On 05/08/2019 09:55, Patrik via samba wrote:> the dig is wrong as well, it adds an additional ip address, which i have > not request to use other interfaces: > root at server:/# dig p3x-dc.patrikx3.com >Patrik, I have told you what your problem is, refusing to accept that you have setup Bind9 incorrectly is no reason for opening a new thread. Just in case you missed it, or misunderstood it: You need to decide which network card you want to use with Samba and set up smb.conf accordingly. You need to stop use 'flatfiles' with Samba and use BIND_DLZ instead. As I said, once you accept your setup is incorrect, I am prepared to help you set it up correctly. Rowland
I am not using flatfiles and i using BIND_DLZ it shows in my log and i do
not use flatfiles. BIND_DLZ only.
as you can see it is pure bind and it just generates a weird ip address
(192.168.81.120, 2001:470:1f1b:5b5:eeaa:a0ff:fe1b:4d84) this ip addresses
cannot be pinged, missing this client.
you can see in smb.conf i do not use dnsupdate either.
and it is rotating and sometimes giving the wrong ip address for windows
and linux. i am on debian buster.
*My bind settings is correct as well (i wanna use enp1s0f3):*
root at server:/# cat /etc/bind/named.conf.local
view "internal-enp1s0f3" {
match-clients { "internal-enp1s0f3"; };
match-recursive-only yes;
recursion yes;
allow-recursion { "internal-enp1s0f3"; };
notify yes;
allow-update { none; };
allow-query { any; };
allow-transfer { xfer; };
include "/etc/bind/named.conf.default-zones";
zone "patrikx3.com" {
type master;
file "/etc/bind/zones/enp1s0f3/patrikx3.com";
* include "/var/lib/samba/private/named.conf.update"; * };
zone "corifeus.com" {
type master;
file "/etc/bind/zones/enp1s0f3/corifeus.com";
};
zone "gitlist.tk" {
type master;
file "/etc/bind/zones/enp1s0f3/gitlist.tk";
};
zone "albafructus.eu" {
type master;
file "/etc/bind/zones/enp1s0f3/albafructus.eu";
};
zone "fruitinfo.hu" {
type master;
file "/etc/bind/zones/enp1s0f3/fruitinfo.hu";
};
zone "venyimgyumolcse.hu" {
type master;
file "/etc/bind/zones/enp1s0f3/venyimgyumolcse.hu";
};
* include "/var/lib/samba/private/named.conf";*};
view "internal-enp1s0f2" {
match-clients { "internal-enp1s0f2"; };
match-recursive-only yes;
recursion yes;
allow-recursion { "internal-enp1s0f2"; };
notify yes;
allow-update { none; };
allow-query { any; };
allow-transfer { xfer; };
include "/etc/bind/named.conf.default-zones";
zone "patrikx3.com" {
type master;
file "/etc/bind/zones/enp1s0f2/patrikx3.com";
};
zone "corifeus.com" {
type master;
file "/etc/bind/zones/enp1s0f2/corifeus.com";
};
zone "gitlist.tk" {
type master;
file "/etc/bind/zones/enp1s0f2/gitlist.tk";
};
zone "albafructus.eu" {
type master;
file "/etc/bind/zones/enp1s0f2/albafructus.eu";
};
zone "fruitinfo.hu" {
type master;
file "/etc/bind/zones/enp1s0f2/fruitinfo.hu";
};
zone "venyimgyumolcse.hu" {
type master;
file "/etc/bind/zones/enp1s0f2/venyimgyumolcse.hu";
};
};
view "external" {
match-clients { any; };
recursion no;
additional-from-auth no;
additional-from-cache no;
// allow-transfer { any; }; // temporarily allowed for debugging purposes
allow-transfer { none; };
// zone "namesystem.tk" IN {
// type master;
// file "/etc/bind/zones/external.namesystem.tk";
// };
};
*My samba looks like this:*
# Global parameters
[global]
*bind interfaces only = yes*# if this is turned on, always perfect
# interfaces = lo 192.168.78.20 2001:470:1f1b:5b3:21b:21ff:fea6:ce93
# interfaces = lo 192.168.78.20 2001:470:1f1b:5b3:21b:21ff:fea6:ce93
192.168.81.20 2001:470:1f1b:5b5:21b:21ff:fea6:ce92
# interfaces = lo 192.168.81.20 2001:470:1f1b:5b5:21b:21ff:fea6:ce92
# if all interfaces known, order is important, the last is the required
# interfaces = lo 192.168.78.20 192.168.81.20
# you can see it is should only allow on enp1s0f3 which is above
*interfaces = lo enp1s0f3*netbios name = SERVER
realm = P3X-DC.PATRIKX3.COM <http://p3x-dc.patrikx3.com/>
# server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc, drepl,
winbindd, ntp_signd, kcc, dnsupdate
server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc, drepl, winbindd,
ntp_signd, kcc
workgroup = P3X-DC
allow insecure wide links = Yes
# before was working
unix extensions = no
server role = active directory domain controller
idmap_ldb:use rfc2307 = yes
comment # log level = 3
template shell = /bin/bash
template homedir = /home/%U
[netlogon]
path = /var/lib/samba/sysvol/p3x-dc.patrikx3.com/scripts
read only = No
[sysvol]
path = /var/lib/samba/sysvol
read only = No
[media]
path = /media
read only = no
guest ok = no
force group = media
writable = yes
[mounts]
path = /mnt
read only = no
guest ok = no
force group = mount
writable = yes
[router-logs]
path = /var/log-router
read only = yes
guest ok = yes
writable = no
browseable = yes
# valid users = router
force user = root
follow symlinks = yes
wide links = yes
*Patrik*
WWW <https://patrikx3.com> | GitHub <https://github.com/patrikx3/> |
NPM
<https://www.npmjs.com/~patrikx3> | Corifeus <https://corifeus.com>
| +36
20 342 8046
On Mon, Aug 5, 2019 at 11:10 AM Rowland penny via samba <
samba at lists.samba.org> wrote:
> On 05/08/2019 09:55, Patrik via samba wrote:
> > the dig is wrong as well, it adds an additional ip address, which i
have
> > not request to use other interfaces:
> > root at server:/# dig p3x-dc.patrikx3.com
> >
> Patrik, I have told you what your problem is, refusing to accept that
> you have setup Bind9 incorrectly is no reason for opening a new thread.
>
> Just in case you missed it, or misunderstood it:
>
> You need to decide which network card you want to use with Samba and set
> up smb.conf accordingly.
>
> You need to stop use 'flatfiles' with Samba and use BIND_DLZ
instead.
>
> As I said, once you accept your setup is incorrect, I am prepared to
> help you set it up correctly.
>
> Rowland
>
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
>
On 05/08/2019 10:14, Patrik wrote:> I am not using flatfiles and i using BIND_DLZ it shows in my log and i > do not use flatfiles. BIND_DLZ only.Oh yes you are, you have this in your /etc/bind/named.conf.local : ??? zone "patrikx3.com" { ??????? type master; ??????? file "/etc/bind/zones/enp1s0f3/patrikx3.com"; ??????? include "/var/lib/samba/private/named.conf.update"; ??? }; That means your AD records are being stored in /etc/bind/zones/enp1s0f3/patrikx3.com and not in AD, this is known as 'flatfile' and is not supported by Samba. You also seem to using bind9 as a dns server for domains that have nothing to do with AD, this is not recommended. Rowland
If i may.
Rowland is right, below is not going to work as you want it to work.
Bind9_flatfile with samba will be removed soon, because.. Its not supported.
Read : https://wiki.samba.org/index.php/The_Samba_AD_DNS_Back_Ends
Which states.
Do not use the BIND9_FLATFILE DNS back end. It is not supported and will be
removed in the future.
And then this part.
[router-logs]
path = /var/log-router
read only = yes
guest ok = yes
writable = no
browseable = yes
force user = root
follow symlinks = yes
wide links = yes
That is asking for problems, and again, wide links and follow symlinks are very
dangerus to use.
And especialy when you force user root.
Your on debian buster.
Enforce your logging to root:staff or root:adm
Which is debian default on most logs, setup your logrotate for that also.
And use the group(s) to allow access for the samba share.
But thats what i would do.
Ps, run my debugscript, anonimize it where needed and we know if there is more
off in your setup.
Greetz,
Louis
> -----Oorspronkelijk bericht-----
> Van: samba [mailto:samba-bounces at lists.samba.org] Namens
> Patrik via samba
> Verzonden: maandag 5 augustus 2019 11:14
> Aan: Rowland penny
> CC: samba at lists.samba.org
> Onderwerp: Re: [Samba] samba dlz. bind9 nslookup is wrong
>
> I am not using flatfiles and i using BIND_DLZ it shows in my
> log and i do
> not use flatfiles. BIND_DLZ only.
> as you can see it is pure bind and it just generates a weird
> ip address
> (192.168.81.120, 2001:470:1f1b:5b5:eeaa:a0ff:fe1b:4d84) this
> ip addresses
> cannot be pinged, missing this client.
> you can see in smb.conf i do not use dnsupdate either.
> and it is rotating and sometimes giving the wrong ip address
> for windows
> and linux. i am on debian buster.
>
> *My bind settings is correct as well (i wanna use enp1s0f3):*
> root at server:/# cat /etc/bind/named.conf.local
> view "internal-enp1s0f3" {
> match-clients { "internal-enp1s0f3"; };
> match-recursive-only yes;
> recursion yes;
> allow-recursion { "internal-enp1s0f3"; };
>
> notify yes;
> allow-update { none; };
> allow-query { any; };
> allow-transfer { xfer; };
> include "/etc/bind/named.conf.default-zones";
>
> zone "patrikx3.com" {
> type master;
> file "/etc/bind/zones/enp1s0f3/patrikx3.com";
>
> * include "/var/lib/samba/private/named.conf.update"; *
};
>
> zone "corifeus.com" {
> type master;
> file "/etc/bind/zones/enp1s0f3/corifeus.com";
> };
>
> zone "gitlist.tk" {
> type master;
> file "/etc/bind/zones/enp1s0f3/gitlist.tk";
> };
>
> zone "albafructus.eu" {
> type master;
> file "/etc/bind/zones/enp1s0f3/albafructus.eu";
> };
>
>
> zone "fruitinfo.hu" {
> type master;
> file "/etc/bind/zones/enp1s0f3/fruitinfo.hu";
> };
>
>
> zone "venyimgyumolcse.hu" {
> type master;
> file "/etc/bind/zones/enp1s0f3/venyimgyumolcse.hu";
> };
>
>
> * include "/var/lib/samba/private/named.conf";*};
>
> view "internal-enp1s0f2" {
> match-clients { "internal-enp1s0f2"; };
> match-recursive-only yes;
> recursion yes;
> allow-recursion { "internal-enp1s0f2"; };
> notify yes;
> allow-update { none; };
> allow-query { any; };
> allow-transfer { xfer; };
>
> include "/etc/bind/named.conf.default-zones";
>
> zone "patrikx3.com" {
> type master;
> file "/etc/bind/zones/enp1s0f2/patrikx3.com";
> };
>
> zone "corifeus.com" {
> type master;
> file "/etc/bind/zones/enp1s0f2/corifeus.com";
> };
>
> zone "gitlist.tk" {
> type master;
> file "/etc/bind/zones/enp1s0f2/gitlist.tk";
> };
>
> zone "albafructus.eu" {
> type master;
> file "/etc/bind/zones/enp1s0f2/albafructus.eu";
> };
>
> zone "fruitinfo.hu" {
> type master;
> file "/etc/bind/zones/enp1s0f2/fruitinfo.hu";
> };
>
>
> zone "venyimgyumolcse.hu" {
> type master;
> file "/etc/bind/zones/enp1s0f2/venyimgyumolcse.hu";
> };
>
> };
>
>
> view "external" {
> match-clients { any; };
>
> recursion no;
> additional-from-auth no;
> additional-from-cache no;
>
> // allow-transfer { any; }; // temporarily allowed for
> debugging purposes
> allow-transfer { none; };
>
> // zone "namesystem.tk" IN {
> // type master;
> // file "/etc/bind/zones/external.namesystem.tk";
> // };
> };
>
> *My samba looks like this:*
> # Global parameters
> [global]
>
> *bind interfaces only = yes*# if this is turned on, always perfect
> # interfaces = lo 192.168.78.20 2001:470:1f1b:5b3:21b:21ff:fea6:ce93
> # interfaces = lo 192.168.78.20 2001:470:1f1b:5b3:21b:21ff:fea6:ce93
> 192.168.81.20 2001:470:1f1b:5b5:21b:21ff:fea6:ce92
> # interfaces = lo 192.168.81.20
> 2001:470:1f1b:5b5:21b:21ff:fea6:ce92
> # if all interfaces known, order is important, the last is
> the required
> # interfaces = lo 192.168.78.20 192.168.81.20
>
> # you can see it is should only allow on enp1s0f3 which is above
>
> *interfaces = lo enp1s0f3*netbios name = SERVER
> realm = P3X-DC.PATRIKX3.COM <http://p3x-dc.patrikx3.com/>
> # server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc, drepl,
> winbindd, ntp_signd, kcc, dnsupdate
> server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc,
> drepl, winbindd,
> ntp_signd, kcc
> workgroup = P3X-DC
> allow insecure wide links = Yes
> # before was working
> unix extensions = no
> server role = active directory domain controller
> idmap_ldb:use rfc2307 = yes
> comment > # log level = 3
> template shell = /bin/bash
> template homedir = /home/%U
>
> [netlogon]
> path = /var/lib/samba/sysvol/p3x-dc.patrikx3.com/scripts
> read only = No
>
> [sysvol]
> path = /var/lib/samba/sysvol
> read only = No
>
> [media]
> path = /media
> read only = no
> guest ok = no
> force group = media
> writable = yes
>
> [mounts]
> path = /mnt
> read only = no
> guest ok = no
> force group = mount
> writable = yes
>
> [router-logs]
> path = /var/log-router
> read only = yes
> guest ok = yes
> writable = no
> browseable = yes
> # valid users = router
> force user = root
> follow symlinks = yes
> wide links = yes
>
> *Patrik*
> WWW <https://patrikx3.com> | GitHub
> <https://github.com/patrikx3/> | NPM
> <https://www.npmjs.com/~patrikx3> | Corifeus
> <https://corifeus.com> | +36
> 20 342 8046
>
>
>
>
>
> On Mon, Aug 5, 2019 at 11:10 AM Rowland penny via samba <
> samba at lists.samba.org> wrote:
>
> > On 05/08/2019 09:55, Patrik via samba wrote:
> > > the dig is wrong as well, it adds an additional ip
> address, which i have
> > > not request to use other interfaces:
> > > root at server:/# dig p3x-dc.patrikx3.com
> > >
> > Patrik, I have told you what your problem is, refusing to
> accept that
> > you have setup Bind9 incorrectly is no reason for opening a
> new thread.
> >
> > Just in case you missed it, or misunderstood it:
> >
> > You need to decide which network card you want to use with
> Samba and set
> > up smb.conf accordingly.
> >
> > You need to stop use 'flatfiles' with Samba and use
> BIND_DLZ instead.
> >
> > As I said, once you accept your setup is incorrect, I am prepared to
> > help you set it up correctly.
> >
> > Rowland
> >
> >
> >
> > --
> > To unsubscribe from this list go to the following URL and read the
> > instructions: https://lists.samba.org/mailman/options/samba
> >
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
>
>
but as i shown in my config i use bind9, why do you say i am using
BIND9_FLATFILE
DNS?
root at server:/# cat etc/bind/named.conf.local
// Consider adding the 1918 zones here, if they are not used in your
// organization
//include "/etc/bind/zones.rfc1918";
// the order is important!!!! first internal, then external!!!
view "internal-enp1s0f3" {
match-clients { "internal-enp1s0f3"; };
match-recursive-only yes;
recursion yes;
allow-recursion { "internal-enp1s0f3"; };
notify yes;
allow-update { none; };
allow-query { any; };
allow-transfer { xfer; };
include "/etc/bind/named.conf.default-zones";
zone "patrikx3.com" {
type master;
file "/etc/bind/zones/enp1s0f3/patrikx3.com";
*// include "/var/lib/samba/private/named.conf.update"; *
};
zone "corifeus.com" {
type master;
file "/etc/bind/zones/enp1s0f3/corifeus.com";
};
zone "gitlist.tk" {
type master;
file "/etc/bind/zones/enp1s0f3/gitlist.tk";
};
zone "albafructus.eu" {
type master;
file "/etc/bind/zones/enp1s0f3/albafructus.eu";
};
zone "fruitinfo.hu" {
type master;
file "/etc/bind/zones/enp1s0f3/fruitinfo.hu";
};
zone "venyimgyumolcse.hu" {
type master;
file "/etc/bind/zones/enp1s0f3/venyimgyumolcse.hu";
};
* include "/var/lib/samba/private/named.conf";*
};
view "internal-enp1s0f2" {
match-clients { "internal-enp1s0f2"; };
match-recursive-only yes;
recursion yes;
allow-recursion { "internal-enp1s0f2"; };
notify yes;
allow-update { none; };
allow-query { any; };
allow-transfer { xfer; };
include "/etc/bind/named.conf.default-zones";
zone "patrikx3.com" {
type master;
file "/etc/bind/zones/enp1s0f2/patrikx3.com";
*// include "/var/lib/samba/private/named.conf.update"; * };
zone "corifeus.com" {
type master;
file "/etc/bind/zones/enp1s0f2/corifeus.com";
};
zone "gitlist.tk" {
type master;
file "/etc/bind/zones/enp1s0f2/gitlist.tk";
};
zone "albafructus.eu" {
type master;
file "/etc/bind/zones/enp1s0f2/albafructus.eu";
};
zone "fruitinfo.hu" {
type master;
file "/etc/bind/zones/enp1s0f2/fruitinfo.hu";
};
zone "venyimgyumolcse.hu" {
type master;
file "/etc/bind/zones/enp1s0f2/venyimgyumolcse.hu";
};
*// include "/var/lib/samba/private/named.conf";*};
view "external" {
match-clients { any; };
recursion no;
additional-from-auth no;
additional-from-cache no;
// allow-transfer { any; }; // temporarily allowed for debugging purposes
allow-transfer { none; };
// zone "namesystem.tk" IN {
// type master;
// file "/etc/bind/zones/external.namesystem.tk";
// };
};
*Patrik*
WWW <https://patrikx3.com> | GitHub <https://github.com/patrikx3/> |
NPM
<https://www.npmjs.com/~patrikx3> | Corifeus <https://corifeus.com>
| +36
20 342 8046
On Mon, Aug 5, 2019 at 11:32 AM L.P.H. van Belle via samba <
samba at lists.samba.org> wrote:
> If i may.
>
> Rowland is right, below is not going to work as you want it to work.
>
> Bind9_flatfile with samba will be removed soon, because.. Its not
> supported.
> Read : https://wiki.samba.org/index.php/The_Samba_AD_DNS_Back_Ends
> Which states.
>
> Do not use the BIND9_FLATFILE DNS back end. It is not supported and will
> be removed in the future.
>
> And then this part.
>
> [router-logs]
> path = /var/log-router
> read only = yes
> guest ok = yes
> writable = no
> browseable = yes
> force user = root
> follow symlinks = yes
> wide links = yes
>
> That is asking for problems, and again, wide links and follow symlinks are
> very dangerus to use.
> And especialy when you force user root.
>
> Your on debian buster.
> Enforce your logging to root:staff or root:adm
> Which is debian default on most logs, setup your logrotate for that also.
> And use the group(s) to allow access for the samba share.
>
> But thats what i would do.
>
> Ps, run my debugscript, anonimize it where needed and we know if there is
> more off in your setup.
>
>
> Greetz,
>
> Louis
>
>
>
> > -----Oorspronkelijk bericht-----
> > Van: samba [mailto:samba-bounces at lists.samba.org] Namens
> > Patrik via samba
> > Verzonden: maandag 5 augustus 2019 11:14
> > Aan: Rowland penny
> > CC: samba at lists.samba.org
> > Onderwerp: Re: [Samba] samba dlz. bind9 nslookup is wrong
> >
> > I am not using flatfiles and i using BIND_DLZ it shows in my
> > log and i do
> > not use flatfiles. BIND_DLZ only.
> > as you can see it is pure bind and it just generates a weird
> > ip address
> > (192.168.81.120, 2001:470:1f1b:5b5:eeaa:a0ff:fe1b:4d84) this
> > ip addresses
> > cannot be pinged, missing this client.
> > you can see in smb.conf i do not use dnsupdate either.
> > and it is rotating and sometimes giving the wrong ip address
> > for windows
> > and linux. i am on debian buster.
> >
> > *My bind settings is correct as well (i wanna use enp1s0f3):*
> > root at server:/# cat /etc/bind/named.conf.local
> > view "internal-enp1s0f3" {
> > match-clients { "internal-enp1s0f3"; };
> > match-recursive-only yes;
> > recursion yes;
> > allow-recursion { "internal-enp1s0f3"; };
> >
> > notify yes;
> > allow-update { none; };
> > allow-query { any; };
> > allow-transfer { xfer; };
> > include "/etc/bind/named.conf.default-zones";
> >
> > zone "patrikx3.com" {
> > type master;
> > file "/etc/bind/zones/enp1s0f3/patrikx3.com";
> >
> > * include "/var/lib/samba/private/named.conf.update";
* };
> >
> > zone "corifeus.com" {
> > type master;
> > file "/etc/bind/zones/enp1s0f3/corifeus.com";
> > };
> >
> > zone "gitlist.tk" {
> > type master;
> > file "/etc/bind/zones/enp1s0f3/gitlist.tk";
> > };
> >
> > zone "albafructus.eu" {
> > type master;
> > file "/etc/bind/zones/enp1s0f3/albafructus.eu";
> > };
> >
> >
> > zone "fruitinfo.hu" {
> > type master;
> > file "/etc/bind/zones/enp1s0f3/fruitinfo.hu";
> > };
> >
> >
> > zone "venyimgyumolcse.hu" {
> > type master;
> > file "/etc/bind/zones/enp1s0f3/venyimgyumolcse.hu";
> > };
> >
> >
> > * include "/var/lib/samba/private/named.conf";*};
> >
> > view "internal-enp1s0f2" {
> > match-clients { "internal-enp1s0f2"; };
> > match-recursive-only yes;
> > recursion yes;
> > allow-recursion { "internal-enp1s0f2"; };
> > notify yes;
> > allow-update { none; };
> > allow-query { any; };
> > allow-transfer { xfer; };
> >
> > include "/etc/bind/named.conf.default-zones";
> >
> > zone "patrikx3.com" {
> > type master;
> > file "/etc/bind/zones/enp1s0f2/patrikx3.com";
> > };
> >
> > zone "corifeus.com" {
> > type master;
> > file "/etc/bind/zones/enp1s0f2/corifeus.com";
> > };
> >
> > zone "gitlist.tk" {
> > type master;
> > file "/etc/bind/zones/enp1s0f2/gitlist.tk";
> > };
> >
> > zone "albafructus.eu" {
> > type master;
> > file "/etc/bind/zones/enp1s0f2/albafructus.eu";
> > };
> >
> > zone "fruitinfo.hu" {
> > type master;
> > file "/etc/bind/zones/enp1s0f2/fruitinfo.hu";
> > };
> >
> >
> > zone "venyimgyumolcse.hu" {
> > type master;
> > file "/etc/bind/zones/enp1s0f2/venyimgyumolcse.hu";
> > };
> >
> > };
> >
> >
> > view "external" {
> > match-clients { any; };
> >
> > recursion no;
> > additional-from-auth no;
> > additional-from-cache no;
> >
> > // allow-transfer { any; }; // temporarily allowed for
> > debugging purposes
> > allow-transfer { none; };
> >
> > // zone "namesystem.tk" IN {
> > // type master;
> > // file "/etc/bind/zones/external.namesystem.tk";
> > // };
> > };
> >
> > *My samba looks like this:*
> > # Global parameters
> > [global]
> >
> > *bind interfaces only = yes*# if this is turned on, always perfect
> > # interfaces = lo 192.168.78.20 2001:470:1f1b:5b3:21b:21ff:fea6:ce93
> > # interfaces = lo 192.168.78.20 2001:470:1f1b:5b3:21b:21ff:fea6:ce93
> > 192.168.81.20 2001:470:1f1b:5b5:21b:21ff:fea6:ce92
> > # interfaces = lo 192.168.81.20
> > 2001:470:1f1b:5b5:21b:21ff:fea6:ce92
> > # if all interfaces known, order is important, the last is
> > the required
> > # interfaces = lo 192.168.78.20 192.168.81.20
> >
> > # you can see it is should only allow on enp1s0f3 which is above
> >
> > *interfaces = lo enp1s0f3*netbios name = SERVER
> > realm = P3X-DC.PATRIKX3.COM <http://p3x-dc.patrikx3.com/>
> > # server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc, drepl,
> > winbindd, ntp_signd, kcc, dnsupdate
> > server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc,
> > drepl, winbindd,
> > ntp_signd, kcc
> > workgroup = P3X-DC
> > allow insecure wide links = Yes
> > # before was working
> > unix extensions = no
> > server role = active directory domain controller
> > idmap_ldb:use rfc2307 = yes
> > comment > > # log level = 3
> > template shell = /bin/bash
> > template homedir = /home/%U
> >
> > [netlogon]
> > path = /var/lib/samba/sysvol/p3x-dc.patrikx3.com/scripts
> > read only = No
> >
> > [sysvol]
> > path = /var/lib/samba/sysvol
> > read only = No
> >
> > [media]
> > path = /media
> > read only = no
> > guest ok = no
> > force group = media
> > writable = yes
> >
> > [mounts]
> > path = /mnt
> > read only = no
> > guest ok = no
> > force group = mount
> > writable = yes
> >
> > [router-logs]
> > path = /var/log-router
> > read only = yes
> > guest ok = yes
> > writable = no
> > browseable = yes
> > # valid users = router
> > force user = root
> > follow symlinks = yes
> > wide links = yes
> >
> > *Patrik*
> > WWW <https://patrikx3.com> | GitHub
> > <https://github.com/patrikx3/> | NPM
> > <https://www.npmjs.com/~patrikx3> | Corifeus
> > <https://corifeus.com> | +36
> > 20 342 8046
> >
> >
> >
> >
> >
> > On Mon, Aug 5, 2019 at 11:10 AM Rowland penny via samba <
> > samba at lists.samba.org> wrote:
> >
> > > On 05/08/2019 09:55, Patrik via samba wrote:
> > > > the dig is wrong as well, it adds an additional ip
> > address, which i have
> > > > not request to use other interfaces:
> > > > root at server:/# dig p3x-dc.patrikx3.com
> > > >
> > > Patrik, I have told you what your problem is, refusing to
> > accept that
> > > you have setup Bind9 incorrectly is no reason for opening a
> > new thread.
> > >
> > > Just in case you missed it, or misunderstood it:
> > >
> > > You need to decide which network card you want to use with
> > Samba and set
> > > up smb.conf accordingly.
> > >
> > > You need to stop use 'flatfiles' with Samba and use
> > BIND_DLZ instead.
> > >
> > > As I said, once you accept your setup is incorrect, I am prepared
to
> > > help you set it up correctly.
> > >
> > > Rowland
> > >
> > >
> > >
> > > --
> > > To unsubscribe from this list go to the following URL and read
the
> > > instructions: https://lists.samba.org/mailman/options/samba
> > >
> > --
> > To unsubscribe from this list go to the following URL and read the
> > instructions: https://lists.samba.org/mailman/options/samba
> >
> >
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
>
baseides, sorry, but i have an issue with the bind and samba generated unknown ip addresses. where it generates? root at server:/# nslookup p3x-dc.patrikx3.com Server: 192.168.78.20 Address: 192.168.78.20#53 Name: p3x-dc.patrikx3.com Address: 192.168.78.20 Name: p3x-dc.patrikx3.com *Address: 192.168.81.120 - this is another interface and there is no server or client there* Name: p3x-dc.patrikx3.com *Address: 2001:470:1f1b:5b5:eeaa:a0ff:fe1b:4d84** - this is another interface and there is no server or client there* Name: p3x-dc.patrikx3.com Address: 2001:470:1f1b:5b3:21b:21ff:fea6:ce93 Name: p3x-dc.patrikx3.com Address: 2001:470:1f1b:5b3::20 *Patrik* WWW <https://patrikx3.com> | GitHub <https://github.com/patrikx3/> | NPM <https://www.npmjs.com/~patrikx3> | Corifeus <https://corifeus.com> | +36 20 342 8046 On Mon, Aug 5, 2019 at 11:32 AM L.P.H. van Belle via samba < samba at lists.samba.org> wrote:> If i may. > > Rowland is right, below is not going to work as you want it to work. > > Bind9_flatfile with samba will be removed soon, because.. Its not > supported. > Read : https://wiki.samba.org/index.php/The_Samba_AD_DNS_Back_Ends > Which states. > > Do not use the BIND9_FLATFILE DNS back end. It is not supported and will > be removed in the future. > > And then this part. > > [router-logs] > path = /var/log-router > read only = yes > guest ok = yes > writable = no > browseable = yes > force user = root > follow symlinks = yes > wide links = yes > > That is asking for problems, and again, wide links and follow symlinks are > very dangerus to use. > And especialy when you force user root. > > Your on debian buster. > Enforce your logging to root:staff or root:adm > Which is debian default on most logs, setup your logrotate for that also. > And use the group(s) to allow access for the samba share. > > But thats what i would do. > > Ps, run my debugscript, anonimize it where needed and we know if there is > more off in your setup. > > > Greetz, > > Louis > > > > > -----Oorspronkelijk bericht----- > > Van: samba [mailto:samba-bounces at lists.samba.org] Namens > > Patrik via samba > > Verzonden: maandag 5 augustus 2019 11:14 > > Aan: Rowland penny > > CC: samba at lists.samba.org > > Onderwerp: Re: [Samba] samba dlz. bind9 nslookup is wrong > > > > I am not using flatfiles and i using BIND_DLZ it shows in my > > log and i do > > not use flatfiles. BIND_DLZ only. > > as you can see it is pure bind and it just generates a weird > > ip address > > (192.168.81.120, 2001:470:1f1b:5b5:eeaa:a0ff:fe1b:4d84) this > > ip addresses > > cannot be pinged, missing this client. > > you can see in smb.conf i do not use dnsupdate either. > > and it is rotating and sometimes giving the wrong ip address > > for windows > > and linux. i am on debian buster. > > > > *My bind settings is correct as well (i wanna use enp1s0f3):* > > root at server:/# cat /etc/bind/named.conf.local > > view "internal-enp1s0f3" { > > match-clients { "internal-enp1s0f3"; }; > > match-recursive-only yes; > > recursion yes; > > allow-recursion { "internal-enp1s0f3"; }; > > > > notify yes; > > allow-update { none; }; > > allow-query { any; }; > > allow-transfer { xfer; }; > > include "/etc/bind/named.conf.default-zones"; > > > > zone "patrikx3.com" { > > type master; > > file "/etc/bind/zones/enp1s0f3/patrikx3.com"; > > > > * include "/var/lib/samba/private/named.conf.update"; * }; > > > > zone "corifeus.com" { > > type master; > > file "/etc/bind/zones/enp1s0f3/corifeus.com"; > > }; > > > > zone "gitlist.tk" { > > type master; > > file "/etc/bind/zones/enp1s0f3/gitlist.tk"; > > }; > > > > zone "albafructus.eu" { > > type master; > > file "/etc/bind/zones/enp1s0f3/albafructus.eu"; > > }; > > > > > > zone "fruitinfo.hu" { > > type master; > > file "/etc/bind/zones/enp1s0f3/fruitinfo.hu"; > > }; > > > > > > zone "venyimgyumolcse.hu" { > > type master; > > file "/etc/bind/zones/enp1s0f3/venyimgyumolcse.hu"; > > }; > > > > > > * include "/var/lib/samba/private/named.conf";*}; > > > > view "internal-enp1s0f2" { > > match-clients { "internal-enp1s0f2"; }; > > match-recursive-only yes; > > recursion yes; > > allow-recursion { "internal-enp1s0f2"; }; > > notify yes; > > allow-update { none; }; > > allow-query { any; }; > > allow-transfer { xfer; }; > > > > include "/etc/bind/named.conf.default-zones"; > > > > zone "patrikx3.com" { > > type master; > > file "/etc/bind/zones/enp1s0f2/patrikx3.com"; > > }; > > > > zone "corifeus.com" { > > type master; > > file "/etc/bind/zones/enp1s0f2/corifeus.com"; > > }; > > > > zone "gitlist.tk" { > > type master; > > file "/etc/bind/zones/enp1s0f2/gitlist.tk"; > > }; > > > > zone "albafructus.eu" { > > type master; > > file "/etc/bind/zones/enp1s0f2/albafructus.eu"; > > }; > > > > zone "fruitinfo.hu" { > > type master; > > file "/etc/bind/zones/enp1s0f2/fruitinfo.hu"; > > }; > > > > > > zone "venyimgyumolcse.hu" { > > type master; > > file "/etc/bind/zones/enp1s0f2/venyimgyumolcse.hu"; > > }; > > > > }; > > > > > > view "external" { > > match-clients { any; }; > > > > recursion no; > > additional-from-auth no; > > additional-from-cache no; > > > > // allow-transfer { any; }; // temporarily allowed for > > debugging purposes > > allow-transfer { none; }; > > > > // zone "namesystem.tk" IN { > > // type master; > > // file "/etc/bind/zones/external.namesystem.tk"; > > // }; > > }; > > > > *My samba looks like this:* > > # Global parameters > > [global] > > > > *bind interfaces only = yes*# if this is turned on, always perfect > > # interfaces = lo 192.168.78.20 2001:470:1f1b:5b3:21b:21ff:fea6:ce93 > > # interfaces = lo 192.168.78.20 2001:470:1f1b:5b3:21b:21ff:fea6:ce93 > > 192.168.81.20 2001:470:1f1b:5b5:21b:21ff:fea6:ce92 > > # interfaces = lo 192.168.81.20 > > 2001:470:1f1b:5b5:21b:21ff:fea6:ce92 > > # if all interfaces known, order is important, the last is > > the required > > # interfaces = lo 192.168.78.20 192.168.81.20 > > > > # you can see it is should only allow on enp1s0f3 which is above > > > > *interfaces = lo enp1s0f3*netbios name = SERVER > > realm = P3X-DC.PATRIKX3.COM <http://p3x-dc.patrikx3.com/> > > # server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc, drepl, > > winbindd, ntp_signd, kcc, dnsupdate > > server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc, > > drepl, winbindd, > > ntp_signd, kcc > > workgroup = P3X-DC > > allow insecure wide links = Yes > > # before was working > > unix extensions = no > > server role = active directory domain controller > > idmap_ldb:use rfc2307 = yes > > comment > > # log level = 3 > > template shell = /bin/bash > > template homedir = /home/%U > > > > [netlogon] > > path = /var/lib/samba/sysvol/p3x-dc.patrikx3.com/scripts > > read only = No > > > > [sysvol] > > path = /var/lib/samba/sysvol > > read only = No > > > > [media] > > path = /media > > read only = no > > guest ok = no > > force group = media > > writable = yes > > > > [mounts] > > path = /mnt > > read only = no > > guest ok = no > > force group = mount > > writable = yes > > > > [router-logs] > > path = /var/log-router > > read only = yes > > guest ok = yes > > writable = no > > browseable = yes > > # valid users = router > > force user = root > > follow symlinks = yes > > wide links = yes > > > > *Patrik* > > WWW <https://patrikx3.com> | GitHub > > <https://github.com/patrikx3/> | NPM > > <https://www.npmjs.com/~patrikx3> | Corifeus > > <https://corifeus.com> | +36 > > 20 342 8046 > > > > > > > > > > > > On Mon, Aug 5, 2019 at 11:10 AM Rowland penny via samba < > > samba at lists.samba.org> wrote: > > > > > On 05/08/2019 09:55, Patrik via samba wrote: > > > > the dig is wrong as well, it adds an additional ip > > address, which i have > > > > not request to use other interfaces: > > > > root at server:/# dig p3x-dc.patrikx3.com > > > > > > > Patrik, I have told you what your problem is, refusing to > > accept that > > > you have setup Bind9 incorrectly is no reason for opening a > > new thread. > > > > > > Just in case you missed it, or misunderstood it: > > > > > > You need to decide which network card you want to use with > > Samba and set > > > up smb.conf accordingly. > > > > > > You need to stop use 'flatfiles' with Samba and use > > BIND_DLZ instead. > > > > > > As I said, once you accept your setup is incorrect, I am prepared to > > > help you set it up correctly. > > > > > > Rowland > > > > > > > > > > > > -- > > > To unsubscribe from this list go to the following URL and read the > > > instructions: https://lists.samba.org/mailman/options/samba > > > > > -- > > To unsubscribe from this list go to the following URL and read the > > instructions: https://lists.samba.org/mailman/options/samba > > > > > > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba >