It is part of the Sernet packages and is currently on 1.3.4 /usr/lib64/samba/libldb.so.1.3.4 We started using sernet-samba-ad from v4 using the internal dns and updated as versions were released. We have now recently updated from 4.8.2 to 4.8.3 and still using internal dns. Our DNS is working as it should, it's only been since recently that we have to migrate to bind9. On Mon, Jul 30, 2018 at 11:19 PM Rowland Penny via samba < samba at lists.samba.org> wrote:> On Mon, 30 Jul 2018 22:50:04 +0200 > Eben Victor <eben.victor at gmail.com> wrote: > > > Hello Rowland, > > > > Please see below installed samba packages. > > > > # rpm -qa | grep samba > > sernet-samba-client-4.8.3-11.el7.x86_64 > > sernet-samba-common-4.8.3-11.el7.x86_64 > > sernet-samba-libsmbclient0-4.8.3-11.el7.x86_64 > > sernet-samba-4.8.3-11.el7.x86_64 > > sernet-samba-ad-4.8.3-11.el7.x86_64 > > sernet-samba-libs-4.8.3-11.el7.x86_64 > > sernet-samba-winbind-4.8.3-11.el7.x86_64 > > > > ldb is installed with the samba packages. > > > > Yes, but where from ? is it part of the Sernet packages, or is it from > Centos ? > > Fedora has shipped libldb 1.4.0 with Samba 4.8.3 and it is the wrong > version, whereas (as far as I can see) Centos ships 1.2.2, this is > again the wrong version. You need 1.3.4 > I am not saying this is your problem, but every that has been checked > seems to be okay. > > What I haven't asked is, how did you get to where you are now. Did you > upgrade to 4.8.3 from an earlier version that used the internal dns > server, or did you provision 4.8.3 using the internal dns server ? > > Whichever, did the dns work before you tried to upgrade to Bind9 ? > > Rowland > > > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba >-- Eben Victor Cell: +27 82 759 5266 Email: eben.victor at gmail.com
On Mon, 30 Jul 2018 23:36:46 +0200 Eben Victor <eben.victor at gmail.com> wrote:> It is part of the Sernet packages and is currently on 1.3.4 > /usr/lib64/samba/libldb.so.1.3.4 > > We started using sernet-samba-ad from v4 using the internal dns and > updated as versions were released. We have now recently updated from > 4.8.2 to 4.8.3 and still using internal dns. > Our DNS is working as it should, it's only been since recently that > we have to migrate to bind9. >So, you are using Samba without problem, it is just that when you try to use Bind9 instead of the internal dns server, your problems start. Let's just recap You have run 'samba_upgradedns' You have altered smb.conf You have configured 'named.conf' correctly The Samba 'named.conf' file is readable by 'named' (this should be 'rw-r--r--' i.e. world readable) But, even though everything looks okay, Bind9 will not start. This is strange, there doesn't seem to be any reason for it. Is anybody using the combination of Centos 7, Samba 4.8.3 and Bind9 without problems ? Rowland
> So, you are using Samba without problem, it is just that when you try > to use Bind9 instead of the internal dns server, your problems start. > > Let's just recap > > You have run 'samba_upgradedns' > You have altered smb.conf > You have configured 'named.conf' correctly > The Samba 'named.conf' file is readable by 'named' (this should be > 'rw-r--r--' i.e. world readable) > > But, even though everything looks okay, Bind9 will not start. > > This is strange, there doesn't seem to be any reason for it. > > Is anybody using the combination of Centos 7, Samba 4.8.3 and Bind9 > without problems ? > >Eh, probably me... I mean # cat /etc/centos-release CentOS Linux release 7.5.1804 (Core) # named -V BIND 9.9.4-RedHat-9.9.4-61.el7 (Extended Support Version) <id:8f9657aa> built with '--build=x86_64-redhat-linux-gnu' '--host=x86_64-redhat-linux-gnu' '--program-prefix=' '--disable-dependency-tracking' '--prefix=/usr' '--exec-prefix=/usr' '--bindir=/usr/bin' '--sbindir=/usr/sbin' '--sysconfdir=/etc' '--datadir=/usr/share' '--includedir=/usr/include' '--libdir=/usr/lib64' '--libexecdir=/usr/libexec' '--sharedstatedir=/var/lib' '--mandir=/usr/share/man' '--infodir=/usr/share/info' '--with-libtool' '--localstatedir=/var' '--enable-threads' '--with-geoip' '--enable-ipv6' '--enable-filter-aaaa' '--enable-rrl' '--with-pic' '--disable-static' '--disable-openssl-version-check' '--enable-exportlib' '--with-export-libdir=/usr/lib64' '--with-export-includedir=/usr/include' '--includedir=/usr/include/bind9' '--enable-native-pkcs11' '--with-pkcs11=/usr/lib64/pkcs11/libsofthsm2.so' '--with-dlopen=yes' '--with-dlz-ldap=yes' '--with-dlz-postgres=yes' '--with-dlz-mysql=yes' '--with-dlz-filesystem=yes' '--with-dlz-bdb=yes' '--with-gssapi=yes' '--disable-isc-spnego' '--enable-fixed-rrset' '--with-tuning=large' '--with-docbook-xsl=/usr/share/sgml/docbook/xsl-stylesheets' 'build_alias=x86_64-redhat-linux-gnu' 'host_alias=x86_64-redhat-linux-gnu' 'CFLAGS= -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -m64 -mtune=generic' 'LDFLAGS=-Wl,-z,relro ' 'CPPFLAGS= -DDIG_SIGCHASE' using OpenSSL version: OpenSSL 1.0.2k 26 Jan 2017 using libxml2 version: 2.9.1 # samba -V Version 4.8.3 I am in process of migrating from samba3 NT4 domain into LDAP, so no production experience so far, but samba with BIND9_DLZ seems to be working. I start named as "named -f -g -d3" (not as a Centos service style) to be able to see whats happening. I followed samba wiki during configuring bind9_dlz. But as far as I remember I had to edit named.conf according to /var/named file structure (no "master" folder there). Michal> Rowland > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba >
Hai, Did you make sure that your root and localhost zones are loaded last in the bind config. The order matters, at least if you also use bind_DLZ. I suggest, you try it. Im Just thinking about this, if your . (root) zone is loaded, and its trying to lookup you company.corp domain. It hits resolv.conf then you bind, and bind_dlz is not loaded yet, so lookup on the internet. Its a possible option this happens, i dont know the bind9_dlz code. And this, >> domain.corp is just an alias, not the actual domain name. Setup a with a real zone. But pretty im sure your problem is caused by one of these 2. I suguest start with making sure your localhost and root zones are loaded last on named.conf. In my Debian server the order is as followed. include "/etc/bind/named.conf.options"; < here (withing the options line: at the bottum of the global options: tkey-gssapi-keytab "/var/lib/samba/private/dns.keytab"; include "/etc/bind/named.conf.local"; < here only one line: include "/var/lib/samba/private/named.conf"; include "/etc/bind/named.conf.default-zones"; < here are my root and localhost zones ( default bind, not in DLZ ) Greetz, Louis> -----Oorspronkelijk bericht----- > Van: samba [mailto:samba-bounces at lists.samba.org] Namens > Rowland Penny via samba > Verzonden: dinsdag 31 juli 2018 10:23 > Aan: samba at lists.samba.org > Onderwerp: Re: [Samba] Internal DNS migrate to Bind9_DLZ > > On Mon, 30 Jul 2018 23:36:46 +0200 > Eben Victor <eben.victor at gmail.com> wrote: > > > It is part of the Sernet packages and is currently on 1.3.4 > > /usr/lib64/samba/libldb.so.1.3.4 > > > > We started using sernet-samba-ad from v4 using the internal dns and > > updated as versions were released. We have now recently updated from > > 4.8.2 to 4.8.3 and still using internal dns. > > Our DNS is working as it should, it's only been since recently that > > we have to migrate to bind9. > > > > So, you are using Samba without problem, it is just that when you try > to use Bind9 instead of the internal dns server, your problems start. > > Let's just recap > > You have run 'samba_upgradedns' > You have altered smb.conf > You have configured 'named.conf' correctly > The Samba 'named.conf' file is readable by 'named' (this should be > 'rw-r--r--' i.e. world readable) > > But, even though everything looks okay, Bind9 will not start. > > This is strange, there doesn't seem to be any reason for it. > > Is anybody using the combination of Centos 7, Samba 4.8.3 and Bind9 > without problems ? > > Rowland > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba > >
Hello Louis,
I have checked everything possible.
The permissions and locations of files are all correct.
I’ve been playing around, setting up a test dc and some test data.
When doing the migration from internal dns to bind9_dlz then it works perfect.
(I even test by adding and removing different domain from DNS and resolve.conf)
Using the exact same configuration on my production DC's it still fails.
Could my database be corrupt somehow on 1 of my 7 DC's?
Really struggling to get this working. Any guidance or suggestions would be
helpful.
Kind Regards
On 2018/07/31, 11:33, "samba on behalf of L.P.H. van Belle via samba"
<samba-bounces at lists.samba.org on behalf of samba at lists.samba.org>
wrote:
Hai,
Did you make sure that your root and localhost zones are loaded last in the
bind config.
The order matters, at least if you also use bind_DLZ.
I suggest, you try it.
Im Just thinking about this, if your . (root) zone is loaded, and its
trying to lookup you company.corp domain.
It hits resolv.conf then you bind, and bind_dlz is not loaded yet, so lookup
on the internet.
Its a possible option this happens, i dont know the bind9_dlz code.
And this, >> domain.corp is just an alias, not the actual domain
name.
Setup a with a real zone.
But pretty im sure your problem is caused by one of these 2.
I suguest start with making sure your localhost and root zones are loaded
last on named.conf.
In my Debian server the order is as followed.
include "/etc/bind/named.conf.options"; < here (withing the
options line: at the bottum of the global options: tkey-gssapi-keytab
"/var/lib/samba/private/dns.keytab";
include "/etc/bind/named.conf.local"; < here only one line:
include "/var/lib/samba/private/named.conf";
include "/etc/bind/named.conf.default-zones"; < here are my
root and localhost zones ( default bind, not in DLZ )
Greetz,
Louis
> -----Oorspronkelijk bericht-----
> Van: samba [mailto:samba-bounces at lists.samba.org] Namens
> Rowland Penny via samba
> Verzonden: dinsdag 31 juli 2018 10:23
> Aan: samba at lists.samba.org
> Onderwerp: Re: [Samba] Internal DNS migrate to Bind9_DLZ
>
> On Mon, 30 Jul 2018 23:36:46 +0200
> Eben Victor <eben.victor at gmail.com> wrote:
>
> > It is part of the Sernet packages and is currently on 1.3.4
> > /usr/lib64/samba/libldb.so.1.3.4
> >
> > We started using sernet-samba-ad from v4 using the internal dns
and
> > updated as versions were released. We have now recently updated
from
> > 4.8.2 to 4.8.3 and still using internal dns.
> > Our DNS is working as it should, it's only been since recently
that
> > we have to migrate to bind9.
> >
>
> So, you are using Samba without problem, it is just that when you try
> to use Bind9 instead of the internal dns server, your problems start.
>
> Let's just recap
>
> You have run 'samba_upgradedns'
> You have altered smb.conf
> You have configured 'named.conf' correctly
> The Samba 'named.conf' file is readable by 'named'
(this should be
> 'rw-r--r--' i.e. world readable)
>
> But, even though everything looks okay, Bind9 will not start.
>
> This is strange, there doesn't seem to be any reason for it.
>
> Is anybody using the combination of Centos 7, Samba 4.8.3 and Bind9
> without problems ?
>
> Rowland
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
>
>
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba