes >Before I comment, can I ask a general question ? Does anybody read the Samba wiki and/or man smb.conf ???? If I remove all the default options and lines that shouldn't be there (as in 'winbind offline logon = Yes', really, on a DC ?), I get this: [global] workgroup = DOMAIN realm = DOMAIN.CORP netbios name = PDC server role = active directory domain controller idmap_ldb:use rfc2307 = yes log level = 2 ldap server require strong auth = no ntlm auth = mschapv2-and-ntlmv2-only template shell = /bin/bash interfaces = lo ens192 bind interfaces only = yes server services = -dns # Disable printer share load printers = No printcap name = /dev/null disable spoolss = Yes [netlogon] path = /var/lib/samba/sysvol/domain.corp/scripts read only = Yes [sysvol] path = /var/lib/samba/sysvol read only = Yes However, even with the smb.conf that is in use, there doesn't seem to be any reason why it isn't working. The only other thing I can think of is, what version of ldb is installed ? Rowland
> > > 30-Jul-2018 10:26:40.027 samba_dlz: starting configure > > > 30-Jul-2018 10:26:40.049 dns_rdata_fromtext: buffer-0x7facd1f60dc0:1: > > > near eof: unexpected end of input > > > 30-Jul-2018 10:26:40.049 Failed to put rr > > > 30-Jul-2018 10:26:40.269 zone domain.corp/NONE: has 0 SOA records > > > 30-Jul-2018 10:26:40.269 zone domain.corp/NONE: has no NS records > > > 30-Jul-2018 10:26:40.270 samba_dlz: Failed to configure zone > > > 'domain.corp' 30-Jul-2018 10:26:40.270 loading configuration: bad zone > > > 30-Jul-2018 10:26:40.270 exiting (due to fatal error)I've seen this before, but long ago. What is happening here is that for some reason, domain.corp is loaded ( and as said, this not the primary domain ) But its loaded before the primary domain and that causes the crash. Check the search or domain order of resolv.conf, and make sure your primary domain is set first. If thats already the case. It is fixable, but pff, i cant remember how i fixed that. Main couse. Your.domain.tld ( primary ) You created the alias, err. Beter is. Your.domain.tld ( primary ) Extra zone: domain.tld And alais the hosts not the domain. If i can recall more tonight, i'll post that tomorrow. Greetz, Louis> -----Oorspronkelijk bericht----- > Van: samba [mailto:samba-bounces at lists.samba.org] Namens > Rowland Penny via samba > Verzonden: maandag 30 juli 2018 16:15 > Aan: samba at lists.samba.org > Onderwerp: Re: [Samba] Internal DNS migrate to Bind9_DLZ > > On Mon, 30 Jul 2018 15:42:45 +0200 > Eben Victor <eben.victor at gmail.com> wrote: > > > Hello Rowland, > > > > selinux has been disabled, I also ran th follow > > > > # systemctl stop sernet-samba-ad > > # samba_upgradedns --dns-backend=BIND9_DLZ > > # named -d3 -f -g -u named > > > > Which then still fails, see below smb.conf > > > > [global] > > workgroup = DOMAIN > > realm = DOMAIN.CORP > > netbios name = PDC > > server role = active directory domain controller > > idmap_ldb:use rfc2307 = yes > > idmap config * : range = 3000-7999 > > winbind offline logon = Yes > > guest account = nobody > > restrict anonymous = 1 > > winbind max clients = 2000 > > log level = 2 > > ldap server require strong auth = no > > ntlm auth = mschapv2-and-ntlmv2-only > > template homedir = /home/%D/%U > > template shell = /bin/bash > > interfaces = lo ens192 > > bind interfaces only = yes > > server services = -dns > > max xmit = 65535 > > dead time = 15 > > > > # Disable printer share > > load printers = No > > printcap name = /dev/null > > disable spoolss = Yes > > > > # Enable domain TLS > > tls enabled = yes > > tls keyfile = tls/key.pem > > tls certfile = tls/cert.pem > > tls cafile = tls/ca.pem > > > > [netlogon] > > path = /var/lib/samba/sysvol/domain.corp/scripts > > read only = Yes > > > > [sysvol] > > path = /var/lib/samba/sysvol > > read only = Yes > > > > Before I comment, can I ask a general question ? > > Does anybody read the Samba wiki and/or man smb.conf ???? > > If I remove all the default options and lines that shouldn't be there > (as in 'winbind offline logon = Yes', really, on a DC ?), I get this: > > [global] > workgroup = DOMAIN > realm = DOMAIN.CORP > netbios name = PDC > server role = active directory domain controller > idmap_ldb:use rfc2307 = yes > log level = 2 > ldap server require strong auth = no > ntlm auth = mschapv2-and-ntlmv2-only > template shell = /bin/bash > interfaces = lo ens192 > bind interfaces only = yes > server services = -dns > > # Disable printer share > load printers = No > printcap name = /dev/null > disable spoolss = Yes > > [netlogon] > path = /var/lib/samba/sysvol/domain.corp/scripts > read only = Yes > > [sysvol] > path = /var/lib/samba/sysvol > read only = Yes > > However, even with the smb.conf that is in use, there doesn't seem to > be any reason why it isn't working. The only other thing I > can think of > is, what version of ldb is installed ? > > Rowland > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba > >
Hello Louis, My search order is correct, I have even tried shifting around and it's still failing with the same errors. Kind Regards On Mon, Jul 30, 2018 at 5:13 PM L.P.H. van Belle via samba < samba at lists.samba.org> wrote:> > > > 30-Jul-2018 10:26:40.027 samba_dlz: starting configure > > > > 30-Jul-2018 10:26:40.049 dns_rdata_fromtext: buffer-0x7facd1f60dc0:1: > > > > near eof: unexpected end of input > > > > 30-Jul-2018 10:26:40.049 Failed to put rr > > > > 30-Jul-2018 10:26:40.269 zone domain.corp/NONE: has 0 SOA records > > > > 30-Jul-2018 10:26:40.269 zone domain.corp/NONE: has no NS records > > > > 30-Jul-2018 10:26:40.270 samba_dlz: Failed to configure zone > > > > 'domain.corp' 30-Jul-2018 10:26:40.270 loading configuration: bad > zone > > > > 30-Jul-2018 10:26:40.270 exiting (due to fatal error) > > > I've seen this before, but long ago. > What is happening here is that for some reason, domain.corp is loaded ( > and as said, this not the primary domain ) > But its loaded before the primary domain and that causes the crash. > > Check the search or domain order of resolv.conf, and make sure your > primary domain is set first. > If thats already the case. > > It is fixable, but pff, i cant remember how i fixed that. > > Main couse. > Your.domain.tld ( primary ) > You created the alias, err. > > Beter is. > Your.domain.tld ( primary ) > Extra zone: domain.tld > And alais the hosts not the domain. > > If i can recall more tonight, i'll post that tomorrow. > > > Greetz, > > Louis > > > > > > -----Oorspronkelijk bericht----- > > Van: samba [mailto:samba-bounces at lists.samba.org] Namens > > Rowland Penny via samba > > Verzonden: maandag 30 juli 2018 16:15 > > Aan: samba at lists.samba.org > > Onderwerp: Re: [Samba] Internal DNS migrate to Bind9_DLZ > > > > On Mon, 30 Jul 2018 15:42:45 +0200 > > Eben Victor <eben.victor at gmail.com> wrote: > > > > > Hello Rowland, > > > > > > selinux has been disabled, I also ran th follow > > > > > > # systemctl stop sernet-samba-ad > > > # samba_upgradedns --dns-backend=BIND9_DLZ > > > # named -d3 -f -g -u named > > > > > > Which then still fails, see below smb.conf > > > > > > [global] > > > workgroup = DOMAIN > > > realm = DOMAIN.CORP > > > netbios name = PDC > > > server role = active directory domain controller > > > idmap_ldb:use rfc2307 = yes > > > idmap config * : range = 3000-7999 > > > winbind offline logon = Yes > > > guest account = nobody > > > restrict anonymous = 1 > > > winbind max clients = 2000 > > > log level = 2 > > > ldap server require strong auth = no > > > ntlm auth = mschapv2-and-ntlmv2-only > > > template homedir = /home/%D/%U > > > template shell = /bin/bash > > > interfaces = lo ens192 > > > bind interfaces only = yes > > > server services = -dns > > > max xmit = 65535 > > > dead time = 15 > > > > > > # Disable printer share > > > load printers = No > > > printcap name = /dev/null > > > disable spoolss = Yes > > > > > > # Enable domain TLS > > > tls enabled = yes > > > tls keyfile = tls/key.pem > > > tls certfile = tls/cert.pem > > > tls cafile = tls/ca.pem > > > > > > [netlogon] > > > path = /var/lib/samba/sysvol/domain.corp/scripts > > > read only = Yes > > > > > > [sysvol] > > > path = /var/lib/samba/sysvol > > > read only = Yes > > > > > > > Before I comment, can I ask a general question ? > > > > Does anybody read the Samba wiki and/or man smb.conf ???? > > > > If I remove all the default options and lines that shouldn't be there > > (as in 'winbind offline logon = Yes', really, on a DC ?), I get this: > > > > [global] > > workgroup = DOMAIN > > realm = DOMAIN.CORP > > netbios name = PDC > > server role = active directory domain controller > > idmap_ldb:use rfc2307 = yes > > log level = 2 > > ldap server require strong auth = no > > ntlm auth = mschapv2-and-ntlmv2-only > > template shell = /bin/bash > > interfaces = lo ens192 > > bind interfaces only = yes > > server services = -dns > > > > # Disable printer share > > load printers = No > > printcap name = /dev/null > > disable spoolss = Yes > > > > [netlogon] > > path = /var/lib/samba/sysvol/domain.corp/scripts > > read only = Yes > > > > [sysvol] > > path = /var/lib/samba/sysvol > > read only = Yes > > > > However, even with the smb.conf that is in use, there doesn't seem to > > be any reason why it isn't working. The only other thing I > > can think of > > is, what version of ldb is installed ? > > > > Rowland > > > > -- > > To unsubscribe from this list go to the following URL and read the > > instructions: https://lists.samba.org/mailman/options/samba > > > > > > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba >-- Eben Victor Cell: +27 82 759 5266 Email: eben.victor at gmail.com
Hello Rowland, Please see below installed samba packages. # rpm -qa | grep samba sernet-samba-client-4.8.3-11.el7.x86_64 sernet-samba-common-4.8.3-11.el7.x86_64 sernet-samba-libsmbclient0-4.8.3-11.el7.x86_64 sernet-samba-4.8.3-11.el7.x86_64 sernet-samba-ad-4.8.3-11.el7.x86_64 sernet-samba-libs-4.8.3-11.el7.x86_64 sernet-samba-winbind-4.8.3-11.el7.x86_64 ldb is installed with the samba packages. Kind Regards On Mon, Jul 30, 2018 at 4:16 PM Rowland Penny via samba < samba at lists.samba.org> wrote:> On Mon, 30 Jul 2018 15:42:45 +0200 > Eben Victor <eben.victor at gmail.com> wrote: > > > Hello Rowland, > > > > selinux has been disabled, I also ran th follow > > > > # systemctl stop sernet-samba-ad > > # samba_upgradedns --dns-backend=BIND9_DLZ > > # named -d3 -f -g -u named > > > > Which then still fails, see below smb.conf > > > > [global] > > workgroup = DOMAIN > > realm = DOMAIN.CORP > > netbios name = PDC > > server role = active directory domain controller > > idmap_ldb:use rfc2307 = yes > > idmap config * : range = 3000-7999 > > winbind offline logon = Yes > > guest account = nobody > > restrict anonymous = 1 > > winbind max clients = 2000 > > log level = 2 > > ldap server require strong auth = no > > ntlm auth = mschapv2-and-ntlmv2-only > > template homedir = /home/%D/%U > > template shell = /bin/bash > > interfaces = lo ens192 > > bind interfaces only = yes > > server services = -dns > > max xmit = 65535 > > dead time = 15 > > > > # Disable printer share > > load printers = No > > printcap name = /dev/null > > disable spoolss = Yes > > > > # Enable domain TLS > > tls enabled = yes > > tls keyfile = tls/key.pem > > tls certfile = tls/cert.pem > > tls cafile = tls/ca.pem > > > > [netlogon] > > path = /var/lib/samba/sysvol/domain.corp/scripts > > read only = Yes > > > > [sysvol] > > path = /var/lib/samba/sysvol > > read only = Yes > > > > Before I comment, can I ask a general question ? > > Does anybody read the Samba wiki and/or man smb.conf ???? > > If I remove all the default options and lines that shouldn't be there > (as in 'winbind offline logon = Yes', really, on a DC ?), I get this: > > [global] > workgroup = DOMAIN > realm = DOMAIN.CORP > netbios name = PDC > server role = active directory domain controller > idmap_ldb:use rfc2307 = yes > log level = 2 > ldap server require strong auth = no > ntlm auth = mschapv2-and-ntlmv2-only > template shell = /bin/bash > interfaces = lo ens192 > bind interfaces only = yes > server services = -dns > > # Disable printer share > load printers = No > printcap name = /dev/null > disable spoolss = Yes > > [netlogon] > path = /var/lib/samba/sysvol/domain.corp/scripts > read only = Yes > > [sysvol] > path = /var/lib/samba/sysvol > read only = Yes > > However, even with the smb.conf that is in use, there doesn't seem to > be any reason why it isn't working. The only other thing I can think of > is, what version of ldb is installed ? > > Rowland > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba >-- Eben Victor Cell: +27 82 759 5266 Email: eben.victor at gmail.com