Hai, As Rowland said also, your config looks better the we often see.. :-) I can only see one thing thats little off in bind is the auth-nxdomain. https://wiki.samba.org/index.php/Setting_up_a_BIND_DNS_Server Shows auth-nxdomain yes; You ADDC is the Authoritive DNS server for your domains so i suggest turn it on. Greetz, Louis> -----Oorspronkelijk bericht----- > Van: samba [mailto:samba-bounces at lists.samba.org] Namens > admins aixtema via samba > Verzonden: dinsdag 13 november 2018 13:46 > Aan: samba at lists.samba.org > Onderwerp: Re: [Samba] Online Backup fails > > When i change to dns-backend=SAMBA_INTERNAL the backup works, but not > with BIND9_DLZ > > Am 13.11.18 um 13:38 schrieb admins aixtema via samba: > > > > > > cat /etc/hostname > > phoenix > > > > > > cat /etc/hosts > > > > # IPv4 and IPv6 localhost aliases > > 127.0.0.1 localhost > > ::1 localhost > > 192.168.1.123 phoenix phoenix.aixtema.de > > 192.168.1.124 xineohp xineohp.aixtema.de > > > > > > cat /etc/resolv.conf > > search phoenix.aixtema.de > > nameserver 192.168.1.123 > > > > > > cat /etc/krb5.conf > > [libdefaults] > > default_realm = AIXTEMA.DE > > dns_lookup_realm = false > > dns_lookup_kdc = true > > > > > > smb.conf > > > > # Global parameters > > [global] > > interfaces = ens4 > > log file = /var/log/samba/%m.log > > logging = file > > netbios name = PHOENIX > > realm = AIXTEMA.DE > > workgroup = AIXTEMA > > server role = active directory domain controller > > server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc, > > drepl, winbindd, ntp_signd, kcc, dnsupdate > > time server = Yes > > tls cafile = tls/ca.pem > > tls certfile = tls/cert.pem > > tls enabled = Yes > > tls keyfile = tls/key.pem > > winbind refresh tickets = Yes > > spoolssd:prefork_child_min_life = 60 > > spoolssd:prefork_max_allowed_clients = 100 > > spoolssd:prefork_spawn_rate = 5 > > spoolssd:prefork_max_children = 25 > > spoolssd:prefork_min_children = 5 > > rpc_daemon:spoolssd = fork > > rpc_server:spoolss = external > > spoolss: architecture = Windows x64 > > idmap_ldb:use rfc2307 = yes > > include = /etc/samba/printers.conf > > > > > > [netlogon] > > path = /var/lib/samba/sysvol/aixtema.de/scripts > > read only = No > > > > [sysvol] > > path = /var/lib/samba/sysvol > > read only = No > > > > [printers] > > browseable = No > > create mask = 0700 > > path = /var/spool/samba/ > > printable = Yes > > read only = No > > > > [print$] > > create mask = 0755 > > inherit permissions = Yes > > path = /var/lib/samba/drivers > > read only = No > > write list = Administrator > > > > > > > > named.conf > > > > > > options { > > directory "/var/bind"; > > > > // uncomment the following lines to turn on DNS forwarding, > > // and change the forwarding ip address(es) : > > //forward first; > > forwarders { > > ISP DNS; > > ISP DNS; > > }; > > > > listen-on-v6 { none; }; > > > > listen-on { 127.0.0.1; 192.168.1.123; }; > > // to allow only specific hosts to use the DNS server: > > allow-query { > > 127.0.0.1; > > 192.168.1.0/21; > > }; > > > > pid-file "/run/named/named.pid"; > > tkey-gssapi-keytab "/var/lib/samba/bind-dns/dns.keytab"; > > > > dnssec-enable no; > > dnssec-validation auto; > > auth-nxdomain no; > > }; > > > > include "/var/lib/samba/bind-dns/named.conf"; > > > > include "/var/bind/db/blacklisted.zones"; > > > > zone "localhost" IN { > > type master; > > file "pri/localhost.zone"; > > allow-update { none; }; > > notify no; > > }; > > > > zone "127.in-addr.arpa" IN { > > type master; > > file "pri/127.zone"; > > allow-update { none; }; > > notify no; > > }; > > > > > > > > > > Am 13.11.18 um 13:10 schrieb Rowland Penny via samba: > >> On Tue, 13 Nov 2018 12:36:20 +0100 > >> admins aixtema via samba <samba at lists.samba.org> wrote: > >> > >>> Did all your advices, but nothing works > >>> > >>> it still creates the tempRANDOMID folder wtih > >>> > >>> bind-dns/empty > >>> etc/smb.conf > >>> private/all contains from var/lib/samba/private > >>> state/sysvol > >>> > >>> > >>> but the dns still fails with the same error as my first post > >> > >> I think you need to fix the DNS problem first, I have just > upgraded a > >> Samba DC running on Ubuntu 18.04 to 4.9.2 and it works for me. > >> > >> Can you post the following: > >> > >> /etc/hostname > >> /etc/hosts > >> /etc/resolv.conf > >> /etc/krb5.conf > >> smb.conf > >> Your named conf file(s) > >> > >> I know you may have already have posted some of them, but > please post > >> them all. > >> > >> Rowland > >> > > > > Mit freundlichen Grüßen, > > René Fuchs > > > > > > Mit freundlichen Grüßen, > René Fuchs > > > -- > *********************************************** > aixtema GmbH > René Fuchs > Philipsstr. 8, 52068 Aachen, Germany > Tel.: +49 241 70515-1323, Fax: +49 241 70515-15 > mailto:r.fuchs at aixtema.de > > WWW: http://www.aixtema.de > Shop: http://shop.aixtema.de > > Geschaeftsfuehrer: Oliver Rossbruch > HRB 8201, Amtsgericht Aachen > USt.-Id-Nr. DE 210 906 744 > St.-Nr. 201/5942/3737, Finanzamt Aachen Stadt > *********************************************** > > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba >
On Tue, 13 Nov 2018 14:16:58 +0100 "L.P.H. van Belle via samba" <samba at lists.samba.org> wrote:> Hai, > > As Rowland said also, your config looks better the we often > see.. :-) > > I can only see one thing thats little off in bind is the > auth-nxdomain. > https://wiki.samba.org/index.php/Setting_up_a_BIND_DNS_Server > > Shows auth-nxdomain yes; > > You ADDC is the Authoritive DNS server for your domains so i suggest > turn it on. >Good catch Louis, totally missed that ;-) Rowland
now it works :) well done guys >As Rowland said also, your config looks better the we often see.. :-) i know, i read the list a lot of times and sometimes its very crazy for the settings i used the Gentoo wiki a Stefan Kanis Samba 4.3 Book and some diffrent random Pages accros the web. btw. i have 2 Samba DCs and around 20 Member Server (all linux who needs windows) now i only must change some settings in my production system before i upgrade to 4.9.2 and hope everything is still working after the little changes. Am 13.11.18 um 14:16 schrieb L.P.H. van Belle via samba:> Hai, > > As Rowland said also, your config looks better the we often see.. :-) > > I can only see one thing thats little off in bind is the auth-nxdomain. > https://wiki.samba.org/index.php/Setting_up_a_BIND_DNS_Server > > Shows auth-nxdomain yes; > > You ADDC is the Authoritive DNS server for your domains so i suggest turn it on. > > > Greetz, > > Louis > > > > > >> -----Oorspronkelijk bericht----- >> Van: samba [mailto:samba-bounces at lists.samba.org] Namens >> admins aixtema via samba >> Verzonden: dinsdag 13 november 2018 13:46 >> Aan: samba at lists.samba.org >> Onderwerp: Re: [Samba] Online Backup fails >> >> When i change to dns-backend=SAMBA_INTERNAL the backup works, but not >> with BIND9_DLZ >> >> Am 13.11.18 um 13:38 schrieb admins aixtema via samba: >>> >>> >>> cat /etc/hostname >>> phoenix >>> >>> >>> cat /etc/hosts >>> >>> # IPv4 and IPv6 localhost aliases >>> 127.0.0.1 localhost >>> ::1 localhost >>> 192.168.1.123 phoenix phoenix.aixtema.de >>> 192.168.1.124 xineohp xineohp.aixtema.de >>> >>> >>> cat /etc/resolv.conf >>> search phoenix.aixtema.de >>> nameserver 192.168.1.123 >>> >>> >>> cat /etc/krb5.conf >>> [libdefaults] >>> default_realm = AIXTEMA.DE >>> dns_lookup_realm = false >>> dns_lookup_kdc = true >>> >>> >>> smb.conf >>> >>> # Global parameters >>> [global] >>> interfaces = ens4 >>> log file = /var/log/samba/%m.log >>> logging = file >>> netbios name = PHOENIX >>> realm = AIXTEMA.DE >>> workgroup = AIXTEMA >>> server role = active directory domain controller >>> server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc, >>> drepl, winbindd, ntp_signd, kcc, dnsupdate >>> time server = Yes >>> tls cafile = tls/ca.pem >>> tls certfile = tls/cert.pem >>> tls enabled = Yes >>> tls keyfile = tls/key.pem >>> winbind refresh tickets = Yes >>> spoolssd:prefork_child_min_life = 60 >>> spoolssd:prefork_max_allowed_clients = 100 >>> spoolssd:prefork_spawn_rate = 5 >>> spoolssd:prefork_max_children = 25 >>> spoolssd:prefork_min_children = 5 >>> rpc_daemon:spoolssd = fork >>> rpc_server:spoolss = external >>> spoolss: architecture = Windows x64 >>> idmap_ldb:use rfc2307 = yes >>> include = /etc/samba/printers.conf >>> >>> >>> [netlogon] >>> path = /var/lib/samba/sysvol/aixtema.de/scripts >>> read only = No >>> >>> [sysvol] >>> path = /var/lib/samba/sysvol >>> read only = No >>> >>> [printers] >>> browseable = No >>> create mask = 0700 >>> path = /var/spool/samba/ >>> printable = Yes >>> read only = No >>> >>> [print$] >>> create mask = 0755 >>> inherit permissions = Yes >>> path = /var/lib/samba/drivers >>> read only = No >>> write list = Administrator >>> >>> >>> >>> named.conf >>> >>> >>> options { >>> directory "/var/bind"; >>> >>> // uncomment the following lines to turn on DNS forwarding, >>> // and change the forwarding ip address(es) : >>> //forward first; >>> forwarders { >>> ISP DNS; >>> ISP DNS; >>> }; >>> >>> listen-on-v6 { none; }; >>> >>> listen-on { 127.0.0.1; 192.168.1.123; }; >>> // to allow only specific hosts to use the DNS server: >>> allow-query { >>> 127.0.0.1; >>> 192.168.1.0/21; >>> }; >>> >>> pid-file "/run/named/named.pid"; >>> tkey-gssapi-keytab "/var/lib/samba/bind-dns/dns.keytab"; >>> >>> dnssec-enable no; >>> dnssec-validation auto; >>> auth-nxdomain no; >>> }; >>> >>> include "/var/lib/samba/bind-dns/named.conf"; >>> >>> include "/var/bind/db/blacklisted.zones"; >>> >>> zone "localhost" IN { >>> type master; >>> file "pri/localhost.zone"; >>> allow-update { none; }; >>> notify no; >>> }; >>> >>> zone "127.in-addr.arpa" IN { >>> type master; >>> file "pri/127.zone"; >>> allow-update { none; }; >>> notify no; >>> }; >>> >>> >>> >>> >>> Am 13.11.18 um 13:10 schrieb Rowland Penny via samba: >>>> On Tue, 13 Nov 2018 12:36:20 +0100 >>>> admins aixtema via samba <samba at lists.samba.org> wrote: >>>> >>>>> Did all your advices, but nothing works >>>>> >>>>> it still creates the tempRANDOMID folder wtih >>>>> >>>>> bind-dns/empty >>>>> etc/smb.conf >>>>> private/all contains from var/lib/samba/private >>>>> state/sysvol >>>>> >>>>> >>>>> but the dns still fails with the same error as my first post >>>> >>>> I think you need to fix the DNS problem first, I have just >> upgraded a >>>> Samba DC running on Ubuntu 18.04 to 4.9.2 and it works for me. >>>> >>>> Can you post the following: >>>> >>>> /etc/hostname >>>> /etc/hosts >>>> /etc/resolv.conf >>>> /etc/krb5.conf >>>> smb.conf >>>> Your named conf file(s) >>>> >>>> I know you may have already have posted some of them, but >> please post >>>> them all. >>>> >>>> Rowland >>>> >>> >>> Mit freundlichen Grüßen, >>> René Fuchs >>> >>> >> >> Mit freundlichen Grüßen, >> René Fuchs >> >> >> -- >> *********************************************** >> aixtema GmbH >> René Fuchs >> Philipsstr. 8, 52068 Aachen, Germany >> Tel.: +49 241 70515-1323, Fax: +49 241 70515-15 >> mailto:r.fuchs at aixtema.de >> >> WWW: http://www.aixtema.de >> Shop: http://shop.aixtema.de >> >> Geschaeftsfuehrer: Oliver Rossbruch >> HRB 8201, Amtsgericht Aachen >> USt.-Id-Nr. DE 210 906 744 >> St.-Nr. 201/5942/3737, Finanzamt Aachen Stadt >> *********************************************** >> >> >> -- >> To unsubscribe from this list go to the following URL and read the >> instructions: https://lists.samba.org/mailman/options/samba >> > >Mit freundlichen Grüßen, René Fuchs -- *********************************************** aixtema GmbH René Fuchs Philipsstr. 8, 52068 Aachen, Germany Tel.: +49 241 70515-1323, Fax: +49 241 70515-15 mailto:r.fuchs at aixtema.de WWW: http://www.aixtema.de Shop: http://shop.aixtema.de Geschaeftsfuehrer: Oliver Rossbruch HRB 8201, Amtsgericht Aachen USt.-Id-Nr. DE 210 906 744 St.-Nr. 201/5942/3737, Finanzamt Aachen Stadt ***********************************************
when i add this named wont start anymore :) so i let it out Am 13.11.18 um 14:28 schrieb Rowland Penny via samba:> On Tue, 13 Nov 2018 14:16:58 +0100 > "L.P.H. van Belle via samba" <samba at lists.samba.org> wrote: > >> Hai, >> >> As Rowland said also, your config looks better the we often >> see.. :-) >> >> I can only see one thing thats little off in bind is the >> auth-nxdomain. >> https://wiki.samba.org/index.php/Setting_up_a_BIND_DNS_Server >> >> Shows auth-nxdomain yes; >> >> You ADDC is the Authoritive DNS server for your domains so i suggest >> turn it on. >> > > Good catch Louis, totally missed that ;-) > > Rowland >Mit freundlichen Grüßen, René Fuchs -- *********************************************** aixtema GmbH René Fuchs Philipsstr. 8, 52068 Aachen, Germany Tel.: +49 241 70515-1323, Fax: +49 241 70515-15 mailto:r.fuchs at aixtema.de WWW: http://www.aixtema.de Shop: http://shop.aixtema.de Geschaeftsfuehrer: Oliver Rossbruch HRB 8201, Amtsgericht Aachen USt.-Id-Nr. DE 210 906 744 St.-Nr. 201/5942/3737, Finanzamt Aachen Stadt ***********************************************
Hai,> > when i add this named wont start anymore :) > so i let it out >Then you might still have some other config problem. I really suggest find and fix it first before you upgrade. Greetz, Louis> -----Oorspronkelijk bericht----- > Van: samba [mailto:samba-bounces at lists.samba.org] Namens > admins aixtema via samba > Verzonden: dinsdag 13 november 2018 14:35 > Aan: samba at lists.samba.org > Onderwerp: Re: [Samba] Online Backup fails > > now it works :) > > well done guys > > >As Rowland said also, your config looks better the we often > see.. :-) > i know, i read the list a lot of times and sometimes its very crazy > > for the settings i used the Gentoo wiki a Stefan Kanis Samba 4.3 Book > and some diffrent random Pages accros the web.Well, if you already are using his books, i can only suggest. https://www.amazon.de/Samba-Das-Handbuch-für-Administratoren/dp/3446455914/ref=sr_1_2?s=books&ie=UTF8&qid=1542120149&sr=1-2&keywords=Samba+4 His next one ;-) That one in more focused on samba 4.8 and 4.9 as far i know.> > btw. i have 2 Samba DCs and around 20 Member Server (all > linux who needs > windows) > > > now i only must change some settings in my production system before i > upgrade to 4.9.2 and hope everything is still working after > the little > changes. > > > > > Am 13.11.18 um 14:16 schrieb L.P.H. van Belle via samba: > > Hai, > > > > As Rowland said also, your config looks better the we often > see.. :-) > > > > I can only see one thing thats little off in bind is the > auth-nxdomain. > > https://wiki.samba.org/index.php/Setting_up_a_BIND_DNS_Server > > > > Shows auth-nxdomain yes; > > > > You ADDC is the Authoritive DNS server for your domains so > i suggest turn it on. > > > > > > Greetz, > > > > Louis > > > > > > > > > > > >> -----Oorspronkelijk bericht----- > >> Van: samba [mailto:samba-bounces at lists.samba.org] Namens > >> admins aixtema via samba > >> Verzonden: dinsdag 13 november 2018 13:46 > >> Aan: samba at lists.samba.org > >> Onderwerp: Re: [Samba] Online Backup fails > >> > >> When i change to dns-backend=SAMBA_INTERNAL the backup > works, but not > >> with BIND9_DLZ > >> > >> Am 13.11.18 um 13:38 schrieb admins aixtema via samba: > >>> > >>> > >>> cat /etc/hostname > >>> phoenix > >>> > >>> > >>> cat /etc/hosts > >>> > >>> # IPv4 and IPv6 localhost aliases > >>> 127.0.0.1 localhost > >>> ::1 localhost > >>> 192.168.1.123 phoenix phoenix.aixtema.de > >>> 192.168.1.124 xineohp xineohp.aixtema.de > >>> > >>> > >>> cat /etc/resolv.conf > >>> search phoenix.aixtema.de > >>> nameserver 192.168.1.123 > >>> > >>> > >>> cat /etc/krb5.conf > >>> [libdefaults] > >>> default_realm = AIXTEMA.DE > >>> dns_lookup_realm = false > >>> dns_lookup_kdc = true > >>> > >>> > >>> smb.conf > >>> > >>> # Global parameters > >>> [global] > >>> interfaces = ens4 > >>> log file = /var/log/samba/%m.log > >>> logging = file > >>> netbios name = PHOENIX > >>> realm = AIXTEMA.DE > >>> workgroup = AIXTEMA > >>> server role = active directory domain controller > >>> server services = s3fs, rpc, nbt, wrepl, ldap, > cldap, kdc, > >>> drepl, winbindd, ntp_signd, kcc, dnsupdate > >>> time server = Yes > >>> tls cafile = tls/ca.pem > >>> tls certfile = tls/cert.pem > >>> tls enabled = Yes > >>> tls keyfile = tls/key.pem > >>> winbind refresh tickets = Yes > >>> spoolssd:prefork_child_min_life = 60 > >>> spoolssd:prefork_max_allowed_clients = 100 > >>> spoolssd:prefork_spawn_rate = 5 > >>> spoolssd:prefork_max_children = 25 > >>> spoolssd:prefork_min_children = 5 > >>> rpc_daemon:spoolssd = fork > >>> rpc_server:spoolss = external > >>> spoolss: architecture = Windows x64 > >>> idmap_ldb:use rfc2307 = yes > >>> include = /etc/samba/printers.conf > >>> > >>> > >>> [netlogon] > >>> path = /var/lib/samba/sysvol/aixtema.de/scripts > >>> read only = No > >>> > >>> [sysvol] > >>> path = /var/lib/samba/sysvol > >>> read only = No > >>> > >>> [printers] > >>> browseable = No > >>> create mask = 0700 > >>> path = /var/spool/samba/ > >>> printable = Yes > >>> read only = No > >>> > >>> [print$] > >>> create mask = 0755 > >>> inherit permissions = Yes > >>> path = /var/lib/samba/drivers > >>> read only = No > >>> write list = Administrator > >>> > >>> > >>> > >>> named.conf > >>> > >>> > >>> options { > >>> directory "/var/bind"; > >>> > >>> // uncomment the following lines to turn on DNS > forwarding, > >>> // and change the forwarding ip address(es) : > >>> //forward first; > >>> forwarders { > >>> ISP DNS; > >>> ISP DNS; > >>> }; > >>> > >>> listen-on-v6 { none; }; > >>> > >>> listen-on { 127.0.0.1; 192.168.1.123; }; > >>> // to allow only specific hosts to use the DNS server: > >>> allow-query { > >>> 127.0.0.1; > >>> 192.168.1.0/21; > >>> }; > >>> > >>> pid-file "/run/named/named.pid"; > >>> tkey-gssapi-keytab "/var/lib/samba/bind-dns/dns.keytab"; > >>> > >>> dnssec-enable no; > >>> dnssec-validation auto; > >>> auth-nxdomain no; > >>> }; > >>> > >>> include "/var/lib/samba/bind-dns/named.conf"; > >>> > >>> include "/var/bind/db/blacklisted.zones"; > >>> > >>> zone "localhost" IN { > >>> type master; > >>> file "pri/localhost.zone"; > >>> allow-update { none; }; > >>> notify no; > >>> }; > >>> > >>> zone "127.in-addr.arpa" IN { > >>> type master; > >>> file "pri/127.zone"; > >>> allow-update { none; }; > >>> notify no; > >>> }; > >>> > >>> > >>> > >>> > >>> Am 13.11.18 um 13:10 schrieb Rowland Penny via samba: > >>>> On Tue, 13 Nov 2018 12:36:20 +0100 > >>>> admins aixtema via samba <samba at lists.samba.org> wrote: > >>>> > >>>>> Did all your advices, but nothing works > >>>>> > >>>>> it still creates the tempRANDOMID folder wtih > >>>>> > >>>>> bind-dns/empty > >>>>> etc/smb.conf > >>>>> private/all contains from var/lib/samba/private > >>>>> state/sysvol > >>>>> > >>>>> > >>>>> but the dns still fails with the same error as my first post > >>>> > >>>> I think you need to fix the DNS problem first, I have just > >> upgraded a > >>>> Samba DC running on Ubuntu 18.04 to 4.9.2 and it works for me. > >>>> > >>>> Can you post the following: > >>>> > >>>> /etc/hostname > >>>> /etc/hosts > >>>> /etc/resolv.conf > >>>> /etc/krb5.conf > >>>> smb.conf > >>>> Your named conf file(s) > >>>> > >>>> I know you may have already have posted some of them, but > >> please post > >>>> them all. > >>>> > >>>> Rowland > >>>> > >>> > >>> Mit freundlichen Grüßen, > >>> René Fuchs > >>> > >>> > >> > >> Mit freundlichen Grüßen, > >> René Fuchs > >> > >> > >> -- > >> *********************************************** > >> aixtema GmbH > >> René Fuchs > >> Philipsstr. 8, 52068 Aachen, Germany > >> Tel.: +49 241 70515-1323, Fax: +49 241 70515-15 > >> mailto:r.fuchs at aixtema.de > >> > >> WWW: http://www.aixtema.de > >> Shop: http://shop.aixtema.de > >> > >> Geschaeftsfuehrer: Oliver Rossbruch > >> HRB 8201, Amtsgericht Aachen > >> USt.-Id-Nr. DE 210 906 744 > >> St.-Nr. 201/5942/3737, Finanzamt Aachen Stadt > >> *********************************************** > >> > >> > >> -- > >> To unsubscribe from this list go to the following URL and read the > >> instructions: https://lists.samba.org/mailman/options/samba > >> > > > > > > Mit freundlichen Grüßen, > René Fuchs > > > -- > *********************************************** > aixtema GmbH > René Fuchs > Philipsstr. 8, 52068 Aachen, Germany > Tel.: +49 241 70515-1323, Fax: +49 241 70515-15 > mailto:r.fuchs at aixtema.de > > WWW: http://www.aixtema.de > Shop: http://shop.aixtema.de > > Geschaeftsfuehrer: Oliver Rossbruch > HRB 8201, Amtsgericht Aachen > USt.-Id-Nr. DE 210 906 744 > St.-Nr. 201/5942/3737, Finanzamt Aachen Stadt > *********************************************** > > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba >