... From your output below..>> Uncomment only single database line, depending on your BIND version <<Then tell uss, why are 3 lines uncommented? I suggest, run : https://raw.githubusercontent.com/thctlo/samba4/master/samba-collect-debug-info.sh Anonimize it where needed, and show me your server setup. Greetz, Louis> -----Oorspronkelijk bericht----- > Van: samba [mailto:samba-bounces at lists.samba.org] Namens > Patrik via samba > Verzonden: maandag 5 augustus 2019 11:31 > Aan: Rowland penny > CC: sambalist > Onderwerp: Re: [Samba] samba dlz. bind9 nslookup is wrong > > i only added this in the appropriote interface > include "/var/lib/samba/private/named.conf"; > > root at server:/# cat /var/lib/samba/private/named.conf > # This DNS configuration is for BIND 9.8.0 or later with > dlz_dlopen support. > # > # This file should be included in your main BIND configuration file > # > # For example with > # include "/var/lib/samba/private/named.conf"; > > # > # This configures dynamically loadable zones (DLZ) from AD schema > # Uncomment only single database line, depending on your BIND version > # > dlz "AD DNS Zone" { > # For BIND 9.8.x > # database "dlopen > /usr/lib/x86_64-linux-gnu/samba/bind9/dlz_bind9.so"; > > # For BIND 9.9.x > # database "dlopen > /usr/lib/x86_64-linux-gnu/samba/bind9/dlz_bind9_9.so"; > > # For BIND 9.10.x > # database "dlopen > /usr/lib/x86_64-linux-gnu/samba/bind9/dlz_bind9_10.so"; > > # For BIND 9.11.x > database "dlopen > /usr/lib/x86_64-linux-gnu/samba/bind9/dlz_bind9_11.so"; > }; > > > *I am on Bind 9.11* > > *Patrik* > WWW <https://patrikx3.com> | GitHub > <https://github.com/patrikx3/> | NPM > <https://www.npmjs.com/~patrikx3> | Corifeus > <https://corifeus.com> | +36 > 20 342 8046 > > > > > On Mon, Aug 5, 2019 at 11:29 AM Patrik <alabard at gmail.com> wrote: > > > ok, so i remove that nemd.conf.update, but the rest it looks good? > > > > *Patrik* > > WWW <https://patrikx3.com> | GitHub > <https://github.com/patrikx3/> | NPM > > <https://www.npmjs.com/~patrikx3> | Corifeus > <https://corifeus.com> | +36 > > 20 342 8046 > > > > > > > > > > On Mon, Aug 5, 2019 at 11:28 AM Rowland penny via samba < > > samba at lists.samba.org> wrote: > > > >> On 05/08/2019 10:14, Patrik wrote: > >> > I am not using flatfiles and i using BIND_DLZ it shows > in my log and i > >> > do not use flatfiles. BIND_DLZ only. > >> > >> Oh yes you are, you have this in your /etc/bind/named.conf.local : > >> > >> zone "patrikx3.com" { > >> type master; > >> file "/etc/bind/zones/enp1s0f3/patrikx3.com"; > >> include "/var/lib/samba/private/named.conf.update"; > >> }; > >> > >> That means your AD records are being stored in > >> /etc/bind/zones/enp1s0f3/patrikx3.com and not in AD, this > is known as > >> 'flatfile' and is not supported by Samba. > >> > >> You also seem to using bind9 as a dns server for domains that have > >> nothing to do with AD, this is not recommended. > >> > >> Rowland > >> > >> > >> -- > >> To unsubscribe from this list go to the following URL and read the > >> instructions: https://lists.samba.org/mailman/options/samba > >> > > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba > >
root at server:/# curl -sL https://raw.githubusercontent.com/thctlo/samba4/master/samba-collect-debug-info.sh | bash - Password for Administrator at P3X-DC.PATRIKX3.COM: kinit: Password incorrect while getting initial credentials Wrong password, exiting now. *Patrik* WWW <https://patrikx3.com> | GitHub <https://github.com/patrikx3/> | NPM <https://www.npmjs.com/~patrikx3> | Corifeus <https://corifeus.com> | +36 20 342 8046 On Mon, Aug 5, 2019 at 11:39 AM L.P.H. van Belle via samba < samba at lists.samba.org> wrote:> > > ... From your output below.. > >> Uncomment only single database line, depending on your BIND version > << > > Then tell uss, why are 3 lines uncommented? > > I suggest, run : > > https://raw.githubusercontent.com/thctlo/samba4/master/samba-collect-debug-info.sh > > Anonimize it where needed, and show me your server setup. > > > Greetz, > > Louis > > > > -----Oorspronkelijk bericht----- > > Van: samba [mailto:samba-bounces at lists.samba.org] Namens > > Patrik via samba > > Verzonden: maandag 5 augustus 2019 11:31 > > Aan: Rowland penny > > CC: sambalist > > Onderwerp: Re: [Samba] samba dlz. bind9 nslookup is wrong > > > > i only added this in the appropriote interface > > include "/var/lib/samba/private/named.conf"; > > > > root at server:/# cat /var/lib/samba/private/named.conf > > # This DNS configuration is for BIND 9.8.0 or later with > > dlz_dlopen support. > > # > > # This file should be included in your main BIND configuration file > > # > > # For example with > > # include "/var/lib/samba/private/named.conf"; > > > > # > > # This configures dynamically loadable zones (DLZ) from AD schema > > # Uncomment only single database line, depending on your BIND version > > # > > dlz "AD DNS Zone" { > > # For BIND 9.8.x > > # database "dlopen > > /usr/lib/x86_64-linux-gnu/samba/bind9/dlz_bind9.so"; > > > > # For BIND 9.9.x > > # database "dlopen > > /usr/lib/x86_64-linux-gnu/samba/bind9/dlz_bind9_9.so"; > > > > # For BIND 9.10.x > > # database "dlopen > > /usr/lib/x86_64-linux-gnu/samba/bind9/dlz_bind9_10.so"; > > > > # For BIND 9.11.x > > database "dlopen > > /usr/lib/x86_64-linux-gnu/samba/bind9/dlz_bind9_11.so"; > > }; > > > > > > *I am on Bind 9.11* > > > > *Patrik* > > WWW <https://patrikx3.com> | GitHub > > <https://github.com/patrikx3/> | NPM > > <https://www.npmjs.com/~patrikx3> | Corifeus > > <https://corifeus.com> | +36 > > 20 342 8046 > > > > > > > > > > On Mon, Aug 5, 2019 at 11:29 AM Patrik <alabard at gmail.com> wrote: > > > > > ok, so i remove that nemd.conf.update, but the rest it looks good? > > > > > > *Patrik* > > > WWW <https://patrikx3.com> | GitHub > > <https://github.com/patrikx3/> | NPM > > > <https://www.npmjs.com/~patrikx3> | Corifeus > > <https://corifeus.com> | +36 > > > 20 342 8046 > > > > > > > > > > > > > > > On Mon, Aug 5, 2019 at 11:28 AM Rowland penny via samba < > > > samba at lists.samba.org> wrote: > > > > > >> On 05/08/2019 10:14, Patrik wrote: > > >> > I am not using flatfiles and i using BIND_DLZ it shows > > in my log and i > > >> > do not use flatfiles. BIND_DLZ only. > > >> > > >> Oh yes you are, you have this in your /etc/bind/named.conf.local : > > >> > > >> zone "patrikx3.com" { > > >> type master; > > >> file "/etc/bind/zones/enp1s0f3/patrikx3.com"; > > >> include "/var/lib/samba/private/named.conf.update"; > > >> }; > > >> > > >> That means your AD records are being stored in > > >> /etc/bind/zones/enp1s0f3/patrikx3.com and not in AD, this > > is known as > > >> 'flatfile' and is not supported by Samba. > > >> > > >> You also seem to using bind9 as a dns server for domains that have > > >> nothing to do with AD, this is not recommended. > > >> > > >> Rowland > > >> > > >> > > >> -- > > >> To unsubscribe from this list go to the following URL and read the > > >> instructions: https://lists.samba.org/mailman/options/samba > > >> > > > > > -- > > To unsubscribe from this list go to the following URL and read the > > instructions: https://lists.samba.org/mailman/options/samba > > > > > > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba >
That the script isnt running, shows that whats going wrong..
Your resolving.. And then thats also why your kerberos settings are not
working.
And, that is what your problem is.
Show this:
cat /etc/hosts
cat /etc/resolv.conf
hostname -f
hostname -d
hostname -s
hostname -A
hostname -I
cat /etc/krb5.conf
The bind setup on my Debian (10) Buster AD-DC's with Bind9_dlz
About same setup as Rowland showed.
This is what i use now:
(named.conf.options)
acl thisserverip {
192.168.0.1;
};
acl all-networks {
192.168.0.0/24;
};
options {
directory "/var/cache/bind";
version "0.0.7";
dnssec-validation no;
listen-on-v6 { "none"; };
listen-on port 53 { "thisserverip"; 127.0.0.1; };
notify no;
minimal-responses yes;
empty-zones-enable yes;
allow-query { "all-networks"; 127.0.0.1/32; };
allow-query-cache { "all-networks"; 127.0.0.1/32; };
allow-recursion { "all-networks"; 127.0.0.1/32; };
// verify where you dns.keytab file is.
// it might be in a different folder.
tkey-gssapi-keytab "/var/lib/samba/bind-dns/dns.keytab";
};
include "/etc/bind/rndc.key";
controls {
inet 127.0.0.1 allow { localhost; } keys { rndc-key;};
};
And named.conf.local
// adding the dlopen ( Bind DLZ ) module for samba, beware, if you using bind9.9
then you need to change this manualy
include "/var/lib/samba/bind-dns/named.conf";
________________________________
Van: Patrik [mailto:alabard at gmail.com]
Verzonden: maandag 5 augustus 2019 11:41
Aan: L.P.H. van Belle
CC: samba at lists.samba.org
Onderwerp: Re: [Samba] samba dlz. bind9 nslookup is wrong
root at server:/# curl -sL
https://raw.githubusercontent.com/thctlo/samba4/master/samba-collect-debug-info.sh
| bash -
Password for Administrator at P3X-DC.PATRIKX3.COM:
kinit: Password incorrect while getting initial credentials
Wrong password, exiting now.
Patrik
WWW <https://patrikx3.com> | GitHub <https://github.com/patrikx3/>
| NPM <https://www.npmjs.com/~patrikx3> | Corifeus
<https://corifeus.com> | +36 20 342 8046
On Mon, Aug 5, 2019 at 11:39 AM L.P.H. van Belle via samba <samba at
lists.samba.org> wrote:
... From your output below..
>> Uncomment only single database line, depending on your BIND version
<<
Then tell uss, why are 3 lines uncommented?
I suggest, run :
https://raw.githubusercontent.com/thctlo/samba4/master/samba-collect-debug-info.sh
Anonimize it where needed, and show me your server setup.
Greetz,
Louis
> -----Oorspronkelijk bericht-----
> Van: samba [mailto:samba-bounces at lists.samba.org] Namens
> Patrik via samba
> Verzonden: maandag 5 augustus 2019 11:31
> Aan: Rowland penny
> CC: sambalist
> Onderwerp: Re: [Samba] samba dlz. bind9 nslookup is wrong
>
> i only added this in the appropriote interface
> include "/var/lib/samba/private/named.conf";
>
> root at server:/# cat /var/lib/samba/private/named.conf
> # This DNS configuration is for BIND 9.8.0 or later with
> dlz_dlopen support.
> #
> # This file should be included in your main BIND configuration file
> #
> # For example with
> # include "/var/lib/samba/private/named.conf";
>
> #
> # This configures dynamically loadable zones (DLZ) from AD schema
> # Uncomment only single database line, depending on your BIND version
> #
> dlz "AD DNS Zone" {
> # For BIND 9.8.x
> # database "dlopen
> /usr/lib/x86_64-linux-gnu/samba/bind9/dlz_bind9.so";
>
> # For BIND 9.9.x
> # database "dlopen
> /usr/lib/x86_64-linux-gnu/samba/bind9/dlz_bind9_9.so";
>
> # For BIND 9.10.x
> # database "dlopen
> /usr/lib/x86_64-linux-gnu/samba/bind9/dlz_bind9_10.so";
>
> # For BIND 9.11.x
> database "dlopen
> /usr/lib/x86_64-linux-gnu/samba/bind9/dlz_bind9_11.so";
> };
>
>
> *I am on Bind 9.11*
>
> *Patrik*
> WWW <https://patrikx3.com> | GitHub
> <https://github.com/patrikx3/> | NPM
> <https://www.npmjs.com/~patrikx3> | Corifeus
> <https://corifeus.com> | +36
> 20 342 8046
>
>
>
>
> On Mon, Aug 5, 2019 at 11:29 AM Patrik <alabard at gmail.com>
wrote:
>
> > ok, so i remove that nemd.conf.update, but the rest it looks good?
> >
> > *Patrik*
> > WWW <https://patrikx3.com> | GitHub
> <https://github.com/patrikx3/> | NPM
> > <https://www.npmjs.com/~patrikx3> | Corifeus
> <https://corifeus.com> | +36
> > 20 342 8046
> >
> >
> >
> >
> > On Mon, Aug 5, 2019 at 11:28 AM Rowland penny via samba <
> > samba at lists.samba.org> wrote:
> >
> >> On 05/08/2019 10:14, Patrik wrote:
> >> > I am not using flatfiles and i using BIND_DLZ it shows
> in my log and i
> >> > do not use flatfiles. BIND_DLZ only.
> >>
> >> Oh yes you are, you have this in your /etc/bind/named.conf.local
:
> >>
> >> zone "patrikx3.com" {
> >> type master;
> >> file "/etc/bind/zones/enp1s0f3/patrikx3.com";
> >> include
"/var/lib/samba/private/named.conf.update";
> >> };
> >>
> >> That means your AD records are being stored in
> >> /etc/bind/zones/enp1s0f3/patrikx3.com and not in AD, this
> is known as
> >> 'flatfile' and is not supported by Samba.
> >>
> >> You also seem to using bind9 as a dns server for domains that
have
> >> nothing to do with AD, this is not recommended.
> >>
> >> Rowland
> >>
> >>
> >> --
> >> To unsubscribe from this list go to the following URL and read
the
> >> instructions: https://lists.samba.org/mailman/options/samba
> >>
> >
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
>
>
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
which 3 lines i uncommented? i only have 3 commented that they told me i should not used. i am adding the password with your script. sending the debug. On Mon, Aug 5, 2019, 11:39 L.P.H. van Belle via samba <samba at lists.samba.org> wrote:> > > ... From your output below.. > >> Uncomment only single database line, depending on your BIND version > << > > Then tell uss, why are 3 lines uncommented? > > I suggest, run : > > https://raw.githubusercontent.com/thctlo/samba4/master/samba-collect-debug-info.sh > > Anonimize it where needed, and show me your server setup. > > > Greetz, > > Louis > > > > -----Oorspronkelijk bericht----- > > Van: samba [mailto:samba-bounces at lists.samba.org] Namens > > Patrik via samba > > Verzonden: maandag 5 augustus 2019 11:31 > > Aan: Rowland penny > > CC: sambalist > > Onderwerp: Re: [Samba] samba dlz. bind9 nslookup is wrong > > > > i only added this in the appropriote interface > > include "/var/lib/samba/private/named.conf"; > > > > root at server:/# cat /var/lib/samba/private/named.conf > > # This DNS configuration is for BIND 9.8.0 or later with > > dlz_dlopen support. > > # > > # This file should be included in your main BIND configuration file > > # > > # For example with > > # include "/var/lib/samba/private/named.conf"; > > > > # > > # This configures dynamically loadable zones (DLZ) from AD schema > > # Uncomment only single database line, depending on your BIND version > > # > > dlz "AD DNS Zone" { > > # For BIND 9.8.x > > # database "dlopen > > /usr/lib/x86_64-linux-gnu/samba/bind9/dlz_bind9.so"; > > > > # For BIND 9.9.x > > # database "dlopen > > /usr/lib/x86_64-linux-gnu/samba/bind9/dlz_bind9_9.so"; > > > > # For BIND 9.10.x > > # database "dlopen > > /usr/lib/x86_64-linux-gnu/samba/bind9/dlz_bind9_10.so"; > > > > # For BIND 9.11.x > > database "dlopen > > /usr/lib/x86_64-linux-gnu/samba/bind9/dlz_bind9_11.so"; > > }; > > > > > > *I am on Bind 9.11* > > > > *Patrik* > > WWW <https://patrikx3.com> | GitHub > > <https://github.com/patrikx3/> | NPM > > <https://www.npmjs.com/~patrikx3> | Corifeus > > <https://corifeus.com> | +36 > > 20 342 8046 > > > > > > > > > > On Mon, Aug 5, 2019 at 11:29 AM Patrik <alabard at gmail.com> wrote: > > > > > ok, so i remove that nemd.conf.update, but the rest it looks good? > > > > > > *Patrik* > > > WWW <https://patrikx3.com> | GitHub > > <https://github.com/patrikx3/> | NPM > > > <https://www.npmjs.com/~patrikx3> | Corifeus > > <https://corifeus.com> | +36 > > > 20 342 8046 > > > > > > > > > > > > > > > On Mon, Aug 5, 2019 at 11:28 AM Rowland penny via samba < > > > samba at lists.samba.org> wrote: > > > > > >> On 05/08/2019 10:14, Patrik wrote: > > >> > I am not using flatfiles and i using BIND_DLZ it shows > > in my log and i > > >> > do not use flatfiles. BIND_DLZ only. > > >> > > >> Oh yes you are, you have this in your /etc/bind/named.conf.local : > > >> > > >> zone "patrikx3.com" { > > >> type master; > > >> file "/etc/bind/zones/enp1s0f3/patrikx3.com"; > > >> include "/var/lib/samba/private/named.conf.update"; > > >> }; > > >> > > >> That means your AD records are being stored in > > >> /etc/bind/zones/enp1s0f3/patrikx3.com and not in AD, this > > is known as > > >> 'flatfile' and is not supported by Samba. > > >> > > >> You also seem to using bind9 as a dns server for domains that have > > >> nothing to do with AD, this is not recommended. > > >> > > >> Rowland > > >> > > >> > > >> -- > > >> To unsubscribe from this list go to the following URL and read the > > >> instructions: https://lists.samba.org/mailman/options/samba > > >> > > > > > -- > > To unsubscribe from this list go to the following URL and read the > > instructions: https://lists.samba.org/mailman/options/samba > > > > > > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba >
hai, ? Ah my bad,? i miss read that part. Your var/lib/samba/private/named.conf? is correct.? I?reread it again few time.? Thats my dislectic part .. (sorry) ? Greetz, ? Louis ? Van: Patrik [mailto:alabard at gmail.com] Verzonden: maandag 5 augustus 2019 12:07 Aan: L.P.H. van Belle CC: samba at lists.samba.org Onderwerp: Re: [Samba] samba dlz. bind9 nslookup is wrong which 3 lines i uncommented? i only have 3 commented that they told me i should not used. i am adding the password with your script. sending the debug. On Mon, Aug 5, 2019, 11:39 L.P.H. van Belle via samba <samba at lists.samba.org> wrote: ... From your output below..>>? Uncomment only single database line, depending on your BIND version? ?<<?Then tell uss, why are 3 lines uncommented? I suggest, run : https://raw.githubusercontent.com/thctlo/samba4/master/samba-collect-debug-info.sh Anonimize it where needed, and show me your server setup. Greetz, Louis> -----Oorspronkelijk bericht----- > Van: samba [mailto:samba-bounces at lists.samba.org] Namens > Patrik via samba > Verzonden: maandag 5 augustus 2019 11:31 > Aan: Rowland penny > CC: sambalist > Onderwerp: Re: [Samba] samba dlz. bind9 nslookup is wrong > > i only added this in the appropriote interface >? include "/var/lib/samba/private/named.conf"; > > root at server:/# cat /var/lib/samba/private/named.conf > # This DNS configuration is for BIND 9.8.0 or later with > dlz_dlopen support. > # > # This file should be included in your main BIND configuration file > # > # For example with > # include "/var/lib/samba/private/named.conf"; > > # > # This configures dynamically loadable zones (DLZ) from AD schema > # Uncomment only single database line, depending on your BIND version > # > dlz "AD DNS Zone" { >? ? ?# For BIND 9.8.x >? ? ?# database "dlopen > /usr/lib/x86_64-linux-gnu/samba/bind9/dlz_bind9.so"; > >? ? ?# For BIND 9.9.x >? ? ?# database "dlopen > /usr/lib/x86_64-linux-gnu/samba/bind9/dlz_bind9_9.so"; > >? ? ?# For BIND 9.10.x >? ? ?# database "dlopen > /usr/lib/x86_64-linux-gnu/samba/bind9/dlz_bind9_10.so"; > >? ? ?# For BIND 9.11.x >? ? ? database "dlopen > /usr/lib/x86_64-linux-gnu/samba/bind9/dlz_bind9_11.so"; > }; > > > *I am on Bind 9.11* > > *Patrik* > WWW <https://patrikx3.com> | GitHub > <https://github.com/patrikx3/> | NPM > <https://www.npmjs.com/~patrikx3> | Corifeus > <https://corifeus.com> | +36 > 20 342 8046 > > > > > On Mon, Aug 5, 2019 at 11:29 AM Patrik <alabard at gmail.com> wrote: > > > ok, so i remove that nemd.conf.update, but the rest it looks good? > > > > *Patrik* > > WWW <https://patrikx3.com> | GitHub > <https://github.com/patrikx3/> | NPM > > <https://www.npmjs.com/~patrikx3> | Corifeus > <https://corifeus.com> | +36 > > 20 342 8046 > > > > > > > > > > On Mon, Aug 5, 2019 at 11:28 AM Rowland penny via samba < > > samba at lists.samba.org> wrote: > > > >> On 05/08/2019 10:14, Patrik wrote: > >> > I am not using flatfiles and i using BIND_DLZ it shows > in my log and i > >> > do not use flatfiles. BIND_DLZ only. > >> > >> Oh yes you are, you have this in your /etc/bind/named.conf.local : > >> > >>? ? ? zone "patrikx3.com" { > >>? ? ? ? ? type master; > >>? ? ? ? ? file "/etc/bind/zones/enp1s0f3/patrikx3.com"; > >>? ? ? ? ? include "/var/lib/samba/private/named.conf.update"; > >>? ? ? }; > >> > >> That means your AD records are being stored in > >> /etc/bind/zones/enp1s0f3/patrikx3.com and not in AD, this > is known as > >> 'flatfile' and is not supported by Samba. > >> > >> You also seem to using bind9 as a dns server for domains that have > >> nothing to do with AD, this is not recommended. > >> > >> Rowland > >> > >> > >> -- > >> To unsubscribe from this list go to the following URL and read the > >> instructions:? https://lists.samba.org/mailman/options/samba > >> > > > -- > To unsubscribe from this list go to the following URL and read the > instructions:? https://lists.samba.org/mailman/options/samba > >-- To unsubscribe from this list go to the following URL and read the instructions:? https://lists.samba.org/mailman/options/samba
root at server:~# ./samba-collect-debug-info.sh
Password for Administrator at P3X-DC.PATRIKX3.COM:
Please wait, collecting debug info.
Failed to bind to uuid 50abc2a4-574d-40b3-9d66-ee4fd5fba076 for
ncacn_ip_tcp:192.168.78.20[49152,sign,target_hostname=p3x-dc.patrikx3.com,abstract_syntax=50abc2a4-574d-40b3-9d66-ee4fd5fba076/0x00000005,localaddress=192.168.78.20]
NT_STATUS_INVALID_PARAMETER
ERROR: Connecting to DNS RPC server p3x-dc.patrikx3.com failed with
(3221225485, 'An invalid parameter was passed to a service or
function.')
Failed to bind to uuid 50abc2a4-574d-40b3-9d66-ee4fd5fba076 for
ncacn_ip_tcp:192.168.78.20[49152,sign,target_hostname=p3x-dc.patrikx3.com,abstract_syntax=50abc2a4-574d-40b3-9d66-ee4fd5fba076/0x00000005,localaddress=192.168.78.20]
NT_STATUS_INVALID_PARAMETER
ERROR: Connecting to DNS RPC server p3x-dc.patrikx3.com failed with
(3221225485, 'An invalid parameter was passed to a service or
function.')
The debug info about your system can be found in this file:
/tmp/samba-debug-info.txt
Please check this and if required, sanitise it.
Then copy & paste it into an email to the samba list
Do not attach it to the email, the Samba mailing list strips attachments.
*The debug:*
root at server:~# cat /tmp/samba-debug-info.txt
Collected config --- 2019-08-05-12:50 -----------
Hostname: server
DNS Domain: patrikx3.com
FQDN: p3x-dc.patrikx3.com
ipaddress: 192.168.81.20 192.168.78.20 172.17.0.1 2001:470:1f1b:5b5::20
2001:470:1f1b:5b5:21b:21ff:fea6:ce92 2001:470:1f1b:5b3::20
2001:470:1f1b:5b3:21b:21ff:fea6:ce93
-----------
Samba is running as an AD DC
-----------
Checking file: /etc/os-release
PRETTY_NAME="Debian GNU/Linux 10 (buster)"
NAME="Debian GNU/Linux"
VERSION_ID="10"
VERSION="10 (buster)"
VERSION_CODENAME=buster
ID=debian
HOME_URL="https://www.debian.org/"
SUPPORT_URL="https://www.debian.org/support"
BUG_REPORT_URL="https://bugs.debian.org/"
-----------
This computer is running Debian 10.0 x86_64
-----------
running command : ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group
default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
inet6 ::1/128 scope host
2: enp1s0f0: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN group
default qlen 1000
link/ether 00:1b:21:a6:ce:90 brd ff:ff:ff:ff:ff:ff
3: enp1s0f1: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN group
default qlen 1000
link/ether 00:1b:21:a6:ce:91 brd ff:ff:ff:ff:ff:ff
4: enp1s0f2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP
group default qlen 1000
link/ether 00:1b:21:a6:ce:92 brd ff:ff:ff:ff:ff:ff
inet 192.168.81.20/24 brd 192.168.81.255 scope global dynamic enp1s0f2
valid_lft 74962sec preferred_lft 74962sec
inet6 2001:470:1f1b:5b5::20/128 scope global
inet6 2001:470:1f1b:5b5:21b:21ff:fea6:ce92/64 scope global dynamic
mngtmpaddr
inet6 fe80::21b:21ff:fea6:ce92/64 scope link
5: enp3s0: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN group
default qlen 1000
link/ether ec:aa:a0:1b:4d:84 brd ff:ff:ff:ff:ff:ff
6: enp1s0f3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP
group default qlen 1000
link/ether 00:1b:21:a6:ce:93 brd ff:ff:ff:ff:ff:ff
inet 192.168.78.20/24 brd 192.168.78.255 scope global dynamic enp1s0f3
valid_lft 74962sec preferred_lft 74962sec
inet6 2001:470:1f1b:5b3::20/128 scope global
inet6 2001:470:1f1b:5b3:21b:21ff:fea6:ce93/64 scope global dynamic
mngtmpaddr
inet6 fe80::21b:21ff:fea6:ce93/64 scope link
7: docker0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue
state DOWN group default
link/ether 02:42:ed:55:77:ae brd ff:ff:ff:ff:ff:ff
inet 172.17.0.1/16 brd 172.17.255.255 scope global docker0
-----------
Checking file: /etc/hosts
127.0.0.1 localhost
192.168.78.20 p3x-dc.patrikx3.com p3x-dc server
# The following lines are desirable for IPv6 capable hosts
::1 localhost ip6-localhost ip6-loopback
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters
192.168.78.20 npm.patrikx3.com
#127.0.0.1 patrikx3.com
#127.0.0.1 www.patrikx3.com
#127.0.0.1 server.patrikx3.com server
#127.0.0.1 mail.patrikx3.com
#127.0.0.1 redis.patrikx3.com
#127.0.0.1 git.patrikx3.com
#127.0.0.1 mysql.patrikx3.com
#127.0.0.1 address-book.patrikx3.com
#127.0.0.1 afraid.patrikx3.com
#127.0.0.1 blog.patrikx3.com
#127.0.0.1 fortune-cookie.patrikx3.com
#127.0.0.1 github.patrikx3.com
#127.0.0.1 gitlist.patrikx3.com
#127.0.0.1 joomla.patrikx3.com
#127.0.0.1 stats.patrikx3.com
#127.0.0.1 sync.patrikx3.com
#127.0.0.1 test.patrikx3.com
#127.0.0.1 torrent.patrikx3.com
#127.0.0.1 webhook.patrikx3.com
#127.0.0.1 ipv6.patrikx3.com
#127.0.0.1 digi.router.patrikx3.com
#127.0.0.1 upc.router.patrikx3.com
#127.0.0.1 d-link.router.patrikx3.com
#127.0.0.1 corifeus.com
#127.0.0.1 www.corifeus.com
#127.0.0.1 pages.corifeus.com
#127.0.0.1 material.corifeus.com
#127.0.0.1 cdn.corifeus.com
-----------
Checking file: /etc/resolv.conf
search patrikx3.com
search corifeus.com
search p3x-dc.patrikx3.com
nameserver 192.168.78.20
nameserver 2001:470:1f1b:5b3:21b:21ff:fea6:ce93
-----------
Checking file: /etc/krb5.conf
[libdefaults]
default_realm = P3X-DC.PATRIKX3.COM
dns_lookup_realm = false
dns_lookup_kdc = true
-----------
Checking file: /etc/nsswitch.conf
# /etc/nsswitch.conf
#
# Example configuration of GNU Name Service Switch functionality.
# If you have the `glibc-doc-reference' and `info' packages installed,
try:
# `info libc "Name Service Switch"' for information about this
file.
passwd: files ldap systemd
group: files ldap systemd
shadow: files ldap
gshadow: files
hosts: files dns
networks: files
protocols: db files
services: db files
ethers: db files
rpc: db files
netgroup: nis
-----------
Checking file: /etc/samba/smb.conf
# Global parameters
[global]
bind interfaces only = yes
# if this is turned on, always perfect
# interfaces = lo 192.168.78.20 2001:470:1f1b:5b3:21b:21ff:fea6:ce93
# interfaces = lo 192.168.78.20 2001:470:1f1b:5b3:21b:21ff:fea6:ce93
192.168.81.20 2001:470:1f1b:5b5:21b:21ff:fea6:ce92
# interfaces = lo 192.168.81.20 2001:470:1f1b:5b5:21b:21ff:fea6:ce92
# if all interfaces known, order is important, the last is the required
# interfaces = lo 192.168.78.20 192.168.81.20
interfaces = lo enp1s0f3
netbios name = SERVER
realm = P3X-DC.PATRIKX3.COM
# server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc, drepl,
winbindd, ntp_signd, kcc, dnsupdate
server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc, drepl, winbindd,
ntp_signd, kcc
workgroup = P3X-DC
allow insecure wide links = Yes
# before was working
unix extensions = no
server role = active directory domain controller
idmap_ldb:use rfc2307 = yes
comment # log level = 3
template shell = /bin/bash
template homedir = /home/%U
[netlogon]
path = /var/lib/samba/sysvol/p3x-dc.patrikx3.com/scripts
read only = No
[sysvol]
path = /var/lib/samba/sysvol
read only = No
[media]
path = /media
read only = no
guest ok = no
force group = media
writable = yes
[mounts]
path = /mnt
read only = no
guest ok = no
force group = mount
writable = yes
[router-logs]
path = /var/log-router
read only = yes
guest ok = yes
writable = no
browseable = yes
# valid users = router
force user = root
follow symlinks = yes
wide links = yes
-----------
Detected bind DLZ enabled..
Checking file: /etc/bind/named.conf
// This is the primary configuration file for the BIND DNS server named.
//
// Please read /usr/share/doc/bind9/README.Debian.gz for information on the
// structure of BIND configuration files in Debian, *BEFORE* you customize
// this configuration file.
//
// If you are just adding zones, please do that in
/etc/bind/named.conf.local
//logging {
// category lame-servers { null; };
// channel security_file {
// file "/var/log/named/security.log" versions 3 size 30m;
// severity dynamic;
// print-time yes;
// };
// category security {
// security_file;
// };
//};
logging {
channel default_file {
file "/var/log/named/default.log" versions 3 size 5m;
severity dynamic;
print-time yes;
};
channel general_file {
file "/var/log/named/general.log" versions 3 size 5m;
severity dynamic;
print-time yes;
};
channel database_file {
file "/var/log/named/database.log" versions 3 size 5m;
severity dynamic;
print-time yes;
};
channel security_file {
file "/var/log/named/security.log" versions 3 size 5m;
severity dynamic;
print-time yes;
};
channel config_file {
file "/var/log/named/config.log" versions 3 size 5m;
severity dynamic;
print-time yes;
};
channel resolver_file {
file "/var/log/named/resolver.log" versions 3 size 5m;
severity dynamic;
print-time yes;
};
channel xfer-in_file {
file "/var/log/named/xfer-in.log" versions 3 size 5m;
severity dynamic;
print-time yes;
};
channel xfer-out_file {
file "/var/log/named/xfer-out.log" versions 3 size 5m;
severity dynamic;
print-time yes;
};
channel notify_file {
file "/var/log/named/notify.log" versions 3 size 5m;
severity dynamic;
print-time yes;
};
channel client_file {
file "/var/log/named/client.log" versions 3 size 5m;
severity dynamic;
print-time yes;
};
channel unmatched_file {
file "/var/log/named/unmatched.log" versions 3 size 5m;
severity dynamic;
print-time yes;
};
channel queries_file {
file "/var/log/named/queries.log" versions 3 size 5m;
severity dynamic;
print-time yes;
};
channel network_file {
file "/var/log/named/network.log" versions 3 size 5m;
severity dynamic;
print-time yes;
};
channel update_file {
file "/var/log/named/update.log" versions 3 size 5m;
severity dynamic;
print-time yes;
};
channel dispatch_file {
file "/var/log/named/dispatch.log" versions 3 size 5m;
severity dynamic;
print-time yes;
};
channel dnssec_file {
file "/var/log/named/dnssec.log" versions 3 size 5m;
severity dynamic;
print-time yes;
};
channel lame-servers_file {
file "/var/log/named/lame-servers.log" versions 3 size 5m;
severity dynamic;
print-time yes;
};
category default { default_file; };
category general { general_file; };
category database { database_file; };
category security { security_file; };
category config { config_file; };
category resolver { resolver_file; };
category xfer-in { xfer-in_file; };
category xfer-out { xfer-out_file; };
category notify { notify_file; };
category client { client_file; };
category unmatched { unmatched_file; };
category queries { queries_file; };
category network { network_file; };
category update { update_file; };
category dispatch { dispatch_file; };
category dnssec { dnssec_file; };
category lame-servers { lame-servers_file; };
};
acl "internal-enp1s0f3" {
// !192.168.78.1;
// 172.19.13.0/24;
// router
192.168.78.0/24;
2001:470:1f1b:5b3::/64;
192.168.99.0/24;
// openvpn
192.168.17.0/24;
172.17.0.1;
localhost;
// remote openvpn lan
192.168.70.0/24;
// fe80::/10;
};
acl "internal-enp1s0f2" {
// !192.168.81.1;
// 172.19.13.0/24;
// router
192.168.81.0/24;
2001:470:1f1b:5b5::/64;
192.168.99.0/24;
// openvpn
192.168.18.0/24;
// fe80::/10;
172.17.0.1;
};
acl "xfer" {
192.168.78.0/24;
2001:470:1f1b:5b3::/64;
192.168.99.0/24;
192.168.17.0/24;
localhost;
// 192.168.81.0/24;
// 2001:470:1f1b:5b5::/64;
// 192.168.18.0/24;
172.17.0.1;
192.168.70.0/24;
};
key signed_comms { algorithm hmac-md5; secret
"X8CJzryfpSClCT72/VQJNw=="; };
server 192.168.78.20 {
transfer-format many-answers;
keys { signed_comms.; };
};
server 192.168.81.20 {
transfer-format many-answers;
keys { signed_comms.; };
};
include "/etc/bind/named.conf.options";
include "/etc/bind/named.conf.local";
//include "/var/lib/samba/private/named.conf";
-----------
Checking file: /etc/bind/named.conf.options
options {
directory "/var/cache/bind";
// max-cache-size 1024m;
// rate-limit {
// responses-per-second 10;
// log-only no;
// };
tkey-gssapi-keytab "/var/lib/samba/private/dns.keytab";
minimal-responses yes;
// If there is a firewall between you and nameservers you want
// to talk to, you may need to fix the firewall to allow multiple
// ports to talk. See http://www.kb.cert.org/vuls/id/800113
// If your ISP provided one or more IP addresses for stable
// nameservers, you probably want to use them as forwarders.
// Uncomment the following block, and insert the addresses replacing
// the all-0's placeholder.
// forwarders {
// 0.0.0.0;
// };
forwarders {
8.8.8.8;
8.8.4.4;
// 0.0.0.0;
};
forward only;
//=======================================================================// If
BIND logs error messages about the root key being expired,
// you will need to update your keys. See https://www.isc.org/bind-keys
//=======================================================================//
dnssec-validation auto;
dnssec-enable yes;
dnssec-validation yes;
auth-nxdomain no; # conform to RFC1035
listen-on-v6 { any; };
// listen-on-v6 { 2001:470:1f1b:5b3::/64; };
// listen-on { 192.168.78.20; 127.0.0.1; };
};
-----------
Checking file: /etc/bind/named.conf.local
// Consider adding the 1918 zones here, if they are not used in your
// organization
//include "/etc/bind/zones.rfc1918";
// the order is important!!!! first internal, then external!!!
view "internal-enp1s0f3" {
match-clients { "internal-enp1s0f3"; };
match-recursive-only yes;
recursion yes;
allow-recursion { "internal-enp1s0f3"; };
notify yes;
allow-update { none; };
allow-query { any; };
allow-transfer { xfer; };
include "/etc/bind/named.conf.default-zones";
zone "patrikx3.com" {
type master;
file "/etc/bind/zones/enp1s0f3/patrikx3.com";
// include "/var/lib/samba/private/named.conf.update";
};
zone "corifeus.com" {
type master;
file "/etc/bind/zones/enp1s0f3/corifeus.com";
};
zone "gitlist.tk" {
type master;
file "/etc/bind/zones/enp1s0f3/gitlist.tk";
};
zone "albafructus.eu" {
type master;
file "/etc/bind/zones/enp1s0f3/albafructus.eu";
};
zone "fruitinfo.hu" {
type master;
file "/etc/bind/zones/enp1s0f3/fruitinfo.hu";
};
zone "venyimgyumolcse.hu" {
type master;
file "/etc/bind/zones/enp1s0f3/venyimgyumolcse.hu";
};
include "/var/lib/samba/private/named.conf";
};
view "internal-enp1s0f2" {
match-clients { "internal-enp1s0f2"; };
match-recursive-only yes;
recursion yes;
allow-recursion { "internal-enp1s0f2"; };
notify yes;
allow-update { none; };
allow-query { any; };
allow-transfer { xfer; };
include "/etc/bind/named.conf.default-zones";
zone "patrikx3.com" {
type master;
file "/etc/bind/zones/enp1s0f2/patrikx3.com";
// include "/var/lib/samba/private/named.conf.update";
};
zone "corifeus.com" {
type master;
file "/etc/bind/zones/enp1s0f2/corifeus.com";
};
zone "gitlist.tk" {
type master;
file "/etc/bind/zones/enp1s0f2/gitlist.tk";
};
zone "albafructus.eu" {
type master;
file "/etc/bind/zones/enp1s0f2/albafructus.eu";
};
zone "fruitinfo.hu" {
type master;
file "/etc/bind/zones/enp1s0f2/fruitinfo.hu";
};
zone "venyimgyumolcse.hu" {
type master;
file "/etc/bind/zones/enp1s0f2/venyimgyumolcse.hu";
};
// include "/var/lib/samba/private/named.conf";
};
view "external" {
match-clients { any; };
recursion no;
additional-from-auth no;
additional-from-cache no;
// allow-transfer { any; }; // temporarily allowed for debugging purposes
allow-transfer { none; };
// zone "namesystem.tk" IN {
// type master;
// file "/etc/bind/zones/external.namesystem.tk";
// };
};
-----------
Checking file: /etc/bind/named.conf.default-zones
// prime the server with knowledge of the root servers
zone "." {
type hint;
file "/usr/share/dns/root.hints";
};
// be authoritative for the localhost forward and reverse zones, and for
// broadcast zones as per RFC 1912
zone "localhost" {
type master;
file "/etc/bind/db.local";
};
zone "127.in-addr.arpa" {
type master;
file "/etc/bind/db.127";
};
zone "0.in-addr.arpa" {
type master;
file "/etc/bind/db.0";
};
zone "255.in-addr.arpa" {
type master;
file "/etc/bind/db.255";
};
-----------
Samba DNS zone list:
Samba DNS zone list Automated check :
Installed packages:
ii attr 1:2.4.48-4
amd64 utilities for manipulating filesystem extended attributes
ii bind9 1:9.11.5.P4+dfsg-5.1
amd64 Internet Domain Name Server
ii bind9-doc 1:9.11.5.P4+dfsg-5.1
all Documentation for BIND
ii bind9-host 1:9.11.5.P4+dfsg-5.1
amd64 DNS lookup utility (deprecated)
ii bind9utils 1:9.11.5.P4+dfsg-5.1
amd64 Utilities for BIND
ii krb5-config 2.6
all Configuration files for Kerberos Version 5
ii krb5-locales 1.17-3
all internationalization support for MIT Kerberos
ii krb5-user 1.17-3
amd64 basic programs to authenticate using MIT Kerberos
ii libacl1:amd64 2.2.53-4
amd64 access control list - shared library
ii libacl1-dev:amd64 2.2.53-4
amd64 access control list - static libraries and headers
ii libattr1:amd64 1:2.4.48-4
amd64 extended attribute handling - shared library
ii libattr1-dev:amd64 1:2.4.48-4
amd64 extended attributes handling - static libraries and headers
ii libbind9-140:amd64 1:9.10.3.dfsg.P4-12.6
amd64 BIND9 Shared Library used by BIND
ii libbind9-160:amd64 1:9.11.4.P2+dfsg-3
amd64 BIND9 Shared Library used by BIND
ii libbind9-161:amd64 1:9.11.5.P4+dfsg-5.1
amd64 BIND9 Shared Library used by BIND
ii libcrypt-smbhash-perl 0.12-4
all generate LM/NT hash of a password for samba
ii libgssapi-krb5-2:amd64 1.17-3
amd64 MIT Kerberos runtime libraries - krb5 GSS-API Mechanism
ii libkrb5-3:amd64 1.17-3
amd64 MIT Kerberos runtime libraries
ii libkrb5support0:amd64 1.17-3
amd64 MIT Kerberos runtime libraries - Support library
ii libsmbclient:amd64 2:4.9.5+dfsg-5
amd64 shared library for communication with SMB/CIFS servers
ii libwbclient0:amd64 2:4.9.5+dfsg-5
amd64 Samba winbind client library
ii phpunit-object-reflector 1.1.1-2
all reflection of object attributes - PHPUnit component
ii python-samba 2:4.9.5+dfsg-5
amd64 Python bindings for Samba
ii samba 2:4.9.5+dfsg-5
amd64 SMB/CIFS file, print, and login server for Unix
ii samba-common 2:4.9.5+dfsg-5
all common files used by both the Samba server and client
ii samba-common-bin 2:4.9.5+dfsg-5
amd64 Samba common files used by both the server and the client
ii samba-dsdb-modules:amd64 2:4.9.5+dfsg-5
amd64 Samba Directory Services Database
ii samba-libs:amd64 2:4.9.5+dfsg-5
amd64 Samba core libraries
ii samba-vfs-modules:amd64 2:4.9.5+dfsg-5
amd64 Samba Virtual FileSystem plugins
ii smbclient 2:4.9.5+dfsg-5
amd64 command-line SMB/CIFS clients for Unix
ii winbind 2:4.9.5+dfsg-5
amd64 service to resolve user and group information from Windows NT
servers
*Patrik*
WWW <https://patrikx3.com> | GitHub <https://github.com/patrikx3/> |
NPM
<https://www.npmjs.com/~patrikx3> | Corifeus <https://corifeus.com>
| +36
20 342 8046
On Mon, Aug 5, 2019 at 11:39 AM L.P.H. van Belle via samba <
samba at lists.samba.org> wrote:
>
>
> ... From your output below..
> >> Uncomment only single database line, depending on your BIND
version
> <<
>
> Then tell uss, why are 3 lines uncommented?
>
> I suggest, run :
>
>
https://raw.githubusercontent.com/thctlo/samba4/master/samba-collect-debug-info.sh
>
> Anonimize it where needed, and show me your server setup.
>
>
> Greetz,
>
> Louis
>
>
> > -----Oorspronkelijk bericht-----
> > Van: samba [mailto:samba-bounces at lists.samba.org] Namens
> > Patrik via samba
> > Verzonden: maandag 5 augustus 2019 11:31
> > Aan: Rowland penny
> > CC: sambalist
> > Onderwerp: Re: [Samba] samba dlz. bind9 nslookup is wrong
> >
> > i only added this in the appropriote interface
> > include "/var/lib/samba/private/named.conf";
> >
> > root at server:/# cat /var/lib/samba/private/named.conf
> > # This DNS configuration is for BIND 9.8.0 or later with
> > dlz_dlopen support.
> > #
> > # This file should be included in your main BIND configuration file
> > #
> > # For example with
> > # include "/var/lib/samba/private/named.conf";
> >
> > #
> > # This configures dynamically loadable zones (DLZ) from AD schema
> > # Uncomment only single database line, depending on your BIND version
> > #
> > dlz "AD DNS Zone" {
> > # For BIND 9.8.x
> > # database "dlopen
> > /usr/lib/x86_64-linux-gnu/samba/bind9/dlz_bind9.so";
> >
> > # For BIND 9.9.x
> > # database "dlopen
> > /usr/lib/x86_64-linux-gnu/samba/bind9/dlz_bind9_9.so";
> >
> > # For BIND 9.10.x
> > # database "dlopen
> > /usr/lib/x86_64-linux-gnu/samba/bind9/dlz_bind9_10.so";
> >
> > # For BIND 9.11.x
> > database "dlopen
> > /usr/lib/x86_64-linux-gnu/samba/bind9/dlz_bind9_11.so";
> > };
> >
> >
> > *I am on Bind 9.11*
> >
> > *Patrik*
> > WWW <https://patrikx3.com> | GitHub
> > <https://github.com/patrikx3/> | NPM
> > <https://www.npmjs.com/~patrikx3> | Corifeus
> > <https://corifeus.com> | +36
> > 20 342 8046
> >
> >
> >
> >
> > On Mon, Aug 5, 2019 at 11:29 AM Patrik <alabard at gmail.com>
wrote:
> >
> > > ok, so i remove that nemd.conf.update, but the rest it looks
good?
> > >
> > > *Patrik*
> > > WWW <https://patrikx3.com> | GitHub
> > <https://github.com/patrikx3/> | NPM
> > > <https://www.npmjs.com/~patrikx3> | Corifeus
> > <https://corifeus.com> | +36
> > > 20 342 8046
> > >
> > >
> > >
> > >
> > > On Mon, Aug 5, 2019 at 11:28 AM Rowland penny via samba <
> > > samba at lists.samba.org> wrote:
> > >
> > >> On 05/08/2019 10:14, Patrik wrote:
> > >> > I am not using flatfiles and i using BIND_DLZ it shows
> > in my log and i
> > >> > do not use flatfiles. BIND_DLZ only.
> > >>
> > >> Oh yes you are, you have this in your
/etc/bind/named.conf.local :
> > >>
> > >> zone "patrikx3.com" {
> > >> type master;
> > >> file
"/etc/bind/zones/enp1s0f3/patrikx3.com";
> > >> include
"/var/lib/samba/private/named.conf.update";
> > >> };
> > >>
> > >> That means your AD records are being stored in
> > >> /etc/bind/zones/enp1s0f3/patrikx3.com and not in AD, this
> > is known as
> > >> 'flatfile' and is not supported by Samba.
> > >>
> > >> You also seem to using bind9 as a dns server for domains that
have
> > >> nothing to do with AD, this is not recommended.
> > >>
> > >> Rowland
> > >>
> > >>
> > >> --
> > >> To unsubscribe from this list go to the following URL and
read the
> > >> instructions: https://lists.samba.org/mailman/options/samba
> > >>
> > >
> > --
> > To unsubscribe from this list go to the following URL and read the
> > instructions: https://lists.samba.org/mailman/options/samba
> >
> >
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
>
I have know idea why i get this 192.168.81.120 and 2001:470:1f1b:5b5:eeaa:a0ff:fe1b:4d84 - these are the business interface and is not turned on, in smb.conf it says interfaces = lo enp1s0f3 , which is the 192.168.78.0/24 subent. root at server:~# cat /etc/resolv.conf search patrikx3.com search corifeus.com search p3x-dc.patrikx3.com nameserver 192.168.78.20 nameserver 2001:470:1f1b:5b3:21b:21ff:fea6:ce93 root at server:~# hostname -f p3x-dc.patrikx3.com root at server:~# hostname -d patrikx3.com root at server:~# hostname -s server root at server:~# hostname -A p3x-dc.patrikx3.com patrikx3.com root at server:~# hostname -I 192.168.81.20 192.168.78.20 172.17.0.1 2001:470:1f1b:5b5::20 2001:470:1f1b:5b5:21b:21ff:fea6:ce92 2001:470:1f1b:5b3::20 2001:470:1f1b:5b3:21b:21ff:fea6:ce93 root at server:~# root at server:~# cat /etc/krb5.conf [libdefaults] default_realm = P3X-DC.PATRIKX3.COM dns_lookup_realm = false dns_lookup_kdc = true *Patrik* WWW <https://patrikx3.com> | GitHub <https://github.com/patrikx3/> | NPM <https://www.npmjs.com/~patrikx3> | Corifeus <https://corifeus.com> | +36 20 342 8046 On Mon, Aug 5, 2019 at 12:00 PM L.P.H. van Belle via samba < samba at lists.samba.org> wrote:> That the script isnt running, shows that whats going wrong.. > Your resolving.. And then thats also why your kerberos settings are not > working. > > And, that is what your problem is. > Show this: > > cat /etc/hosts > cat /etc/resolv.conf > hostname -f > hostname -d > hostname -s > hostname -A > hostname -I > > cat /etc/krb5.conf > > The bind setup on my Debian (10) Buster AD-DC's with Bind9_dlz > About same setup as Rowland showed. > > This is what i use now: > (named.conf.options) > > acl thisserverip { > 192.168.0.1; > }; > acl all-networks { > 192.168.0.0/24; > }; > > options { > directory "/var/cache/bind"; > version "0.0.7"; > dnssec-validation no; > > listen-on-v6 { "none"; }; > listen-on port 53 { "thisserverip"; 127.0.0.1; }; > notify no; > > minimal-responses yes; > empty-zones-enable yes; > > allow-query { "all-networks"; 127.0.0.1/32; }; > allow-query-cache { "all-networks"; 127.0.0.1/32; }; > allow-recursion { "all-networks"; 127.0.0.1/32; }; > // verify where you dns.keytab file is. > // it might be in a different folder. > tkey-gssapi-keytab "/var/lib/samba/bind-dns/dns.keytab"; > }; > > include "/etc/bind/rndc.key"; > controls { > inet 127.0.0.1 allow { localhost; } keys { rndc-key;}; > }; > > > And named.conf.local > // adding the dlopen ( Bind DLZ ) module for samba, beware, if you using > bind9.9 then you need to change this manualy > include "/var/lib/samba/bind-dns/named.conf"; > > > > ________________________________ > > Van: Patrik [mailto:alabard at gmail.com] > Verzonden: maandag 5 augustus 2019 11:41 > Aan: L.P.H. van Belle > CC: samba at lists.samba.org > Onderwerp: Re: [Samba] samba dlz. bind9 nslookup is wrong > > > root at server:/# curl -sL > https://raw.githubusercontent.com/thctlo/samba4/master/samba-collect-debug-info.sh > | bash - > Password for Administrator at P3X-DC.PATRIKX3.COM: > kinit: Password incorrect while getting initial credentials > Wrong password, exiting now. > > > > Patrik > WWW <https://patrikx3.com> | GitHub <https://github.com/patrikx3/> > | NPM <https://www.npmjs.com/~patrikx3> | Corifeus <https://corifeus.com> > | +36 20 342 8046 > > > > > On Mon, Aug 5, 2019 at 11:39 AM L.P.H. van Belle via samba < > samba at lists.samba.org> wrote: > > > > > ... From your output below.. > >> Uncomment only single database line, depending on your > BIND version << > > Then tell uss, why are 3 lines uncommented? > > I suggest, run : > > https://raw.githubusercontent.com/thctlo/samba4/master/samba-collect-debug-info.sh > > Anonimize it where needed, and show me your server setup. > > > Greetz, > > Louis > > > > -----Oorspronkelijk bericht----- > > Van: samba [mailto:samba-bounces at lists.samba.org] > Namens > > Patrik via samba > > Verzonden: maandag 5 augustus 2019 11:31 > > Aan: Rowland penny > > CC: sambalist > > Onderwerp: Re: [Samba] samba dlz. bind9 nslookup is wrong > > > > i only added this in the appropriote interface > > include "/var/lib/samba/private/named.conf"; > > > > root at server:/# cat /var/lib/samba/private/named.conf > > # This DNS configuration is for BIND 9.8.0 or later with > > dlz_dlopen support. > > # > > # This file should be included in your main BIND > configuration file > > # > > # For example with > > # include "/var/lib/samba/private/named.conf"; > > > > # > > # This configures dynamically loadable zones (DLZ) from > AD schema > > # Uncomment only single database line, depending on your > BIND version > > # > > dlz "AD DNS Zone" { > > # For BIND 9.8.x > > # database "dlopen > > /usr/lib/x86_64-linux-gnu/samba/bind9/dlz_bind9.so"; > > > > # For BIND 9.9.x > > # database "dlopen > > /usr/lib/x86_64-linux-gnu/samba/bind9/dlz_bind9_9.so"; > > > > # For BIND 9.10.x > > # database "dlopen > > /usr/lib/x86_64-linux-gnu/samba/bind9/dlz_bind9_10.so"; > > > > # For BIND 9.11.x > > database "dlopen > > /usr/lib/x86_64-linux-gnu/samba/bind9/dlz_bind9_11.so"; > > }; > > > > > > *I am on Bind 9.11* > > > > *Patrik* > > WWW <https://patrikx3.com> | GitHub > > <https://github.com/patrikx3/> | NPM > > <https://www.npmjs.com/~patrikx3> | Corifeus > > <https://corifeus.com> | +36 > > 20 342 8046 > > > > > > > > > > On Mon, Aug 5, 2019 at 11:29 AM Patrik < > alabard at gmail.com> wrote: > > > > > ok, so i remove that nemd.conf.update, but the rest it > looks good? > > > > > > *Patrik* > > > WWW <https://patrikx3.com> | GitHub > > <https://github.com/patrikx3/> | NPM > > > <https://www.npmjs.com/~patrikx3> | Corifeus > > <https://corifeus.com> | +36 > > > 20 342 8046 > > > > > > > > > > > > > > > On Mon, Aug 5, 2019 at 11:28 AM Rowland penny via > samba < > > > samba at lists.samba.org> wrote: > > > > > >> On 05/08/2019 10:14, Patrik wrote: > > >> > I am not using flatfiles and i using BIND_DLZ it > shows > > in my log and i > > >> > do not use flatfiles. BIND_DLZ only. > > >> > > >> Oh yes you are, you have this in your > /etc/bind/named.conf.local : > > >> > > >> zone "patrikx3.com" { > > >> type master; > > >> file "/etc/bind/zones/enp1s0f3/patrikx3.com > "; > > >> include > "/var/lib/samba/private/named.conf.update"; > > >> }; > > >> > > >> That means your AD records are being stored in > > >> /etc/bind/zones/enp1s0f3/patrikx3.com and not in AD, > this > > is known as > > >> 'flatfile' and is not supported by Samba. > > >> > > >> You also seem to using bind9 as a dns server for > domains that have > > >> nothing to do with AD, this is not recommended. > > >> > > >> Rowland > > >> > > >> > > >> -- > > >> To unsubscribe from this list go to the following URL > and read the > > >> instructions: > https://lists.samba.org/mailman/options/samba > > >> > > > > > -- > > To unsubscribe from this list go to the following URL > and read the > > instructions: > https://lists.samba.org/mailman/options/samba > > > > > > > -- > To unsubscribe from this list go to the following URL and > read the > instructions: > https://lists.samba.org/mailman/options/samba > > > > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba >