On 05/08/2019 10:29, Patrik wrote:> ok, so i remove that nemd.conf.update, but the rest it looks good? > *_ > _*These are my 'named.conf' files, used since 2012 with only minor changes: /etc/bind/named.conf include "/etc/bind/named.conf.options"; include "/etc/bind/named.conf.local"; include "/etc/bind/named.conf.default-zones"; /etc/bind/named.conf.options options { ??? directory "/var/cache/bind"; ??? version "0.0.7"; ??? notify no; ??? empty-zones-enable no; ??? auth-nxdomain yes; ??? allow-query { 127.0.0.1; 192.168.0.0/24; }; ??? allow-recursion { 192.168.0.0/24; 127.0.0.1/32; }; ??? forwarders { 8.8.8.8; 8.8.4.4; }; ??? allow-transfer { none; }; ??? dnssec-validation no; ??? dnssec-enable no; ??? dnssec-lookaside no; ??? listen-on-v6 { none; }; ??? listen-on port 53 { 192.168.0.6; 127.0.0.1; }; ??? tkey-gssapi-keytab "/var/lib/samba/bind-dns/dns.keytab"; }; /etc/bind/named.conf.local include "/var/lib/samba/bind-dns/named.conf"; /etc/bind/named.conf.default-zones is unchanged from default. Rowland
my problem is that this is a simple config, i have 2 subnets on 1 server (business ISP with static ip / home for downloading and dynamic ip) *Patrik* WWW <https://patrikx3.com> | GitHub <https://github.com/patrikx3/> | NPM <https://www.npmjs.com/~patrikx3> | Corifeus <https://corifeus.com> | +36 20 342 8046 On Mon, Aug 5, 2019 at 11:44 AM Rowland penny via samba < samba at lists.samba.org> wrote:> On 05/08/2019 10:29, Patrik wrote: > > ok, so i remove that nemd.conf.update, but the rest it looks good? > > *_ > > _* > > These are my 'named.conf' files, used since 2012 with only minor changes: > > /etc/bind/named.conf > > include "/etc/bind/named.conf.options"; > include "/etc/bind/named.conf.local"; > include "/etc/bind/named.conf.default-zones"; > > /etc/bind/named.conf.options > > options { > directory "/var/cache/bind"; > version "0.0.7"; > notify no; > empty-zones-enable no; > auth-nxdomain yes; > allow-query { 127.0.0.1; 192.168.0.0/24; }; > allow-recursion { 192.168.0.0/24; 127.0.0.1/32; }; > forwarders { 8.8.8.8; 8.8.4.4; }; > allow-transfer { none; }; > dnssec-validation no; > dnssec-enable no; > dnssec-lookaside no; > listen-on-v6 { none; }; > listen-on port 53 { 192.168.0.6; 127.0.0.1; }; > > tkey-gssapi-keytab "/var/lib/samba/bind-dns/dns.keytab"; > }; > > /etc/bind/named.conf.local > > include "/var/lib/samba/bind-dns/named.conf"; > > /etc/bind/named.conf.default-zones is unchanged from default. > > Rowland > > > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba >
On 05/08/2019 11:54, Patrik wrote:> my problem is that this is a simple config, i have 2 subnets on 1 > server (business? ISP with static ip / home for downloading and > dynamic ip) > *_ > _*No, your problem is that you do not understand AD DNS ;-) Your Samba AD DC is authoritative for the AD dns domain and should only know about the AD domain, it should forward anything outside the AD dns domain to another dns server. From reading your output from Louis's script, it is clear that you are trying to use a Samba AD DC as if it was a standalone server, this will never work. Samba doesn't recommend using an AD DC as a fileserver, but if you do, you must follow a few rules: You must set all permissions from Windows, you cannot use things like 'force user' etc You must use winbind for authentication, this means that the libnss-winbind links must be set up. There are others, see here: https://wiki.samba.org/index.php/Setting_up_Samba_as_an_Active_Directory_Domain_Controller https://wiki.samba.org/index.php/Setting_up_a_Share_Using_Windows_ACLs You will probably be better off setting up a Unix domain member and using this as the fileserver. Rowland